CN106161115A - A kind of device management method being applied to VXLAN and device - Google Patents
A kind of device management method being applied to VXLAN and device Download PDFInfo
- Publication number
- CN106161115A CN106161115A CN201610846530.7A CN201610846530A CN106161115A CN 106161115 A CN106161115 A CN 106161115A CN 201610846530 A CN201610846530 A CN 201610846530A CN 106161115 A CN106161115 A CN 106161115A
- Authority
- CN
- China
- Prior art keywords
- vxlan
- network device
- virtual network
- resource
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0246—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
- H04L41/0266—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using meta-data, objects or commands for formatting management information, e.g. using eXtensible markup language [XML]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
- H04L12/4645—Details on frame tagging
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of device management method being applied to VXLAN and device, the present invention using VXLAN as a kind of resource, by virtual for physical network device be at least one virtual network device time, VXLAN resource is distributed to different virtual network devices.The most on this basis, physical network device will be forwarded to the VXLAN message received to meet the virtual network device of condition, so that described VXLAN message is managed by described virtual network device based on local policy, i.e. reach the purpose of virtual network device self management.
Description
Technical field
The present invention relates to the communications field, particularly relate to a kind of device management method being applied to VXLAN and device.
Background technology
Virtual extended LAN (VXLAN:Virtual Extensible Local Area Network) is a kind of big two
The virtual networking of layer, main technical principle is to quote a User Data Protocol (UDP:User Data Protocol) lattice
The outer layer tunnel of formula, as the link layer of data, and legacy data message content transmits as tunnel payload, owing to outer layer is adopted
With UDP as transmission means, it is possible to allow payload data is easy to do to be transmitted two, in three-layer network.VXLAN uses 24
Bit identifier, at most can support 24 power VXLAN, the problem solving tradition double layer network VLAN inadequate resource.
In prior art, the virtualized resource that divides of the network equipment is hardware resource, will the network equipment hardware money
Source virtualizes, specifically: the hardware resource such as board, port is divided into independent virtual network device, facilitates each void
Intend the network equipment hardware resource assigned to is configured.But, under given conditions, such as network device hardware resource
When in limited or specific network environment, the incoming interface of flow or outgoing interface share, hardware resource can not be allocated to some
Individually virtual network device goes management, and virtual network device i.e. cannot be made to reach the purpose of self management.
Summary of the invention
The present invention provides a kind of device management method being applied to VXLAN and device, with under given conditions, such as
In network device hardware resource-constrained or specific network environment, incoming interface or the outgoing interface of flow share, and cause hardware resource
Can not be allocated to some single virtual network device go management time so that virtual network device can reach self management
Purpose.
According to the first aspect of the invention, it is provided that a kind of device management method being applied to VXLAN, the method includes:
Receive VXLAN message;
Find full in the n platform virtual network device that this equipment fictionalizes according to the VXLAN mark ID that VXLAN message carries
The virtual network device of foot condition, described condition is: ID corresponding to the VXLAN resource that is assigned to is described VXLAN ID;
Described VXLAN message is transmitted to meet the virtual network device of condition so that described virtual network device based on
Described VXLAN message is managed by local policy.
According to the second aspect of the invention, it is provided that a kind of equipment management device being applied to VXLAN, this device includes:
Receive unit, be used for receiving VXLAN message;
Search unit, the n platform virtual net that the VXLAN mark ID for carrying fictionalizes at this equipment according to VXLAN message
Finding the virtual network device meeting condition in network equipment, described condition is: ID corresponding to the VXLAN resource that is assigned to is described
VXLAN ID;
Retransmission unit, for described VXLAN message is transmitted to meet the virtual network device of condition, so that described virtual
Described VXLAN message is managed by the network equipment based on local policy.
For preferably realizing a first aspect of the present invention, present invention also offers a kind of side being applied to management equipment
Method, the method includes:
Fictionalizing at least one virtual network device on physical network device, different virtual network devices have different
Device identification;
For every virtual network device distribution VXLAN resource, the VXLAN resource for different virtual network device distribution can not
Overlapping;
It is to be assigned the virtual network device life of this VXLAN resource according to the business roles of virtual machine VM in VXLAN resource
Become the message strategy of corresponding described business roles, by described message strategy record to this virtual network device, so that this virtual net
Described in network equipment utilization, message is managed by message strategy.
For a second aspect of the present invention is better achieved, present invention also offers a kind of device being applied to management equipment,
This device includes:
Dummy unit, for fictionalizing at least one virtual network device on physical network device, different virtual networks
Equipment has different device identifications;
Resource allocation unit, for distributing VXLAN resource for every virtual network device, divides for different virtual network devices
The VXLAN resource joined can not be overlapping;
Strategy generating unit, is used for according to the business roles of virtual machine VM in VXLAN resource as being assigned this VXLAN resource
Virtual network device generate corresponding described business roles message strategy, described message strategy record is set to this virtual network
It is standby, so that this virtual network device utilizes described message strategy to be managed message.
