CN107770064A - Cross-network communication method and device - Google Patents

Cross-network communication method and device Download PDF

Info

Publication number
CN107770064A
CN107770064A CN 201610698154 CN201610698154A CN107770064A CN 107770064 A CN107770064 A CN 107770064A CN 201610698154 CN201610698154 CN 201610698154 CN 201610698154 A CN201610698154 A CN 201610698154A CN 107770064 A CN107770064 A CN 107770064A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
vlan
vm
data packet
host
vxlan
Prior art date
Application number
CN 201610698154
Other languages
Chinese (zh)
Inventor
王军
李太安
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/58Association of routers
    • H04L45/586Virtual routers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/66Layer 2 routing, e.g. in Ethernet based MAN's

Abstract

The invention provides a cross-network communication method and a cross-network communication device, and relates to the technical field of wireless communication. The problem of the reduced network security in the prior art, due to the fact that an agent is required in a VM and an extra network card is virtualized to realize the inter-network communication of two different network layers, can besolved. The method comprises the steps of receiving a first vlan data packet sent from a first virtual switch in a first host by means of a routing virtual machine, packaging the first vlan data packet into a first VXLAN data packet, sending the first VXLAN data packet to a second host machine, and enabling the second host machine to process the first VXLAN data packet and then send the first VXLAN data packet to a second VM.

Description

一种跨网络通信的方法、设备 A method of communication across a network, the device

技术领域 FIELD

[0001 ]本发明涉及无线通信技术领域,尤其涉及一种跨网络通信的方法、设备。 [0001] The present invention relates to wireless communication technologies, and in particular relates to a method of communication across a network, the device.

背景技术 Background technique

[0002]异构云网络是指:两个或以上的私有云采用不同的接入技术、或者是采用相同的无线接入技术但属于不同的无线运营商的私有云通过系统间融合的方式智能地结合在一起,使多种不同类型的私有云共同为用户提供随时随地的无线接入,从而构成异构云网络。 [0002] heterogeneous network refers to the cloud: two or more private cloud using different access technologies, or using the same radio access technology but belonging to different embodiment of a wireless carrier system by the integration of private cloud intelligence bonded together, so that a plurality of different types of private cloud together to provide users with wireless access anytime, anywhere, thereby forming a heterogeneous network cloud. [0003]在异构云网络中,若不同私有云内的虚拟机(Virtual Machine,VM)在同一个二层网络内,则可以通过使用相冋的虚拟局域网(Virtual Local Area Network,VLAN)网络实现网络间的互通。 [0003] In a heterogeneous cloud network, if the virtual machines in different private cloud (Virtual Machine, VM) within the same Layer 2 network, you can use the phase Jiong VLAN (Virtual Local Area Network, VLAN) network to achieve interoperability between networks. 但是,在实际应用中,不同私有云内的VM通常不在同一个二层网络内,此时,则需要通过在不同私有云中的VM内部署代理(agent)来实现相同的地址空间管理,云管理系统通过运行在VM中的agent虚拟出额外的网卡,给该网卡配置统一的因特网协议(Internet Protocol,IP)地址,不同私有云间的VM之间通过这个虚拟的、同一网络的IP地址相互访问,且在访问过程中需要借助叠加(overlay)网络技术(如:虚拟扩展局域网(Virtual extensible Local Area Network,VXLAN)、通用路由封装(Generic Routing Encapsulation,GRE)以及虚拟专用网络(Virtual Private Network,VPN)等技术)的封装、 解封装,最终实现网络互通。 However, in practical applications, VM within different private clouds are usually not in the same Layer 2 network, this time, it is necessary to achieve the same address space managed by different private cloud within the VM deployment agent (agent), cloud virtual systems management agent by running in a VM out additional network card, network card configuration to the unified Internet protocol (Internet protocol, IP) through the virtual, IP address each other the same network address, VM between different private clouds access, and in the course of the visit needs the overlay (overlay) network technology (such as: virtual extension of local area network (virtual extensible Local Area network, VXLAN), GRE (generic routing encapsulation, GRE) and virtual private network (virtual private network, VPN) technology) encapsulation, decapsulation, and ultimately network interworking.

[0004]由上可知,在异构云网络中,若想要实现不同二层网络间的互通,则需要在VM中定制虚拟机镜像并事先安装好agent,并在VM上虚拟出额外的网卡。 [0004] From the above, in a heterogeneous cloud network, if you want to achieve interoperability between different Layer 2 network, you need to customize the VM virtual machine images and pre-installed agent, and on the additional VM virtual NIC . 由于在VM内部署agent时, 很可能需要和外界通信,此时,VM会面临被外界攻破的安全问题;此外,VM中新增多余的网卡,用户可以使用新增的网卡与外界通信,网络安全不好控制。 Since the deployment agent in the VM, and is likely to require external communications, at this time, VM will face security problems compromised the outside world; in addition, VM in new redundant network cards, users can use the new card to communicate with the outside world, the network poor security control.

发明内容 SUMMARY

[0005]本发明提供一种跨网络通信的方法、设备,以解决现有在实现不同二层网络间通信时,需要在VM中部署agent以及虚拟出额外的网卡导致的网络安全性降低的问题。 [0005] The present invention provides a method of communication across a network, the device, in order to solve the conventional problems when implementing communication between different Layer 2 network, need to deploy an additional agent as well as a virtual NIC in the VM network security due to reduced .

[0006]为达到上述目的,本发明采用如下技术方案: [0006] To achieve the above object, the present invention adopts the following technical solution:

[0007]第一方面,提供一种跨网络通信的方法,该方法可以应用于第一虚拟机VM与第二VM间的通信,第一VM位于第一宿主机Host,第二VM位于第二Host,第一宿主机内创建有路由虚拟机,该方法可以包括: [0007] In a first aspect, there is provided a method of communication across a network, the method may be applied to communication between a first virtual machine VM and a second VM, VM at the first host the first Host, a second VM in the second host, the host creates a first virtual machine a route, the method may comprise:

[0008] 路由虚拟机接收第一Host内的第一虚拟交换机发送的第一vlan数据包,第一vlan 数据包由第一VM发出的以太网数据包封装而成,第一vlan数据包包含:与第一VM对应的第一vlan端口的vlan标识、以及第二VM的地址信息,并将第一vlan数据包封装为包含用于标识第一VM所在的二层网络的覆盖域的第一VNI的第一VXLAN数据包后,向第二Host发送第一VXLAN数据包,以便第二Host根据第二VM的地址信息、以及第一VNI,将第一VXLAN数据包处理后发送至第二VM。 [0008] Routing a first virtual machine receives a first data packet vlan virtual switch in the first sent by the Host, Ethernet packets vlan first data packet sent by the first VM from the package, a first packet vlan comprising: vlan vlan first port identifier corresponding to the first VM, the second VM and the address information, and a first data packet encapsulating vlan cover comprising a first field for identifying a network Layer VM is a first VNI VXLAN the first data packet, transmitting a first data packet to the second VXLAN Host, Host to the second address information of the second VM, and a first VNI, VXLAN the first packet processing to the second VM after transmission.

[0009] 需要说明的是,本发明所述的路由虚拟机是基于本发明描述的能够实现跨网络通信的元件,仅是为了便于描述本发明所提供的方案,而不是指示或暗示该元件必须由此命名,除此之外,该路由交换机可以命名为〇VS-vAPP虚拟机,还可以命名为其他名称的虚拟机,因此不能理解为对本发明的限制。 [0009] Incidentally, the present invention routes the virtual machine can be achieved according to the present invention is described in the communication across a network element, merely for convenience of description of the present embodiment provided herein, not indicate or imply that the components must be based on Thus named, in addition, the routing switch can be named 〇VS-vAPP virtual machine, the virtual machine may also be named as another name, can not be construed as limiting the present invention.

[0010] 如此,通过路由虚拟机截获VM发出的数据包,将VM发出的数据包封装为三层VXLAN 数据包,并将封装后的VXLAN数据包通过三层隧道技术技术发往其他私有云内的VM,以此实现不同二层网络间的互通,避免了在VM内部署agent以及虚拟出额外的网卡带来的安全性降低的问题。 [0010] Thus, capture packets sent by routing VM VM, the VM packet encapsulation is emitted VXLAN three packets, and the packets encapsulated by other private VXLAN the cloud technology sent to the three-tunnel the VM, in order to achieve interoperability between different Layer 2 network, to avoid bringing the deployment of virtual agent in the VM and the additional card security is reduced.

[0011] 可选的,路由虚拟机可以通过下述可实现方式接收第一虚拟交换机发出的第一vlan数据包: [0011] Optionally, routing may receive a first virtual machine a first virtual switch vlan data packet sent can be achieved by the following ways:

[0012] 在第一方面的一种可实现方式中,结合第一方面,第一交换机上可以创建第二vlan端口,第二vlan端口与第一vlan端口具有相同的vlan标识,且第二vlan端口与路由虚拟机内的第二虚拟交换机连接;路由虚拟机接收第一Host内的第一虚拟交换机发送的第一vlan数据包可以包括: [0012] A first aspect can be achieved, the connection with the first aspect, the second vlan port can be created on the first switch, a second port and the first vlan vlan vlan port having the same identifier, and the second vlan virtual switch port and the second virtual machine in the route is connected; a first virtual machine receives vlan routing data packets in a first virtual switch may include a first transmission Host:

[0013] 路由虚拟机内的第二虚拟交换机接收第一虚拟交换机通过第二vlan端口发送的第一vlan数据包; [0013] The second virtual switch within a first virtual machine receives a routing switch through a first virtual vlan vlan port a second data packet transmission;

[0014]路由虚拟机将第一vlan数据包封装为第一VXLAN数据包可以包括: [0014] Routing a first virtual machine to a first encapsulated data packet vlan VXLAN data packet may comprise:

[0015] 路由虚拟机内的第二虚拟交换机将第一vlan数据包封装为第一VXLAN数据包。 [0015] The second virtual switch within a first virtual machine vlan routing data packet encapsulating a first data packet VXLAN.

[0016] 在第一方面的又一种可实现方式中,结合第一方面,第一交换机上可以创建有中继trunk端口,路由虚拟机包含第二虚拟交换机,第二虚拟交换机上创建有第三vlan端口, trunk端口与第三vlan端口连接,且第三vlan端口与第一v lan端口具有相同的vlan标识;路由虚拟机接收第一Host内的第一虚拟交换机发送的第一vlan数据包,包括: [0016] In yet another aspect of the first embodiment can be achieved, with the first aspect, the first switch trunk ports can create the relay, routing a second virtual switch comprising a virtual machine, create a second virtual switch with a first vlan three-port, the third port vlan Trunk port and the third port and the first v lan vlan same vlan port identifier; virtual routing within a first virtual switch receives a first Host transmitting a first data packet vlan ,include:

[0017]路由虚拟机接收第一Host内的第一虚拟交换机通过trunk端口发送的第一vlan数据包; [0017] Routing a first virtual machine receives a first virtual switch within the Host by a first trunk port vlan packet transmitted;

[0018] 路由虚拟机根据第一vlan数据包内的vlan标识,通过与vlan标识对应的第三vlan 端口将第一vlan数据包发送至第二虚拟交换; [0018] The virtual machine routing vlan vlan identifier within a first data packet, through the third port vlan vlan vlan identifier corresponding to the first data packet to the second virtual exchange;

[0019]路由虚拟机将第一vlan数据包封装为第一VXLAN数据包,包括: [0019] Routing a first virtual machine to a first encapsulated data packet vlan VXLAN data packet, comprising:

[0020]路由虚拟机内的第二虚拟交换机将第一vlan数据包封装为第一VXLAN数据包。 [0020] The second virtual switch within a first virtual machine vlan routing data packet encapsulating a first data packet VXLAN. [0021] 如此,路由虚拟机可以上述两种方式截获Host内的VM发出的流量进行后续处理, 并发送至对端VM。 [0021] Thus, a virtual machine can be routed in two ways to intercept the flow rate in the VM Host sent for subsequent processing, and sent to the peer VM.

[0022]在第一方面的又一种可实现方式中,结合第一方面或者第一方面的任一可实现方式,第一Host可以位于第一私有云,第二Host可以位于第二私有云,第一私有云包含第一二层网关,第二私有云包含第二二层网关;路由虚拟机向第二Host发送第一VXLAN数据包可以包括: [0022] In yet another aspect of the first embodiment can be achieved, or in conjunction with any of the first aspect of a first aspect can be achieved, the first private cloud Host may be located in the first, second Host may be located in a second private cloud the first private cloud gateway comprises a first floor, second floor private cloud comprises a second gateway; virtual route transmits a first data packet to the second Host VXLAN may comprise:

[0023]路由虚拟机向第一二层网关发送第一VXLAN数据包,第一二层网关根据预设的第一VNI与第二VNI的对应关系,将接收到的第一VXLAN数据包内的第一VNI修改为第二VNI,并将包含第二VNI的第一VXLAN数据包通过第一二层网关与第二二层网关之间的VXLAN隧道发送至第二二层网关,第二二层网关根据预设的第一VNI与第二VNI的对应关系,将接收到的第一VXLAN数据包内的第二VNI修改为第一VNI,并根据第一VNI将第一VXLAN数据包发送至第二Host。 [0023] Routing virtual machine transmits a first data packet to a first floor VXLAN gateway, the first gateway according to a preset floor correspondence between the first and the second VNI in VNI, received within the first packet VXLAN VNI VNI a first modification of the second, and the second comprising a first VXLAN VNI VXLAN data packet tunnel between the first gateway and a second Layer Layer Layer gateway to the second gateway, a second Layer gateway according to a preset correspondence relationship between the first and the second VNI VNI will VNI second modifications within the received first data packet is a first VXLAN VNI, and in accordance with the first VNI a first data packet to the second VXLAN two Host.

