CN108092923B - Message processing method and device based on SR-IOV - Google Patents

Message processing method and device based on SR-IOV Download PDF

Info

Publication number
CN108092923B
CN108092923B CN201611036151.8A CN201611036151A CN108092923B CN 108092923 B CN108092923 B CN 108092923B CN 201611036151 A CN201611036151 A CN 201611036151A CN 108092923 B CN108092923 B CN 108092923B
Authority
CN
China
Prior art keywords
message
virtual
processed
mac address
switch
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611036151.8A
Other languages
Chinese (zh)
Other versions
CN108092923A (en
Inventor
李星
张炬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Cloud Computing Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201611036151.8A priority Critical patent/CN108092923B/en
Publication of CN108092923A publication Critical patent/CN108092923A/en
Application granted granted Critical
Publication of CN108092923B publication Critical patent/CN108092923B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/25Routing or path finding in a switch fabric
    • H04L49/253Routing or path finding in a switch fabric using establishment or release of connections between ports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a message processing method based on SR-IOV, comprising the following steps: forwarding the message to be processed to a virtual switch corresponding to an intermediate MAC address to execute service logic processing according to the intermediate MAC address carried by the received message to be processed; receiving a data message which is sent by the virtual switch and obtained after the service logic processing is executed on the message to be processed; and sending the data message according to the destination MAC address carried by the data message. The SR-IOV-based message processing method achieves that the data traffic passing through the hardware network card is guided to the virtual switch, and complete service logic processing is carried out on the guided data traffic on the software layer where the virtual switch is located, so that the service function of the data traffic is more diversified.