By above method it can be seen that the present invention using VXLAN as a kind of resource, by virtual for physical network device be to
During a few virtual network device, VXLAN resource is distributed to different virtual network devices, and according to VM in VXLAN resource
Business roles be assigned this VXLAN resource virtual network device generate corresponding described business roles message strategy, note
In the virtual network device that record is the most corresponding.The most on this basis, physical network device will carry according to the VXLAN message received
ID be that this message finds the virtual network device meeting condition, and VXLAN message is transmitted to this virtual net meeting condition
Network equipment, so that described VXLAN message is managed by described virtual network device based on local policy, i.e. reaches virtual network
The purpose of equipment self management.
Accompanying drawing explanation
Fig. 1 is the device virtualization scene schematic diagram being applied to VXLAN in the embodiment of the present invention.
Fig. 2 is a kind of device management method flow chart being applied to VXLAN that the present invention provides.
Fig. 3 is a kind of method flow diagram being applied to management equipment that the present invention provides.
Fig. 4 is the structural representation of VXLAN message.
Fig. 5 is that an embodiment networking structure of the device management method of a kind of VXLAN of being applied to that the present invention provides shows
It is intended to.
Fig. 6 is the tactful configuration figure in this enforcement under different virtual transparent transmission equipments.
Fig. 7 is a kind of equipment management device structure chart being applied to VXLAN that the present invention provides.
Fig. 8 is a kind of structure drawing of device being applied to management equipment that the present invention provides.
Detailed description of the invention
For the technical scheme making those skilled in the art be better understood from the embodiment of the present invention, and make the present invention real
Execute the above-mentioned purpose of example, feature and advantage can become apparent from understandable, below in conjunction with the accompanying drawings to the technology in the embodiment of the present invention
Scheme is described in further detail.
The core idea of the present invention is as a kind of resource using VXLAN, is being at least one by virtual for physical network device
During virtual network device, VXLAN resource is distributed to different virtual network devices, and according to the business of VM in VXLAN resource
Role is the message strategy of the virtual network device corresponding described business roles of generation being assigned this VXLAN resource, and record is to the most right
In the virtual network device answered.The most on this basis, physical network device will be transmitted to the VXLAN message received to meet bar
The virtual network device of part, so that described VXLAN message is managed by described virtual network device based on local policy, i.e. reaches
Purpose to virtual network device self management.Based on this inventive concept, Fig. 1 gives physical network device virtualization and
One example of VXLAN resource distribution, concrete virtualization process and VXLAN resource allocation process will be in subsequent embodiments
Describe in detail, do not repeat them here.
It is pointed out that according to Internet engineering duty group (IETF:The Internet Engineering
Task Force) the VXLAN draft standard that is given: VXLAN uses 24 bit identifiers, supports 16777216 VXLAN, then will
Physical network device is virtual when being at least one virtual network device, can be provided by the one or more VXLAN in 1-16777215
Different virtual network devices is distributed in source, and the VXLAN resource that different virtual network devices are comprised can not be overlapping.
Seeing Fig. 1, Fig. 1 is the device virtualization scene schematic diagram being applied to VXLAN in the embodiment of the present invention.
Scene schematic diagram as shown in Figure 1 include physical network device, virtual machine (VM:Virtual Machine),
VXLAN endpoint of a tunnel (VTEP:VXLAN Tunnel End Point) and router etc..
Each equipment in this scene schematic diagram will be briefly introduced below:
Physical network device: in the present embodiment, physical network device can be transparent transmission equipment, about saturating transparent transmission
Equipment, will describe in detail in subsequent embodiment, not repeat them here.
Router: the nucleus equipment of the Protocol IP network of interconnection between network, is responsible for according to purpose IP in VXLAN message
Address carries out three layers of forwarding to VXLAN message.
VM: can be the most virtual arbitrary equipment out, such as Virtual User equipment, virtual server etc..
Different VM can belong to different VXLAN, and in Fig. 1, VM1 and VM2 belongs to VXLAN2, VM3 and belong to VXLAN1.It may be noted that
, VM can undertake different business, and belong to two layers of isolation between the VM of different VXLAN, belong to the VM of identical VXLAN then
Belong to same logic double layer network, double layer intercommunication each other.
The edge device of VTEP:VXLAN, can identify the VXLAN mark of VXLAN belonging to the VM sending VXLAN message, and
The encapsulation of VXLAN message and decapsulation and two layers of forwarding based on VXLAN Frame are responsible for it.VTEP and physical network
It is connected, is assigned the IP address of physical network, and this IP address is unrelated with virtual network.It is pointed out that VTEP can be
The physical network device of one platform independent, it is also possible to be the server at VM place.