[0024]如此,可以通过私有云内的二层网关将路由虚拟机封装后的VXLAN数据包通过隧道技术发送至其他私有云内的二层网关,并经过其他私有云内的二层网关处理后,发送至Host 内的VM。 [0024] Thus, after the virtual machine encapsulation VXLAN routing packets can be sent by the gateway in the private cloud Layer tunneling through the gateway to the second floor in other private cloud, and the gateway through the second floor in the treatment of other private cloud , transmitted to the VM within the Host.

[0025]此外,为了减少部署成本,在本发明的另一可行性方案中,还可以仅在一个Host内新增OVS-vApp虚拟机,其他任一Host内的所有VM可以通过该OVS-vApp虚拟机实现自身与其他VM间的通信,即在在第一方面的再一种可实现方式中,结合第一方面或者第一方面的任一种可实现方式,本发明还可以通过下述方法实现第三VM与第二VM间的通信,第三VM位于第三Host,第一Host与第三Host位于第一私有云,第一私有云还包括:物理交换机,且第三Host内未部署OVS-vApp虚拟机: [0025] Further, in order to reduce deployment costs, another feasible embodiment of the present invention, may also be added OVS-vApp virtual machine is in a Host, all in any of the other VM by the Host OVS-vApp virtual machine implementation own communication between the VM and the other, i.e., may be implemented in still another embodiment of the first aspect, the binding of the first aspect or any one of a first aspect of an implementation, the present invention may further by the following method enable communication between the third VM and the second VM, VM in the third third Host, the first and the third Host Host private cloud located at a first, a first private cloud further comprising: a physical switch, and the third Host undeployed OVS-vApp virtual machine:

[0026]路由虚拟机接收物理交换机发送的由第三Host内的虚拟交换机发送至物理交换机的第三vlan数据包,第三vlan数据包由第三VM发出的以太网数据包封装而成,以太网数据包为发往第一VM的数据包,第二vlan数据包包含:与第三VM对应的第四vlan端口的vlan 标识、以及第二VM的地址信息,路由虚拟机将第三Vlan数据包封装为第二VXLAN数据包,并向第二宿主机发送第二VXLAN数据包,以便第二Host根据第二VM的地址信息、以及第二VNI, 将第二VXLAN数据包处理后发送至第二VM,第二VNI用于标识第三VM所在的二层网络的覆盖域。 [0026] Routing a virtual machine from the virtual switch receives the transmitted third Host within a physical switch to the third physical switch vlan packets transmitted Ethernet packets vlan third packet sent from the third package from VM, Ether network data packet is addressed to a first VM data packet, the second packet vlan comprising: address information corresponding to the fourth to the third VM vlan vlan port identifier, and the second VM, the VM third routing data Vlan VXLAN second packet encapsulation packet, and sends the second data packet VXLAN second host, so that after the second host address information of the second VM, and a second VNI, VXLAN the second transmission packet processing section to the two VM, a second cover VNI field for identifying a network Layer third VM resides.

[0027] 如此,可以在Host内未部署路由虚拟机的情况下,将本Host内VM发出的数据包通过其他Host内的路由虚拟机进行VXLAN封装,并由路由虚拟机将封装后的VXLAN数据包发送至对端VM所在的Hos t。 In the case [0027] Thus, routing can not deployed in virtual machines Host, a Host VM data packets emitted by the present VXLAN routing encapsulation by other virtual machines within the Host, the virtual machine by routing the encapsulated data VXLAN Hos t packet to the terminal VM is on.

[0028]第二方面,提供一种路由虚拟机,包括发送单元、封装单元、接收单元; [0028] a second aspect, there is provided a routing a virtual machine, comprising a transmitting unit, a packaging unit, the receiving unit;

[0029]接收单元,用于接收第一Host内的第一虚拟交换机发送的第一vlan数据包; [0029] a receiving unit, a first packet for a first data vlan virtual switch within the receiver first sent by the Host;

[0030]封装单元,用于将接收单元接收到的第一vlan数据包封装为第一VXLAN数据包; [0031]发送单元,还用于向第二宿主机发送封装单元封装后的第一VXLAN数据包。 VXLAN after the first [0031] transmission unit is further configured to send the package to the second host unit package; [0030] packaging unit, the receiving unit receives a first data packet encapsulating a first vlan packet VXLAN data pack.

[0032]其中,第二方面的具体实现方式可以参考第一方面或第一方面的可能的实现方式提供的跨网络通信的方法中路由虚拟机的行为功能,因此,第二方面提供的路由虚拟机可以达到与第一方面相同的有益效果。 [0032] wherein, inter-network communication method for a specific implementation may refer to the second aspect of the first aspect or the possible implementation of the first aspect provided by the routing function of the behavior of the virtual machine, therefore, the second aspect provides a virtual route machine to achieve the same advantageous effects as the first aspect.

[0033]第三方面,提供一种路由虚拟机,包括处理器、收发器; [0033] a third aspect, there is provided a routing virtual machine, including a processor, a transceiver;

[0034]收发器,用于接收第一Host内的第一虚拟交换机发送的第一vlan数据包; [0034] transceiver, a first packet for a first data vlan virtual switch within the receiver first sent by the Host;

[0035]处理器,用于将收发器接收到的第一vlan数据包封装为第一VXLAN数据包; [0035] processor for transceiver receives a first data packet encapsulating a first vlan VXLAN data packet;

[0036]处理器,还用于向第二宿主机发送处理器封装后的第一VXLAN数据包。 [0036] The processor is further configured to send a first data packet VXLAN processor package to the second host.

[0037]其中,第三方面的具体实现方式可以参考第一方面或第一方面的可能的实现方式提供的跨网络通信的方法中路由虚拟机的行为功能,因此,第三方面提供的路由虚拟机可以达到与第一方面相同的有益效果。 DETAILED implementation [0037] wherein, with reference to the third aspect may communicate across a network or a first aspect of the implementation of the first aspect may be provided in the routing behavior of the virtual machine function, therefore, the third aspect provides a virtual route machine to achieve the same advantageous effects as the first aspect.

[0038]第四方面,提供一种存储一个或多个程序的非易失性计算机可读存储介质,该一个或多个程序包括指令,指令当被包括第二方面或第三方面或上述任一种可能的实现方式所述路由虚拟机执行时,使路由虚拟机执行以下事件: [0038] a fourth aspect, there is provided a non-volatile storing one or more programs of computer-readable storage medium, the one or more programs comprising instructions, the instructions, when a second or third aspect comprises any of the above or One possible implementation of the virtual machine to perform routing, routing the virtual machine to perform the following events:

[0039]接收第一Host内的第一虚拟交换机发送的第一vlan数据包,将第一vlan数据包封装为第一VXLAN数据包,并向第二宿主机发送第一VXLAN数据包,以便第二宿主机将第一VXLAN数据包处理后发送至第二VM。 [0039] vlan first data packet within the first virtual switch receives a first of the Host transmitting the first data packet encapsulating a first vlan VXLAN data packet, and sends a first data packet VXLAN second host to the first after the first two VXLAN host packet processing sent to the second VM.

[0040]其中,第四方面的具体实现方式可以参考第一方面或第一方面的可能的实现方式提供的跨网络通信的方法中路由虚拟机的行为功能,因此,第四方面提供的路由虚拟机可以达到与第一方面相同的有益效果。 [0040] wherein, inter-network communication method for a specific implementation may refer to the fourth aspect of the first aspect or the possible implementation of the first aspect provided by the routing function of the behavior of the virtual machine, therefore, the fourth aspect provides a virtual route machine to achieve the same advantageous effects as the first aspect.

附图说明 BRIEF DESCRIPTION

[0041 ]为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。 [0041] In order to more clearly illustrate the technical solutions in the embodiments or the prior art embodiment of the present invention, briefly introduced hereinafter, embodiments are described below in the accompanying drawings or described in the prior art needed to be used in describing the embodiments the drawings are only some embodiments of the present invention, those of ordinary skill in the art is concerned, without creative efforts, can derive from these drawings other drawings.

[0042] 图1为异构云网络的架构示意图; [0042] FIG. 1 is a network architecture diagram of a heterogeneous cloud;

[0043] 图2为本发明实施例提供的异构云网络的架构示意图; [0043] FIG. 2 heterogeneous cloud network architecture diagram according to an embodiment of the present invention;

[0044] 图3为本发明实施例提供的一种物理主机的结构示意图; [0044] FIG. 3 is a schematic structure of a physical host according to an embodiment of the present invention;

[0045] 图4为本发明实施例提供的一种跨网络通信的方法的流程图; [0045] FIG 4 is a flowchart of a method of communication across a network according to an embodiment of the present invention;

[0046] 图5A为本发明实施例提供的一种宿主机的结构图; [0046] FIG. 5A structural diagram of a host computer according to an embodiment of the present invention;

[0047] 图5B为本发明实施例提供的又一种宿主机的结构图; [0047] FIG. 5B host configuration diagram of still another embodiment of the present invention is provided;

[0048] 图6为本发明实施例提供的一种跨网络通信的过程示意图; [0048] The procedure of Example 6 provides a schematic diagram of communication across a network embodiment of the present invention;

[0049] 图7为本发明实施例提供的一种跨网络通信的过程示意图; [0049] The procedure of Example 7 provides a schematic diagram of communication across a network embodiment of the present invention;

[0050] 图8为本发明实施例提供的一种OVS-vAPP虚拟机的结构示意图; [0050] FIG. 8 OVS-vAPP configuration diagram of an embodiment to provide a virtual machine of the present embodiment of the invention;

[0051 ]图9为本发明实施例提供的一种OVS-vAPP虚拟机的结构示意图。 [0051] FIG. 9 OVS-vAPP configuration diagram of an embodiment to provide a virtual machine of the present embodiment of the invention.

具体实施方式 detailed description

[0052]本发明的原理是:在VM所在的宿主机内新增一个路由虚拟机,由该路由虚拟机截获VM发出的数据包,将VM发出的数据包封装为VXLAN数据包,并将封装后的VXLAN数据包通过overlay网络技术发往其他私有云内的VM,以此实现不同二层网络间的互通,避免了在VM 内部署agent以及虚拟出额外的网卡。 [0052] The principle of the invention is: new VM in the host route where a virtual machine intercepts packets sent by the routing VM VM VM encapsulated packet is sent VXLAN packet, and encapsulate after VXLAN packets to the VM in other private cloud, in order to achieve interoperability between different Layer 2 network through overlay network technology development, avoiding the extra network cards in the VM deployment agent and the virtual.

[0053]需要说明的是,本发明所述的路由虚拟机是基于本发明描述的能够实现跨网络通信的元件,仅是为了便于描述本发明所提供的方案,而不是指示或暗示该元件必须由此命名,因此不能理解为对本发明的限制,如:该路由交换机可以命名为OVS-vAPP虚拟机,还可以命名为其他名称的虚拟机,本发明实施例对比不进行限定。 [0053] Incidentally, the present invention routes the virtual machine can be achieved according to the present invention is described in the communication across a network element, merely for convenience of description of the present embodiment provided herein, not indicate or imply that the components must be based on Thus named, can not be construed as limiting the present invention, such as: the routing switch can be named OVS-vAPP virtual machine, the virtual machine may also be named as another name, is not limited in Comparative Example embodiments of the present invention. 可选的,在本发明下述的实施方式中,可以将新增的“路由虚拟机”命名为“OVS-vAPP虚拟机”对本发明提供的异构云网络通信的方法、设备进行描述。 Alternatively, in the following embodiments of the present invention, the new "route in the virtual machine" named "OVS-vAPP virtual machine" cloud heterogeneous communication network of the present invention provides a method, apparatus will be described.

[0054]下面结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整的描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。 [0054] Next, in conjunction with the present invention in the accompanying drawings, technical solutions of embodiments of the present invention will be clearly, embodiments fully described, obviously, the described only some embodiments of the present invention rather than all embodiments . 基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。 Based on the embodiments of the present invention, those of ordinary skill in the art to make all other embodiments without creative work obtained by, it falls within the scope of the present invention.

[GG55]需要说明的是,本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。 [GG55] Incidentally, the term "and / or" merely describe a relationship of associated objects representing three relationships may exist, for example, A and / or B, and may be expressed: A exists, both A and B, and B present three cases. 另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。 Further, the character "/", represents the general context-objects is a "or" relationship.

[0056]本发明所述的跨网络通信的方法可以应用于异构云网络,以实现异构云网络中处于不同二层网络的VM间的通信。 [0056] The method of communication across a network according to the present invention may be applied to a heterogeneous network cloud to a cloud network in heterogeneous communication between different VM layer 2 network. 为了便于描述,本发明实施例仅以图1所示的异构云网络为例,对本发明提供的异构云网络通信的方法、设备进行描述,其中,处于不同二层网络的VM 是指:处于不同虚拟局域网的VM,该二层网络可以为二层虚拟网络,也可以为二层物理网络。 For ease of description, embodiments of the present invention only heterogeneous cloud network shown in FIG. 1 as an example, the present invention provides a heterogeneous network communication cloud method, apparatus is described, wherein, the VM layer 2 network in different means: VM in a different virtual local area network, the Layer 2 network can be a layer 2 virtual network, it may be a Layer 2 physical network.