Description

Message processing method and device based on SR-IOV
Technical Field
The application relates to the technical field of network virtualization, in particular to a message processing method based on SR-IOV. The application also relates to a message processing device based on the SR-IOV, and a method and a device for processing the message by the virtual switch based on the SR-IOV.
Background
With the rapid development and application of network virtualization technology, the traditional physical switch gradually fails to meet the requirements of users, so as to promote the updating and upgrading of the switch and the rapid progress of the technology. SR-IOV (Single-Root I/O Virtualization) is used as a Virtualization solution based on hardware, PCIe (Peripheral Component Interconnect Express) devices can be efficiently shared among virtual machines, and functional modules created based on SR-IOV can directly connect the virtual machines to the I/O devices. Such as Physical Functions (PFs) and Virtual Functions (VFs) in SR-IOVs, as shown in fig. 1, the PF contains an SR-IOV Function structure for managing SR-IOV functions, can perform discovery, management and processing operations like any other PCIe device, and has fully configured resources, which can be used to configure or control PCIe devices. A VF is a lightweight PCIe function associated with a PF that may share one or more physical resources with a physical function and other VFs associated with the same physical function, but the VF is only allowed to have configuration resources for its own behavior. Each SR-IOV device may have a PF, and each PF may have multiple VFs associated with it.
In the prior art, as shown in fig. 1, an SR-IOV can directly deliver a plurality of VFs virtualized by a physical network card to a Virtual Machine (VM) for use, and the virtual Machine and the physical network card directly communicate with each other, thereby avoiding overhead of a host software stack on the physical Machine, and achieving high processing performance.
Disclosure of Invention
The application provides a message processing method based on SR-IOV, which aims to solve the problem of single service function in the prior art.
The application also relates to a message processing device based on the SR-IOV, and a method and a device for processing the message by the virtual switch based on the SR-IOV.
The application provides a message processing method based on SR-IOV, comprising the following steps:
forwarding the message to be processed to a virtual switch corresponding to an intermediate MAC address to execute service logic processing according to the intermediate MAC address carried by the received message to be processed;
receiving a data message which is sent by the virtual switch and obtained after the service logic processing is executed on the message to be processed;
and sending the data message according to the destination MAC address carried by the data message.
Optionally, the message to be processed is sent by a virtual machine;
correspondingly, the message to be processed is received through the virtual function module corresponding to the preconfigured virtual machine, and is forwarded to the virtual switch through the preconfigured virtual function module corresponding to the virtual switch;
and the data message is received through a physical function module corresponding to the virtual switch which is configured in advance.
Optionally, the intermediate MAC address is obtained by the following method:
receiving an ARP request sent by the virtual machine through a virtual function module corresponding to the virtual machine;
broadcasting the ARP request to all virtual function modules;
and receiving an ARP response sent by the virtual switch through a virtual function module corresponding to the virtual switch, and taking an MAC address carried by the ARP response as the intermediate MAC address.
Optionally, after the virtual function module corresponding to the virtual switch receives an ARP response sent by the virtual switch and the substep of using the MAC address carried by the ARP response as the intermediate MAC address is executed, the substep of:
and adding the corresponding relation between the intermediate MAC address and the virtual function module corresponding to the virtual switch into a preset mapping relation between the MAC address and the port.
Optionally, the virtual machines are provided with respective corresponding tags;
wherein the tag comprises: virtual local area network tags.
Optionally, before forwarding, according to an intermediate MAC address carried by a received to-be-processed packet, the to-be-processed packet to a virtual switch corresponding to the intermediate MAC address to perform a service logic processing step, the following steps are performed:
and packaging the label corresponding to the virtual machine on the outer layer of the message to be processed.
Optionally, the virtual switch maintains a mapping relationship between a virtual machine and a label, and removes the label encapsulated in the outer layer of the to-be-processed packet based on the mapping relationship between the virtual machine and the label.
Optionally, the sending of the data packet according to the destination MAC address carried by the data packet is implemented in the following manner:
according to a target MAC address carried by the data message, searching a port corresponding to the target MAC address in a preset mapping relation between the MAC address and the port;
and sending the data message through a port corresponding to the destination MAC address.
Optionally, the message to be processed is sent by a physical network;
correspondingly, the message to be processed is received through a physical network port corresponding to the physical network and is forwarded to the virtual switch through a pre-configured physical function module corresponding to the virtual switch;
and the data message is received through a virtual function module corresponding to the virtual switch which is configured in advance.
Optionally, the intermediate MAC address is obtained by the following method:
receiving an ARP request sent by the physical network through the physical network interface;
broadcasting the ARP request to all virtual function modules;
and receiving an ARP response sent by the virtual switch through a virtual function module corresponding to the virtual switch, and taking an MAC address carried by the ARP response as the intermediate MAC address.
Optionally, after the virtual function module corresponding to the virtual switch receives an ARP response sent by the virtual switch and the substep of using the MAC address carried by the ARP response as the intermediate MAC address is executed, the substep of:
and adding the corresponding relation between the intermediate MAC address and the virtual function module corresponding to the virtual switch into a preset mapping relation between the MAC address and the port.
Optionally, the step of sending the data packet according to the destination MAC address carried by the data packet is implemented in the following manner:
searching a virtual machine corresponding to a target MAC address in a preset mapping relation between the MAC address and a port according to the target MAC address carried by the data message;
and sending the data message to the virtual machine through a virtual function module corresponding to the virtual machine.
Optionally, the virtual machines are respectively provided with unique corresponding tags;
wherein the tag comprises: virtual local area network tags.
Optionally, the virtual switch maintains a mapping relationship between a virtual machine and the label, and encapsulates the label corresponding to the virtual machine on the outer layer of the data packet based on the mapping relationship between the virtual machine and the label.
Optionally, after the step of receiving the data packet sent by the virtual switch and obtained after the service logic processing is performed on the packet to be processed is performed, and before the step of sending the data packet according to the destination MAC address carried by the data packet is performed, the following steps are performed:
and releasing the label encapsulated on the outer layer of the data message.
The present application further provides a SR-IOV-based packet processing apparatus, including:
the message forwarding unit to be processed is used for forwarding the message to be processed to a virtual switch corresponding to an intermediate MAC address to execute service logic processing according to the intermediate MAC address carried by the received message to be processed;
a data message receiving unit, configured to receive a data message sent by the virtual switch and obtained after performing service logic processing on the message to be processed;
and the data message sending unit is used for sending the data message according to the destination MAC address carried by the data message.
The application also provides a method for processing the message by the virtual switch based on the SR-IOV, which comprises the following steps:
receiving a message to be processed sent by a switch;
executing service logic processing aiming at the message to be processed to obtain a data message, and packaging a target MAC address corresponding to the message to be processed into the data message;
sending the data message to the switch;
wherein, the message to be processed carries the intermediate MAC address.
Optionally, the message to be processed comes from a virtual machine;
correspondingly, the message to be processed is received through the preconfigured virtual function module, and the data message is sent through the preconfigured physical function module.
Optionally, before the step of receiving the message to be processed sent by the switch is executed, the following steps are executed:
receiving an ARP request sent by the switch through the virtual function module;
creating an ARP response corresponding to the ARP request, and packaging the MAC address corresponding to the ARP response in the ARP response;
and sending the ARP response to the switch through the virtual function module.
Optionally, the virtual machines are respectively provided with unique corresponding tags;
wherein the tag comprises: virtual local area network tags.
Optionally, the ARP response is encapsulated with a tag corresponding to the virtual machine.
Optionally, after the step of receiving the message to be processed sent by the switch is executed, and before the step of executing the service logic processing on the message to be processed is executed, the following steps are executed:
and releasing the label corresponding to the virtual machine which is externally encapsulated in the message to be processed according to a preset mapping relation between the virtual machine and the label.
Optionally, the message to be processed comes from a physical network;
correspondingly, the message to be processed is received through the pre-configured physical function module, and the data message is sent through the pre-configured virtual function module.
Optionally, before the step of receiving the message to be processed sent by the switch is executed, the following steps are executed:
receiving an ARP request sent by the switch through the virtual function module;
creating an ARP response corresponding to the ARP request, and packaging the MAC address corresponding to the ARP response in the ARP response;
and sending the ARP response to the switch through the virtual function module.
Optionally, the virtual machines are respectively provided with unique corresponding tags;
wherein the tag comprises: virtual local area network tags.
