CN106034115B - Method, device and system for realizing virtual network - Google Patents

Method, device and system for realizing virtual network Download PDF

Info

Publication number
CN106034115B
CN106034115B CN201510111334.0A CN201510111334A CN106034115B CN 106034115 B CN106034115 B CN 106034115B CN 201510111334 A CN201510111334 A CN 201510111334A CN 106034115 B CN106034115 B CN 106034115B
Authority
CN
China
Prior art keywords
evb
vdp
virtual network
station
forwarding table
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510111334.0A
Other languages
Chinese (zh)
Other versions
CN106034115A (en
Inventor
顾忠禹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201510111334.0A priority Critical patent/CN106034115B/en
Priority to PCT/CN2015/092127 priority patent/WO2016145839A1/en
Publication of CN106034115A publication Critical patent/CN106034115A/en
Application granted granted Critical
Publication of CN106034115B publication Critical patent/CN106034115B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a implementation method of virtual networks, which comprises the steps that an EVB station receives a VDP message which is sent by an ER representative VM in the EVB station and is added into a virtual network VN, the VDP message comprises command type indication information, the EVB station judges whether the VDP message is processed in the EVB station or not according to the command type indication information in the VDP message, if so, the EVB station processes the VDP message and accesses the VM into the VN, if not, the EVB station sends the VDP message to an EVB bridge for processing, so that the VDP message which is accessed into the VN and is provided with the command type indication information is expanded to the existing VDP message in the EVB bridge, the EVB station supports an EVB bridge and NVE functions, implementation devices of the virtual networks are further disclosed, the application range of the EVB is expanded, and the implementation efficiency of the VN is further improved by .