[0057]如图1所示,该异构云网络可以包括:云管理系统(cloud manager)、以及至少一个私有云。 [0057] As shown in FIG. 1, the network may comprise a heterogeneous cloud: cloud management system (cloud manager), and at least one private cloud. 其中,云管理系统由多个服务器组成,主要用于统一管理异构云网络中私有云内的资源(如计算、网络、存储资源)分配,能够使用同一个子网内的IP地址在不同的私有云上部署VM,即为不同私有云内的VM分配同一个子网内的IP地址。 Wherein a plurality of cloud management system servers, mainly for resources (computing, network, storage resources) within the cloud private cloud unified management of heterogeneous distribution network, the IP address can be used within the same subnet different private VM deployment on the cloud, that is, within different VM private cloud assign IP addresses within the same subnet. 不同私有云可以在同一个二层网络内,也可以不在同一个二层网络,同一私有云(简称:云)内部可以包含网络服务器(Network Server)、二层网关(Lay2Gateway,L2GW)、虚拟交换机(vSwitch)、以及多个宿主机(Host);网络服务器内部可以部署有动态主机配置协议(Dynamic Host Configuration Pr〇t〇C〇l,DCHP)服务器,该DCHP服务器可以用于存储各VM的IP地址;L2GW主要用于与其他私有云内的L2GW通过overlay网络技术实现网络互通;vSwitch用于实现Host间的数据传输,其内部可以部署有不同的vlan端口,可以用于通过vlan端口将不同VM发出的数据包隔离开来;vSwitch和Host可以运行在私有云中物理主机(图1中未画出)的硬件层之上,每个Host可以包含多个VM。 Different private cloud can be within the same Layer 2 network, it can not in the same Layer 2 network, the same private cloud (referred to as: cloud) can contain internal network server (Network Server), two-story gateway (Lay2Gateway, L2GW), virtual switch (the vSwitch), and a plurality of host computer (the host); internal network servers may be deployed with a dynamic host configuration protocol (dynamic host configuration Pr〇t〇C〇l, DCHP) server, the DCHP server may be used to store the IP of each VM address; L2GW L2GW mainly used within other private network to work through the cloud overlay network technology; the vSwitch for implementing data transfer between the Host, which can be deployed with different internal vlan port, the port may be used by different VM vlan packets sent isolate; the vSwitch and host can run on a private cloud physical host (not shown in FIG. 1) of the hardware layer, each host may comprise a plurality of VM. 需要说明的是,图1仅为示意图,图1所示私有云、宿主机、以及VM的只是示例,其数量对本发明所述方案不构成限制,在实际部署时,异构云网络内可以部署不同于图1所示的多个部件。 Incidentally, FIG. 1 is only schematic, private cloud shown in Figure 1, the host, and the VM is only an example, the number of which is not limiting embodiment of the present invention, the actual deployment, the network may be deployed within a heterogeneous cloud Unlike a plurality of components shown in FIG.

[0058] 此时,若要实现图1中私有云1内的VM与私有云2内的VM间的通信,现有技术人员则需要在VM内部署agent和虚拟出额外的网卡,但这样做会降低网络的安全性,为解决该问题,如图2所示,本发明在私有云的宿主机内新增OVS-vAPP虚拟机,该OVS-vAPP虚拟机内也可以部署有vSwitch(简称ovs),当宿主机内的VM接入到宿主机内vSwitch上的vlan端口后, 可以在OVS-vAPP虚拟机上创建一个与该vlan端口功能相同的vlan端口,并在OVS-vAPP虚拟机内部将创建的vlan端口添加到ovs上,这样,VM发出的流量通过宿主机内的vSwitch后,流入OVS-vAPP虚拟机内的ovs上,通过该OVS-vAPP虚拟机截获VM发出的所有流量,并由0VS-vAPP虚拟机将截获到的流量经过处理(如封装成VXLAN数据包)后,通过私有云之间的隧道发送至其他私有云内的VM上,实现不同网络间VM的互通。 [0058] At this time, to implement VM in FIG. 11 in the private communications and private cloud, the prior art between the two-VM need to deploy an additional agent and the virtual NIC in the VM, but this reduces the security of the network, in order to solve this problem, as shown, the present invention OVS-vAPP new virtual machine in the host private cloud 2, may be deployed within the OVS-vAPP vSwitch virtual machine (referred ovs ), while the VM in the host access after vlan port on the host to vSwitch can create a vlan port with the same function on the vlan port OVS-vAPP virtual machine, and inside the virtual machine OVS-vAPP create vlan port is added to the ovs, so, VM traffic sent by post within the vSwitch host, into the upper ovs in the OVS-vAPP virtual machine, VM intercepts all traffic sent through the OVS-vAPP virtual machine by 0VS-vAPP virtual machine after the intercepted traffic (e.g., data packets encapsulated into VXLAN), processed by the transmission tunnel between the private cloud onto the other VM private cloud, interworking between different networks VM.

[0059]需要说明的是,为了将Host内独立于OVS-vAPP虚拟机之外的虚拟交换机、以及OVS-vAPP虚拟机内的虚拟交换机区分开来,在本发明所述方案中,将独立于〇VS-vAPP虚拟机之外的虚拟交换机称之为:vSwitch,将OVS-vAPP虚拟机内的虚拟交换机称之为:ovs。 [0059] Incidentally, in order to separate the independent OVS-vAPP virtual switch within a virtual machine Host, and the area within the virtual switch OVS-vAPP virtual machine, in the embodiment of the present invention, will be independent of virtual switch outside the virtual machine called 〇VS-vAPP: vSwitch, a virtual switch within a virtual machine called OVS-vAPP: ovs. [0060]下面结合图3对OVS-vAPP虚拟机运行的硬件环境进行具体介绍: [0060] FIG. 3 in conjunction with the following hardware environment OVS-vAPP virtual machines running particularly described:

[0061 ] 如图3所示,OVS-vAPP虚拟机1041运行在Hostl04之上,该Hostl04运行在物理主机10的硬件层之上,该硬件层可以包括远程直接数据存储(Remote Direct Memory Access, RDMA)网卡103,可选的,如图3所示,该硬件层还可以至少一个处理器102和存储器101,这些装置之间通过通信总线或者直连方式进行连接和相互通信。 [0061] 3, OVS-vAPP virtual machine running on Hostl04 1041, which runs on Hostl04 physical host hardware layer 10, the hardware layer may include a remote direct data storage (Remote Direct Memory Access, RDMA ) card 103, alternatively, as shown, the hardware layer 102 may also be at least one processor and a memory 1013, and the connection between these devices communicate with one another via a communication bus or a direct connection. 其中,H〇stl04还可以包括除OVS-vAPP 虚拟机1041 之外的多个VM1042、以及vSwitchl043。 Wherein H〇stl04 may also include a plurality of VM1042 addition OVS-vAPP virtual machine 1041, and vSwitchl043.

[0062]其中,Hostl04作为管理层,用以完成硬件资源的管理、分配,为其内虚拟机呈现虚拟硬件平台,虚拟硬件平台对其上运行的各个虚拟机(如:〇VS_vAPP虚拟机104UVM1042、以及VSwitchl043)提供各种硬件资源,如提供虚拟处理器(VCPU)、虚拟内存、虚拟磁盘、虚拟网卡等等。 [0062] where, Hostl04 as management to complete management of hardware resources allocated for its presentation within a virtual machine virtual hardware platform, each virtual machine (such as running on a virtual hardware platform for its: 〇VS_vAPP virtual machine 104UVM1042, and VSwitchl043) offers a variety of hardware resources, such as providing virtual processors (VCPU), virtual memory, virtual disk, virtual network cards and so on.

[0063] OVS-vAPP虚拟机l(Ml、VMl〇42、以及vSwitchl〇43就像真正的计算机那样进行工作,OVS-vAPP虚拟机1041、VM1042、以及vSwitchl043上可以安装操作系统和应用程序,ovs— vAPP虚拟机1041、VM1042、以及vSw i tch 1043还可访问网络资源。 [0063] OVS-vAPP virtual machine l (Ml, as work VMl〇42, and vSwitchl〇43 just like a real computer, OVS-vAPP VM 1041, VM1042, and you can install the operating system and applications on vSwitchl043, ovs - vAPP VM 1041, VM1042, and vSw i tch 1043 also provides access to network resources.

[0064]硬件层内的RDMA网卡103可以为支持RDMA功能的各种网卡,例如,可以为无线宽带(InfiniBand)卡或以太网(RDMA over Converged Ethernet,RoCE)卡等。 [0064] RDMA card in the hardware layer 103 may be of various NICs RDMA functionality, for example, (InfiniBand) Ethernet card or a wireless broadband (RDMA over Converged Ethernet, RoCE) card.

[0065] 处理器102可以是一个中央处理器(Central Processing Unit,CPU),或者是特定集成电路(Application Specific Integrated Circuit,ASIC),或者是被配置成实施本发明实施例的一个或多个集成电路。 [0065] The processor 102 may be a central processing unit (Central Processing Unit, CPU), or a specific integrated circuit (Application Specific Integrated Circuit, ASIC), or configured to implement an embodiment of the present invention, one or more integrated circuit.

[0066]存储器101可以包括随机存取存储器,并向处理器102提供指令和数据。 [0066] Memory 101 may include random access memory, and the processor 102 provides instructions and data.

[0067]为便于描述,以下实施例以步骤的形式示出并详细描述了本发明提供的跨网络通信的过程,其中,示出的步骤除在〇VS-vAPP虚拟机内执行之外,也可以在一组可执行指令的计算机系统中执行。 [0067] For ease of description, the following examples are shown in the form of steps and processes described in detail in communication across the network provided by the present invention, wherein, in addition to the steps shown performed in 〇VS-vAPP virtual machine, or It may be performed in a computer system a set of executable instructions. 此外,虽然在图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。 Further, although the logical order is shown in the drawing, but in some cases, the steps shown or may be performed in a different order than described herein.

[0068] 实施例一 [0068] Example a

[0069]图4为本发明实施例提供的一种跨网络通信的方法的流程图,可以由图2和图3所示的OVS-vAPP虚拟机执行,用于实现第一VM与第二VM间的通信,其中,第一VM位于第一Host,第二VM位于第二Host,OVS-vAPP虚拟机位于第一Host;如图4所示,所述方法可以包括以下步骤: [0069] FIG 4 is a flowchart of a method of communication across a network according to an embodiment of the present invention may be performed by a virtual machine OVS-vAPP shown in FIG. 2 and FIG. 3, for implementing the first VM and the second VM communication between, wherein the first VM at the first Host, a second VM in the second Host, OVS-vAPP a first virtual machine is the Host; shown in FIG. 4, the method may include the steps of:

[0070] S101:0VS-vAPP虚拟机接收第一Host内的第一虚拟交换机发送的第一vlan数据包,该第一vlan数据包由第一VM发出的以太网数据包封装而成,该以太网数据包为发往第二VM的数据包,该第一vlan数据包包含:与第一VM对应的第一vlan端口的vlan标识、以及第二VM的地址信息。 [0070] S101: 0VS-vAPP vlan first virtual machine receives a first data packet in a first virtual switch Host transmitted Ethernet packets vlan the first packet sent from the package by the first VM, the Ether network data packet is addressed to the second VM packet, the first packet vlan comprising: a first VM with a first corresponding vlan vlan port identifier, and the address information of the second VM.

[0071] 其中,第一VM可以为第一Host内的任一VM,第一VM发出的以太网数据包可以包括但不限于下述几类数据包:用于请求获取第一VM的媒体访问控制(Media Access Control, MAC)地址的地址解析协议(Address Resolution Protocol,ARP)、用于请求获取第一VM的IP地址的数据包、用于请求业务数据的数据包。 [0071] wherein any of the first VM is a VM can be in the first Host, Ethernet packets sent by a first VM may include without limitation the following types of packets: request for acquiring a first medium access the VM control address Resolution protocol (Media Access control, MAC) address (address Resolution protocol, ARP), a request for obtaining an IP address of the first packet of the VM, a request for packet service data.

[0072] vlan标识用于标识第一vlan端口,该第一vlan端口可以部署在第一虚拟交换机上,且与第一VM连接。 [0072] vlan vlan identifier for identifying a first port, the first port vlan can be deployed on a first virtual switch, and is connected to the first VM.

[0073] 第二VM的地址信息可以为第二VM的IP地址或者第二VM的MAC地址。 [0073] The address information of the second VM may be an IP address for the MAC address of the second VM or the second VM.