So far the explanation to Fig. 1 is completed.
The method provided the present invention below by Fig. 2 is described:
The method that the present invention provides can under given conditions, such as network device hardware resource-constrained or specific
Network environment in the incoming interface of flow or outgoing interface share, cause hardware resource can not merely be allocated to some single
When virtual network device goes management so that virtual network device reaches the purpose of self management.
Seeing a kind of device management method flow chart being applied to VXLAN that Fig. 2, Fig. 2 provide for the present invention, the method should
For physical network device, its flow process may comprise steps of:
Step 201: physical network device receives VXLAN message.
In the present embodiment, physical network device can be physics transparent transmission equipment, and transparent transmission equipment includes but do not limits
In: intrusion prevention system IPS, network log-in management and fluidic device UAG.
It is pointed out that physical network device will receive VXLAN message from identical incoming interface.
Step 202: the n platform that the VXLAN mark ID that physical network device carries according to VXLAN message fictionalizes at this equipment
Virtual network device find the virtual network device meeting condition, above-mentioned condition are: the ID that the VXLAN resource that is assigned to is corresponding
For above-mentioned VXLAN ID.
In the present embodiment, when receiving VXLAN message, the VXLAN resource preserved in this locality is reflected by physical network device
Firing table finds the mapping item that the ID carried with above-mentioned VXLAN message mates, virtual net in the mapping item that then will find
Virtual network device corresponding to network device identification is as the above-mentioned virtual network device meeting condition.Wherein, VXLAN resource maps
Mark that each mapping item in table comprises virtual network device and the VXLAN resource that this virtual network device is assigned to
ID, as shown in table 1:
| Virtual network device 1 | VXLAN 1 |
| Virtual network device 2 | VXLAN 2、VXLAN 3 |
Table 1
In the present embodiment, virtual for the physical network device process for n platform virtual network device will be applied to pipe below
The method flow of reason equipment describes in detail, does not repeats them here.
Step 203: above-mentioned VXLAN message is transmitted to meet the virtual network device of condition by physical network device, so that
Above-mentioned VXLAN message is managed by above-mentioned virtual network device based on local policy.
So far, the flow process shown in Fig. 2 is completed.
For preferably realizing said method, present invention also offers a kind of method applied on management equipment, the method
Can comprise the steps of
Step 301: management equipment fictionalizes at least one virtual network device, different virtual nets on physical network device
Network equipment has different device identifications.
Step 302: management equipment is every virtual network device distribution VXLAN resource, divides for different virtual network devices
The VXLAN resource joined can not be overlapping.
Step 303: management equipment according to the business roles of virtual machine VM in VXLAN resource for being assigned this VXLAN resource
Virtual network device generate corresponding above-mentioned business roles message strategy, above-mentioned message strategy record is set to this virtual network
It is standby, so that this virtual network device utilizes above-mentioned message strategy to be managed message.
In the present embodiment, management equipment provides for being assigned this VXLAN according to the business roles of virtual machine VM in VXLAN resource
The virtual network device in source generates the process of the message strategy of corresponding above-mentioned business roles and incites somebody to action specific explanations in the following embodiments,
Do not repeat them here.
By shown in Fig. 2, Fig. 3 it can be seen that the present invention using VXLAN as a kind of resource, physical network device is empty
When being intended to be at least one virtual network device, VXLAN resource is distributed to different virtual network devices, and provides according to VXLAN
In source, the business roles of VM is the message plan of the virtual network device corresponding above-mentioned business roles of generation being assigned this VXLAN resource
Slightly, in the virtual network device that record is the most corresponding.The most on this basis, physical network device is by according to the VXLAN report received
The ID that literary composition carries is that this message finds the virtual network device meeting condition, and VXLAN message is transmitted to this meets condition
Virtual network device, so that above-mentioned VXLAN message is managed by above-mentioned virtual network device based on local policy, i.e. reaches empty
Intend the purpose of network equipment self management.
Below by a preferred embodiment, the flow process of Fig. 2 is described:
The method that the present invention provides can under given conditions, such as network device hardware resource-constrained or specific
Network environment in the incoming interface of flow or outgoing interface share, cause hardware resource can not merely be allocated to some single
When virtual network device goes management so that virtual network device can reach the purpose of self management.
In order to better illustrate under the above specified conditions, a kind of device management method being applied to VXLAN of the present embodiment
The purpose that virtual network device how will be made to reach self management, shows the form of VXLAN message below by Fig. 4, bright
Really the form of VXLAN message will assist in us and is more fully understood that VXLAN ID role in present inventive concept.