Description

Method, device and system for realizing virtual network
Technical Field
The present invention relates to the technical field of data centers, and in particular, to a method, an apparatus, and a system for implementing a virtual network.
Background
In the data center, how to provide VN (Virtual Network) through Virtualization technology, for example, Virtual Machine, which is topics of heat . Virtual Network relates to Virtualization of Network, and many aspects of device vendor and operator are concerned, for example, IEEE puts out 802.1Qbg (Edge Virtual bridge), VM (Virtual Machine) { (IEEE terminology is Virtual station, needs to distinguish the platform providing Virtual station, called EVB (Edge Virtual bridge) station, connecting VSI (Virtual State interface, Virtual Machine interface) to the outside of the Virtual platform through EVB station, figure 1 is architecture of EVB, and how to implement Virtual Network discovery, Network management, Virtual Network discovery, and Virtual Network discovery, etc. 2-Virtual Network discovery, and Virtual Network discovery.
In fig. 2, there are centralized NVAs (Network Virtualization automation, Network Virtualization Edge devices) to implement control over service provision, where multiple VMs in a VN are connected to an NVE (Network Virtualization Edge device), and further steps are associated with VRFs (Virtual Routing and forwarding functions) of the VN in the NVE, and different VRFs in the same VN in multiple different NVEs are connected through an overlapping Network tunnel directly by the NVE, so that VN. is implemented, and the VN may be connected through the NVE and the internet.
In particular, in the implementation process, particularly in the control protocol of segments of how a VM accesses an NVE, viewpoints are that it can be assumed by VDP of IEEE, intuitively, that VDP is the association work of implementing VM to an EVB bridge, which is very similar to VN of VM joining an NVE, because VDP is protocols of L2, L3 address information support is needed for implementing a virtual network of NVO3, and VN-ID information transfer needs to be supported, however, only these extensions are not enough, since EVB itself has not the same application scenario as NVO3, EVB has its own state machine processing mechanism, and in a specific application, problems are encountered, for example, in a typical NVO3 application environment, such as shown in fig. 3, TOR (Top of Rack switch) and VMM (virtual machine administrator, server) can be used as NVE, and at the same time, it can handle overhead information of a user, i.e. it can handle overhead information that it is difficult for the EVB to directly access to a user station, i.e. it can handle overhead information that it is difficult for the EVB to directly reach an EVB Top of the EVB, i.e. it can handle overhead information when it is not directly connected to the EVB, it is configured in a high overhead switch , it is difficult for the EVB, and it can handle overhead information of the situation, i.e. it is not able to handle overhead information of a user when it, it is directly handle a user.
Disclosure of Invention
The invention mainly aims to provide virtual network implementation methods, devices and systems, and aims to solve the problem that the existing VDP technology does not support the NVO3 typical application environment of an EVB station/NVE-EVB bridge/NVE.
In order to achieve the above object, the kinds of virtual network implementation methods provided by the present invention include the steps of:
the method for realizing the virtual network is characterized by comprising the following steps:
an EVB station receives a VDP message which is sent by an ER (Internet protocol) representative VM (virtual machine) in the EVB station and joins in a virtual network VN, wherein the VDP message comprises command type indication information;
the EVB station judges whether the VDP message is processed at the EVB station or not according to the command type indication information included in the VDP message;
if so, the EVB station processes the VDP message and accesses the VM to the VN;
and if not, the EVB station sends the VDP message to an EVB bridge for processing so as to realize that the VM is accessed to the VN in the EVB bridge.
Preferably, the command type indication information is defined by a filtering information field of the VDP command packet; alternatively, it is defined by a reserved VDP type value.
Preferably, the EVB station supports an EVB bridge and NVE.
Preferably, the step of the EVB station/EVB bridge accessing the VM to the VN includes:
the EVB station/EVB bridge receiving verification information whether the VM passes identity authentication of the VN;
after the VM passes the verification, the EVB station/EVB bridge judges whether a context/VRF forwarding table of the VN exists or not;
if not, the EVB station/EVB bridge generates a VRF forwarding table of the VN;
and if the VRF table entry corresponding to the VM does not exist in the VRF forwarding table, the EVB station/EVB bridge generates the VRF forwarding table entry corresponding to the VM in the VRF forwarding table.
In addition, in order to achieve the above object, the present invention further provides an kinds of virtual network implementation apparatus, including:
a receiving module, configured to receive a VDP packet that is sent by an ER in the EVB station on behalf of a VM and joins the virtual network VN, where the VDP packet includes command type indication information;
a determining module, configured to determine whether to process the VDP packet at the EVB station according to command type indication information included in the VDP packet;
a sending module, configured to send the VDP packet to an EVB bridge for processing if the VDP packet is not processed at the EVB station, so as to enable the VM to access the VN in the EVB bridge;
a processing module, configured to process the VDP packet and access the VM to the VN if the VDP packet is processed at the EVB station; the VN identity authentication of the VM is realized; after the VM passes the identity authentication of the VN, if the context/VRF forwarding table of the VN does not exist, generating the context/VRF forwarding table of the VN; and if the VM has no corresponding table entry in the VRF forwarding table, generating a corresponding VRF forwarding table entry of the VM in the VRF forwarding table.
Preferably, the command type indication information is defined by a filtering information field of the VDP command packet; alternatively, it is defined by a reserved VDP type value.
Preferably, the implementation is an EVB station, while supporting EVB bridge and NVE functionality.
In addition, to achieve the above object, the present invention further provides an implementation system of virtual networks, including the above virtual network implementation apparatus and EVB bridge, wherein:
the virtual network implementation device is used for receiving a VDP message which is sent by an ER (Ethernet operator) representative VM (virtual machine) in the EVB station and joins in the virtual network VN, wherein the VDP message comprises command type indication information; the virtual network implementation device is also used for judging whether the VDP message is processed in the virtual network implementation device or not according to the command type indication information included in the VDP message; the VM is accessed to the VN if the VDP packet is processed at the virtual network implementation device; the virtual network implementation device is also used for sending the VDP message to an EVB bridge for processing if the VDP message is not processed in the virtual network implementation device;
the EVB bridge is used for processing the VDP message and realizing that the VM is accessed to the VN;
the virtual network implementation device is further configured to implement VN identity authentication on the VM; after the VM passes the identity authentication of the VN, if the context/VRF forwarding table of the VN does not exist, generating the context/VRF forwarding table of the VN; and if the VM has no corresponding table entry in the VRF forwarding table, generating a corresponding table entry of the VM in the VRF forwarding table.
Preferably, the command type indication information is defined by a filtering information field of the VDP command packet; or, defined by a reserved VDP type value; the virtual network implementation device is an EVB station and simultaneously supports EVB bridge and NVE functions.