[0074] 可选的,在第一VM启动之后,第一VM可以将自身发出的以太网数据包通过与该第一VM连接的第一vlan端口发送至第一虚拟交换机,第一虚拟交换机从第一vlan端口接收到以太网数据包之后,根据第一vlan端口的vlan标识,将该以太网数据包封装上第一vlan端口的vlan标识生成第一vlan数据包,如:可以在以太网数据包的头部添加第一vlan端口的vlan标识。 [0074] Alternatively, after the first VM is started, a first VM may itself Ethernet data packet sent by a first sending vlan port connected to the first VM to the first virtual switch, a virtual switch from a first after the first vlan port receives Ethernet packets, according to the vlan vlan identifier of the first port, the Ethernet packet is encapsulated vlan vlan port identifier of the first data packet to generate a first vlan, such as: an Ethernet data can be adding a first header of the packet identification vlan vlan port. 需要说明的是,在生成第一vlan数据包的过程中,包括但不限于仅在以太网数据包上添加vlan标识,除此之外,还可以添加上:内层以太网头部、内层IP头部、以及其他有效内容。 Note that, in the process of generating a first data packet vlan, including but not limited to adding only on the Ethernet packet vlan ID, in addition, may be added to the: inner Ethernet header, inner layer IP header, as well as other active content.

[0075]可选的,在第一虚拟交换机生成第一vlan数据包后,OVS-vAPP虚拟机可以通过下述两种方式接收第一虚拟交换机发出的第一vlan数据包: [0075] Optionally, after generating a first packet in a first data vlan virtual switch, OVS-vAPP vlan virtual machine may receive a first data packet sent by a first virtual switch of two ways:

[0076] 方式一:在第一交换机上创建第二vlan端口,第二vlan端口与第一vlan端口具有相同的vlan标识,且第二vlan端口与OVS-vAPP虚拟机内的第二虚拟交换机连接; [0076] Method 1: Create the first switch vlan second port, the second port and the first vlan vlan vlan port having the same identifier, and the second switch within the vlan second virtual port and the virtual machine is connected OVS-vAPP ;

[0077]第一虚拟交换机可以根据封装后的第一vlan数据包中的第一vlan标识,查找与第一vlan标识对应的除第一vlan端口之外的其他vlan端口,将封装后的第一vlan数据包通过第二vlan端口发送出去; [0077] According to a first virtual switch may be a first data packet encapsulated vlan first vlan identifier, find other port other than the first vlan vlan vlan port identifier corresponding to the first, the first packaged vlan packet sent by a second vlan port;

[0078] OVS-vAPP虚拟机内的第二虚拟交换机可以从第二vlan端口接收第一虚拟交换机发出的第一vlan数据包。 [0078] vlan first data packet within the second virtual switch OVS-vAPP virtual machine can vlan emitted from the second port for receiving a first virtual switch.

[0079] 其中,上述第二vlan端口与第一vlan端口具有相同的vlan标识可以指:第二vlan 端口和第一vlan端口具有相同功能,第二vlan端口支持传输从第一vlan端口发出的数据包。 [0079] wherein the first port and the second vlan vlan vlan port identifier may have the same mean: a first and a second port vlan vlan port having the same functions, supports transmission of data of the second emitted vlan port from the first port vlan package. 需要说明的是,在实际部署时,第一vlan端口和第二vlan端口可以采用相同名称进行命名,也可以采用不同名称命名,本发明实施例对此不进行限定。 Incidentally, the actual deployment, the first and second port vlan vlan port may be named with the same name, the name may be a different name, embodiments of the present invention which is not limited.

[0080] 例如,如图5A所示,在Hostl内包含两个虚拟机:VM1、VM2,VM1与vSwtichl上的vlanl端口连接,VM2与vSwtichl上的vlan2端口连接,此时,可以在vSwtichl上新增与vlanl 端口具有相同功能的vlan端口、与vlan2端口具有相同功能的vlan端口,且与vlanl端口具有相同功能的vlan端口、与vlan2端口具有相同功能的vlan端口与ovs连接(如图5A虚框内所示),如此,vSwtichl可以在接收到VM1通过vlanl端口发送的以太网数据包之后,将该以太网数据包封装成vlan数据包,并通过虚框内与vlanl端口具有相同功能的vlan端口发送至OVS。 [0080] For example, as shown in FIG. 5A, in the virtual machine comprises two Hostl: VM1, VM2, vlanl port on the VM1 and vSwtichl, VM2 and vlan2 port on vSwtichl, this case, in the new vSwtichl vlan vlan port by the port and port having the same functions vlanl with vlan2 port vlan port having the same functions, and the port having the same functions and vlanl with vlan port ovs vlan2 port having the same functions are connected (dotted box in FIG. 5A after the illustrated), thus, vSwtichl may be received Ethernet packet sent by vlanl VM1 port, the Ethernet packets encapsulated into packets vlan, and having the same function through the virtual frame to the port vlan port vlanl sent to the OVS.

[0081] 方式二:在第一交换机上创建中继(trunk)端口,在OVS-vAPP虚拟机内的第二虚拟交换机上创建第三vlan端口,trunk端口与第三vlan端口连接,且第三vlan端口与第一vlan 端口具有相同的vlan标识; [0081] Second way: creating a first switch on the relay (Trunk) port, create a third port vlan, vlan Trunk port and the third port is connected to the second virtual switch within OVS-vAPP virtual machine, and the third vlan vlan port and the first port having the same vlan identifier;

[0082] 第一虚拟交换机可以将封装后的第一vlan数据包通过trunk端口发送出去; [0082] The first virtual switch may be encapsulated vlan first data packet sent through the Trunk port;

[0083] OVS-vAPP虚拟机可以接收从trunk端口发出的第一vlan数据包,根据第一vlan数据包内的第一vlan标识,并将该第一vlan数据包通过具有第一vlan标识的第三vlan端口发送至OVS-vAPP虚拟机内的第二虚拟交换机。 [0083] OVS-vAPP vlan virtual machine may receive a first data packet sent from the trunk port, a first vlan vlan identifier within a first data packet and the first packet by the second vlan vlan identifier having a first vlan three virtual switch port sends to the second OVS-vAPP within the virtual machine.

[0084] 如此,在实际部署时,不需要每次创建VM时都要在Host内的vSwtich上挂载与该VM 连接的vlan端口具有相同功能的端口,而是一开始就在vSwtich上创建好一个trunk端口, 并规划好其对应的vlan端口,将该trunk端口对应的vlan端口创建在ovs,后续,Host内有新的VM创建时,则需要在ovs上创建与与该新的VM连接的vlan端口具有相同功能的端口,并将新创建的vlan端口连接到trunk端口即可,以此减少Host内vSwtich上创建的vlan端口的数量,降低vSwtich的负载。 [0084] Thus, in the actual deployment does not need to be created each port connected to mount the VM vlan ports with the same functionality on vSwtich within the VM Host time, but a start has been created on the vSwtich a trunk port, and the corresponding vlan planned port, when the trunk port corresponding in ovs vlan port created, subsequent, the Host new VM creation, it is necessary to create the new VM and connected to the ovs vlan port port having the same functions, and the newly created vlan port can be connected to a trunk port, thereby reducing the number of ports in the vlan Host created on vSwtich, reduce the load on the vSwtich.

[0085] 其中,上述第三vlan端口与第一vlan端口具有相同的vlan标识可以指:第三vlan 端口和第一vlan端口具有相同功能,第三vlan端口支持传输从第一vlan端口发出的数据包。 [0085] wherein the first port and the third vlan vlan vlan port having the same identifier may refer to: the first port and the third vlan vlan port having the same functions, supports transmission of data in the third vlan port emitted from the first port vlan package. 需要说明的是,在实际部署时,第一vlan端口和第三vlan端口可以采用相同名称进行命名,也可以采用不同名称命名,本发明实施例对此不进行限定。 Incidentally, the actual deployment, the first vlan vlan port and the third port may be named with the same name, the name may be a different name, embodiments of the present invention which is not limited.

[0086] 例如,如图5B所示,在Hostl内包含两个虚拟机:VM1、VM2,VM1与vSwtichl上的vlanl端口连接,VM2与vSwtichl上的vlan2端口连接,vSwtichl上创建有trunk端口,ovs上创建有与vlanl端口具有相同功能的vlan端口、与vlan2端口具有相同功能的vlan端口(如图5B虚框内所示),trunk端口与ovs上的vlan端口连接,如此,vSwtichl可以在接收到VM1通过vlanl端口发送的以太网数据包之后,将该以太网数据包封装成第一vlan数据包,并通过虚框内的trunk端口发送至OVS-vAPP虚拟机,OVS-vAPP虚拟机接收到该第一vlan数据包,根据第一vlan数据包内的vlan标识,通过与vlanl端口具有相同功能的vlan发送至ovs〇 [0086] For example, as shown, comprises two virtual machines in Hostl 5B: VM1, VM2, VM1 and vlanl port on vSwtichl, vlan2 port on the VM2 vSwtichl, create trunk ports on vSwtichl, ovs vlan port created has the vlanl port having the same functions, and vlan2 port vlan port having the same functions (virtual frame shown in FIG. 5B), the vlan port and trunk port OVS, thus, vSwtichl to be received in after VM1 port Ethernet packet sent by the Ethernet packet is encapsulated into a first vlanl vlan packet, and sent to the OVS-vAPP virtual machines through the virtual trunk port box, OVS-vAPP receives the virtual machine vlan first packet identifier in accordance with a first vlan vlan packet sent to ovs〇 having the same function through the vlan port vlanl

[0087] S102:0VS-vAPP虚拟机将第一vlan数据包封装为第一VXLAN数据包,并向第二宿主机发送第一VXLAN数据包,以便第二宿主机将第一VXLAN数据包处理后发送至第二VM,其中, 第一VXLAN数据包包含:第一虚拟扩展局域网标识VNI。 [0087] S102: After 0VS-vAPP vlan first virtual machine a first data packet encapsulating VXLAN data packet, and sends a first data packet VXLAN second host, the first host to the second packet processing VXLAN the VM to the second transmission, wherein the first data packet VXLAN comprising: a first virtual local area network identifier extension VNI.

[0088] 其中,第一虚拟扩展局域网标识(VXLAN Network Identifier,VNI)用于标识第一VM所在的二层网络的覆盖域(又称为VXLAN段(VXLAN segment))。 [0088] wherein the extended first virtual local area network identifier (VXLAN Network Identifier, VNI) for covering the layer 2 network identifier field where the first VM (also known VXLAN segment (VXLAN segment)).

[0089] 可选的,OVS-vAPP虚拟机将第一vlan数据包封装为第一VXLAN数据包可以包括: [0089] Alternatively, OVS-vAPP vlan first virtual machine a first data packet encapsulating as data packet may VXLAN comprising:

[0090]去掉第一vlan数据包内的vlan标识,封装上第一VNI。 [0090] removed vlan vlan identifier within a first data packet encapsulating a first VNI. 需要说明的是,在封装为第一VXLAN数据包的过程中,包括但不限于仅封装上VNI,除此之外,还可以就在去掉vlan标识的原始以太网数据包上封装上:外层以太网头部、外层IP头部、外层用户数据报协议(User Datagram Pro toco 1,UDP)头部、VXLAN标记、以及一些保留字段。 Note that, in the package of the first data packet VXLAN process, including but not limited to only the package VNI, in addition, may also be removed in the original Ethernet packet vlan identifier on the package: an outer layer Ethernet header, the outer IP header, the outer layer of user datagram protocol (user datagram Pro toco 1, UDP) header, VXLAN mark, as well as some of the reserved field.

[0091]如此,可以将二层以太网数据包用三层协议进行封装,以实现对二层网络在三层范围内的扩展,满足处于不同二层网络内的VM通过三层互通技术实现通信。 [0091] Thus, Ethernet packet may be encapsulated with protocol Layer, Network Layer in order to achieve extension of the range within three to meet the VM are in different networks communicate through Layer Layer Interoperability .

[0092]可选的,在异构云网络中进行跨网络通信时,第一宿主机可以位于第一私有云,第二宿主机可以位于第二私有云,第一私有云可以包含第一二层网关,第二私有云可以包含第二二层网关,相应的,OVS-vAPP虚拟机向第二宿主机发送第一VXLAN数据包,可以包括: [0093] OVS-vAPP虚拟机向第一二层网关发送第一VXLAN数据包; [0092] Alternatively, when a cloud across the network in a heterogeneous communication network, the first host may be located in a first private cloud, the second host may be located in a second private cloud, the first two private cloud may comprise a first layer gateway, a second private cloud gateway may comprise a second floor, a corresponding, OVS-vAPP VXLAN a first virtual machine transmits a second data packet to the host, may include: [0093] OVS-vAPP virtual machine to the first two a first layer VXLAN gateway sends data packet;

[0094]第一二层网关根据预设的第一VNI与第二VNI的对应关系,将接收到的第一VXLAN 数据包内的第一VNI修改为第二VNI,并将包含第二VNI的第一VXLAN数据包通过第一二层网关与第二二层网关之间的VXLAN隧道发送至第二二层网关, [0094] First Layer gateway according to a preset correspondence relationship between the first and the second VNI in VNI, a first VNI modifications within the received data packet is a first VXLAN second VNI, and comprising a second VNI VXLAN first packet to the second gateway via Layer VXLAN tunnel between the first gateway and a second Layer Layer gateway,

[0095]第二二层网关根据预设的第一VNI与第二VNI的对应关系,将接收到的第一VXLAN 数据包内的第二VNI修改为第一VNI,并根据第一VNI将该第一VXLAN数据包发送至第二VM所在的第二Host内的vSwitch; [0095] Second Layer gateway according to a preset correspondence relationship between the first and the second VNI VNI second VNI modifications within the received first data packet is a first VXLAN VNI, and in accordance with the first VNI VXLAN first packet to a second Host within a second vSwitch VM resides;

[OO96]第二Host内的vSwitch接收到第一VXLAN数据包后,根据第一VXLAN数据包内第二VM的地址信息,将第一VXLAN数据包转换为第二vlan数据包,并去掉第二Vlan标识后通过与该vlan标识对应的vlan端口发送至第二VM,第二vlan数据包含第二vlan标识,第二vlan标识用于标识与第二VM连接的vlan端口。 After vSwitch in [OO96] VXLAN second Host receiving the first data packet, the address information of the first packet VXLAN the second VM, the first data packet into a second VXLAN vlan packet, and removed from the second after vlan identified by corresponding to the transmitted identification vlan vlan port to the second VM, the second data vlan vlan comprises a second identifier, the second identifier is used vlan vlan port connected to the identity and the second VM.