See the form schematic diagram that Fig. 4, Fig. 4 are VXLAN message.It can be seen that VXLAN message wraps on the whole
Include the original payload of internal layer and two, the VXLAN tunnel part of outer layer, in VXLAN tunnel use VXLAN network identity (VNI:
VXLAN Network Identifier) this field stores VXLAN ID.In this application scene, when receiving what VM sent
During message, VTEP will be using this message as original payload, in the outer envelope VXLAN tunnel of this original payload, and by this VXLAN
The mark of VXLAN belonging to message is added to VNI field.
So far the description to VXLAN message format is completed.
See the embodiment group that Fig. 5, Fig. 5 are a kind of device management methods being applied to VXLAN that the present invention provides
Web frame schematic diagram.
Unlike Fig. 1, the present embodiment networking structure schematic diagram by the physical network device in Fig. 1 specifically in order to transparent
Transmission equipment, common transparent transmission equipment can be intrusion prevention system (IPS:Intrusion Prevention
System), network log-in management and fluidic device (UAG:forefront Unified Access Gateway) etc..Wherein,
IPS, as the computer network security equipment that can monitor network data transport behavior, is soft to fire wall and anti-virus
Supplementing of part, is mainly used in four to five layers.UAG is that new generation network application layer manages product, and user not only can be helped reasonable
Utilize the network bandwidth, promote work efficiency and risk in fraud of law, it is also possible to the internet behavior, appropriate of management and control enterprise staff comprehensively
Kind record and all kinds of user behaviors log of auditing, check for enterprise administrator is on-demand.
According to the core idea of the present invention, at this by virtual for physics transparent transmission equipment for the virtual transparent transmission equipment of n platform,
Different virtual transparent transmission equipments have different device identifications, as illustrated in FIG. 5: virtual transparent transmission equipment 1, virtual
Bright transmission equipment 2 ... virtual transparent transmission equipment n.It is pointed out that physics transparent transmission according to embodiments of the present invention
The specification of equipment, the span of n can be 1≤n≤1024.
Then it is every virtual transparent transmission equipment distribution VXLAN resource, for the distribution of different virtual transparent transmission equipments
VXLAN resource can not be overlapping.As illustrated in FIG. 5: VXLAN 1 is distributed to virtual transparent transmission equipment 1, by VXLAN 2,
VXLAN 3 distributes to virtual transparent transmission equipment 2 ... wherein, VXLAN x, such as VXLAN 1, for mark ID of VXLAN.
After this, it is be assigned this VXLAN resource virtual according to the business roles of virtual machine VM in VXLAN resource
Bright transmission equipment generates the message strategy of corresponding business roles, by message strategy record to this virtual transparent transmission equipment, so that
This virtual transparent transmission equipment utilizes above-mentioned message strategy to be managed message.In the present embodiment, transparent transmission equipment can be joined
The strategy put includes but not limited to: intrusion prevention, speed limit, behavior auditing, access control, Bandwidth guaranteed etc..Set following relation:
Strategy 1 intrusion prevention, tactful 2 speed limits, tactful 3 behavior auditings, strategy 4 access control, strategy 5 band
Wide guarantee
The strategy that equipment is the configuration of different virtual transparent transmission equipment is managed during then Fig. 6 shows the present embodiment.
In order to better illustrate management equipment by how according to the business roles of virtual machine VM in VXLAN resource for being assigned
The virtual transparent transmission equipment of this VXLAN resource generates the message strategy of corresponding business roles, can set the business that VM1 is undertaken
Role is the produce sector of certain company, and the business roles that VM2 is undertaken is the advertising department of certain company, from figure 5 it can be seen that
The VXLAN2 resource at VM1 and VM2 place is allocated to virtual transparent transmission equipment 2, then due to produce sector and advertising department
It is required for collecting substantial amounts of intention resource, so needing to configure higher bandwidth to improve intention yield, again advertising department for it
Undertake public image design and the propaganda work of company, so being necessary to ensure that the message that this department personnel externally issue simultaneously
Meet theory and the interests of company.Based on this, the strategy for the configuration of virtual transparent transmission equipment 2 can be:
Strategy 3_2: the VXLAN message being forwarded to virtual transparent transmission equipment 2 is performed following action: in this message
Hold and carry out keyword recognition, record and blocking-up etc., it is ensured that the legitimacy of outgoing speech.
Strategy 5_2: ensure that the bandwidth being forwarded to the VXLAN message acquisition of virtual transparent transmission equipment 2 is at least 3GB/s.
In like manner, if the research and development department that business roles is certain company that VM3 is undertaken, from figure 5 it can be seen that VM3 place
VXLAN1 resource be allocated to virtual transparent transmission equipment 1, then need to collect a large amount of due to the staff of research and development department
Scientific research data but be not required to access recreational website, so for virtual transparent transmission equipment 1 configuration strategy can be:
Strategy 4_1: limitation forwarding accesses shopping website to the VXLAN message of virtual transparent transmission equipment 1.