The invention adds command type indication information in a received VDP message of a virtual machine VM added to a virtual network VN, indicates that an EVB station processes the VDP message or an EVB bridge processes the VDP message through the command type indication information to access the VM to the virtual network, effectively avoids the problem that the VN realization efficiency is poor due to the complex realization process and the complex operation in the realization process of the VN based on the VDP at present, and supports the functions of the EVB bridge and the NVE by the EVB station, wherein the VDP message added to the VN with the command type indication information is an extension of the existing VDP message.
Drawings
FIG. 1 is a schematic diagram of the architecture of an EVB in an embodiment of the present invention;
FIG. 2 is a block diagram illustrating the architecture provided by the virtual network in an embodiment of the present invention;
FIG. 3 is a block diagram of an exemplary NVO3 application environment in an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a method for implementing a virtual network according to a preferred embodiment of the present invention;
FIG. 5 is a functional block diagram of a network according to an embodiment of the present invention ;
FIG. 6 is a diagram illustrating a filter information format definition based on a command type indication of the filter information format according to an embodiment of the present invention;
fig. 7 is a flowchart illustrating an embodiment of processing the VDP packet according to the present invention;
FIG. 8 is a flowchart illustrating an implementation of the virtual network of the present invention;
FIG. 9 is a flow chart illustrating another embodiment of a virtual network implementation of the present invention;
fig. 10 is a functional block diagram of an apparatus for implementing a virtual network according to a preferred embodiment of the present invention.
The objects, features, and advantages of the present invention are further described in with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The method comprises the steps that an EVB station receives a VDP message which is sent by an ER (Ethernet virtual machine) representative VM (virtual machine) in the EVB station and joins in a virtual network VN, the VDP message comprises command type indication information, the EVB station judges whether the VDP message is processed at the EVB station or not according to the command type indication information contained in the VDP message, if so, the EVB station processes the VDP message and joins the VM into the VN, if not, the EVB station sends the VDP message to an EVB bridge for processing, so that the VM is joined into the VN. in the EVB bridge, command type indication information is added into the received VDP message that the VM joins in the virtual network VN, the VDP message is indicated to be processed by the EVB station through the command type indication information, or the VDP message is processed by the EVB bridge to join in the virtual network.
At present, in the implementation process of the VN based on the VDP, the implementation process is complex and the operation is complicated, so that the VN implementation efficiency is poor.
Based on the above problems, the present invention provides methods for implementing virtual networks.
Referring to fig. 4, fig. 4 is a flowchart illustrating a method for implementing a virtual network according to a preferred embodiment of the present invention.
In an embodiment, the method for implementing the virtual network includes:
step S10, the EVB station receives a VDP message which is sent by the ER in the EVB station to represent the VM and is added into the virtual network VN, wherein the VDP message comprises command type indication information;
the embodiment of the invention is preferably a method for implementing a virtual network based on VDP, and is preferably suitable for a typical NVO3 application environment. But is not limited to the above-described application environment and implementation of VDP-based virtual networks.
Fig. 5 is a schematic diagram of a network function structure according to an embodiment of the present invention. Where both the VMM/EVB station and EVB bridge need to support NVE functionality. The NVA is a core control device and completes the related functions of user authentication, routing information interaction and the like of VN deployment.
The VMM/Hypervisor prepares, generates VMs, and sets initial parameters of the VMs.
The method comprises the steps of generating a Virtual Machine (VM), triggering an EVB (virtual local area network) station of a Virtual Network Integrated Circuit (VNIC)/virtual local area network (VSI) corresponding to the VM to start running, receiving a virtual network added VDP message after the EVB station starts running, wherein the VDP message comprises command type indication information, the VDP message added into the virtual network can be sent by an ER (Ethernet) representative VM, and the virtual machine sends a message, wherein message encapsulation can be carried out by optionally using a virtual network ID (identity), or further is carried out by an L2 protocol, for example, the message encapsulation comprises VLAN encapsulation, Q-in-Q encapsulation and the.
The command type indication information is used to indicate processing information of the VDP packet, and the indication information indicates where the VDP command is processed, for example, the VDP command may be processed at the EVB bridge or at the EVB station, that is, the command type indication information carries a field indicating that the command is processed at the EVB station or at the EVB bridge.
Step S20, the EVB station judges whether the VDP message is processed in the EVB station according to the command type indication information included in the VDP message;
in order to implement the VN supported by VDP in the VMM/NVE-TOR/NVE environment, it is necessary to extend EVB architecture functions, that is, add EVB roles, Hybrid EVB (EVB Hybrid or EVB station & bridge), which needs to implement both EVB station functions (or, first, EVB station) and EVB bridge functions, and certainly also support implementation of NVE functions.
The command indication bits are defined by the filter information field of the VDP command message or by the reserved VDP type value.1, the command indication bits can be defined by the reserved value of the filter information format value in the existing command. of the reserved values 0x00, 0x50through 0xFF can be selected for definition, for example, whereas in the specific information format, the command indication bits are required to be included.2, optionally, the reserved value 0x66-0x7E can be used to define a new command indication code.
, FIG. 6 is a schematic diagram of the filter information format definition based on the command type indication of the filter information format according to the present invention, where the indication bit (such as the H bit in the figure, of course, other identification than H may be used for indication) is used to indicate whether VMM/Hypervisor is preferred for VDP message processing or EVB bridge is preferred for VDP message processing, and when receiving a VDP message that is preferentially processed by the EVB bridge, the EVB station/hybrid EVB does not process the VDP message, but directly forwards the VDP message to the EVB bridge, and processes the VDP message through the EVB bridge.
It should be further noted that , in the present invention, 2 VDP command extensions are involved, are join commands, and are indication commands, from the viewpoint of simplifying and efficiently defining VDP commands, optimized solutions are that 2 different bits can be defined in the filtering information field for indicating join VN commands and command type indications, respectively.
Step S30, if not, the EVB station sends the VDP message to an EVB bridge for processing so as to realize that the VM is accessed to the VN in the EVB bridge;
and step S40, if yes, the EVB station processes the VDP message and accesses the VM to the VN.
And processing the VDP message at the front-end EVB station or processing the VDP message at the rear-end EVB bridge by judging whether the VDP message is processed by the EVB station or not.
Specifically, referring to fig. 7, the process of processing the VDP packet may be:
step S31, the EVB station/EVB bridge receives verification information whether the VM passes the identity authentication of the VN;
step S32, after the VM verification passes, the EVB station/EVB bridge determines whether a context/VRF forwarding table of the VN exists;