[0097]其中,异构云网络中的云管理系统可以预先配置处于不同网络的第一和第二珊的VNI,将二者的VNI均配置为第一VNI,并且预先配置第一VNI与第二VNI的对应关系,以便第一二层网关、第二二层网关可以从云管理系统处获取第一VNI与第二VNI的对应关系,根据第一VNI与第二VNI的对应关系进行VNI修改,第二VNI可以为云管理系统为第一二层网关配置的任一VNI。 The first and second Shan VNI [0097] wherein the heterogeneous cloud cloud network management system may be preconfigured in different networks, both the VNI VNI are configured as a first, pre-configured and the first and the second VNI VNI correspondence relationship between two of the first floor to the gateway, the gateway can acquire the second floor the first and the second corresponding relationship VNI VNI management system from the cloud, the VNI be modified according to the correspondence between the first and the second VNI in VNI , can be configured as a second VNI cloud management system of any one of the first gateway Layer VNI. 可选的,云管理系统可以为第一二层网关配置至少一个VNI。 Alternatively, the cloud management system can be configured for the at least one first Layer VNI gateway.

[0098]例如,VM1处于私有云1,VM2处于私有云2,私有云1内的L2GW1与私有云2内的L2GW2 通过VXLAN隧道技术互通,VM1、VM2的VNI均为〇,云管理系统为L2GW1配置的VNI的范围是7000〜8999,当VM1与VM2之间进行通信,云管理系统可以从7000〜8999内选出未使用的VNI,如:0,来映射VM1、VM2所属的丽_〇,并将映射关系下发至L2GW1和L2GW2,如此, 当L2GW1接收到包含5000的VXLAN数据包,将5000修改为7〇〇〇,再发送至L2GW2,L2GW2接收到包含7000的VXLAN数据包后,将7000修改后5〇00下发至Host内的vSwitch。 [0098] For example, a private cloud in the VM1, VM2 in private cloud 2, 2 L2GW1 with L2GW2 in private cloud by cloud in a private exchange technique VXLAN tunnel, VM1, VM2 are the VNI billion, cloud management system L2GW1 VNI range of 7000~8999 is arranged, when communication between a VM1 and VM2, VNI cloud management system can be selected from unused 7000~8999, such as: 0, to map VM1, VM2 _〇 Korea belongs, after the mapping relationship and sent to L2GW1 and L2GW2, so, when L2GW1 received packet contains VXLAN 5000, 5000 7〇〇〇 modify, and then sent to L2GW2, L2GW2 received packet contains VXLAN 7000, the after 7000 5〇00 modified within vSwitch issued to Host.

[0099] 为使本发明的目的、技术方案和优点更加清楚,下面结合图6对VM1获取VM2的MAC 地址的通信过程进行详细说明,VM1处于私有云1内的vlanl,VM2处于私有云2内的vlan2, vlanl与vlan2为不同的虚拟局域网,其中,VM1、VM2的IP地址分别是10.0.0.100和10.0.0.101,: [0099] To make the objectives, technical solutions, and advantages of the present invention will become more apparent below in connection with FIG. 6 VM1 acquisition communication procedure MAC address VM2 will be described in detail, VM1 is vlanl within a private cloud, VM2 in the private cloud 2 the vlan2, vlanl and vlan2 to different virtual LANs, which, VM1, IP address is 10.0.0.100 and 10.0.0.101 VM2 respectively ,:

[0100] ①VM1发现其要访问的VM2的IP (10 • 0 • 0 • 101)地址和自己是在同一个网络内,直接通过vlanl向vSwitchl发送用于获取10 • 〇• 〇• 101对应的MAC地址的ARP数据包,该ARP数据包包含:VM2的IP地址;vSwitchl接收到该数据包后,将该数据包添加vlanl的标识,变为vlan 数据包。 [0100] ①VM1 find its IP to access the VM2 (10 • 0 • 0 • 101) and its own address is to obtain the corresponding square 10 • • • 101 MAC billion in the same network, for the direct transmission through vlanl vSwitchl ARP packet address, the ARP packet comprising: IP address of VM2; vSwitchl receiving the data packet, the data packet identification vlanl is added, becomes vlan packet. 之后,vSwitchl将该vlan数据包发送到与vlanl相同vlanl端口,这个时候该vlan数据包进入〇VS-vApp虚拟交换机内的〇vs,ovs收到该vlan数据包后首先会去掉vlan标识,打上VM1对应的VNI,将该vlan数据包转换为VXLAN数据包通过vSwitchl的公共端口vlanO转发给私有云1中的L2GW1。 After, vSwitchl the vlan packet to the same vlanl vlanl port, this time the packet enters 〇vs vlan in 〇VS-vApp virtual switch, OVS received after the first packet will be removed vlan vlan ID, marked VM1 corresponding VNI, the vlan VXLAN data packets into the data packet to the private cloud 1 L2GW1 vlanO vSwitchl by the common port.

[0101] ②私有云1中的L2GW1修改接收到的VXLAN数据包中的VNI,修改后的VXLAN数据包通过VXLAN到达私有云2中的L2GW2。 [0101] ② private cloud 1 L2GW1 VXLAN modified received packet VNI, the modified packet arrives in VXLAN private cloud 2 L2GW2 by VXLAN.

[0102] ③私有云2中的L2GW2将接收到的VXLAN数据包中的VNI修改为VM2的VNI,根据VM2 的VNI,将修改后的VXLAN数据包发送至VM2所在的Host2内的vSwitch2,之后,vSwitch2会根据VM2的IP地址,去掉接收到的VXLAN数据包中的VNI,打上与VM2对应的vlan2的标识转换为vlan数据包,进而去掉vlan标识变为ARP数据包通过vlan2进入到VM2中,VM2收到该ARP数据包后就会向VM1直接回复自己的MAC地址。 [0102] ③ private cloud L2GW2 2 received VXLAN packet VNI modify VNI VM2 according VM2 the VNI, sends the modified VXLAN packet to the vSwitch2 in Host2 VM2 is located, then, vSwitch2 based on the IP address of VM2, remove the received packet VXLAN VNI, marked with the corresponding VM2 vlan2 vlan identifier is converted into data packets, identification becomes further removed vlan ARP packet into the through vlan2 VM2, VM2 after receiving the ARP reply packet will own MAC address directly to the VM1.

[0103] 可理解的是,上述仅对一个Host内的VM与其他Host内的VM间的通信进行了说明, 对于其他任一Host的VM,若需要与其他Host内的VM进行通信,则也可以在该Host内新增OVS-vApp虚拟机,通过上述方法实现VM间的互通,即可以在每个Host内新增OVS-vApp虚拟机,通过该〇VS-vApp虚拟机实现自身所在Host内的VM与其他Host内的VM间的通信。 [0103] understood that, within the VM Host has been described only for a communication between a VM and the other Host, a Host to any of the other VM, if the VM needs to communicate with other Host, it is also can add in the VM Host OVS-vApp, interoperability between VM is achieved by the method described above, i.e., can add OVS-vApp virtual machines within each Host, Host achieved where the self-vApp 〇VS by the virtual machine the communication with the other VM Host between VM.

[0104] 然而,为了减少部署成本,在本发明的另一可行性方案中,还可以仅在一个Host内新增OVS-vApp虚拟机,其他任一Host内的所有VM可以通过该OVS-vApp虚拟机实现自身与其他VM间的通信,即在本发明实施例中还通过下述方法实现第三VM与第二VM间的通信,第三VM位于第三Host,第三Host位于第一私有云,第一私有云还包括:物理交换机,且第三Host 内未部署OVS-vApp虚拟机; [0104] However, in order to reduce deployment costs, another feasible embodiment of the present invention, may also be added OVS-vApp virtual machine is in a Host, all in any of the other VM by the Host OVS-vApp virtual machine implementation own communication between the VM and the other, i.e. embodiment also enables communication between the third VM and the second VM by the following method in the present invention, a third Host third VM, located in the first third Host private Yun, a first private cloud further comprising: a physical switch, not deployed OVS-vApp and a third virtual machine within the Host;

[0105] OVS-vAPP虚拟机接收物理交换机通过第一Host内的虚拟交换机发送的第三vlan 数据包,该第三vlan数据包由第三Host内的虚拟交换机发送至物理交换机,且该第三vlan 数据包由第三VM发出的以太网数据包封装而成,该以太网数据包为发往第二VM的数据包, 该第三vlan数据包包含:与第三VM对应的第四vlan端口的vlan标识、以及第二VM的地址信息; [0105] OVS-vAPP virtual machine receives the physical switches vlan third virtual switch data packets sent by the Host within the first, the third data packet transmitted by the vlan virtual switch within a physical switch to the third Host, and the third vlan Ethernet packet sent from the packet obtained by encapsulating a third VM, the Ethernet packet is addressed to the second VM packet, the third packet vlan comprising: third and fourth VM corresponding vlan port the vlan ID, and address information of a second VM;

[0106] OVS-vAPP虚拟机将第三vlan数据包封装为第二VXLAN数据包,并向第二宿主机发送第二VXLAN数据包,以便第二宿主机将第二VXLAN数据包处理后发送至第二VM,其中,第二VXLAN数据包包含:第二虚VNI,第二VNI用于标识第三VM所在的二层网络的覆盖域。 [0106] OVS-vAPP third virtual machine vlan VXLAN encapsulates the packet to a second data packet, and sends the second data packet VXLAN second host to the second host to the second transmitted to the packet processing VXLAN a second VM, wherein the second data packet VXLAN comprising: a second dummy VNI, the second cover VNI field for identifying a network Layer third VM resides.

[0107] 可选的,物理交换机上可以创建有与第三Host对应的第一trunk端口、以及与第一Host对应的第二trunk端口,第三Host内的虚拟交换机可以通过trunk端口将第三vlan数据包发送至物理交换机,物理交换机可以通过第二trunk端口将第三vlan数据包发送至第一Host内的vSwitch,由vSwitch将接收到的弟二vlan数据包发送至〇VS-vAPP虚拟机,其中' OVS-vAPP虚拟机上创建有与第三VM连接的vlan端口功能相同的vlan端口。 [0107] Alternatively, there can be created on a physical switch and the third Host first trunk port and a second trunk port corresponding to the first Host, Host virtual switch corresponding to the third, by a third trunk port vlan packet to the physical switch, the physical switch port can send data packets to a third vlan vSwitch through a second Host within the first Trunk, vSwitch received by the two brother vlan packet to the virtual machine 〇VS-vAPP wherein 'vlan port created has the same function VM is connected to the third port vlan OVS-vAPP virtual machine.

[0108] 其中,OVS-vAPP虚拟机向第二宿主机发送第二VXLAN数据包的过程与上述OVS-vAPP 虚拟机向第二宿主机发送第一VXLAN 数据包的过程雷同,在此不再详细赘述。 Process Process [0108] wherein, OVS-vAPP VXLAN virtual machine transmits a second data packet to the second host transmitting a first data packet with said VXLAN OVS-vAPP virtual machine identical to the second host, not described in detail here repeat.

[0109] 为使本发明的目的、技术方案和优点更加清楚,下面结合图7对VM3获取VM2的MAC 地址的通信过程进行详细说明,VM3处于私有云1内的vlan3,VM2处于私有云2内的vlan2, ¥1&113与71&1:2为不同的虚拟局域网,其中,\^3、¥12的1?地址分别是10.〇.〇.1〇2和10.0.0.101,: [0109] To make the objectives, technical solutions, and advantages of the present invention will become more apparent below in connection with FIG. 7 VM3 acquisition communication procedure MAC address VM2 will be described in detail, VM3 is vlan3 within a private cloud, VM2 in the private cloud 2 the vlan2, ¥ 1 & amp; 113 and 71 & amp; 1:? 2 for the different virtual LANs, which, \ ^ 3, ¥ 12 and 1 10.〇.〇.1〇2 address is 10.0.0.101, respectively ,:

[0110] ①VM3发现其要访问的VM2的IP(10.0 • 〇. 1 〇1)地址和自己是在同一个网络内,直接通过vlan3向vSwi tch3发送用于获取10 • 〇• 〇• 1〇1对应的MAC地址的ARP数据包,该ARP数据包包含:VM2的IP地址;vSwitch3接收到该数据包后,将该数据包添加vlan3的标识,变为vlan 数据包。 [0110] ①VM3 find its IP to access the VM2 (• 10.0 billion. 〇1 1) and its own address are in the same network, for sending directly to vSwi tch3 vlan3 obtain 10 square • • • square 1〇1 ARP packets corresponding to the MAC address, the ARP packet comprising: IP address of VM2; vSwitch3 after receiving the data packet, the data packet identification vlan3 is added, becomes vlan packet. 之后,vSwi tch3将该vlan数据包通过trunk2端口发送到物理交换机,物理交换机将接收到的vlan数据包通过trunkl端口发送至Hostl内的vSwitchl,vSwitchl通过与vlanl相同的vlan端口发送该vlan数据包,这个时候该vlan数据包进入OVS-vApp虚拟交换机内的〇vs,〇VS收到该vlan数据包后首先会去掉vlan标识,打上VM3对应的VNI,将该vlan数据包转换为VXLAN数据包通过vSwitchl的公共端口vlanO转发给私有云1中的L2GW1。 After, vSwi tch3 vlan packets are sent over the port to a physical switch trunk2, the physical switch vlan the received packet transmitted to the port through trunkl vSwitchl in Hostl, vSwitchl transmits the data packet via the vlan vlanl same vlan port, this time the packet enters 〇vs vlan in OVS-vApp virtual switch, 〇VS received after the first packet will be removed vlan vlan ID, VM3 corresponding to the marked VNI, the vlan data packets into data packets through vSwitchl VXLAN vlanO port forwarding public to the private cloud 1 L2GW1.