Optionally, after the step of executing the data message and sending the data message to the switch, the following steps are executed, where the step of executing the data message includes executing a service logic process on the message to be processed to obtain the data message, and encapsulating a destination MAC address corresponding to the message to be processed into the data message, or executing the service logic process on the message to be processed to obtain the data message, and before the step of sending the data message to the switch is executed:
and according to a preset mapping relation between the virtual machine and the label, packaging the label corresponding to the virtual machine in the data message.
The present application further provides a device for processing a packet by a virtual switch based on SR-IOV, including:
a message receiving unit to be processed, which is used for receiving the message to be processed sent by the switch;
a service logic execution unit, configured to execute service logic processing on the to-be-processed packet, obtain a data packet, and encapsulate a destination MAC address corresponding to the to-be-processed packet into the data packet;
a data message sending unit, configured to send the data message to the switch;
wherein, the message to be processed carries the intermediate MAC address.
Compared with the prior art, the method has the following advantages:
the message processing method based on the SR-IOV comprises the following steps: forwarding the message to be processed to a virtual switch corresponding to an intermediate MAC address to execute service logic processing according to the intermediate MAC address carried by the received message to be processed; receiving a data message which is sent by the virtual switch and obtained after the service logic processing is executed on the message to be processed; and sending the data message according to the destination MAC address carried by the data message.
The application provides a message processing method based on SR-IOV, according to the middle MAC address that received pending message carried, according to the middle MAC address will pending message's data drainage is to virtual switch on, can be right on virtual switch pending message execution service logic handles, when receiving virtual switch send to pending message execution service logic handles after the data message that obtains, according to the purpose MAC address that data message carried sends data message realizes will passing through the data flow drainage of hardware network card extremely virtual switch the software aspect at virtual switch place can carry out complete service logic to the data flow that the drainage was come to make the business function of data flow more diversified.
Drawings
FIG. 1 is a schematic diagram of an SR-IOV architecture provided herein;
fig. 2 is a processing flow chart of an embodiment of a message processing method based on SR-IOV provided in the present application;
FIG. 3 is a schematic diagram of an SR-IOV architecture provided by an embodiment of the present application;
fig. 4 is a schematic diagram of an embodiment of a SR-IOV-based message processing apparatus provided in the present application;
fig. 5 is a processing flow diagram of an embodiment of a method for processing a packet by a SR-IOV-based virtual switch according to the present application;
fig. 6 is a schematic diagram of an embodiment of an apparatus for processing a packet by a virtual switch based on SR-IOV according to the present application.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. This application is capable of implementation in many different ways than those herein set forth and of similar import by those skilled in the art without departing from the spirit of this application and is therefore not limited to the specific implementations disclosed below.
The application provides a message processing method based on SR-IOV, a message processing device based on SR-IOV, and a method and a device for processing messages by a virtual switch based on SR-IOV. The following detailed description and the description of the steps of the method are individually made with reference to the drawings of the embodiments provided in the present application.
The embodiment of the message processing method based on the SR-IOV provided by the application is as follows:
the SR-IOV-based message processing method provided by the present application is matched with the SR-IOV-based virtual switch message processing method provided by the present application, so that the following SR-IOV-based virtual switch message processing method embodiment is referred to in this embodiment.
Referring to fig. 2, a processing flow diagram of an embodiment of a message processing method based on SR-IOV provided by the present application is shown, and referring to fig. 3, a schematic diagram of an SR-IOV architecture provided by the present embodiment is shown. In addition, the relationship between the steps of the SR-IOV-based message processing method embodiment is determined according to fig. 2.
Step S201, according to an intermediate MAC address carried by a received to-be-processed packet, forwarding the to-be-processed packet to a virtual switch corresponding to the intermediate MAC address to execute service logic processing.
The SR-IOV-based message processing method is implemented based on a switch deployed on a physical network card, and is matched with the following SR-IOV-based virtual switch message processing method provided in the present application, and the data flow of a virtual machine directly passing through the physical network card is directed to a virtual host layer in a virtual environment by combining the data message forwarding capability of the switch deployed on a hardware network card and an ARP (Address Resolution Protocol) agent, that is: the data flow of the data message sent by the virtual machine to the physical network is guided to the virtual machine switch deployed on the virtual host in the virtual environment, and the data flow of the data message sent by the physical network to the virtual machine is guided to the virtual machine switch deployed on the virtual host in the virtual environment.
The message to be processed in the embodiment of the present application refers to a data message that is sent by the virtual machine or the physical network and is not processed by business logic on the virtual switch yet. The data packet is a data block exchanged and transmitted in the network, and the data packet may be continuously encapsulated into packets, frames, and other various forms for transmission during the transmission process, and the encapsulation mode of the data packet is to add some information segments, for example, the added information segments include data information such as packet type, packet version, packet length, packet entity, and the like.
The following describes details of the to-be-processed packet sent from the virtual machine to the physical network and the to-be-processed packet sent from the physical network to the virtual machine one by one.
1. And sending the message to be processed from the virtual machine to the physical network.
If the packet to be processed is sent from the virtual machine to the Physical network, the packet to be processed is received by a pre-configured virtual Function module corresponding to the virtual machine, and is forwarded to the virtual switch by the pre-configured virtual Function module corresponding to the virtual switch, in this embodiment, the Physical Function module is configured to implement a Physical Function (PF), such as the PF shown in fig. 3; the Virtual Function module is used to implement Virtual Functions (VFs) such as VF0, VF1, VF2 · VFn shown in fig. 3.
For example, as shown in fig. 3, when a VM1 (Virtual machine) sends a pending message to a LAN (physical network), the pending message is received through a VF1 corresponding to the VM1, and sent to a vSwitch in an L2Switch through a VF0 corresponding to a vSwitch (Virtual Switch).
As is well known, if the virtual machine sends a message to be processed to the network, the virtual machine first checks an Address Resolution Protocol (ARP) cache table of the virtual machine itself, and checks whether a mapping relationship between an IP Address and an MAC Address of the network exists; if the MAC address exists, the MAC address of the network is taken as a destination MAC address to be packaged in the message to be processed; if not, the virtual machine sends an ARP request, wherein the target IP address of the ARP request is the IP address of the network, the target MAC address is a broadcast frame of the MAC address, the source IP address is the IP address of the virtual machine, and the source MAC address is the MAC address of the virtual machine. And after the switch receives the ARP request, the switch sends the ARP request to all ports of the switch if the ARP request is found to be a broadcast frame.
In this embodiment, in order to implement that the data traffic of the packet to be processed, which is sent by the virtual machine to the physical network, is directed to the virtual machine switch deployed on the virtual Host in the virtual environment, as shown in fig. 3, a vSwitch deployed on a Host (virtual Host) in the virtual environment is different from the sending and processing process of the ARP request, the ARP request is specifically processed in the following implementation manner:
1) receiving an ARP request sent by the virtual machine through a virtual function module corresponding to the virtual machine;
2) broadcasting the ARP request to all virtual function modules;
3) and receiving an ARP response sent by the virtual switch through a virtual function module corresponding to the virtual switch, and taking an MAC address carried by the ARP response as the intermediate MAC address.
Therefore, the intermediate MAC address in this embodiment refers to a MAC address corresponding to the virtual switch.
For example, as shown in fig. 3, when the VM1 sends a message to be processed to the LAN, it first checks its own ARP cache table, and finds out whether there is a correspondence between the IP address and the MAC address of the LAN, and if not, sends an ARP request to the L2Switch through the VF 1; after the L2Switch receives the ARP request, it broadcasts the ARP request to VF0, VF2 · · VFn (in order to drain the data traffic to vSwitch deployed on Host in the virtual environment, here, it is prohibited to send ARP request to the corresponding physical port of LAN); the vSwitch receives the ARP request broadcasted by the L2Switch through VF0, creates an ARP response corresponding to the ARP request after receiving the ARP request, packages a MAC address (MAC address corresponding to the vSwitch) EE, FF, in the ARP response, and sends the ARP response to the L2Switch through VF 0; after the L2Switch receives the ARP response returned by the vSwitch through the VF0, the MAC address (the MAC address corresponding to the vSwitch) EE, FF contained in the ARP response is taken as an intermediate MAC address (namely the destination MAC address of the to-be-processed message sent by the virtual machine), and based on the intermediate MAC address, the to-be-processed message sent by the VM1 is drained to the vSwitch deployed on the Host in the virtual environment; if the address information exists, the data message is indicated to have been sent to the LAN before, and the corresponding relation between the IP address and the MAC address of the LAN exists in the ARP cache table of the VM1, that is: xxx, x, EE-EE, FF is directly used as an intermediate MAC address, based on which the message to be processed sent by the VM1 is directed to the vSwitch deployed on Host in the virtual environment.
Similarly, all data traffic of the virtual machines sending the message to be processed to the physical network may be completely directed to the virtual switch deployed on the virtual host in the virtual environment.