Strategy 5_1: ensure that the bandwidth being forwarded to the VXLAN message acquisition of virtual transparent transmission equipment 1 is at least 5GB/s.
Hereinafter start to specifically describe this preferred embodiment:
Seeing Fig. 6, the present embodiment will send as a example by VXLAN message to physics transparent transmission equipment via VTEP1 by VM3,
Specifically describe the purpose how this preferred embodiment will make virtual transparent transmission equipment reach self management.
VM3 sends message 1 to VTEP1, and the source MAC of message 1 is the MAC Address of VM3, for the purpose of target MAC (Media Access Control) address
The MAC Address of VM.
It is pointed out that if VM3 does not knows the MAC Address of purpose VM, then can carry out beforehand through in networking
The mode of ARP broadcast obtains the MAC Address of purpose VM, and the process of the MAC Address obtaining purpose VM here is not belonging to model of the present invention
Enclose, therefore be not described in detail.
VTEP1 receives message 1 by user-side port, and determines the VXLAN mark belonging to message 1: VXLAN 1.
VTEP1 is message 1 packaging V XLAN tunnel (message 1 encapsulating VXLAN tunnel is designated as VXLAN message 1).Should
The VXLAN tunnel packet of encapsulation is containing the VXLAN mark belonging to message 1: VXLAN 1, the legacy data of message 1 will be reported as VXLAN
The original payload of literary composition 1 is transmitted.
VXLAN message 1 is sent to physics transparent transmission equipment by VTEP1.
Physics transparent transmission equipment receives VXLAN message 1.
Physics transparent transmission determines that the VXLAN message 1 received is VXLAN message.
Concrete, physics transparent transmission equipment will determine that in the VXLAN message 1 received whether be packaged with VXLAN tunnel,
This VXLAN tunnel comprises VXLAN mark: VXLAN 1, if VXLAN message 1 is packaged with VXLAN tunnel, it is determined that VXLAN
Message 1 is VXLAN message.
The VXLAN mark comprised in physics transparent transmission equipment identification above-mentioned VXLAN tunnel: VXLAN 1.
The VXLAN resource that physics transparent transmission equipment preserves in this locality according to the VXLAN mark VXLAN 1 identified maps
Table finds the mapping item mated with VXLAN 1, and by void corresponding for virtual transparent transmission equipment mark in this mapping item
Intend transparent transmission equipment as the above-mentioned virtual transparent transmission equipment meeting condition, the most virtual transparent transmission equipment 1.This mapping table
Item illustrates with the form of table 1 in above-mentioned steps 202, does not repeats them here.
Concrete, it can also be seen that the present embodiment meets the void of condition from the VXLAN resource mapping graph shown in Fig. 5
Intending transparent transmission equipment is virtual transparent transmission equipment 1.
VXLAN message 1 is forwarded to virtual transparent transmission equipment 1 by physics transparent transmission equipment, so that virtual transparent transmission
VXLAN message 1 is managed by equipment 1 based on local tactful 4_1, strategy 5_1.
Although it is pointed out that from fig. 6, it can be seen that virtual transparent transmission equipment 1 and virtual transparent transmission equipment 2 times
It is equipped with strategy 5, but is because strategy 5 and is configured under different virtual transparent transmission equipments, so according to VXLAN resource
The difference of middle VM business roles, management equipment is virtual transparent transmission equipment 1 and the strategy 5 of virtual transparent transmission equipment 2 configuration
Also differ, what strategy 5_2 of strategy 5_1 can be expressed as.
So far, the description to this preferred embodiment is completed.
Above by a preferred embodiment, the method for the present invention is illustrated, by this explanation it can be seen that
The present invention using VXLAN as a kind of resource, by virtual for physical network device be at least one virtual network device time, general
VXLAN resource distributes to different virtual network devices, and according to the business roles of VM in VXLAN resource for being assigned this
The virtual network device of VXLAN resource generates the message strategy of corresponding above-mentioned business roles, and record sets to corresponding virtual network
In Bei.The most on this basis, to be that this message finds by the ID carried according to the VXLAN message that receives satisfied for physical network device
The virtual network device of condition, and VXLAN message is transmitted to this virtual network device meeting condition, so that above-mentioned virtual net
Above-mentioned VXLAN message is managed by network equipment based on local policy, i.e. reaches the purpose of virtual network device self management.
The method provided the present invention above is described, and the device provided the present invention below is described:
For device embodiment, due to its basic corresponding method embodiment, implement so relevant part sees method
The part of example illustrates.Device embodiment discussed below is only schematically, the most above-mentioned says as separating component
Bright unit can be or may not be physically separate, and the parts shown as unit can be or can not also
It is physical location, i.e. may be located at a place, or can also be distributed on multiple NE.Can be according to actual need
Select some or all of module therein to realize the purpose of the inventive method.Those of ordinary skill in the art are not paying
In the case of creative work, i.e. it is appreciated that and implements.