[0111] ②私有云1中的L2GW1修改接收到的VXLAN数据包中的VNI,修改后的VXLAN数据包通过VXLAN到达私有云2中的L2GW2。 [0111] ② private cloud 1 L2GW1 VXLAN modified received packet VNI, the modified packet arrives in VXLAN private cloud 2 L2GW2 by VXLAN.

[0112] ③私有云2中的L2GW2将接收到的VXLAN数据包中的VNI修改为VM2的VNI,根据VM2 的VNI,将修改后的VXLAN数据包发送至VM2所在的Host2内的vSwitch2,之后,vSwitch2会根据VM2的IP地址,去掉接收到的VXLAN数据包中的VNI,打上与VM2对应的vlan2的标识转换为vlan数据包,进而去掉vlan标识变为ARP数据包通过vlan2进入到vm2中,vm2收到该ARP数据包后就会向VM3直接回复自己的MAC地址。 [0112] ③ private cloud L2GW2 2 received VXLAN packet VNI modify VNI VM2 according VM2 the VNI, sends the modified VXLAN packet to the vSwitch2 in Host2 VM2 is located, then, vSwitch2 based on the IP address of VM2, remove the received packet VXLAN VNI, marked with the corresponding VM2 vlan2 vlan identifier is converted into data packets, identification becomes further removed vlan ARP packet into vm2 by vlan2, vm2 after receiving the ARP reply packet will own MAC address directly to VM3.

[0113]由上可知,本发明实施例提供一种跨网络通信的方法,OVS-vAPP虚拟机接收第一Host内的第一虚拟交换机发送的第一Vlan数据包,将第一vlan数据包封装为第一VXLAN数据包,并向第二宿主机发送第一VXLAN数据包,以便第二宿主机将第一VXLAN数据包处理后发送至第二VM。 [0113] From the above, embodiments provide a method of communication across a network of the present invention, OVS-vAPP Vlan virtual machine receives a first data packet in a first virtual switch first sent by the Host, the first encapsulated data packet vlan VXLAN first data packet, and sends a first data packet VXLAN second host to the second host sends to the second VM after the first packet processing VXLAN. 如此,通过0VS-vAPP虚拟机来实现VM之间的通信,不需要在VM内部署agent 以及虚拟出额外的网卡,避免了现有在实现不同二层网络间通信时,需要在VM中部署agent 以及虚拟出额外的网卡导致的网络安全性降低的问题。 Thus, to achieve the communication between through 0VS-vAPP VM virtual machine agent, and the need to deploy an additional virtual NIC in the VM, is avoided when implementing existing network communication between different floor needs to be deployed in the VM agent network security and reduce the problem of the additional virtual NICs due.

[0114]上述主要从OVS-vAPP虚拟机的角度对本发明实施例提供的跨网络通信的方案进行了介绍。 [0114] The OVS-vAPP from the perspective of virtual machines across a network communications program according to an embodiment of the present invention has been described. 可以理解的是,OVS-vAPP虚拟机为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。 It will be appreciated that, OVS-vAPP virtual machine to achieve the above functions, which include respective hardware and / or software modules perform various functions. 本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,本发明能够以硬件或硬件和计算机软件的结合形式来实现。 Those skilled in the art should readily appreciate that the herein disclosed in conjunction with units and algorithm steps described in the respective exemplary embodiments, the present invention can be implemented in hardware or in combination in hardware and computer implemented software. 某个功能宄竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。 A feature traitor to resort to computer hardware or software-driven hardware way to perform, depending on the particular application and design constraints of the technical solutions. 专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。 Professional technical staff may use different methods for each specific application to implement the described functionality, but such implementation should not be considered outside the scope of the present invention.

[0115]本发明实施例可以根据上述方法示例对0VS-VAPP虚拟机进行功能模块的划分,例如,可以对应各个功能划分各个功能模块,也可以将两个或两个以上的功能集成在一个处理器中。 [0115] Embodiments of the invention may be divided functional modules of 0VS-VAPP virtual machine according to the above exemplary method, e.g., may correspond to the respective functions of each module is divided, it may be two or more functions integrated in one processing vessel. 上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。 The integrated module may be implemented in the form of hardware, software functional modules may also be implemented. 需要说明的是,本发明实施例中对模块的划分是示意性的,仅仅为一种逻辑功能划分, 实际实现时可以有另外的划分方式。 Incidentally, the division of the module embodiment of the present invention are illustrative embodiment is merely logical function division, there may be other division in actual implementation.

[0116]在采用对应各个功能划分各个功能模块的情况下,图8示出了上述实施例中所涉及的OVS-vAPP虚拟机的一种可能的结构示意图,如图8所示,该ovS-vAPP虚拟机20可以包括:接收单元201、封装单元2〇2、发送单元203。 [0116] In the case where the function corresponding to each division each functional module, Figure 8 shows a schematic structural diagram of a possible embodiment of the above-described embodiments involved OVS-vAPP virtual machines, as shown in FIG. 8, the ovS- vAPP virtual machine 20 may include: a receiving unit 201, 2〇2 packaging unit, the transmitting unit 203. 接收单元201用于支持〇VS-vAPP虚拟机执行图4中的过程S101,封装单元202、发送单元203用于共同支持OVS-vAPP虚拟机执行图4中的过程S1〇2。 Receiving unit 201 for supporting 〇VS-vAPP virtual machine executes the process S101 of FIG. 4, the package unit 202, the transmission unit 203 to jointly support OVS-vAPP virtual machine 4 executes the process S1〇2. 其中,上述方法实施例涉及的各步骤的所有相关内容均可以援引到对应功能模块的功能描述,在此不再赘述。 Wherein all of the steps of the content according to the above-described embodiments can be implemented method invoke the corresponding function module to the functional description is not repeated herein.

[0117]在采用集成的单元的情况下,图9示出了上述实施例中所涉及的OVS-vAPP虚拟机的一种可能的结构示意图。 [0117] In the case of an integrated unit, FIG. 9 shows one of the above embodiments related to a virtual machine OVS-vAPP possible structure diagram. OVS-vAPP虚拟机300包括:处理器3011、存储器3012、收发器3013 以及通信总线3014,处理器3〇11、存储器3012、收发器3013通过通信总线3014相互连接;通{目总线3014可以是外设部件互连标准(Peripheral Component Interconnect,PCI)总线或扩展工业标准结构(Extended Industry Standard Architecture,EISA)总线等。 OVS-vAPP virtual machine 300 includes: a processor 3011, a memory 3012, a transceiver 3013, and a communication bus 3014, a processor 3〇11, a memory 3012, a transceiver 3013 3014 interconnected by a communication bus; {mesh through bus 3014 may be external standard provided component interconnect (Peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, etc. 所述总线可以分为地址总线、数据总线、控制总线等。 The bus can be divided into an address bus, a data bus, a control bus and the like.

[0118]其中,处理器3011可以是处理器或控制器,例如可以是中央处理器(Central Processing Unit,CPU),通用处理器,数字信号处理器(Digital Signal Processor,DSP), 专用集成电路(Application-Specific Integrated Circuit,ASIC),现场可编程门阵列(Field Programmable Gate Array,FPGA)或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。 [0118] wherein, the processor 3011 may be a processor or controller, for example, can be a central processor (Central Processing Unit, CPU), a general purpose processor, a digital signal processor (Digital Signal Processor, DSP), application specific integrated circuits ( Application-Specific Integrated Circuit, ASIC), a field programmable gate array (field programmable gate array, FPGA) or other programmable logic device, transistor logic, hardware components, or any combination thereof. 其可以实现或执行结合本发明公开内容所描述的各种示例性的逻辑方框,模块和电路。 Which may be implemented or performed with the present disclosure described various illustrative logical blocks, modules, and circuits. 所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,DSP和微处理器的组合等等,用于对OVS-vAPP虚拟机的动作进行控制管理,例如, 处理器3011用于支持图4中S102中的封装过程, The processor may also be implemented in combination computing functions, for example, comprise a combination of one or more microprocessors, DSP and a microprocessor, etc., for the operation of the virtual machine OVS-vAPP control and management, e.g., 3011 for supporting the processor in FIG. 4 in the packaging process S102, the

[0119]收发器3013可以是收发电路或通信接口等,用于执行图4中的过程S101、以及图4 中过程S102中的发送过程。 [0119] The transceiver 3013 may be a transceiver circuit or a communication interface, a process executed in S101 in FIG. 4, 4 and a transmission process in the process S102 of FIG.

[0120]所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统, 装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。 [0120] Those skilled in the art may clearly understand that, for convenience and brevity of description, specific working process of the foregoing system, apparatus, and unit may refer to the corresponding process in the foregoing method embodiments, not described herein again . [0121]在本发明所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。 [0121] The present invention provides several embodiments, it should be understood that the system, apparatus and method disclosed may be implemented in other manners. 例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。 For example, the described apparatus embodiments are merely illustrative of, for example, the unit division is merely logical function division, there may be other division in actual implementation, for example, a plurality of units or components may be combined or It can be integrated into another system, or some features may be ignored or not performed. 另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些端口,装置或单元的间接耦合或通信连接,可以是电性或其它的形式。 Another point, displayed or coupling or direct coupling or communication may be interconnected by a number of discussions port indirect coupling or communication connection device or unit, may be electrical or other forms.

[0122]所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络设备上。 [0122] The unit described as separate components may be or may not be physically separate, parts displayed as units may be or may not be physical units, i.e. may be located in one place, or may be distributed to a plurality of networks on the device. 可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。 You can select some or all of the units according to actual needs to achieve the object of the solutions of the embodiments.

[0123]另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个功能单元独立存在,也可以两个或两个以上单元集成在一个单元中。 [0123] Additionally, functional units may be integrated in various embodiments of the present invention in a processing unit, the respective functional units may be independently present, may be two or more units are integrated into one unit. 上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。 The integrated unit may be implemented in the form of hardware, software functional units in hardware may also be implemented.

[0124]上述以软件功能单元的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。 [0124] integrated unit implemented in the form of a software functional unit described above may be stored in a computer-readable storage medium. 上述软件功能单元存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的部分步骤。 The software functional unit is stored in a storage medium and includes several instructions that enable a computer device (may be a personal computer, a server, or network device) to perform the steps of the methods of the various embodiments of the present invention. 而前述的存储介质包括:通用串行总线(英文:Universal Serial Bus,USB)闪存驱动器(英文:USB flash drive)、移动硬盘、只读存储器(英文:read_only memory,ROM)、随机存取存储器(英文:random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。 The storage medium comprising: a universal serial bus (English: Universal Serial Bus, USB) flash drive (English: USB flash drive), removable hard disk, read-only memory (English: read_only memory, ROM), a random access memory ( English: various random access memory, RAM), magnetic disk, or an optical medium storing program codes.

[0125]最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换; 而这些修改或者替换,并不使相应技术方案脱离权利要求的范围。 [0125] Finally, it should be noted that: the above embodiments are intended to illustrate the present invention, rather than limiting;. Although the present invention has been described in detail embodiments, those of ordinary skill in the art should be understood: technical solutions which may still described in the foregoing embodiments may be modified, or some technical features equivalents; as such modifications or replacements do not cause the corresponding technical solutions depart from the scope of the claims.