In specific implementation, the switch maintains the mapping relationship between the MAC address and the port, so that the corresponding relationship between the intermediate MAC address and the virtual function module corresponding to the virtual switch is added to the mapping relationship between the MAC address and the port.
In addition, in a specific implementation, in order to achieve network isolation between the virtual machines and improve security of the virtual machines, corresponding tags may be set for each virtual machine, for example, corresponding virtual local area network tags (VLAN Tag) are set for VF0, VF1, and VF2 · VFn, and the VLAN tags of the virtual machines are not repeated, so that the one-to-one corresponding virtual machines can be determined according to the VLAN Tag.
Based on this, the switch may maintain the mapping relationship between the virtual machine and the tag in addition to the mapping relationship between the MAC address and the port. Specifically, the mapping relationship between the MAC address and the port, and the mapping relationship between the virtual machine and the tag may be maintained in respective tables; in addition, since the mapping relationship between the virtual machine and the port is fixed, the mapping relationship between the virtual machine or the port, the MAC address and the tag may be established, and the mapping relationship between the MAC address and the port and the mapping relationship between the virtual machine and the tag may be maintained in a table.
Correspondingly, the virtual switch also needs to maintain the mapping relationship between the virtual machine and the label, otherwise, the virtual switch cannot contact the label encapsulated by the data packet. For example, before broadcasting the ARP request to all virtual function modules, the switch encapsulates the tag of the virtual machine that sent the ARP request in the ARP request; and after the virtual switch receives the ARP request, according to the mapping relation between the virtual machine and the label maintained by the virtual switch, the label corresponding to the virtual machine which sends the ARP request and is packaged by the ARP request is removed.
In addition, in the process of forwarding the to-be-processed packet to the virtual switch corresponding to the intermediate MAC address to perform service logic processing in this step, the tag of the virtual machine corresponding to the to-be-processed packet may be encapsulated in the to-be-processed packet, and after the to-be-processed packet is sent to the virtual switch, the tag corresponding to the virtual machine encapsulated in the outer layer of the to-be-processed packet may be removed according to the mapping relationship between the virtual machine and the tag maintained by the virtual switch.
2. And sending the message to be processed from the physical network to the virtual machine.
And if the message to be processed is sent from the physical network to the virtual machine, the message to be processed is received through a physical network port corresponding to the physical network and is forwarded to the virtual switch through a pre-configured physical function module corresponding to the virtual switch. For example, as shown in fig. 3, when the LAN sends a to-be-processed message to the VM2, the to-be-processed message is received through a physical port corresponding to the LAN, and is sent to the vSwitch through a PF corresponding to the vSwitch in an L2Switch (a layer two Switch).
In this embodiment, in order to implement that the data traffic of the packet to be processed, which is sent to the virtual machine by the physical network, is directed to the virtual machine switch deployed on the virtual Host in the virtual environment, such as the vSwitch deployed on the Host in the virtual environment shown in fig. 3, the ARP request is specifically processed in the following implementation manner:
1) receiving an ARP request sent by the physical network through the physical network interface;
2) broadcasting the ARP request to all virtual function modules;
3) and receiving an ARP response sent by the virtual switch through a virtual function module corresponding to the virtual switch, and taking an MAC address carried by the ARP response as the intermediate MAC address.
For example, as shown in fig. 3, if the LAN sends a to-be-processed message to the VM2, first check its ARP cache table, find out whether there is a correspondence between the IP address of the VM2 and the MAC address, and if not, send an ARP request to the L2Switch through the physical port corresponding to the LAN; after receiving the ARP request, the L2Switch broadcasts the ARP request to the VF0, VF2 question mark VFn; the vSwitch receives the ARP request broadcasted by the L2Switch through VF0, creates an ARP response corresponding to the ARP request after receiving the ARP request, packages the MAC address EE, FF corresponding to the vSwitch in the ARP response, and sends the ARP response to the L2Switch through VF 0; after the L2Switch receives the ARP response returned by the vSwitch through the VF0, the MAC addresses EE, FF and FF contained in the ARP response are used as middle MAC addresses, and based on the middle MAC addresses, the message to be processed sent by the LAN is drained to the vSwitch deployed on the Host in the virtual environment; if the data message exists, the data message is sent to the VM2 before, and the corresponding relation between the IP address and the MAC address of the VM2 exists in an ARP cache table of the LAN, namely: xxx, x, EE, FF is directly used as an intermediate MAC address, based on which a message to be processed sent by the LAN is directed to the vSwitch deployed on Host in the virtual environment.
Similarly, the data traffic of the physical network sending the message to be processed to all the virtual machines can be all directed to the virtual switch deployed on the virtual host in the virtual environment.
In specific implementation, the switch maintains the mapping relationship between the MAC address and the port, so that the mapping relationship between the intermediate MAC address and the virtual function module corresponding to the virtual switch is added to the mapping relationship between the MAC address and the port.
In this step, according to the received intermediate MAC address carried by the packet to be processed, the packet to be processed is forwarded to the virtual switch corresponding to the intermediate MAC address to execute service logic processing.
Step S202, receiving the data message which is sent by the virtual switch and obtained after the service logic processing is executed on the message to be processed.
In step S201, the to-be-processed packet is forwarded to the virtual switch corresponding to the intermediate MAC address to perform service logic processing, that is, the to-be-processed packet is forwarded to the virtual switch deployed on the virtual host in the virtual environment, and after performing service processing on the virtual switch, the to-be-processed packet generates a corresponding data packet and sends the data packet to the switch. In this step, a data packet obtained after performing service logic processing on the packet to be processed, which is sent by the virtual switch, is received, and specifically, details are described below for the packet to be processed, which is sent from the virtual machine to the physical network, and the packet to be processed, which is sent from the physical network to the virtual machine.
1. And sending the message to be processed from the virtual machine to the physical network.
If the message to be processed is sent from the virtual machine to the physical network, the message to be processed is forwarded to the virtual switch through the virtual function module corresponding to the virtual switch, the virtual switch executes service logic processing on the message to be processed to obtain a corresponding data message, and a destination MAC address corresponding to the message to be processed is encapsulated in the data message and sent to the switch. For example, as shown in fig. 3, the VM1 sends a message to be processed to the LAN, and after the vSwitch performs service logic processing to obtain a corresponding data message, receives the data message through the PF corresponding to the vSwitch.
2. And sending the message to be processed from the physical network to the virtual machine.
If the message to be processed is sent from the physical network to the virtual machine, the message to be processed is forwarded to the virtual switch through the physical function module corresponding to the virtual switch, the virtual switch executes service logic processing on the message to be processed to obtain a corresponding data message, and a destination MAC address corresponding to the message to be processed is encapsulated in the data message and sent to the switch. For example, as shown in fig. 3, the LAN sends a to-be-processed packet to the VM2, and after the vSwitch performs service logic processing to obtain a corresponding data packet, the data packet is received through the VF0 corresponding to the vSwitch.
In specific implementation, the virtual switch may further encapsulate, in the data packet, the label of the virtual machine corresponding to the data packet according to the mapping relationship between the virtual machine and the label maintained by the virtual switch, and after the switch receives the data packet sent by the virtual switch in this step, the label corresponding to the virtual machine encapsulated in the outer layer of the data packet is removed according to the mapping relationship between the virtual machine and the label maintained by the switch itself.
Step S203, sending the data message according to the destination MAC address carried by the data message.
In this step, the data packet is sent according to the destination MAC address carried in the data packet, and specifically, details are described below one by one for the packet to be processed sent from the virtual machine to the physical network and the packet to be processed sent from the physical network to the virtual machine.
1. And sending the message to be processed from the virtual machine to the physical network.
1) According to a target MAC address carried by the data message, searching a port corresponding to the target MAC address in a preset mapping relation between the MAC address and the port;
2) and sending the data message through a port corresponding to the destination MAC address.
For example, as shown in fig. 3, the VM1 sends a to-be-processed packet to the LAN, and according to a destination MAC address carried in the packet, finds a port corresponding to the destination MAC address in a mapping relationship between the MAC address and the port as a physical network port corresponding to the LAN, and sends a corresponding packet to the LAN through the physical network port.
2. And sending the message to be processed from the physical network to the virtual machine.
1) Searching a virtual machine corresponding to a target MAC address in a preset mapping relation between the MAC address and a port according to the target MAC address carried by the data message;
2) and sending the data message to the virtual machine through a virtual function module corresponding to the virtual machine.
For example, as shown in fig. 3, the LAN sends a to-be-processed packet to the VM2, and searches, according to a destination MAC address carried in the data packet, for a port corresponding to the destination MAC address in the mapping relationship between the MAC address and the port to be the VF2 corresponding to the VM2, and then sends a corresponding data packet to the VM2 through the VF 2.