Refer to Fig. 7, Fig. 7 is a kind of equipment management device structure chart being applied to VXLAN that the present invention provides, this device
Including: receive unit 710, search unit 720, retransmission unit 730.
Receive unit 710, be used for receiving VXLAN message.
Searching unit 720, the n platform that the VXLAN mark ID for carrying according to VXLAN message fictionalizes at this equipment is virtual
The network equipment find the virtual network device meeting condition, above-mentioned condition are: ID corresponding to the VXLAN resource that is assigned to is upper
State VXLAN ID.
Retransmission unit 730, for above-mentioned VXLAN message is transmitted to meet the virtual network device of condition, so that above-mentioned
Above-mentioned VXLAN message is managed by virtual network device based on local policy.
As a preferred embodiment, said apparatus can be transparent transmission device, and above-mentioned transparent transmission device includes
But it is not limited to: intrusion prevention system IPS, network log-in management and fluidic device UAG.
As another preferred embodiment, above-mentioned lookup unit 720 includes: searches subelement 721, determine subelement
722。
Search subelement 721, find in the VXLAN resource mapping table preserved in this locality and take with above-mentioned VXLAN message
The mapping item of the ID coupling of band, each mapping item in VXLAN resource mapping table comprise the mark of virtual network device with
And the VXLAN resource ID that this virtual network device is assigned to.
Determine subelement 722, for by virtual net corresponding for virtual network device mark in the above-mentioned mapping item found
Network equipment is as the above-mentioned virtual network device meeting condition.
So far, the description to Fig. 7 shown device structure is completed.
Refer to Fig. 8, Fig. 8 is a kind of structure drawing of device being applied to management equipment that the present invention provides, and this device includes:
Dummy unit 810, resource allocation unit 820, strategy generating unit 840.
Dummy unit 810, for fictionalizing at least one virtual network device on physical network device, different virtual nets
Network equipment has different device identifications.
Resource allocation unit 820, for distributing VXLAN resource for every virtual network device, sets for different virtual networks
The VXLAN resource that back-up is joined can not be overlapping.
Strategy generating unit 840, is used for according to the business roles of virtual machine VM in VXLAN resource as being assigned this VXLAN
The virtual network device of resource generates the message strategy of corresponding above-mentioned business roles, by above-mentioned message strategy record to this virtual net
Network equipment, so that this virtual network device utilizes above-mentioned message strategy to be managed message.
As another preferred embodiment, this device farther includes: mapping table record unit 830.
Mapping table record unit 830, is used for generating VXLAN resource mapping table and recording extremely above-mentioned physical network device, with
Make physical network device based on above-mentioned VXLAN resource mapping table the VXLAN ID that carries according to VXLAN message E-Packet to
Corresponding virtual network device, wherein, each mapping item in VXLAN resource mapping table comprises the mark of virtual network device
And the VXLAN resource ID that this virtual network device is assigned to.
So far, the description to Fig. 8 shown device structure is completed.
By apparatus above embodiment it can be seen that the present invention using VXLAN as a kind of resource, physical network device is empty
When being intended to be at least one virtual network device, VXLAN resource is distributed to different virtual network devices, and provides according to VXLAN
In source, the business roles of VM is the message plan of the virtual network device corresponding above-mentioned business roles of generation being assigned this VXLAN resource
Slightly, in the virtual network device that record is the most corresponding.The most on this basis, physical network device is by according to the VXLAN report received
The ID that literary composition carries is that this message finds the virtual network device meeting condition, and VXLAN message is transmitted to this meets condition
Virtual network device, so that above-mentioned VXLAN message is managed by above-mentioned virtual network device based on local policy, i.e. reaches empty
Intend the purpose of network equipment self management.
In said apparatus, the function of unit and the process that realizes of effect specifically refer to corresponding step in said method
Realize process, do not repeat them here.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention
Within god and principle, any modification, equivalent substitution and improvement etc. done, should be included within the scope of the present invention.
Claims (10)
1. the device management method being applied to VLAN VXLAN, it is characterised in that described method is applied to Physical Network
Network equipment, including:
Receive VXLAN message;
The VXLAN mark ID carried according to VXLAN message finds in the n platform virtual network device that this equipment fictionalizes and meets bar
The virtual network device of part, described condition is: ID corresponding to the VXLAN resource that is assigned to is described VXLAN ID;
Described VXLAN message is transmitted to meet the virtual network device of condition, so that described virtual network device is based on this locality
Described VXLAN message is managed by strategy.
Method the most according to claim 1, it is characterised in that originally setting according to the VXLAN mark ID that VXLAN message carries
The standby n platform virtual network device fictionalized finds the virtual network device meeting condition, including:
The mapping item that the ID carried with described VXLAN message mates is found in the VXLAN resource mapping table that this locality preserves,
Mark and this virtual network device that each mapping item in VXLAN resource mapping table comprises virtual network device are allocated
The VXLAN resource ID arrived;
Virtual network device corresponding for virtual network device mark in the described mapping item found is met condition as described
Virtual network device.
Method the most according to claim 1, it is characterised in that described physical network device is physics transparent transmission equipment,
Described transparent transmission equipment includes but not limited to: intrusion prevention system IPS, network log-in management and fluidic device UAG.
4. the device management method being applied to VXLAN, it is characterised in that described method includes:
Fictionalizing at least one virtual network device on physical network device, different virtual network devices have different equipment
Mark;
For every virtual network device distribution VXLAN resource, the VXLAN resource for different virtual network device distribution can not weigh
Folded;
According to the business roles of virtual machine VM in VXLAN resource be assigned this VXLAN resource virtual network device generate right
Answer the message strategy of described business roles, by described message strategy record to this virtual network device, so that this virtual network sets
For utilizing described message strategy that message is managed.
Method the most according to claim 4, it is characterised in that described method farther includes:
Generate VXLAN resource mapping table and record to described physical network device, so that physical network device is based on described VXLAN
Resource mapping table the VXLAN ID carried according to VXLAN message E-Packet to corresponding virtual network device;
Each mapping item in VXLAN resource mapping table comprises mark and this virtual network device quilt of virtual network device
The VXLAN resource ID being assigned to.
6. the equipment management device being applied to VLAN VXLAN, it is characterised in that described device includes:
Receive unit, be used for receiving VXLAN message;
Searching unit, the n platform virtual network that the VXLAN mark ID for carrying according to VXLAN message fictionalizes at this equipment sets
The virtual network device meeting condition, described condition is found to be in Bei: ID corresponding to the VXLAN resource that is assigned to is described
VXLAN ID;
Retransmission unit, for described VXLAN message is transmitted to meet the virtual network device of condition, so that described virtual network
Described VXLAN message is managed by equipment based on local policy.
Device the most according to claim 6, it is characterised in that described lookup unit includes:
Search subelement, find, in the VXLAN resource mapping table preserved in this locality, ID carried with described VXLAN message
The mapping item joined, each mapping item in VXLAN resource mapping table comprises the mark of virtual network device and this is virtual
The VXLAN resource ID that the network equipment is assigned to;
Determine subelement, for being made by virtual network device corresponding for virtual network device mark in the described mapping item found
For the described virtual network device meeting condition.
Device the most according to claim 6, it is characterised in that described device is transparent transmission device, described transparent transmission
Device includes but not limited to: intrusion prevention system IPS, network log-in management and fluidic device UAG.
9. the equipment management device being applied to VXLAN, it is characterised in that described device includes:
Dummy unit, for fictionalizing at least one virtual network device on physical network device, different virtual network devices
There is different device identifications;
Resource allocation unit, for distributing VXLAN resource for every virtual network device, for different virtual network devices distribution
VXLAN resource can not be overlapping;
Strategy generating unit, being used for according to the business roles of virtual machine VM in VXLAN resource is the void being assigned this VXLAN resource
Intend the network equipment and generate the message strategy of corresponding described business roles, by described message strategy record to this virtual network device,
So that this virtual network device utilizes described message strategy to be managed message.
Device the most according to claim 9, it is characterised in that described device farther includes:
Mapping table record unit, is used for generating VXLAN resource mapping table and recording to described physical network device, so that Physical Network
Network equipment E-Packets to corresponding void based on described VXLAN resource mapping table the VXLAN ID that carries according to VXLAN message
Intend the network equipment;
Each mapping item in VXLAN resource mapping table comprises mark and this virtual network device quilt of virtual network device
The VXLAN resource ID being assigned to.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610846530.7A CN106161115A (en) | 2016-09-23 | 2016-09-23 | A kind of device management method being applied to VXLAN and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610846530.7A CN106161115A (en) | 2016-09-23 | 2016-09-23 | A kind of device management method being applied to VXLAN and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106161115A true CN106161115A (en) | 2016-11-23 |
Family
ID=57340909
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610846530.7A Pending CN106161115A (en) | 2016-09-23 | 2016-09-23 | A kind of device management method being applied to VXLAN and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106161115A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106603346A (en) * | 2017-02-07 | 2017-04-26 | 佛山易识科技有限公司 | Network quality testing tool based on virtual extensible LAN |
| CN107786410A (en) * | 2016-12-29 | 2018-03-09 | 平安科技(深圳)有限公司 | A kind of VXLAN implementation methods and terminal based on Ethernet encapsulation |
| CN109995638A (en) * | 2018-01-02 | 2019-07-09 | 中国移动通信有限公司研究院 | A kind of method and apparatus carrying out double layer intercommunication |
| WO2021013218A1 (en) * | 2019-07-24 | 2021-01-28 | 中兴通讯股份有限公司 | Message processing method, switch, and computer-readable storage medium |
| RU2777370C1 (en) * | 2019-07-24 | 2022-08-02 | Зте Корпорейшн | Message processing method, switch and machine-readable data carrier |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103200085A (en) * | 2013-04-16 | 2013-07-10 | 中航网信(北京)科技有限公司 | Method and system for achieving transmission and receiving of VXLAN message line speed |
| US20140108584A1 (en) * | 2012-10-12 | 2014-04-17 | Futurewei Technologies, Inc. | Method and Apparatus for Network Resource Virtual Partitioning |
| CN103973673A (en) * | 2014-04-09 | 2014-08-06 | 汉柏科技有限公司 | Virtual firewall partitioning method and equipment |
| CN105530259A (en) * | 2015-12-22 | 2016-04-27 | 华为技术有限公司 | Message filtering method and equipment |
-
2016
- 2016-09-23 CN CN201610846530.7A patent/CN106161115A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140108584A1 (en) * | 2012-10-12 | 2014-04-17 | Futurewei Technologies, Inc. | Method and Apparatus for Network Resource Virtual Partitioning |
| CN103200085A (en) * | 2013-04-16 | 2013-07-10 | 中航网信(北京)科技有限公司 | Method and system for achieving transmission and receiving of VXLAN message line speed |
| CN103973673A (en) * | 2014-04-09 | 2014-08-06 | 汉柏科技有限公司 | Virtual firewall partitioning method and equipment |
| CN105530259A (en) * | 2015-12-22 | 2016-04-27 | 华为技术有限公司 | Message filtering method and equipment |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107786410A (en) * | 2016-12-29 | 2018-03-09 | 平安科技(深圳)有限公司 | A kind of VXLAN implementation methods and terminal based on Ethernet encapsulation |
| CN107786410B (en) * | 2016-12-29 | 2020-08-28 | 平安科技(深圳)有限公司 | VXLAN implementation method and terminal based on Ethernet encapsulation |
| CN106603346A (en) * | 2017-02-07 | 2017-04-26 | 佛山易识科技有限公司 | Network quality testing tool based on virtual extensible LAN |
| CN109995638A (en) * | 2018-01-02 | 2019-07-09 | 中国移动通信有限公司研究院 | A kind of method and apparatus carrying out double layer intercommunication |
| WO2021013218A1 (en) * | 2019-07-24 | 2021-01-28 | 中兴通讯股份有限公司 | Message processing method, switch, and computer-readable storage medium |
| CN112291165A (en) * | 2019-07-24 | 2021-01-29 | 中兴通讯股份有限公司 | Message processing method, switch and computer readable storage medium |
| RU2777370C1 (en) * | 2019-07-24 | 2022-08-02 | Зте Корпорейшн | Message processing method, switch and machine-readable data carrier |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104243269B (en) | A kind of processing method and processing device of virtual extended local network packet | |
| CN104823405B (en) | The IP multicast services departure process networked for the virtual private cloud based on MPLS | |
| CN103930882B (en) | The network architecture with middleboxes | |
| EP2491684B1 (en) | Method and apparatus for transparent cloud computing with a virtualized network infrastructure | |
| CN103200069B (en) | A kind of method and apparatus of Message processing | |
| CN103595648B (en) | Method and system for balancing load at receiving side of server | |
| CN103379010B (en) | A kind of virtual network realization method and system | |
| CN105284080B (en) | The virtual network management method and data center systems of data center | |
| CN104780088B (en) | A kind of transmission method and equipment of service message | |
| CN103997414B (en) | Generate method and the network control unit of configuration information | |
| JP5855630B2 (en) | Management server and management method for managing cloud appliance of virtual local area network | |
| US11665088B2 (en) | Assisted replication in software defined network | |
| CN106416147B (en) | A kind of system and method for software definition protocol network node | |
| US10999195B1 (en) | Multicast VPN support in data centers using edge replication tree | |
| CN103595772A (en) | Cloud data center network deployment scheme based on virtual router | |
| CN104506404B (en) | The method and apparatus for establishing VLAN forwarding channel | |
| CN107113219A (en) | VLAN marks in virtual environment | |
| WO2016180181A1 (en) | Service function deployment method and apparatus | |
| CN106533890A (en) | Message processing method, device and system | |
| JP2019515608A (en) | Access control | |
| US10841274B2 (en) | Federated virtual datacenter apparatus | |
| CN106712988A (en) | Virtual network management method and device | |
| CN106161115A (en) | A kind of device management method being applied to VXLAN and device | |
| CN103067270B (en) | A kind of virtual machine exchange visit safety control method and device | |
| CN105163062B (en) | A kind of system and method that social resources are linked into common platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161123 |