step S33, if the context/VRF forwarding table of the VN does not exist, the EVB station/EVB bridge generates a VRF forwarding table of the VN;
step S34, if the VRF table entry corresponding to the VM does not exist in the VRF forwarding table, the EVB station/EVB bridge generates the VRF forwarding table entry corresponding to the VM in the VRF forwarding table.
In the returned authentication result information, optionally, step includes additional information including but not limited to virtual network ID (VN-ID), IP address information, and the like, after the authentication is passed, the EVB station judges whether the context/VRF forwarding table of the VN exists, if the context/VRF forwarding table of the VN does not exist, the VRF forwarding table of the VN is generated, step is performed, if the VRF table entry corresponding to the VM does not exist in the VRF forwarding table, the EVB station generates the VRF forwarding table entry corresponding to the VM, and adds the VRF forwarding table entry corresponding to the VM to the VRF forwarding table.
Specifically, the sending end takes a VM as an example, if the VM passes identity authentication of the VN and the VM is the th connected VM of the VN in the EVB station/NVE, the NVE creates a context/virtual network instance VNI of the VN, including a VRF table, and for the VM, optionally, allocates corresponding VLAN-ID information, and uses the VLAN-ID and corresponding physical interface information as the content of a forwarding table entry, and forms a VN forwarding table entry corresponding to the VM in the VRF.
Specifically, the VRF entry includes but is not limited to: IP/MAC address of VM, interface and/or subinterface (e.g. vlan ID), virtual network number/identity (VN-ID).
When the NVE generates a new VRF forwarding table or the content in the VRF forwarding table changes, the NVE carries out information synchronization of the virtual network through an NVE-NVA protocol. In particular, the NVE may automatically synchronize routing information of other NVEs of the virtual network via the protocol, i.e., synchronize local routing information, or newly updated routing information, to all other NVEs in the virtual network via the NVA. And the issuing of different routing information is distinguished by the virtual network ID, so that the error of routing updating between different virtual networks is avoided.
In other embodiments of the present invention, the NVE may also send a message to other NVEs, wherein encapsulates and distinguishes different virtual networks through virtual network IDs, and the destination VNE sends a message to a virtual machine of the virtual network, or may also serve as the destination NVE to receive messages from other NVEs.
To further illustrate the present invention, reference is made to fig. 8 and 9, which are exemplary process flows in fig. 8 and 9.
th process flow:
step 700, generating a VM and setting initialization parameters;
step 701, generating a VM (virtual machine), and triggering an EVB (event-variable bus) station corresponding to the VM to start running; here, the EVB station is an EVB station that supports VMs and virtual network adapters (VNICs)/VSIs corresponding to the VMs.
Step 702, the VM sends an extended VDP command with command indication information for joining the VN through the ER; if the indication information indicates that the VDP command is processed locally, processing the VDP command;
step 703, performing identity authentication of accessing the VN to the VM;
if the authentication is passed, is fed back to EVB bridge VN-ID, IP address (optionally, the IP address is newly allocated for VM or confirmation of the IP address of VM), VN context/VRF forwarding table generation command, and if the authentication is not passed, the process is ended.
Step 705, when the VN context/VRF forwarding table does not exist, the EVB station generates a context/VRF forwarding table corresponding to the VN; and forming a corresponding VN forwarding table entry aiming at the VM.
This process, which may also be implemented by the NVA, explicitly instructs the NVE to perform the creation of the context/VRF forwarding table for the VN through a VN context/VRF forwarding table generation command.
If the VRF forwarding table already exists, the forwarding table is not needed to be generated, whether the forwarding table item corresponding to the VM exists or not is judged, and if the forwarding table item does not exist, the corresponding forwarding table item is formed in the VRF table of the VN.
Step 707, the EVB station/NVE synchronizes the newly added forwarding table entry/forwarding table update information of the NVE to all other EVB bridges/NVEs in the NV via the network virtualization control device NVA implementation.
Here synchronized by NVA to all other NVEs in the VN. And the notification of the routing information of different VNs is distinguished by VN-ID, so that the error of routing update between different VNs is avoided.
Step 708, the VM forwards the message, specifically, the VN-ID is used to perform IP message encapsulation, or step , the encapsulated IP message is processed by step through the preset second layer protocol L2.
Another process flows:
step 800, generating a VM and setting initialization parameters;
step 801, generating a VM (virtual machine), and triggering an EVB (event-variable bus) station corresponding to the VM to start running; here, the EVB station is an EVB station that supports VMs and virtual network adapters (VNICs)/VSIs corresponding to the VMs.
Step 802, the VM sends an extended VDP command with command indication information for joining the VN through the ER; if the indication information indicates that the VDP command is not processed locally, forwarding the VDP command to the EVB bridge;
step 803, performing identity authentication of accessing the VN on the VM;
and step 804, the NVA returns the result information of the identity authentication, if the authentication is passed, is carried out to feed back the VN-ID, the IP address (optionally, the IP address is the newly allocated IP address aiming at the VM or the confirmation of the IP address of the VM) and the VN context/VRF forwarding table generation command of the EVB bridge, and if the authentication is not passed, the processing procedure is ended.
Step 805, when the VN context/VRF forwarding table does not exist, the EVB bridge generates a context/VRF forwarding table corresponding to the VN; and forming a corresponding VN forwarding table entry aiming at the VM.
This process, which may also be implemented by the NVA, explicitly instructs the NVE to perform the creation of the context/VRF forwarding table for the VN through a VN context/VRF forwarding table generation command.
If the VRF forwarding table already exists, the forwarding table is not needed to be generated, whether the forwarding table item corresponding to the VM exists or not is judged, and if the forwarding table item does not exist, the corresponding forwarding table item is formed in the VRF table of the VN.
Step 806, feeding back the processed confirmation information to the VM/ER/EVB station by the EVB bridge, which includes optional steps: VN-ID information, and IP address information.
Step 807, the EVB bridge/NVE synchronizes the newly added forwarding table entry/forwarding table update information of the NVE to all other EVB bridges/NVEs in the NV via the network virtualization control device NVA implementation.
Here synchronized by NVA to all other NVEs in the VN. And the notification of the routing information of different VNs is distinguished by VN-ID, so that the error of routing update between different VNs is avoided.
And 808, forwarding the message by the VM. In particular, the method comprises the following steps of,
and (4) performing IP message encapsulation by using the VN-ID, or, in step , performing message encapsulation on the encapsulated IP message in step by using a preset second-layer protocol L2.
By the scheme of the embodiment of the invention, the adaptability of the VDP under typical application scenes of the VMM/NVE and the EVB bridge/NVE can be realized, and the smooth realization of the virtual network function based on the VDP is ensured.
The method includes the steps that command type indication information is added into a received VDP message of a virtual machine VM (virtual machine) added into a virtual network VN, an EVB station processes the VDP message or an EVB bridge processes the VDP message to enable the VM to be accessed into the virtual network, the problem that the VN implementation efficiency is poor due to the fact that the implementation process is complex and the operation is complex in the existing implementation process of the VN based on the VDP is effectively solved, the VDP message added into the VN with the command type indication information is an extension of the existing VDP message, the EVB station supports functions of an EVB bridge and an NVE (noise, vibration and harshness) is expanded, the application range of the EVB is expanded, and the VN implementation efficiency is further improved in steps.