Claims (15)

  1. 1. 一种跨网络通信的方法,该方法应用于第一虚拟机VM与第二VM间的通信,所述第一VM位于第一宿主机Host,所述第二VM位于第二Host,其特征在于,所述第一宿主机内创建有路由虚拟机,所述方法包括: 所述路由虚拟机接收所述第一Host内的第一虚拟交换机发送的第一虚拟局域网vlan 数据包,所述第一vlan数据包由所述第一VM发出的以太网数据包封装而成,所述第一vlan 数据包包含:与所述第一VM对应的第一v lan端口的v lan标识、以及所述第二VM的地址信息; 所述路由虚拟机将所述第一vlan数据包封装为第一虚拟扩展局域网VXLAN数据包,并向所述第二Host发送所述第一VXLAN数据包,以便所述第二Host根据所述第二VM的地址信息、以及第一虚拟扩展局域网标识VNI,将所述第一VXLAN数据包处理后发送至所述第二VM, 所述第一VXLAN数据包包含所述第一VNI,所述第一VNI用于标 1. A method of communication across a network, the method applied to a communication between a first virtual machine VM and the second VM, the first VM at the first host Host, the second VM in the second Host, which wherein creating a route within the first virtual machine host, said method comprising: routing the first virtual machine receives a first virtual local area network data packet vlan virtual switch within the first sent by the host, the vlan Ethernet packet a first data packet sent by the first VM packaging is made, the first data packet comprises vlan: v lan identifier corresponding to the first VM with a first v lan port, as well as said second address information of the VM; routing the virtual machine the first data packet encapsulating vlan the first virtual local area network extension VXLAN packet to said second Host VXLAN transmitting the first data packet, so that the Host said second address information of the second VM, and a first virtual local area network identifier extension VNI, after the first packet processing VXLAN transmitted to the second VM, the first containing the data packet VXLAN said first VNI, the first standard for VNI 第一VM所在的二层网络的覆盖域。 A first covering layer 2 network domain where the VM.
  2. 2. 根据权利要求1所述的方法,其特征在于,所述第一交换机上创建第二vlan端口,所述第二vlan端口与所述第一vlan端口具有相同的vlan标识,且所述第二vlan端口与所述路由虚拟机内的第二虚拟交换机连接;所述路由虚拟机接收所述第一Host内的第一虚拟交换机发送的第一vlan数据包,包括: 所述路由虚拟机内的第二虚拟交换机接收所述第一虚拟交换机通过所述第二vlan端口发送的所述第一vlan数据包; 所述路由虚拟机将所述第一vlan数据包封装为第一VXLAN数据包,包括: 所述路由虚拟机内的第二虚拟交换机将所述第一vlan数据包封装为第一VXLAN数据包。 2. The method according to claim 1, wherein creating the second vlan port of the first switch, the first port and the second vlan vlan vlan port having the same identifier, and the second the two switches in the second virtual port and the routing vlan virtual machine; said first vlan virtual route data packet to the first virtual switch receives the first sent by the Host, comprising: routing the virtual machine a second virtual switch receives the first switch through the second virtual port vlan vlan transmitting a first data packet; routing the virtual machine the first data packet encapsulating a first vlan VXLAN data packet, comprising: a routing switch within the second virtual machine said first virtual vlan encapsulating a first data packet VXLAN packet.
  3. 3. 根据权利要求1所述的方法,其特征在于,所述第一交换机上创建有中继trunk端口, 所述路由虚拟机包含第二虚拟交换机,所述第二虚拟交换机上创建有第三vlan端口,所述trunk端口与第三vlan端口连接,且所述第三vlan端口与所述第一vlan端口具有相同的vlan标识;所述路由虚拟机接收所述第一Host内的第一虚拟交换机发送的第一vlan数据包,包括: 所述路由虚拟机接收所述第一Host内的第一虚拟交换机通过所述trunk端口发送的第一vlan数据包; 所述路由虚拟机根据所述第一vlan数据包内的vlan标识,通过与所述vlan标识对应的第三vlan端口将所述第一vlan数据包发送至第二虚拟交换; 所述路由虚拟机将所述第一v lan数据包封装为第一VXLAN数据包,包括: 所述路由虚拟机内的第二虚拟交换机将所述第一vlan数据包封装为第一VXLAN数据包。 3. The method according to claim 1, wherein there are created on the first relay switch trunk ports, the virtual routing switch comprises a second virtual machine, create a third virtual switch on the second vlan port, the third port vlan trunk port and the third port and the first vlan vlan vlan port having the same identifier; a first virtual machine receives the routing within the first virtual Host vlan transmitting a first packet switch, comprising: a first virtual machine receives the routing vlan a first data packet within the first virtual switch port sent by the Host Trunk; the route based on the first virtual machine vlan vlan identifier within a data packet, sent through the third port to the vlan vlan identifier corresponding to the first data packet to a second vlan virtual exchange; routing the virtual machine to the first data packet v lan a first data packet VXLAN package, comprising: a routing switch within the second virtual machine said first virtual vlan encapsulating a first data packet VXLAN packet.
  4. 4. 根据权利要求1-3任一项所述的方法,其特征在于,所述第一Host位于第一私有云, 所述第二Host位于第二私有云,所述第一私有云包含第一二层网关,所述第二私有云包含第二二层网关;所述路由虚拟机向所述第二Host发送所述第一VXLAN数据包,包括: 所述路由虚拟机向所述第一二层网关发送所述第一VXLAN数据包,以便所述第一二层网关根据预设的所述第一VNI与第二VNI的对应关系,将接收到的所述第一VXLAN数据包内的所述第一VNI修改为所述第二VNI,并将包含所述第二VNI的第一VXLAN数据包通过所述第一二层网关与所述第二二层网关之间的VXLAN隧道发送至所述第二二层网关,所述第二二层网关根据所述预设的第一VNI与第二VNI的对应关系,将接收到的所述第一VXLAN数据包内的所述第二VNI修改为所述第一VNI,并根据所述第一VNI将所述第一VXLAN数据包发送至所述第 4. The method according to any one of claims 1-3, characterized in that, the first located at the first private cloud Host, a Host in the second second private cloud, the first private cloud comprises a first a gateway floor, the second floor private cloud comprises a second gateway; routing the data packet to the virtual machine Host transmitting the first second VXLAN, comprising: a virtual machine to the first route Layer in the first gateway sends VXLAN data packet to the first gateway a correspondence relationship of the second floor with VNI, received according to a preset first VNI of the said first data packet VXLAN the first modification to the second VNI VNI, and comprising a first data packet of the second VXLAN VNI VXLAN through the first floor tunnel between the gateway and the second gateway sending to Layer the gateway second floor, the second floor in the gateway according to the preset corresponding relationship between the first and the second VNI in VNI, the received data packet to a first VXLAN second VNI VNI is modified to the first, according to the first transmitting and VNI the first data packet of the first VXLAN Host。 Host.
  5. 5. 根据权利要求1-3任一项所述的方法,其特征在于,所述方法还用于实现第三VM与所述第二VM间的通信,所述第三VM位于第三Host,所述第一Host与所述第三Host与同一个物理交换机连接,且所述第三Host内未部署路由虚拟机;所述方法还包括: 所述路由虚拟机接收所述物理交换机发送的第三vlan数据包,所述第三vlan数据包由所述第三Host内的虚拟交换机发送至所述物理交换机,且所述第三vlan数据包由第三VM发出的以太网数据包封装而成,所述以太网数据包为发往第二VM的数据包,所述第三vlan数据包包含:与所述第三VM对应的第四vlan端口的vlan标识、以及所述第二VM的地址信息; 所述路由虚拟机将所述第三vlan数据包封装为第二VXLAN数据包,并向所述第二宿主机发送所述第二VXLAN数据包,以便所述第二Host根据所述第二VM的地址信息、以及第二VNI,将所述第二VXLAN数 The method according to any one of claims 1-3, characterized in that the method further configured to communicate between the third VM and the second VM, the third VM is in the third Host, the first and the third Host Host connected to the same physical exchange, and routing the undeployed third Host within a virtual machine; said method further comprising: a first virtual machine receives the routing of the physical transmission switch vlan three packets, the data packet transmitted by the third vlan the virtual switch in the third Host to the physical switch, and the third data packet vlan Ethernet packet sent from the package by the third VM the Ethernet packet is addressed to the second VM data packet, the third packet vlan comprising: third VM corresponding to the fourth port vlan vlan identifier, and the address of the second VM information; the routing said third virtual machine vlan VXLAN second packet is encapsulated data packet, the second host to the second transmitted data packet VXLAN, based on the first to the second host two address information of the VM, and a second VNI, the second number VXLAN 包处理后发送至所述第二VM,所述第二VNI用于标识第三VM所在的二层网络的覆盖域。 After the process of sending the packet to the second VM, the second cover VNI field for identifying a network Layer third VM resides.
  6. 6. —种路由虚拟机,所述路由虚拟机用于执行第一虚拟机VM与第二VM间的通信,所述第一VM位于第一宿主机Host,所述第二VM位于第二Host,其特征在于,所述第一宿主机内创建有路由虚拟机,所述路由虚拟机包括: 接收单元,用于接收所述第一Host内的第一虚拟交换机发送的第一虚拟局域网vlan数据包,所述第一vlan数据包由所述第一VM发出的以太网数据包封装而成,所述第一vlan数据包包含:与所述第一VM对应的第一vlan端口的vlan标识、以及所述第二VM的地址信息; 封装单元,用于将接收单元接收到的所述第一vlan数据包封装为第一虚拟扩展局域网VXLAN数据包; 发送单元,用于向所述第二Host发送所述将封装单元封装后的第一VXLAN数据包,以便所述第二Host根据所述第二VM的地址信息、以及第一虚拟扩展局域网标识VNI,将所述第一VXLAN数据包处理后发送至所述第二 6. - kind of routing the virtual machine, the virtual machine Host second route for performing communication between a first virtual machine VM and the second VM, the first VM host Host positioned first, the second VM is located characterized in that, to create a route within the first virtual machine host, the routing virtual machine comprising: a receiving unit, for receiving said first data in a first virtual local area network vlan virtual switch in the first sent by the host packet, the first packet data vlan Ethernet packet sent from the first VM package together, said first packet data vlan comprising: a first vlan vlan port identifier corresponding to the first VM, and address information of the second VM; said packaging unit for the receiving unit receives a first data packet encapsulating vlan the first virtual local area network extension VXLAN data packet; transmitting means for supplying the second Host after transmitting the first data packet encapsulated VXLAN unit packages, so that the second Host address information of the second VM, and a first virtual local area network identifier extension VNI, the first packet processing VXLAN transmitting to the second VM,所述第一VXLAN数据包包含所述第一VNI,所述第一VNI用于标识第一VM所在的二层网络的覆盖域。 VM, the first data packet comprising the first VXLAN VNI, VNI for covering the first layer 2 network domain identifier where the first VM.
  7. 7. 根据权利要求6所述的路由虚拟机,其特征在于,所述第一交换机上创建第二vlan端口,所述第二vlan端口与所述第一vlan端口具有相同的vlan标识,且所述第二vlan端口与所述路由虚拟机连接; 所述接收单元,具体用于接收所述第一虚拟交换机通过所述第二vlan端口发送的第一vlan数据包; 所述封装单元,具体用于将所述第一vlan数据包封装为第一VXLAN数据包。 The routing of the virtual machine as claimed in claim 6, wherein said second vlan creating a first switch port, the first port and the second vlan vlan vlan port having the same identifier, and the vlan port and said second virtual machine is connected to the route; the receiving unit is specifically configured to receive the first virtual switch through a first data packet of the second vlan vlan port transmission; the packaging unit, particularly with vlan in the first data packet encapsulating a first data packet VXLAN.
  8. 8. 根据权利要求6所述的路由虚拟机,其特征在于,所述第一交换机上创建有中继trunk端口,所述路由虚拟机上创建有第三vlan端口,所述trunk端口与第三vlan端口连接, 且所述第三vlan端口与所述第一vlan端口具有相同的vlan标识; 所述接收单元,具体用于接收所述第一Host内的第一虚拟交换机通过所述trunk端口、 与所述vlan标识对应的第三vlan端口发送的第一vlan数据包; 所述封装单元,具体用于将所述第一vlan数据包封装为第一VXLAN数据包。 8. The machine according to claim 6, virtual routing, characterized in that there is created a first relay trunk ports on the switch, the routing vlan create a third port on the virtual machine, and a third trunk port vlan port and the third port and the first vlan vlan vlan port having the same identifier; the receiving unit is configured to receive a first virtual switch within the Host by the first trunk port, the vlan vlan identifier corresponding to a first data packet sent by a third vlan port; the encapsulating unit, particularly for the first data packet encapsulating a first vlan VXLAN packet.
  9. 9. 根据权利要求6-8任一项所述的路由虚拟机,其特征在于,所述第一Host位于第一私有云,所述第二Host位于第二私有云,所述第一私有云包含第一二层网关,所述第一私有S 包含第二二层网关; 所述发送单元,具体用于向所述第一二层网关发送所述第一VXLAN数据包,以便所述第一二层网关根据预设的所述第一VNI与第二VNI的对应关系,将接收到的所述第一VXLAN数据包内的所述第一VNI修改为所述第二VNI,并将包含所述第二VNI的第一VXLAN数据包通过所述第一二层网关与所述第二二层网关之间的VXLAN隧道发送至所述第二二层网关,所述第二二层网关根据所述预设的第一VNI与第二VNI的对应关系,将接收到的所述第一VXLAN 数据包内的所述第二VNI修改为所述第一VNI,并根据所述第一VNI将所述第一VXLAN数据包发送至所述第二Host。 9. A machine according to claim virtual route according to any 6-8, characterized in that, the first located at the first private cloud Host, a Host in the second second private cloud, the first private cloud Layer comprising a first gateway, the first gateway private S comprises a second Layer; the sending unit configured to send the first floor to the gateway VXLAN first data packet, so that the first the floor in the gateway according to the preset corresponding relationship between the first and second VNI in VNI, the first received data packet VXLAN a first modification of the second VNI VNI, and containing the VXLAN a first data packet sent by said second VNI VXLAN tunnel between the first gateway and the second Layer Layer Layer gateway to the second gateway, the gateway based on the second floor said predetermined correspondence between a first and a second VNI in VNI, in the first of the received data packet VXLAN second VNI VNI is modified to the first, according to the first and VNI the VXLAN said first data packet to the second Host.
  10. 10. 根据权利要求6-8任一项所述的路由虚拟机,其特征在于,所述路由虚拟机还用于执行第三VM与所述第二VM间的通信,所述第三VM位于第三Host,所述第一Host与所述第三Host与同一个物理交换机连接,且所述第三Host内未部署路由虚拟机; 所述接收单元,还用于接收所述物理交换机发送的第三vlan数据包,所述第三vlan数据包由所述第三Host内的虚拟交换机发送至所述物理交换机,且所述第三vlan数据包由第三VM发出的以太网数据包封装而成,所述以太网数据包为发往第二VM的数据包,所述第三vlan数据包包含:与所述第三VM对应的第四vlan端口的vlan标识、以及所述第二VM的地址信息; 所述封装单元,还用于将所述第三vlan数据包封装为第二VXLAN数据包; 所述发送单元,还用于向所述第二宿主机发送所述第二VXLAN数据包,以便所述第二Host根据所述第二VM的地址信息 10. The virtual machine according to claim routing according to any of 6-8, wherein the virtual machine is further configured to perform routing communication between the third VM and the second VM, the third VM is located a third Host, the first connected to the third Host and Host same physical exchange, and routing the undeployed third Host within a virtual machine; the receiving unit is further configured to receive the transmitted physical switch vlan third data packet, the data packet transmitted by the third vlan the virtual switch in the third Host to the physical switch, and the Ethernet packet is encapsulated vlan said third data packet sent by the third VM and into the Ethernet packet is addressed to the second VM data packet, the third packet vlan comprising: a fourth port vlan vlan identifier corresponding to the third VM and the second VM is address information; and the packaging unit is further configured to said third data packet encapsulated vlan VXLAN second data packet; said sending unit, further configured to send the second host to the second data packet VXLAN , so that the second information according to the second VM Host address 、以及第二VNI,将所述第二VXLAN数据包处理后发送至所述第二VM,所述第二VNI用于标识第三VM所在的二层网络的覆盖域。 And a second VNI, VXLAN after the second packet processing is transmitted to the second VM, the second cover VNI field for identifying a network Layer third VM resides.
  11. 11. 一种路由虚拟机,所述路由虚拟机用于执行第一虚拟机VM与第二VM间的通信,所述第一VM位于第一宿主机Host,所述第二VM位于第二Host,其特征在于,所述第一宿主机内创建有路由虚拟机,所述路由虚拟机包括: 收发器,用于接收所述第一Host内的第一虚拟交换机发送的第一虚拟局域网vlan数据包,所述第一vlan数据包由所述第一VM发出的以太网数据包封装而成,所述第一vlan数据包包含:与所述第一VM对应的第一vlan端口的vlan标识、以及所述第二VM的地址信息; 处理器,用于将收发器接收到的所述第一vlan数据包封装为第一虚拟扩展局域网VXLAN数据包; 所述收发器,还用于向所述第二Host发送所述将处理器封装后的第一VXLAN数据包,以便所述第二Host根据所述第二VM的地址信息、以及第一虚拟扩展局域网标识VNI,将所述第一VXLAN数据包处理后发送至所述第二VM, A virtual machine route, the second route Host virtual machine for performing communication between a first virtual machine VM and the second VM, the first VM host Host positioned first, the second VM is located characterized in that, to create a route within the first virtual machine host, the routing virtual machine comprising: a transceiver for a first virtual local area network data vlan within a first virtual switch receives the first transmitted host packet, the first packet data vlan Ethernet packet sent from the first VM package together, said first packet data vlan comprising: a first vlan vlan port identifier corresponding to the first VM, and address information of the second VM; a processor, a transceiver for receiving a first data packet encapsulating vlan the first virtual local area network VXLAN extended data packet; and the transceiver is further configured to the Host transmitting the second packet after the first VXLAN processor package, so that the second Host address information of the second VM, and a first virtual local area network identifier extension VNI, the first data VXLAN after the process of sending the packet to the second VM, 所述第一VNI用于标识第一VM所在的二层网络的覆盖域。 VNI for covering the first layer 2 network domain where the identity of the first VM.
  12. 12. 根据权利要求11所述的路由虚拟机,其特征在于,所述第一交换机上创建第二vlan 端口,所述第二vlan端口与所述第一vlan端口具有相同的vlan标识,且所述第二vlan端口与所述路由虚拟机连接; 所述收发器,具体用于接收所述第一虚拟交换机通过所述第二vlan端口发送的第一vlan数据包; 所述处理器,具体用于将所述第一vlan数据包封装为第一VXLAN数据包。 12. The machine as claimed in claim 11, wherein the virtual route, characterized in that said second vlan creating a first switch port, the first port and the second vlan vlan vlan port having the same identifier, and the vlan port and the said second routing virtual machine; said transceiver, configured to receive the first virtual switch through a first data packet of the second vlan vlan port transmission; the processor, particularly with vlan in the first data packet encapsulating a first data packet VXLAN.
  13. 13. 根据权利要求11所述的路由虚拟机,其特征在于,所述第一交换机上创建有中继trunk端口,所述路由虚拟机上创建有第三vlan端口,所述trunk端口与第三vlan端口连接, 且所述第三vlan端口与所述第一vlan端口具有相同的vlan标识; 所述收发器,具体用于接收所述第一Host内的第一虚拟交换机通过所述trunk端口、与所述vlan标识对应的第三vlan端口发送的第一vlan数据包; 所述处理器,具体用于将所述第一vlan数据包封装为第一VXLAN数据包。 13. The machine as claimed in claim 11, wherein the virtual route, characterized in that there is created a first relay trunk ports on the switch, the routing vlan create a third port on the virtual machine, and a third trunk port vlan port and the third port and the first vlan vlan vlan port having the same identifier; the transceiver, configured to receive a first virtual switch within the Host by the first trunk port, vlan identifier corresponding to the third vlan vlan port sends a first data packet; said processor, particularly for the first data packet encapsulating a first vlan VXLAN packet.
  14. 14. 根据权利要求11-13任一项所述的路由虚拟机,其特征在于,所述第一Host位于第一私有云,所述第二Host位于第二私有云,所述第一私有云包含第一二层网关,所述第二私有云包含第二二层网关; 所述收发器,具体用于向所述第一二层网关发送所述第一VXLAN数据包,以便所述第一二层网关根据预设的所述第一VNI与第二VNI的对应关系,将接收到的所述第一VXLAN数据包内的所述第一VNI修改为所述第二VNI,并将包含所述第二VNI的第一VXLAN数据包通过所述第一二层网关与所述第二二层网关之间的VXLAN隧道发送至所述第二二层网关,所述第二二层网关根据所述预设的第一VNI与第二VNI的对应关系,将接收到的所述第一VXLAN数据包内的所述第二VNI修改为所述第一VNI,并根据所述第一VNI将所述第一VXLAN数据包发送至所述第二Host。 14. The virtual machine according to claim route according to any one 11-13, characterized in that, the first located at the first private cloud Host, Host said second private cloud located at a second, the first private cloud the gateway comprising a first floor, the second floor private cloud comprises a second gateway; the transceiver, configured to send the first floor to the gateway VXLAN first data packet, so that the first the floor in the gateway according to the preset corresponding relationship between the first and second VNI in VNI, the first received data packet VXLAN a first modification of the second VNI VNI, and containing the VXLAN a first data packet sent by said second VNI VXLAN tunnel between the first gateway and the second Layer Layer Layer gateway to the second gateway, the gateway based on the second floor said predetermined correspondence between a first and a second VNI in VNI, in the first of the received data packet VXLAN second VNI VNI is modified to the first, according to the first and VNI the VXLAN said first data packet to the second Host.
  15. 15. 根据权利要求11-13任一项所述的路由虚拟机,其特征在于,所述路由虚拟机还用于执行第三VM与所述第二VM间的通信,所述第三VM位于第三Host,所述第一Host与所述第三Host与同一个物理交换机连接,且所述第三Host内未部署路由虚拟机; 所述收发器,还用于接收所述物理交换机发送的第三vlan数据包,所述第三vlan数据包由所述第三Host内的虚拟交换机发送至所述物理交换机,且所述第三vlan数据包由第三VM发出的以太网数据包封装而成,所述以太网数据包为发往第二VM的数据包,所述第三vlan数据包包含:与所述第三VM对应的第四vlan端口的vlan标识、以及所述第二VM的地址{目息; 所述处理器,还用于将所述第三vlan数据包封装为第二VXLAN数据包; 所述收发器,还用于向所述第二宿主机发送所述第二VXLAN数据包,以便所述第二Host 根据所述第二VM的地址信息、 15. The machine as claimed in claim virtual route according to any of 11-13, wherein said virtual machine further route for performing communication between the third VM and the second VM, the third VM is located a third Host, the first connected to the third Host and Host same physical exchange, and routing the undeployed third Host within a virtual machine; the transceiver further for receiving the transmitted physical switch vlan third data packet, the data packet transmitted by the third vlan the virtual switch in the third Host to the physical switch, and the Ethernet packet is encapsulated vlan said third data packet sent by the third VM and into the Ethernet packet is addressed to the second VM data packet, the third packet vlan comprising: a fourth port vlan vlan identifier corresponding to the third VM and the second VM is {destination address information; and the processor further for the third encapsulated data packet vlan VXLAN second data packet; said transceiver is further configured to send the second host to the second VXLAN data packet to said second Host address information according to the second VM, 及第二VNI,将所述第二VXLAN数据包处理后发送至所述第二VM,所述第二VNI用于标识第三VM所在的二层网络的覆盖域。 And a second VNI, VXLAN after the second packet processing is transmitted to the second VM, the VNI for covering the second layer 2 network domain where the third VM identifier.
CN 201610698154 2016-08-19 2016-08-19 Cross-network communication method and device CN107770064A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201610698154 CN107770064A (en) 2016-08-19 2016-08-19 Cross-network communication method and device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 201610698154 CN107770064A (en) 2016-08-19 2016-08-19 Cross-network communication method and device
PCT/CN2017/092526 WO2018032910A1 (en) 2016-08-19 2017-07-11 Cross-network communication method and apparatus