To sum up, the SR-IOV-based packet processing method provided by the present application is matched with the following SR-IOV-based packet processing method provided by the present application, and according to the intermediate MAC address carried by the received packet to be processed, the data of the packet to be processed is directed to the virtual switch according to the intermediate MAC address, so that the service logic processing can be performed on the packet to be processed on the virtual switch, and after receiving the data packet obtained after the service logic processing is performed on the packet to be processed and sent by the virtual switch, the data packet is sent according to the destination MAC address carried by the data packet, so that the data traffic passing through the hardware network card is directed to the virtual switch, and the complete service logic processing can be performed on the directed data traffic on the software layer of the virtual switch, thereby, the service function of the data flow is more diversified.
The embodiment of the message processing device based on the SR-IOV provided by the application is as follows:
in the foregoing embodiment, a message processing method based on SR-IOV is provided, and correspondingly, a message processing apparatus based on SR-IOV is also provided in the present application, which is described below with reference to the accompanying drawings.
Referring to fig. 4, a schematic diagram of an embodiment of a message processing apparatus based on SR-IOV according to the present application is shown.
Since the apparatus embodiments are substantially similar to the method embodiments, they are described in a relatively simple manner, and reference may be made to the corresponding description of the method embodiments provided above for relevant portions. The device embodiments described below are merely illustrative.
The application provides a message processing apparatus based on SR-IOV, including:
a to-be-processed packet forwarding unit 401, configured to forward, according to an intermediate MAC address carried by a received to-be-processed packet, the to-be-processed packet to a virtual switch corresponding to the intermediate MAC address to perform service logic processing;
a data packet receiving unit 402, configured to receive a data packet sent by the virtual switch and obtained after performing service logic processing on the packet to be processed;
a data packet sending unit 403, configured to send the data packet according to the destination MAC address carried in the data packet.
Optionally, the message to be processed is sent by a virtual machine;
correspondingly, the message to be processed is received through the virtual function module corresponding to the preconfigured virtual machine, and is forwarded to the virtual switch through the preconfigured virtual function module corresponding to the virtual switch;
and the data message is received through a physical function module corresponding to the virtual switch which is configured in advance.
Optionally, the intermediate MAC address is obtained by the following sub-units:
the first ARP request receiving subunit is configured to receive, through a virtual function module corresponding to the virtual machine, an ARP request sent by the virtual machine;
a first ARP request broadcasting subunit configured to broadcast the ARP request to all virtual function modules;
and the first ARP response receiving subunit is used for receiving the ARP response sent by the virtual switch through the virtual function module corresponding to the virtual switch, and taking the MAC address carried by the ARP response as the intermediate MAC address.
Optionally, the apparatus further includes a first corresponding relationship learning subunit, and after the first ARP response receiving subunit is executed, the first corresponding relationship learning subunit is executed;
and the first corresponding relation learning subunit is configured to add the corresponding relation between the intermediate MAC address and the virtual function module corresponding to the virtual switch to a preset mapping relation between the MAC address and the port.
Optionally, the virtual machines are provided with respective corresponding tags;
wherein the tag comprises: virtual local area network tags.
Optionally, the SR-IOV based packet processing apparatus includes:
and the label packaging unit is used for packaging the label corresponding to the virtual machine on the outer layer of the message to be processed.
Optionally, the virtual switch maintains a mapping relationship between a virtual machine and a label, and removes the label encapsulated in the outer layer of the to-be-processed packet based on the mapping relationship between the virtual machine and the label.
Optionally, the data packet sending unit 403 includes:
a port searching subunit, configured to search, according to a destination MAC address carried in the data packet, a port corresponding to the destination MAC address in a preset mapping relationship between MAC addresses and ports;
and the first data message sending subunit is used for sending the data message through a port corresponding to the destination MAC address.
Optionally, the message to be processed is sent by a physical network;
correspondingly, the message to be processed is received through a physical network port corresponding to the physical network and is forwarded to the virtual switch through a pre-configured physical function module corresponding to the virtual switch;
and the data message is received through a virtual function module corresponding to the virtual switch which is configured in advance.
Optionally, the intermediate MAC address is obtained by the following sub-units:
a second ARP request receiving subunit, configured to receive, through the physical network interface, an ARP request sent by the physical network;
a second ARP request broadcasting subunit, configured to broadcast the ARP request to all virtual function modules;
and the second ARP response receiving subunit is used for receiving the ARP response sent by the virtual switch through the virtual function module corresponding to the virtual switch, and taking the MAC address carried by the ARP response as the intermediate MAC address.
Optionally, the apparatus further includes a second corresponding relationship learning subunit, and after the second ARP response receiving subunit is operated, the second corresponding relationship learning subunit is operated;
and the second corresponding relation learning subunit is configured to add the corresponding relation between the intermediate MAC address and the virtual function module corresponding to the virtual switch to a preset mapping relation between the MAC address and the port.
Optionally, the SR-IOV based packet processing apparatus includes:
the virtual machine searching subunit is used for searching a virtual machine corresponding to the destination MAC address in a preset mapping relation between the MAC address and the port according to the destination MAC address carried by the data message;
and the second data message sending subunit is configured to send the data message to the virtual machine through the virtual function module corresponding to the virtual machine.
Optionally, the virtual machines are respectively provided with unique corresponding tags;
wherein the tag comprises: virtual local area network tags.
Optionally, the virtual switch maintains a mapping relationship between a virtual machine and the label, and encapsulates the label corresponding to the virtual machine on the outer layer of the data packet based on the mapping relationship between the virtual machine and the label.
Optionally, the SR-IOV based packet processing apparatus includes:
and the label removing unit is used for removing the label encapsulated by the outer layer of the data message.
The embodiment of the method for processing the message by the virtual switch based on the SR-IOV is as follows:
in the foregoing embodiment, a SR-IOV-based message processing method is provided, and in addition, a SR-IOV-based virtual switch message processing method is provided in the present application, and the method cooperates with the SR-IOV-based message processing method, which is described below with reference to the accompanying drawings.
Referring to fig. 3, a schematic diagram of an SR-IOV architecture according to this embodiment is shown, and referring to fig. 5, a schematic diagram of an embodiment of a method for processing a packet by a SR-IOV-based virtual switch according to this application is shown.
Since the embodiment of the method for processing a packet by using the SR-IOV-based virtual switch provided in this embodiment is matched with the embodiment of the method for processing a packet by using the SR-IOV provided in the above, description is relatively simple, and for related parts, reference may be made to the corresponding description of the embodiment of the method for processing a packet by using the SR-IOV provided in the above. The embodiments described below are merely illustrative.
The application provides a method for processing a message by a virtual switch based on SR-IOV, which comprises the following steps:
step S501, receiving a message to be processed sent by the switch.
The method for processing the message by the virtual switch based on the SR-IOV is implemented based on a virtual machine switch deployed on a virtual host in a virtual environment, and is matched with the message processing method based on the SR-IOV provided by the application, and the data flow of the virtual machine direct physical network card is directed to the virtual host in the virtual environment by the data message forwarding capability of the switch deployed on a hardware network card and by combining an Address Resolution Protocol (ARP) proxy, that is: the data flow of the data message sent by the virtual machine to the physical network is guided to the virtual machine switch deployed on the virtual host in the virtual environment, and the data flow of the data message sent by the physical network to the virtual machine is guided to the virtual machine switch deployed on the virtual host in the virtual environment.
The message to be processed in the embodiment of the present application refers to a data message that is sent by the virtual machine or the physical network and is not processed by business logic on the virtual switch. Wherein, the message to be processed carries the intermediate MAC address. If the message to be processed is sent from the virtual machine to the physical network, the message to be processed received by the virtual switch comes from the virtual machine; if the message to be processed is sent from the physical network to the virtual machine, the message to be processed received by the virtual switch comes from the physical network, and the following detailed description is made one by one.
1. A pending packet from the virtual machine (a pending packet sent from the virtual machine to the physical network).
And if the message to be processed is sent from the virtual machine to the physical network, the virtual switch receives the message to be processed through a pre-configured virtual function module. For example, if the VM1 sends a pending message to the LAN, the vSwitch receives the pending message sent by the VM1 through the VF 0.
In cooperation with the SR-IOV-based message processing method embodiment, the ARP request is specifically processed in the following manner:
1) receiving an ARP request sent by the switch through the virtual function module;
2) creating an ARP response corresponding to the ARP request, and packaging the MAC address corresponding to the ARP response in the ARP response;
3) and sending the ARP response to the switch through the virtual function module.
For example, as shown in fig. 3, the VM1 sends a message to be processed to the LAN, the vSwitch receives an ARP request broadcast by the L2Switch through the VF0, creates an ARP response corresponding to the ARP request after receiving the ARP request, encapsulates the MAC address (MAC address corresponding to the vSwitch) EE, FF: FF in the ARP response, and sends the ARP response to the L2Switch through the VF 0.