Furthermore , the method for implementing the virtual network can be implemented by a virtual network implementation program (e.g., implementation software of the virtual network, or an EVB station, etc.) installed on the terminal, wherein the terminal includes, but is not limited to, a mobile phone, a pad, a notebook computer, etc.
The invention further provides a device for realizing virtual networks.
Referring to fig. 10, fig. 10 is a functional block diagram of the apparatus according to the preferred embodiment of the invention.
In , the apparatus for implementing a virtual network includes a receiving module 10, a generating module 20, a setting module 30, a determining module 40, a constructing module 50, a sending module 60, and a processing module 70.
The implementation is an EVB station, supporting both EVB bridge and NVE functionality.
The receiving module 10 is configured to receive a VDP packet which is sent by an ER in the EVB station on behalf of a VM and joins the virtual network VN, where the VDP packet includes command type indication information;
fig. 5 is a schematic diagram of a network function structure according to an embodiment of the present invention. Where both the VMM/EVB station and EVB bridge need to support NVE functionality. The NVA is a core control device and completes the related functions of user authentication, routing information interaction and the like of VN deployment.
The VMM/Hypervisor prepares, generates VMs, and sets initial parameters of the VMs.
The method comprises the steps of generating a Virtual Machine (VM), triggering an EVB (virtual local area network) station of a Virtual Network Integrated Circuit (VNIC)/virtual local area network (VSI) corresponding to the VM to start running, receiving a virtual network added VDP message after the EVB station starts running, wherein the VDP message comprises command type indication information, the VDP message added into the virtual network can be sent by an ER (Ethernet) representative VM, and the virtual machine sends a message, wherein message encapsulation can be carried out by optionally using a virtual network ID (identity), or further is carried out by an L2 protocol, for example, the message encapsulation comprises VLAN encapsulation, Q-in-Q encapsulation and the.
The command type indication information is used to indicate processing information of the VDP packet, and the indication information indicates where the VDP command is processed, for example, the VDP command may be processed at the EVB bridge or at the EVB station, that is, the command type indication information carries a field indicating that the command is processed at the EVB station or at the EVB bridge.
The determining module 20 is configured to determine whether to process the VDP packet at the EVB station according to the command type indication information included in the VDP packet;
in order to implement the VN supported by VDP in the VMM/NVE-TOR/NVE environment, it is necessary to extend EVB architecture functions, that is, add EVB roles, Hybrid EVB (EVB Hybrid or EVB station & bridge), which needs to implement both EVB station functions (or, first, EVB station) and EVB bridge functions, and certainly also support implementation of NVE functions.
The command indication bits are defined by the filter information field of the VDP command message or by the reserved VDP type value.1, the command indication bits can be defined by the reserved value of the filter information format value in the existing command. of the reserved values 0x00, 0x50through 0xFF can be selected for definition, for example, whereas in the specific information format, the command indication bits are required to be included.2, optionally, the reserved value 0x66-0x7E can be used to define a new command indication code.
, FIG. 6 is a schematic diagram of the filter information format definition based on the command type indication of the filter information format according to the present invention, where the indication bit (such as the H bit in the figure, of course, other identification than H may be used for indication) is used to indicate whether VMM/Hypervisor is preferred for VDP message processing or EVB bridge is preferred for VDP message processing, and when receiving a VDP message that is preferentially processed by the EVB bridge, the EVB station/hybrid EVB does not process the VDP message, but directly forwards the VDP message to the EVB bridge, and processes the VDP message through the EVB bridge.
It should be further noted that , in the present invention, 2 VDP command extensions are involved, are join commands, and are indication commands, from the viewpoint of simplifying and efficiently defining VDP commands, optimized solutions are that 2 different bits can be defined in the filtering information field for indicating join VN commands and command type indications, respectively.
The sending module 30 is configured to send the VDP packet to an EVB bridge for processing if the VDP packet is not processed at the EVB station, so as to enable the VM to access the VN in the EVB bridge;
the processing module 40, if the VDP packet is processed at the EVB station, processes the VDP packet and accesses the VM to the VN.
And processing the VDP message at the front-end EVB station or processing the VDP message at the rear-end EVB bridge by judging whether the VDP message is processed by the EVB station or not.
The processing module 40 is further configured to implement VN identity authentication for the VM; after the VM passes the identity authentication of the VN, if the context/VRF forwarding table of the VN does not exist, generating the context/VRF forwarding table of the VN; and if the VM has no corresponding table entry in the VRF forwarding table, generating a corresponding VRF forwarding table entry of the VM in the VRF forwarding table.
In the returned authentication result information, optionally, step includes additional information including but not limited to virtual network ID (VN-ID), IP address information, and the like, after the authentication is passed, the EVB station judges whether the context/VRF forwarding table of the VN exists, if the context/VRF forwarding table of the VN does not exist, the VRF forwarding table of the VN is generated, step is performed, if the VRF table entry corresponding to the VM does not exist in the VRF forwarding table, the EVB station generates the VRF forwarding table entry corresponding to the VM, and adds the VRF forwarding table entry corresponding to the VM to the VRF forwarding table.
Specifically, the sending end takes a VM as an example, if the VM passes identity authentication of the VN and the VM is the th connected VM of the VN in the EVB station/NVE, the NVE creates a context/virtual network instance VNI of the VN, including a VRF table, and for the VM, optionally, allocates corresponding VLAN-ID information, and uses the VLAN-ID and corresponding physical interface information as the content of a forwarding table entry, and forms a VN forwarding table entry corresponding to the VM in the VRF.
Specifically, the VRF entry includes but is not limited to: IP/MAC address of VM, interface and/or subinterface (e.g. vlan ID), virtual network number/identity (VN-ID).
When the NVE generates a new VRF forwarding table or the content in the VRF forwarding table changes, the NVE carries out information synchronization of the virtual network through an NVE-NVA protocol. In particular, the NVE may automatically synchronize routing information of other NVEs of the virtual network via the protocol, i.e., synchronize local routing information, or newly updated routing information, to all other NVEs in the virtual network via the NVA. And the issuing of different routing information is distinguished by the virtual network ID, so that the error of routing updating between different virtual networks is avoided.
In other embodiments of the present invention, the NVE may also send a message to other NVEs, wherein encapsulates and distinguishes different virtual networks through virtual network IDs, and the destination VNE sends a message to a virtual machine of the virtual network, or may also serve as the destination NVE to receive messages from other NVEs.