Publications (1)

Publication Number Publication Date
CN107770064A true true CN107770064A (en) 2018-03-06

Family

ID=61196278

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201610698154 CN107770064A (en) 2016-08-19 2016-08-19 Cross-network communication method and device

Country Status (2)

Country Link
CN (1) CN107770064A (en)
WO (1) WO2018032910A1 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9116727B2 (en) * 2013-01-15 2015-08-25 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Scalable network overlay virtualization using conventional virtual switches
CN103095546B (en) * 2013-01-28 2015-10-07 华为技术有限公司 A method of processing packets, and data center network devices
CN104486192A (en) * 2014-12-05 2015-04-01 国云科技股份有限公司 VLAN (Virtual Local Area Network) isolation method
CN105991389A (en) * 2015-02-11 2016-10-05 杭州华三通信技术有限公司 Forwarding method of virtual extensible local area network message and apparatus thereof

Also Published As

Publication number Publication date Type
WO2018032910A1 (en) 2018-02-22 application

Similar Documents

Publication Publication Date Title
US20150009992A1 (en) Communication Between Endpoints in Different VXLAN Networks
US20140006585A1 (en) Providing Mobility in Overlay Networks
US20140269712A1 (en) Tagging virtual overlay packets in a virtual networking system
US20070130366A1 (en) Virtual tunnel network router
US20130124750A1 (en) Network virtualization without gateway function
EP2874359A1 (en) Extended ethernet fabric switches
US20130318219A1 (en) Layer-3 overlay gateways
US20120099602A1 (en) End-to-end virtualization
US20110090911A1 (en) Method and apparatus for transparent cloud computing with a virtualized network infrastructure
US20140269709A1 (en) Virtual gateways and implicit routing in distributed overlay virtual environments
US20150063353A1 (en) Implementation of virtual extensible local area network (vxlan) in top-of-rack switches in a network environment
US20140185616A1 (en) Network interface controller supporting network virtualization
US20130232492A1 (en) Method and system for realizing virtual machine mobility
US20140201733A1 (en) Scalable network overlay virtualization using conventional virtual switches
US20070280243A1 (en) Network Virtualization
US20140301391A1 (en) Method and Apparatus for Exchanging IP Packets Among Network Layer 2 Peers
US20150016300A1 (en) Support for virtual extensible local area network segments across multiple data center sites
US20130058346A1 (en) Distributed Routing Domains in Multi-Tenant Datacenter Virtual Networks
EP2439637A1 (en) Method and system of providing access to a virtual machine distributed in a hybrid cloud network
US20140092907A1 (en) Method and system for virtual and physical network integration
US20140376550A1 (en) Method and system for uniform gateway access in a virtualized layer-2 network domain
US20150124821A1 (en) Source address translation in overlay networks
US20150124823A1 (en) Tenant dhcp in an overlay network
CN103200069A (en) Message processing method and device
CN103841028A (en) Method and device for forwarding messages

Legal Events

Date Code Title Description
PB01
SE01