In addition, in order to achieve network isolation between the virtual machines and improve security of the virtual machines, corresponding tags may be respectively set for each virtual machine, for example, corresponding virtual local area network tags (VLAN Tag) may be respectively set for VF0, VF1, and VF2 · VFn, and the VLAN tags of each virtual machine are not repeated, so that the one-to-one corresponding virtual machine can be determined according to the VLAN Tag. Based on this, the virtual switch may maintain a mapping of virtual machines to tags.
As described above, the switch encapsulates the tag of the virtual machine that sent the ARP request in the ARP request before broadcasting the ARP request to all virtual function modules; correspondingly, in this embodiment, after receiving the to-be-processed packet sent by the switch in this step, and after performing service logic processing on the to-be-processed packet in step S502, obtaining a data packet, and encapsulating the destination MAC address corresponding to the to-be-processed packet in the data packet before performing the step, that is, after receiving the ARP request, the virtual switch removes the tag corresponding to the virtual machine sending the ARP request, which is encapsulated by the ARP request, according to the mapping relationship between the virtual machine and the tag maintained by the virtual switch.
2. A pending message from the physical network (a pending message sent from the physical network to the virtual machine).
And if the message to be processed is sent to the virtual machine from the physical network, the virtual switch receives the message to be processed through a pre-configured physical function module. For example, if the LAN sends a pending message to the VM2, the vSwitch receives the pending message sent by the LAN through the PF.
In cooperation with the SR-IOV-based message processing method embodiment, the ARP request is specifically processed in the following manner:
1) receiving an ARP request sent by the switch through the virtual function module;
2) creating an ARP response corresponding to the ARP request, and packaging the MAC address corresponding to the ARP response in the ARP response;
3) and sending the ARP response to the switch through the virtual function module.
For example, as shown in fig. 3, the LAN sends a pending message to the VM2, the vSwitch receives an ARP request broadcast by the L2Switch through the VF0, creates an ARP response corresponding to the ARP request after receiving the ARP request, encapsulates the MAC address EE, FF corresponding to the ARP request in the ARP response, and sends the ARP response to the L2Switch through the VF 0.
Optionally, the virtual machines are respectively provided with unique corresponding tags; wherein the tag comprises: virtual local area network tags.
As described above, the virtual switch maintains the mapping relationship between the virtual machine and the tag, and in specific implementation, the tag of the virtual machine can be encapsulated in the ARP response according to the mapping relationship between the virtual machine and the tag; and after receiving the ARP response, the switch removes the label of the virtual machine encapsulated in the ARP response according to the mapping relation between the virtual machine and the label maintained by the switch.
Step S502, executing service logic processing aiming at the message to be processed, obtaining a data message, and packaging a target MAC address corresponding to the message to be processed into the data message.
In the step S501, the to-be-processed packet sent by the switch is received, in this step, service logic processing is performed on the received to-be-processed packet, a data packet corresponding to the to-be-processed packet is obtained, and a destination MAC address corresponding to the to-be-processed packet is encapsulated in the data packet.
As described above, the virtual switch maintains the mapping relationship between the virtual machines and the tags, so in order to implement network isolation between the virtual machines and improve the security of the virtual machines, in the implementation, in the execution process of this step, that is: and in the process of executing service logic processing and generating the data message aiming at the message to be processed, packaging the label of the virtual machine in the data message, and after the data message is sent to the switch, removing the label of the virtual machine packaged in the data message according to the mapping relation between the virtual machine and the label maintained by the switch. For example, the label of the virtual machine VM2 that receives the data message is encapsulated in the data message. In addition, after the step is executed, that is, after the data packet is generated, and before the step S503 is executed, the label of the virtual machine may be encapsulated in the outer layer of the data packet.
Step S503, sending the data packet to the switch.
In the step S502, service logic processing is performed on the to-be-processed packet to obtain the data packet, and the destination MAC address corresponding to the to-be-processed packet is encapsulated in the data packet. If the message to be processed is sent from the virtual machine to the physical network, the message to be processed received by the virtual switch comes from the virtual machine; if the message to be processed is sent from the physical network to the virtual machine, the message to be processed received by the virtual switch comes from the physical network, and the following detailed description is made one by one.
1. A pending packet from the virtual machine (a pending packet sent from the virtual machine to the physical network).
And if the message to be processed is sent from the virtual machine to the physical network, the virtual switch sends the data message generated after executing the service logic processing to the switch through a pre-configured physical function module. For example, if the VM1 sends a pending message to the LAN, the vSwitch sends a data message to the L2Switch via the PF.
2. A pending message from the physical network (a pending message sent from the physical network to the virtual machine).
And if the message to be processed is sent from the physical network to the virtual machine, the virtual switch sends the data message generated after executing the service logic processing to the switch through a pre-configured virtual function module. For example, if the LAN sends a pending message to the VM2, the vSwitch sends a data message to the L2Switch via the VF 0.
To sum up, the method for processing the message by the SR-IOV-based virtual switch provided by the present application is matched with the SR-IOV-based message processing method, so as to achieve the purpose of guiding the data traffic passing through the hardware network card to the virtual switch, and the data traffic guided by the virtual switch can be subjected to complete service logic processing on the software layer where the virtual switch is located, thereby enabling the service function of the data traffic to be more diversified.
The embodiment of the device for processing the message by the virtual switch based on the SR-IOV provided by the application is as follows:
in the foregoing embodiment, a method for processing a packet by a SR-IOV based virtual switch is provided, and correspondingly, the present application also provides a device for processing a packet by a SR-IOV based virtual switch, which is described below with reference to the accompanying drawings.
Referring to fig. 6, a schematic diagram of an embodiment of an apparatus for processing a packet by a SR-IOV based virtual switch according to the present application is shown.
Since the apparatus embodiments are substantially similar to the method embodiments, they are described in a relatively simple manner, and reference may be made to the corresponding description of the method embodiments provided above for relevant portions. The device embodiments described below are merely illustrative.
The application provides a device for processing messages by a virtual switch based on SR-IOV, which comprises:
a to-be-processed message receiving unit 601, configured to receive a to-be-processed message sent by an exchange;
a service logic execution unit 602, configured to execute service logic processing on the to-be-processed packet, obtain a data packet, and encapsulate a destination MAC address corresponding to the to-be-processed packet into the data packet;
a data packet sending unit 603, configured to send the data packet to the switch;
wherein, the message to be processed carries the intermediate MAC address.
Optionally, the message to be processed comes from a virtual machine;
correspondingly, the message to be processed is received through the preconfigured virtual function module, and the data message is sent through the preconfigured physical function module.
Optionally, the SR-IOV-based apparatus for processing a packet by a virtual switch includes:
a first ARP request receiving unit, configured to receive, by the virtual function module, an ARP request sent by the switch;
a first ARP response generation unit, configured to create an ARP response corresponding to the ARP request, and encapsulate a corresponding MAC address in the ARP response;
a first ARP response sending unit, configured to send the ARP response to the switch through the virtual function module.
Optionally, the virtual machines are respectively provided with unique corresponding tags;
wherein the tag comprises: virtual local area network tags.
Optionally, the ARP response is encapsulated with a tag corresponding to the virtual machine.
Optionally, the SR-IOV-based apparatus for processing a packet by a virtual switch includes:
and the label removing unit is used for removing the label corresponding to the virtual machine which is externally encapsulated in the message to be processed according to the preset mapping relation between the virtual machine and the label.
Optionally, the message to be processed comes from a physical network;
correspondingly, the message to be processed is received through the pre-configured physical function module, and the data message is sent through the pre-configured virtual function module.
Optionally, the SR-IOV-based apparatus for processing a packet by a virtual switch includes:
a second ARP request receiving unit, configured to receive, through the virtual function module, an ARP request sent by the switch;
a second ARP response generation unit, configured to create an ARP response corresponding to the ARP request, and encapsulate a corresponding MAC address in the ARP response;
and a second ARP response sending unit, configured to send the ARP response to the switch through the virtual function module.
Optionally, the virtual machines are respectively provided with unique corresponding tags;
wherein the tag comprises: virtual local area network tags.
Optionally, the SR-IOV-based apparatus for processing a packet by a virtual switch includes:
and the label packaging unit is used for packaging the label corresponding to the virtual machine in the data message according to a preset mapping relation between the virtual machine and the label.
Although the present application has been described with reference to the preferred embodiments, it is not intended to limit the present application, and those skilled in the art can make variations and modifications without departing from the spirit and scope of the present application, therefore, the scope of the present application should be determined by the claims that follow.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

Claims (27)

1. A message processing method based on SR-IOV is characterized by comprising the following steps:
according to an intermediate MAC address carried by a received message to be processed, forwarding the message to be processed to a virtual switch corresponding to the intermediate MAC address to execute service logic processing, wherein the service logic processing comprises the following steps: forwarding the message to be processed to a virtual switch deployed on a virtual host in a virtual environment, and executing service logic processing on the message to be processed on the virtual switch;
receiving a data message which is sent by the virtual switch and obtained after the service logic processing is executed on the message to be processed;
and sending the data message according to the destination MAC address carried by the data message.
2. The SR-IOV-based message processing method according to claim 1, wherein the message to be processed is sent by a virtual machine;
correspondingly, the message to be processed is received through the virtual function module corresponding to the preconfigured virtual machine, and is forwarded to the virtual switch through the preconfigured virtual function module corresponding to the virtual switch;
and the data message is received through a physical function module corresponding to the virtual switch which is configured in advance.
3. The SR-IOV based message processing method according to claim 2, wherein the intermediate MAC address is obtained by:
receiving an ARP request sent by the virtual machine through a virtual function module corresponding to the virtual machine;
broadcasting the ARP request to all virtual function modules;
and receiving an ARP response sent by the virtual switch through a virtual function module corresponding to the virtual switch, and taking an MAC address carried by the ARP response as the intermediate MAC address.
4. The SR-IOV-based message processing method according to claim 3, wherein the substep of receiving an ARP response sent by the virtual switch through the virtual function module corresponding to the virtual switch, and executing the MAC address carried in the ARP response as the intermediate MAC address is executed, and then the substep of:
and adding the corresponding relation between the intermediate MAC address and the virtual function module corresponding to the virtual switch into a preset mapping relation between the MAC address and the port.
5. The SR-IOV-based message processing method according to claim 2, wherein the virtual machines are provided with respective corresponding labels;
wherein the tag comprises: virtual local area network tags.
6. The SR-IOV-based packet processing method according to claim 5, wherein before the step of forwarding the packet to be processed to the virtual switch corresponding to the intermediate MAC address to perform service logic processing is performed according to the intermediate MAC address carried by the received packet to be processed, the following steps are performed:
and packaging the label corresponding to the virtual machine on the outer layer of the message to be processed.
7. The SR-IOV based message processing method as recited in claim 6, wherein the virtual switch maintains a mapping relationship between a virtual machine and a label, and removes the label of the outer encapsulation of the message to be processed based on the mapping relationship between the virtual machine and the label.
8. The SR-IOV-based message processing method according to claim 2, wherein the sending of the data message according to the destination MAC address carried by the data message is implemented by:
according to a target MAC address carried by the data message, searching a port corresponding to the target MAC address in a preset mapping relation between the MAC address and the port;
and sending the data message through a port corresponding to the destination MAC address.
9. The SR-IOV based message processing method of claim 1, wherein the message to be processed is sent by a physical network;
correspondingly, the message to be processed is received through a physical network port corresponding to the physical network and is forwarded to the virtual switch through a pre-configured physical function module corresponding to the virtual switch;
and the data message is received through a virtual function module corresponding to the virtual switch which is configured in advance.
10. The SR-IOV based message processing method according to claim 9, wherein the intermediate MAC address is obtained by:
receiving an ARP request sent by the physical network through the physical network interface;
broadcasting the ARP request to all virtual function modules;
and receiving an ARP response sent by the virtual switch through a virtual function module corresponding to the virtual switch, and taking an MAC address carried by the ARP response as the intermediate MAC address.
11. The SR-IOV-based message processing method according to claim 10, wherein the substep of receiving an ARP response sent by the virtual switch through the virtual function module corresponding to the virtual switch, and executing a MAC address carried in the ARP response as the intermediate MAC address is executed, and then the substep of:
and adding the corresponding relation between the intermediate MAC address and the virtual function module corresponding to the virtual switch into a preset mapping relation between the MAC address and the port.
12. The SR-IOV-based message processing method according to claim 9, wherein the step of sending the data message according to the destination MAC address carried by the data message is implemented as follows:
searching a virtual machine corresponding to a target MAC address in a preset mapping relation between the MAC address and a port according to the target MAC address carried by the data message;
and sending the data message to the virtual machine through a virtual function module corresponding to the virtual machine.
13. The SR-IOV-based message processing method according to claim 12, wherein the virtual machines are respectively provided with a unique corresponding tag;
wherein the tag comprises: virtual local area network tags.
14. The SR-IOV based message processing method of claim 13, wherein the virtual switch maintains a mapping relationship between a virtual machine and the label, and encapsulates the label corresponding to the virtual machine on the outer layer of the data message based on the mapping relationship between the virtual machine and the label.
15. The SR-IOV-based packet processing method according to claim 14, wherein after the step of receiving the data packet sent by the virtual switch and obtained after performing the service logic processing on the packet to be processed is performed, and before the step of sending the data packet according to the destination MAC address carried in the data packet is performed, the following steps are performed:
and releasing the label encapsulated on the outer layer of the data message.
16. A message processing device based on SR-IOV is characterized by comprising:
a to-be-processed packet forwarding unit, configured to forward, according to an intermediate MAC address carried by a received to-be-processed packet, the to-be-processed packet to a virtual switch corresponding to the intermediate MAC address to perform service logic processing, where the service logic processing includes: forwarding the message to be processed to a virtual switch deployed on a virtual host in a virtual environment, and executing service logic processing on the message to be processed on the virtual switch;
a data message receiving unit, configured to receive a data message sent by the virtual switch and obtained after performing service logic processing on the message to be processed;
and the data message sending unit is used for sending the data message according to the destination MAC address carried by the data message.
17. A method for processing message by a virtual switch based on SR-IOV is characterized by comprising the following steps:
receiving the message to be processed sent by the switch according to the intermediate MAC address carried by the message to be processed;
executing service logic processing aiming at the message to be processed to obtain a data message, and packaging a destination MAC address corresponding to the message to be processed into the data message, wherein the method comprises the following steps: executing service logic processing on the message to be processed on a virtual switch deployed on a virtual host in a virtual environment, and then generating a corresponding data message;
and sending the data message to the switch.
18. The SR-IOV based virtual switch method of handling packets according to claim 17, wherein the packet to be handled is from a virtual machine;
correspondingly, the message to be processed is received through the preconfigured virtual function module, and the data message is sent through the preconfigured physical function module.
19. The SR-IOV based virtual switch message processing method according to claim 18, wherein before the step of receiving the message to be processed sent by the switch, the following steps are performed:
receiving an ARP request sent by the switch through the virtual function module;
creating an ARP response corresponding to the ARP request, and packaging the MAC address corresponding to the ARP response in the ARP response;
and sending the ARP response to the switch through the virtual function module.
20. The SR-IOV based virtual switch message processing method according to claim 19, wherein the virtual machines are respectively provided with a unique corresponding tag;
wherein the tag comprises: virtual local area network tags.
21. The SR-IOV based virtual switch message processing method of claim 20, wherein the ARP response encapsulates a label corresponding to the virtual machine.
22. The SR-IOV based method for processing a packet by a virtual switch according to claim 20, wherein after the step of receiving the packet to be processed sent by the switch is executed, and before the step of executing the service logic processing on the packet to be processed, obtaining a data packet, and encapsulating a destination MAC address corresponding to the packet to be processed into the data packet is executed, the following steps are executed:
and releasing the label corresponding to the virtual machine which is externally encapsulated in the message to be processed according to a preset mapping relation between the virtual machine and the label.
23. The SR-IOV based virtual switch method of handling packets according to claim 17, wherein the packet to be handled is from a physical network;
correspondingly, the message to be processed is received through the pre-configured physical function module, and the data message is sent through the pre-configured virtual function module.
24. The SR-IOV based virtual switch message processing method according to claim 23, wherein before the step of receiving the message to be processed sent by the switch, the following steps are performed:
receiving an ARP request sent by the switch through the virtual function module;
creating an ARP response corresponding to the ARP request, and packaging the MAC address corresponding to the ARP response in the ARP response;
and sending the ARP response to the switch through the virtual function module.
25. The SR-IOV based virtual switch message processing method according to claim 23, wherein the virtual machines are respectively provided with a unique corresponding tag;
wherein the tag comprises: virtual local area network tags.
26. The SR-IOV based virtual switch message processing method according to claim 25, wherein the step of executing the service logic processing on the message to be processed to obtain the data message and encapsulating the destination MAC address corresponding to the message to be processed into the data message is executed, or the step of executing the service logic processing on the message to be processed to obtain the data message and encapsulating the destination MAC address corresponding to the message to be processed into the data message is executed, and before the step of sending the data message to the switch is executed, the following steps are executed:
and according to a preset mapping relation between the virtual machine and the label, packaging the label corresponding to the virtual machine in the data message.
27. An SR-IOV based apparatus for processing a packet by a virtual switch, comprising:
a message receiving unit to be processed, which is used for receiving the message to be processed sent by the switch;
a service logic execution unit, configured to execute service logic processing on the to-be-processed packet, obtain a data packet, and encapsulate a destination MAC address corresponding to the to-be-processed packet into the data packet, where the service logic execution unit includes: executing service logic processing on the message to be processed on a virtual switch deployed on a virtual host in a virtual environment, and then generating a corresponding data message;
a data message sending unit, configured to send the data message to the switch;
and receiving the message to be processed sent by the receiving switch according to the intermediate MAC address carried by the message to be processed.
CN201611036151.8A 2016-11-23 2016-11-23 Message processing method and device based on SR-IOV Active CN108092923B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611036151.8A CN108092923B (en) 2016-11-23 2016-11-23 Message processing method and device based on SR-IOV

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611036151.8A CN108092923B (en) 2016-11-23 2016-11-23 Message processing method and device based on SR-IOV

Publications (2)

Publication Number Publication Date
CN108092923A CN108092923A (en) 2018-05-29
CN108092923B true CN108092923B (en) 2021-06-18

Family

ID=62168649

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611036151.8A Active CN108092923B (en) 2016-11-23 2016-11-23 Message processing method and device based on SR-IOV

Country Status (1)

Country Link
CN (1) CN108092923B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110912825B (en) * 2018-09-18 2022-08-02 阿里巴巴集团控股有限公司 Message forwarding method, device, equipment and system
CN111698141B (en) * 2019-03-13 2022-12-02 中兴通讯股份有限公司 Message forwarding method and device
CN110798409A (en) * 2019-10-31 2020-02-14 深信服科技股份有限公司 Traffic processing method, device and storage medium
CN113132200B (en) * 2019-12-30 2024-01-19 中兴通讯股份有限公司 Data forwarding method, repeater, system, server and storage medium
CN111698167B (en) * 2020-04-01 2023-04-07 新华三大数据技术有限公司 Message processing method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102334112A (en) * 2009-02-27 2012-01-25 美国博通公司 Method and system for virtual machine networking
CN102457586A (en) * 2010-10-18 2012-05-16 中兴通讯股份有限公司 Expanding method for realizing double-layer network and expanded double-layer network
CN103023827A (en) * 2012-11-23 2013-04-03 杭州华三通信技术有限公司 Data forwarding method for virtualized data centre and realization equipment of data forwarding method
CN104170331A (en) * 2012-04-09 2014-11-26 华为技术有限公司 L3 gateway for VXLAN

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10063473B2 (en) * 2014-04-30 2018-08-28 Brocade Communications Systems LLC Method and system for facilitating switch virtualization in a network of interconnected switches

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102334112A (en) * 2009-02-27 2012-01-25 美国博通公司 Method and system for virtual machine networking
CN102457586A (en) * 2010-10-18 2012-05-16 中兴通讯股份有限公司 Expanding method for realizing double-layer network and expanded double-layer network
CN104170331A (en) * 2012-04-09 2014-11-26 华为技术有限公司 L3 gateway for VXLAN
CN103023827A (en) * 2012-11-23 2013-04-03 杭州华三通信技术有限公司 Data forwarding method for virtualized data centre and realization equipment of data forwarding method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于SR-IOV的虚拟机防火墙设计与实现";荀仲恺等;《计算机工程》;20140531;第155页第3节-第156页第4节 *

Also Published As

Publication number Publication date
CN108092923A (en) 2018-05-29

Similar Documents

Publication Publication Date Title
CN108092923B (en) Message processing method and device based on SR-IOV
US10491517B2 (en) Packet processing method in cloud computing system, host, and system
JP6605713B2 (en) Packet processing method, host and system in cloud computing system
US10447500B2 (en) Data packet processing method, host, and system
WO2023087938A1 (en) Data processing method, programmable network card device, physical server, and storage medium
CN109587281B (en) Container configuration method and computing node
CN109617735B (en) Cloud computing data center system, gateway, server and message processing method
US11374899B2 (en) Managing network connectivity between cloud computing service endpoints and virtual machines
CN108566445B (en) Message transmission method and device
US20180219773A1 (en) Interconnection of overlay networks
CN105049464B (en) Techniques for accelerating network virtualization
US11265285B2 (en) Fan network management
CN105635190A (en) Service execution method and device for data center network
CN104683428A (en) Network service processing method and device
CN106850382B (en) Flow traction method and device
EP3369217B1 (en) Multiple gateway operation on single operating system
WO2016035306A1 (en) Control system, communication system, communication method, and recording medium
US10791088B1 (en) Methods for disaggregating subscribers via DHCP address translation and devices thereof
CN105591922B (en) A kind of transmission method and device of message
CN109525582B (en) Message processing method, system and storage medium
WO2024001549A1 (en) Address configuration method and electronic device
CN116743681A (en) Message forwarding method, device, computer equipment and storage medium in VXLAN (virtual extensible local area network)
CN118519934A (en) Data transmission method, device, electronic device and computer storage medium based on Remote Direct Memory Access (RDMA)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230605

Address after: Room 1-2-A06, Yungu Park, No. 1008 Dengcai Street, Sandun Town, Xihu District, Hangzhou City, Zhejiang Province

Patentee after: Aliyun Computing Co.,Ltd.

Address before: Box 847, four, Grand Cayman capital, Cayman Islands, UK

Patentee before: ALIBABA GROUP HOLDING Ltd.