To further illustrate the technical solution of the present invention at step , a typical processing flow of the solution of the present invention is proposed.
An processing flow includes generating a VM and setting initialization parameters, generating the VM and triggering an EVB station corresponding to the VM to start running, wherein the EVB station is an EVB station supporting the VM and a virtual network adapter (VNIC)/VSI corresponding to the VM, sending an extended VDP command with command indication information for joining the VN by the VM through an ER, processing the VDP command if the indication information indicates the VDP command and processing the VDP command locally, authenticating the identity of accessing the VN to the VM, returning identity authentication result information to an NVA steps of feeding back an EVB bridge VN-ID and an IP address (optionally, the IP address is an IP address newly allocated to the VM or confirmation of the IP address of the VM) and a VN context/VRF forwarding table generation command if the authentication is not passed, ending a processing process, generating a context/VRF forwarding table corresponding to the VM when the VN context/forwarding table does not exist by the EVB station, and forming a corresponding forwarding table entry for the VN/VRF.
This process, which may also be implemented by the NVA, explicitly instructs the NVE to perform the creation of the context/VRF forwarding table for the VN through a VN context/VRF forwarding table generation command.
If the VRF forwarding table already exists, the forwarding table is not needed to be generated, whether the forwarding table item corresponding to the VM exists or not is judged, and if the forwarding table item does not exist, the corresponding forwarding table item is formed in the VRF table of the VN.
The EVB station/NVE synchronizes the newly added forwarding table entry/forwarding table update information of the NVE to all other EVB bridges/NVEs in the NV via the network virtualization control device NVA.
Here synchronized by NVA to all other NVEs in the VN. And the notification of the routing information of different VNs is distinguished by VN-ID, so that the error of routing update between different VNs is avoided.
And the VM performs message forwarding. In particular, the method comprises the following steps of,
and (4) performing IP message encapsulation by using the VN-ID, or, in step , performing message encapsulation on the encapsulated IP message in step by using a preset second-layer protocol L2.
Another process flows:
the method comprises the steps of generating a VM (virtual machine interface) and setting initialization parameters, generating the VM and triggering an EVB (virtual network adapter) station corresponding to the VM to start running, wherein the EVB station is an EVB station supporting the VM and a virtual network adapter (VNIC)/VSI corresponding to the VM, sending an extended VDP (virtual network adapter) command with command indication information to join the VN through an ER (Ethernet controller), forwarding the VDP command to an EVB bridge if the indication information indicates the VDP command and is not processed locally, performing identity authentication of accessing the VN on the VM, returning result information of the identity authentication by an NVA (network video access) A (NVA), feeding back a VN-ID (virtual network interface-identity) and an IP address (optional IP address newly allocated to the VM or confirmation of the IP address of the VM) and a VN context/VRF forwarding table generation command in steps if the authentication is passed, finishing a processing process, generating a context/VRF forwarding table corresponding to the VN when the VN context/VRF forwarding table does not exist by the EVB bridge, and forming a corresponding forwarding.
This process, which may also be implemented by the NVA, explicitly instructs the NVE to perform the creation of the context/VRF forwarding table for the VN through a VN context/VRF forwarding table generation command.
If the VRF forwarding table already exists, the forwarding table is not needed to be generated, whether the forwarding table item corresponding to the VM exists or not is judged, and if the forwarding table item does not exist, the corresponding forwarding table item is formed in the VRF table of the VN.
The EVB bridge feeds back the processed confirmation information to the VM/ER/EVB station, and the method comprises the following optional steps: VN-ID information, and IP address information. The EVB bridge/NVE synchronizes the newly added forwarding table entry/forwarding table update information of the NVE to all other EVB bridges/NVEs in the NV via the network virtualization control device NVA.
Here. Synchronize to all other NVEs in the VN through the NVA. And the notification of the routing information of different VNs is distinguished by VN-ID, so that the error of routing update between different VNs is avoided. And the VM performs message forwarding. In particular, the method comprises the following steps of,
and (4) performing IP message encapsulation by using the VN-ID, or, in step , performing message encapsulation on the encapsulated IP message in step by using a preset second-layer protocol L2.
By the scheme of the embodiment of the invention, the adaptability of the VDP under typical application scenes of the VMM/NVE and the EVB bridge/NVE can be realized, and the smooth realization of the virtual network function based on the VDP is ensured.
In this embodiment, command type indication information is added to a received VDP message in which a virtual machine VM joins a virtual network VN, and the command type indication information indicates that an EVB station processes the VDP message or an EVB bridge processes the VDP message, so as to access the VM to the virtual network. The problems currently encountered in the implementation of VDP-based VNs are effectively avoided. The application range of the EVB is expanded, the complexity of the realization process of the VN based on the VDP is reduced, and the VN realization efficiency is further improved.
Corresponding to the embodiment of the virtual network implementation apparatus, the present invention further provides an virtual network implementation system, including the virtual network implementation apparatus and the EVB bridge, where:
the virtual network implementation device is used for receiving a VDP message which is sent by an ER (Ethernet operator) representative VM (virtual machine) in the EVB station and joins in the virtual network VN, wherein the VDP message comprises command type indication information; the virtual network implementation device is also used for judging whether the VDP message is processed in the virtual network implementation device or not according to the command type indication information included in the VDP message; the VM is accessed to the VN if the VDP packet is processed at the virtual network implementation device; the virtual network implementation device is also used for sending the VDP message to an EVB bridge for processing if the VDP message is not processed in the virtual network implementation device;
the EVB bridge is used for processing the VDP message and realizing that the VM is accessed to the VN;
the virtual network implementation device is further configured to implement VN identity authentication on the VM; after the VM passes the identity authentication of the VN, if the context/VRF forwarding table of the VN does not exist, generating the context/VRF forwarding table of the VN; and if the VM has no corresponding table entry in the VRF forwarding table, generating a corresponding table entry of the VM in the VRF forwarding table. The command type indication information is defined through a filtering information field of the VDP command message; or, defined by a reserved VDP type value; the virtual network implementation device is an EVB station and simultaneously supports EVB bridge and NVE functions.
The functions and implementation procedures of the implementation apparatus of the virtual network are as described above, and are not described in again.
The method and the device for achieving the VN of the virtual machine VM add the command type indication information into the received VDP message of the VN of the virtual machine VM, indicate that the VDP message is processed by the EVB station through the command type indication information, or the VDP message is processed by the EVB bridge to enable the VM to be accessed into the virtual network, and effectively avoid the problems in the implementation process of the VN based on the VDP at present.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (9)

1, A method for realizing virtual network, which is characterized in that it includes the following steps:
an edge virtual bridge EVB station receives a virtual machine interface discovery and configuration protocol (VDP) message which is sent by an ER (Ethernet virtual machine) in the EVB station and is added into a Virtual Network (VN) and represented by a Virtual Machine (VM), wherein the VDP message comprises command type indication information;
the EVB station judges whether the VDP message is processed at the EVB station or not according to the command type indication information included in the VDP message;
if so, the EVB station processes the VDP message and accesses the VM to the VN;
and if not, the EVB station sends the VDP message to an EVB bridge for processing so as to realize that the VM is accessed to the VN in the EVB bridge.
2. The method of claim 1, wherein the command type indication information is defined by a filter information field of a VDP command packet; alternatively, it is defined by a reserved VDP type value.
3. The method of claim 1, wherein the EVB station, supports EVB bridges and network virtualization edge devices NVEs.
4. A method for implementing a virtual network according to any of claims 1-3, wherein the step of the EVB station/EVB bridge accessing the VM to the VN comprises:
the EVB station/EVB bridge receiving verification information whether the VM passes identity authentication of the VN;
after the VM passes the verification, the EVB station/EVB bridge judges whether a VRF forwarding table of a context/virtual routing forwarding function of the VN exists or not;
if not, the EVB station/EVB bridge generates a VRF forwarding table of the VN;
and if the VRF table entry corresponding to the VM does not exist in the VRF forwarding table, the EVB station/EVB bridge generates the VRF forwarding table entry corresponding to the VM in the VRF forwarding table.
The device for implementing the virtual network of the kinds is characterized by comprising:
the device comprises a receiving module, a sending module and a sending module, wherein the receiving module is used for receiving a VDP message which is sent by an ER (Internet protocol) representative VM (virtual machine) in an EVB (event-based bus) station and joins in a virtual network VN, and the VDP message comprises command type indication information;
a determining module, configured to determine whether to process the VDP packet at the EVB station according to command type indication information included in the VDP packet;
a sending module, configured to send the VDP packet to an EVB bridge for processing if the VDP packet is not processed at the EVB station, so as to enable the VM to access the VN in the EVB bridge;
a processing module, configured to process the VDP packet and access the VM to the VN if the VDP packet is processed at the EVB station; the VN identity authentication of the VM is realized; after the VM passes the identity authentication of the VN, if the context/VRF forwarding table of the VN does not exist, generating the context/VRF forwarding table of the VN; and if the VM has no corresponding table entry in the VRF forwarding table, generating a corresponding VRF forwarding table entry of the VM in the VRF forwarding table.
6. The apparatus for implementing a virtual network according to claim 5, wherein the command type indication information is defined by a filter information field of a VDP command packet; alternatively, it is defined by a reserved VDP type value.
7. The apparatus of claim 5 or 6, wherein the apparatus is an EVB station, supporting both EVB bridge and NVE functionality.
The system for implementing virtual network of 8, , comprising the virtual network implementing apparatus of any of claims 5 to 7 and the EVB bridge, wherein:
the virtual network implementation device is used for receiving a VDP message which is sent by an ER (Ethernet operator) representative VM (virtual machine) in the EVB station and joins in the virtual network VN, wherein the VDP message comprises command type indication information; the virtual network implementation device is also used for judging whether the VDP message is processed in the virtual network implementation device or not according to the command type indication information included in the VDP message; the VM is accessed to the VN if the VDP packet is processed at the virtual network implementation device; the virtual network implementation device is also used for sending the VDP message to an EVB bridge for processing if the VDP message is not processed in the virtual network implementation device;
the EVB bridge is used for processing the VDP message and realizing that the VM is accessed to the VN;
the virtual network implementation device is further configured to implement VN identity authentication on the VM; after the VM passes the identity authentication of the VN, if the context/VRF forwarding table of the VN does not exist, generating the context/VRF forwarding table of the VN; and if the VM has no corresponding table entry in the VRF forwarding table, generating a corresponding table entry of the VM in the VRF forwarding table.
9. The system for implementing a virtual network according to claim 8, wherein the command type indication information is defined by a filtering information field of a VDP command packet; or, defined by a reserved VDP type value; the virtual network implementation device is an EVB station and simultaneously supports EVB bridge and NVE functions.
CN201510111334.0A 2015-03-13 2015-03-13 Method, device and system for realizing virtual network Active CN106034115B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510111334.0A CN106034115B (en) 2015-03-13 2015-03-13 Method, device and system for realizing virtual network
PCT/CN2015/092127 WO2016145839A1 (en) 2015-03-13 2015-10-16 Virtual network implementing method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510111334.0A CN106034115B (en) 2015-03-13 2015-03-13 Method, device and system for realizing virtual network

Publications (2)

Publication Number Publication Date
CN106034115A CN106034115A (en) 2016-10-19
CN106034115B true CN106034115B (en) 2020-01-31

Family

ID=56919600

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510111334.0A Active CN106034115B (en) 2015-03-13 2015-03-13 Method, device and system for realizing virtual network

Country Status (2)

Country Link
CN (1) CN106034115B (en)
WO (1) WO2016145839A1 (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8953621B2 (en) * 2010-09-10 2015-02-10 Futurewei Technologies, Inc. Specifying priority on a virtual station interface discovery and configuration protocol response
CN102647288B (en) * 2011-02-16 2018-02-13 中兴通讯股份有限公司 A kind of VM data accesses guard method and system
CN103428106B (en) * 2012-05-16 2016-11-23 华为技术有限公司 The method of the Message processing after virtual machine VM migration and equipment thereof
CN103631652B (en) * 2012-08-28 2018-09-28 中兴通讯股份有限公司 The realization method and system of virtual machine (vm) migration
CN104202187B (en) * 2014-08-28 2017-11-14 新华三技术有限公司 A kind of method and apparatus that the virtual bridged function in edge is disposed for interchanger

Also Published As

Publication number Publication date
CN106034115A (en) 2016-10-19
WO2016145839A1 (en) 2016-09-22

Similar Documents

Publication Publication Date Title
EP2840743B1 (en) Method and system for realizing virtual network
CN107872542B (en) Data transmission method and network equipment
US11831551B2 (en) Cloud computing data center system, gateway, server, and packet processing method
CN103580980B (en) The method and device thereof that virtual network finds and automatically configures automatically
WO2016155394A1 (en) Method and device for establishing link between virtual network functions
EP3373518B1 (en) Service configuration method and device for network service
EP2945320A1 (en) Method, device and routing system for data transmission of network virtualization
US9344286B2 (en) Multicast data forwarding method and device supporting virtual terminal
EP2725749B1 (en) Method, apparatus and system for processing service flow
WO2017032251A1 (en) Virtual network management
WO2015074182A1 (en) Table items addressing method, switch, and controller based on flow table
WO2014166247A1 (en) Implementation method and system for virtual network management
CN108011754B (en) Transfer control separation system, backup method and device
JP5679343B2 (en) Cloud system, gateway device, communication control method, and communication control program
CN103631652A (en) Method and system for achieving virtual machine migration
CN110855488B (en) Virtual machine access method and device
CN112637105B (en) Method, system, device and computer readable storage medium for switching firewall
WO2013097079A1 (en) Method for providing services by cloud platform and cloud platform
WO2021174943A1 (en) Data forwarding method and apparatus, and device and storage medium
CN104040964A (en) Method, device and data center network for cross-service zone communication
WO2014059787A1 (en) Communication connection method, communication device and communication system
CN109391597B (en) Authentication method, authentication system, and communication system
WO2015081785A1 (en) Method and device for virtualized access
EP4132197A1 (en) Communication method and related device
CN106034115B (en) Method, device and system for realizing virtual network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant