CN108390809B - Bridging method and system based on VF promiscuous mode - Google Patents

Bridging method and system based on VF promiscuous mode Download PDF

Info

Publication number
CN108390809B
CN108390809B CN201710063559.2A CN201710063559A CN108390809B CN 108390809 B CN108390809 B CN 108390809B CN 201710063559 A CN201710063559 A CN 201710063559A CN 108390809 B CN108390809 B CN 108390809B
Authority
CN
China
Prior art keywords
mode
promiscuous
virtual machine
mac
promiscuous mode
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710063559.2A
Other languages
Chinese (zh)
Other versions
CN108390809A (en
Inventor
孙文杰
王力
穆立超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Huayao Technology Co ltd
Original Assignee
Beijing Huayao Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Huayao Technology Co ltd filed Critical Beijing Huayao Technology Co ltd
Priority to CN201710063559.2A priority Critical patent/CN108390809B/en
Publication of CN108390809A publication Critical patent/CN108390809A/en
Application granted granted Critical
Publication of CN108390809B publication Critical patent/CN108390809B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks

Abstract

The invention relates to a bridging method based on a VF promiscuous mode, which is realized by the steps of setting a support VF promiscuous mode, setting a support sniff mode, starting the VF promiscuous mode, configuring a support port mirror image of a built-in bridging mode and the like. The invention also provides a built-in bridging system supporting the VF promiscuous mode. The invention adopts a built-in bridging method in the SR-IOV mixed mode system, and can directly call PF, so that the performance of the virtual machine is close to that of a physical machine; the method can support various multi-type deployment modes of the virtual machine; support multiple (unicast, multicast, broadcast, VLAN) promiscuous modes of controlling a single VF; the method realizes the built-in exchange function based on the hardware network card, has high performance, does not occupy system resources such as a CPU (central processing unit), a memory and the like, and has the advantages of reducing cost and network complexity and the like.

Description

Bridging method and system based on VF promiscuous mode
Technical Field
The present invention relates to the field of Virtual technologies in network application delivery control, and in particular, to a built-in bridging method and system based on a VF (Virtual Function, hereinafter abbreviated as VF) promiscuous mode.
Background
VF promiscuous mode (promiscuos): that is, all packets sent to a PF that are unicast, multicast, broadcast, or a designated vlan (Virtual Local Area Network) are sent to the designated VF.
SR-IOV (Single root I/O virtualization) technology is a hardware-based virtualization solution that can improve performance and scalability. The SR-IOV standard allows PCIe (Peripheral Component Interconnect Express) devices to be efficiently shared between virtual machines, and it is implemented in hardware, and can achieve I/O performance comparable to native performance. According to the SR-IOV standard, a new device created may allow a virtual machine to be connected directly to an I/O device. A single I/O resource may be shared by many virtual machines. Shared devices will provide dedicated resources and also use shared common resources. In this way, each virtual machine can access unique resources. Thus, a SR-IOV enabled PCIe device (e.g., an ethernet port) with appropriate hardware and OS support may appear as multiple separate physical devices, each with its own PCIe configuration space. SR-IOV belongs to a branch of Intel VT-d technology, and the SR-IOV function is realized on the premise that PF supports SR-IOV, a mainboard supports Intel VT-d technology, and the SR-IOV system architecture in the prior art is shown in FIG. 1.
In prior art SR-IOV, there are two types of functional network cards:
physical Function (Physical Function, hereinafter abbreviated as PF): PCI functions for supporting SR-IOV functions, as defined in the SR-IOV specification. The PF comprises an SR-IOV function structure for managing SR-IOV functions. The PF is a full function PCIe function that may be discovered, managed, and processed like any other PCIe device. The PF has full configuration resources that can be used to configure or control the PCIe device.
VF: a function associated with a physical function. A VF is a lightweight PCIe function that may share one or more physical resources with a physical function and other VFs associated with the same physical function. The VF only allows possession of the configuration resources for its own behavior, including the resources necessary for data migration, and a carefully reduced set of configuration resources.
There may be one PF per SR-IOV device and up to 64,000 VFs associated with each PF. The PF may create the VF through registers designed with attributes specific to this purpose. Once the SR-IOV is enabled in the PF, the PCI configuration space of each VF may be accessed through the PF's bus, device and function number (i.e., route ID). Each VF has a PCI memory space to map its set of registers. The VF device driver operates on the register set to enable its functionality and appears as an actual existing PCI device. After a VF is created, it can be directly assigned to an I/O guest domain or to various applications (e.g., Oracle Solaris Zones on bare metal platforms). This functionality allows virtual functions to share physical devices and perform I/O without CPU and virtual machine hypervisor software overhead.
On the super-fusion platform, the following challenges need to be faced to support multiple multimode virtual machines: a. supporting the deployment mode of the multi-mode virtual machine; b. and high-efficiency interconnection communication between the virtual machines is supported.
With regard to a, supporting deployment of multi-mode virtual machines, the network devices in the prior art generally support the following four modes:
reverse proxy mode: as shown in fig. 2, this mode acts as a service proxy mode for other vendors;
routing mode: as shown in fig. 2, this mode acts as a router between different networks;
bridge mode: the device is transparently deployed in the network, and does not affect the original topology and configuration in the network;
sniff (Sniffer) mode: the bypass deployment is carried out, and the flow is mirrored to the equipment through the switch to carry out monitoring and message detection; when the SR-IOV VF used by the virtual machine does not enable the promiscuous mode, the sniff mode of the system needs switch cooperation to work, and as shown in FIG. 4, the configuration of the switch is needed to mirror the incoming traffic of the Port1 interface (request traffic sent by a client) and the incoming traffic of the Port2 (response traffic returned by a server) onto the Port 3.
The PF supporting SR-IOV technology in the prior art includes an exchange function, and distributes traffic to different destination MAC addresses to respective VFs according to a MAC address table filtering rule. By default, using SR-IOV techniques, the virtual machine platform may support reverse proxy mode and routing mode. However, because the PF supporting the SR-IOV technology can only implement filtering based on the MAC address table and vlan tag, if two VF network cards belonging to different PFs in the virtual machine need to be bridged together, and the MAC address of the bridge only uses the MAC address of one VF, the bridge in the virtual machine can only communicate with one side of the PF where the VF with the same MAC address is located, and the PF cannot identify the MAC address of the bridge because the switch used by the PF does not support the self-MAC address learning function. So that the virtual machine can only communicate on one side.
Fig. 2 shows a system architecture based on an SR-IOV reverse proxy mode and a routing mode in the prior art, because of the limitation of the existing SR-IOV technology, when the system uses the SR-IOV technology by default, if two VFs (e.g., VF0 of PF1 and VF0 of PF2) belonging to different PFs (e.g., PF1 and PF2 in fig. 2) in a virtual machine are bridged together, and a MAC address of a bridge only uses a MAC address of one of the VFs, the bridge in the virtual machine can only communicate with a side of the PF where a VF with the same MAC address is located, and the switch used by the PF does not support a MAC address learning function, so that the PF cannot identify the MAC address of the bridge. Therefore, the virtual machine can only communicate on one side, namely, the VF of the PF1 or the VF of the PF2 in the FIG. 2 can only communicate on one side, and the PF1 and the PF2 cannot communicate with each other.
In addition, since the SR-IOV virtual switch only supports filtering according to the MAC address table and VLAN tag (tag), traffic mirrored from the switch external switch cannot be normally sent to the virtual machine.
Secondly, regarding to b, supporting efficient interconnection communication between virtual machines, there are two main ways in the prior art: firstly, connecting with external equipment through an external circuit; ② communication is performed by software-implemented virtual switch functions (e.g., Linux Bridge and OVS). However, both approaches have their own disadvantages: the communication is carried out by the first mode, external exchange equipment and physical connection lines need to be purchased, and the cost and the network complexity are increased; by the mode II, the communication is inevitable to cause the expenditure of system resources (such as CPU resources), and further the communication efficiency and the performance of the virtual machine are influenced.
Disclosure of Invention
In order to solve the above problems, an object of the present invention is to provide a method and a system for implementing a built-in bridge mode based on a VF blending mode, so as to support multiple types of virtual machine mixed deployment modes and support efficient interconnection communication between virtual machines.
A bridging method based on VF promiscuous mode comprises the following steps:
step 1, setting a VF hybrid mode supporting system platform on a VF hybrid mode system platform; the setting supports a VF promiscuous mode, which comprises a VF manual starting promiscuous mode for distributing SR-IOV for the virtual machine, and is used for ensuring that all the flow received by the PF can be sent to the corresponding VF;
the setting of the VF hybrid mode also comprises bridging interfaces corresponding to two VFs respectively belonging to different PFs in the virtual machine so as to realize the bridging function of the interior of the virtual machine on VFs derived from different PFs;
step 2, setting a sniff supporting mode: enabling a VF promiscuous mode for an SR-IOV used by a virtual machine, wherein the VF receives all request and response flows to realize bypass monitoring and detection;
step 3, starting a VF hybrid mode: in a normal state, setting a VF hybrid mode as default closing to avoid network congestion of the virtual machine; when a user needs a particular VF to support VF promiscuous mode or sniff mode, the promiscuous mode is manually turned on for the particular VF, which, further,
step 3.1, the sub-steps of starting the promiscuous mode for the specific VF are as follows:
port premium ports < physical port name > < VF number > < miscellaneous mode ID > < Vlan tag >
Step 3.2, the sub-steps of disabling the promiscuous mode for a specific VF are:
no port perfect < physical port name > < VF number >
Step 4, configuring a built-in bridge mode to support port mirror images, and configuring the port mirror images on the basis of realizing the built-in bridge mode of the virtual machine for VFs derived from different PFs: when the VF that allocates SR-IOV for a virtual machine manually enables promiscuous mode, the traffic on the designated VF on the same PF is mirrored on another VF, which, further,
the configured built-in bridge mode supports port mirroring, and the configured port mirroring policy may be:
portmirror < physical port name > < mirror destination VF > < mirror source VF > < mirror mode >
The bridging method based on the VF promiscuous mode further comprises the following steps:
and 5, configuring communication between the virtual machines: distributing unique and unchangeable MAC addresses to the VFs on each PF through an MAC pool function so as to ensure the uniqueness of the MAC addresses of the virtual machine interfaces using the VFs, wherein when different virtual machines use the VFs on the same PF for communication, the SR-IOV virtual switch can correctly perform MAC addressing according to an MAC address table so as to realize the intercommunication of the virtual machines;
and 6, starting data flow direction control of the VF hybrid mode by the physical interface to control forwarding and flow direction control of data between the PF and the VF.
The invention relates to a built-in bridging system supporting a VF promiscuous mode, which is generated by a bridging method based on the VF promiscuous mode, and comprises the following steps: the system comprises an Inter VT-d platform, a virtual machine management device, at least 2 PFs, a plurality of VFs respectively derived from the PFs, a promiscuous mode enabling module and at least one group of VF built-in bridging modules, wherein the group of virtual machine built-in bridging modules are formed by bridging two VF corresponding interfaces of different PFs.
In the system for supporting the built-in bridge of the VF promiscuous mode, the set of built-in bridge modules of the virtual machine may be further configured by bridging two VF corresponding interfaces derived from the same PF, so as to designate a flow on one VF to be mirrored on another VF.
The invention adopts a built-in bridging method in the SR-IOV mixed mode system, and can directly call PF, so that the performance of the virtual machine is close to that of a physical machine; the method can support various multi-type deployment modes of the virtual machine; support multiple (unicast, multicast, broadcast, VLAN) promiscuous modes of controlling a single VF; the method realizes the built-in exchange function based on the hardware network card, has high performance, does not occupy system resources such as a CPU (central processing unit), a memory and the like, and has the advantages of reducing cost and network complexity and the like.
Drawings
FIG. 1 is a schematic diagram of a prior art SR-IOV system architecture;
FIG. 2 is a schematic diagram of a prior art SR-IOV reverse proxy mode and routing mode-based configuration system architecture;
FIG. 3 is a schematic diagram of the architecture of the VF hybrid mode based built-in bridge system of the present invention;
FIG. 4 is a schematic diagram of an improved system architecture based on the VF sniff mode of the prior art;
FIG. 5 is a schematic diagram of a port mirroring system implemented by SR-IOV of the present invention;
FIG. 6 is a system diagram of the first embodiment of the present invention;
FIG. 7 is a system diagram of a second embodiment of the present invention;
FIG. 8 is a schematic diagram of the SR-IOV data flow control module of the present invention.
Detailed Description
In the following description, numerous technical details are set forth in order to provide a better understanding of the present application. However, it will be understood by those skilled in the art that the present invention may be practiced without these specific details and with various changes and modifications based on the following embodiments.
In order to make the objects, technical solutions and advantages of the present invention clearer, an "Array virtualization management platform" developed by hua yao (china) science and technology limited is taken as an example, and embodiments of the present invention will be further described in detail with reference to the accompanying drawings.
A bridging method based on VF promiscuous mode comprises the following steps:
step 1, as shown in fig. 3, a Bridge supporting mode is set on a VF-based promiscuous mode system platform; the method has the advantages that the hybrid mode is manually started by distributing the VF of the SR-IOV for the virtual machine, so that the flow received by the PF can be completely sent to the corresponding VF, and meanwhile, interfaces corresponding to the two VFs of different PFs are bridged by the existing software bridging technology (such as Linux Bridge) in the virtual machine;
in order to avoid network congestion of the VF, an ACL access control rule may be configured to filter traffic concerned by the non-virtual machine, and the SR-IOV virtual machine switch still performs traffic filtering and distribution according to the MAC address table for the other non-started VFs in the promiscuous mode;
step 2, setting a sniff supporting mode: enabling a promiscuous mode for an SR-IOV VF used by a virtual machine, wherein the VF receives all request and response flows to realize bypass monitoring and detection;
step 3, starting a VF hybrid mode: in a normal state, setting a VF hybrid mode as default closing to avoid network congestion of the virtual machine; when a user needs a particular VF to support VF promiscuous mode or sniff mode, the promiscuous mode is manually turned on for the particular VF, which, further,
step 3.1, the sub-steps of starting the promiscuous mode for the specific VF are as follows:
port premium ports < physical port name > < VF number > < miscellaneous mode ID > < Vlan tag >
Step 3.2, the sub-steps of disabling the promiscuous mode for a specific VF are:
no port perfect < physical port name > < VF number >
Step 4, configuring a built-in bridge mode support port mirror image: as shown in fig. 5, after the VF manually enables the promiscuous mode for allocating SR-IOV to the virtual machine, the flow on the designated VF on the same PF is mirrored on another VF, so as to implement message bypass monitoring and detection between virtual machines; for example, when service data passes through the Array virtualization management platform, service traffic can be mirrored to a monitoring device (such as a firewall, an IPS, a WAF, internet behavior management, and the like) from one device through a port mirror, and sniffing mode deployment of the monitoring device can be realized inside the Array virtualization management platform through the function;
further, the air conditioner is provided with a fan,
the configuration built-in bridge mode supports port mirroring, and the configuration port mirroring policy may be:
port mirror < physical port name > < mirror destination VF > < mirror source VF > < mirror mode >
The port mirror supporting the built-in bridge mode in the configuration built-in bridge mode can be configured to support the following three mirror modes:
0: mirroring inbound and outbound traffic.
1: mirroring incoming traffic.
2: mirroring the outgoing traffic.
The bridging method based on the VF promiscuous mode further comprises the following steps:
and 5, configuring communication between the virtual machines: the method comprises the steps that unique and unchangeable MAC addresses are distributed to VFs on each PF through an MAC pool function, so that the uniqueness of the MAC addresses of virtual machine interfaces using the VFs is guaranteed, when different virtual machines use the VFs on the same PF for communication, the MAC addressing can be correctly carried out according to an MAC address table by using a VF built-in bridging mode of an SR-IOV, and the intercommunication of the virtual machines is realized, for example, as shown in the sixth figure, an Array virtualization management platform supports the built-in bridging mode based on the built-in bridging mode of the SR-IOV, so that the one-to-one and one-to-many communication of the virtual machines can be realized; as another example, as shown in fig. 7, in the Array virtualization management platform, the SR-IOV supports a virtual Switch that is compatible with the platform itself, such as Linux Bridge and Openv Switch, and a user may create a virtual Switch, such as a virtual Switch implemented by software, at the VMM layer and add a physical network card to the virtual Switch. Mutual communication between the two virtual machines can be realized by distributing a virtio virtual network card for the VM02 and distributing a VF under a physical network card for the VM 01;
configuring SR-IOV VF for the virtual machine:
va port < virtual machine name > < physical Port Command > < vf number >
Creating a virtual switch:
switch va < virtual switch name > < virtual machine name >
Adding a physical interface to a virtual switch:
switch interface < virtual switch name > < physical Port name >
Step 6, the physical interface starts a VF promiscuous mode data flow control mechanism to control the forwarding and flow control of SR-IOV data between the PF and the VF, where the data flow control mechanism includes the following sub-steps, as shown in fig. 8:
step 6.1, specify PF, determine if it is an outbound message? If so, continuing to judge whether the target MAC/VLANtags is in the local MAC table, and if not, sending out the target MAC/VLANtags through the PF;
step 6.2, if the judgment is not the outbound message, continuously judging whether an open promiscuous mode VF exists? If not, continue to determine that the destination MAC/vlan tags belong to the local VF? If not, discarding the message; if the judgment judges that the target MAC/VLANtags belongs to the local VF, the target MAC/VLANtags is sent to the designated VF, and then whether the VF is configured as the mirror image source VF or not is judged, if the VF is configured as the mirror image source VF, the flow is copied to the mirror image target VF, and if the VF is not configured as the mirror image source VF, the message operation is ended;
step 6.3, if the determination shows that there is an open promiscuous mode VF, continue to determine whether the VF promiscuous mode matches with the packet type? If the MAC/VLANtags are matched with the local MAC table, the step 6.1 is repeated to judge whether the target MAC/VLANtags are in the local MAC table or not, and if the target MAC/VLANtags are not in the local MAC table, the target MAC/VLANtags are sent out through the PF; if the VF hash mode is judged not to be matched with the message type, the message is discarded.
As further shown in fig. 3, a built-in bridging system supporting VF congestion mode generated by a bridging method based on VF congestion mode according to the present invention includes: the system comprises an InterVT-d platform 100, a virtual machine management module (VMM)200, a virtual machine 510, at least 2 PFs 300 and 400, a plurality of VFs 310, 320, 330, 410 … derived from the PFs, promiscuous mode enabling modules 311 and 411, and at least one set of VF built-in bridge modules, wherein the set of virtual machine built-in bridge modules is formed by bridging corresponding interfaces of two VFs 511 and 512 of different PFs. When the method works, the hybrid mode is manually started by distributing the VF of the SR-IOV for the virtual machine, so that all the flow received by the physical network card can be sent to the corresponding VF. Meanwhile, inside the virtual machine, the interfaces corresponding to the two VFs are bridged by the existing software bridging technology (such as Linux Bridge), so that the Bridge deployment mode of the virtual machine can be realized.
As shown in fig. 5, in the above built-in bridging system supporting the VF promiscuous mode, the set of built-in bridging modules of the virtual machine may also be formed by bridging corresponding interfaces of two VFs 310 and 320 derived from the same PF, so as to designate that traffic on one VF is mirrored onto the other VF, and in fig. 5, data traffic of the VF310 is mirrored onto the virtual machine 511 through the built-in bridging. By the function, sniffing mode deployment of the monitoring equipment can be realized in the Array virtualization management platform, in fig. 5, the solid line part is service traffic, and the dotted line part is mirror data flow.
It should be noted that, each unit mentioned in each device embodiment of the present invention is a logical unit, and physically, one logical unit may be one physical unit, or may be a part of one physical unit, or may be implemented by a combination of multiple physical units, and the physical implementation manner of these logical units itself is not the most important, and the combination of the functions implemented by these logical units is the key to solve the technical problem provided by the present invention. Furthermore, the invention does not incorporate the various embodiments of the plant described above and the units that are not too closely related to solving the technical problems posed by the invention, in order to highlight the innovative part of the invention, but this does not indicate the absence of the embodiments of the plant described above and of the units of other related embodiments.
While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention.

Claims (4)

1. A bridging method based on VF promiscuous mode is characterized by comprising the following steps:
step 1, setting a VF hybrid mode supporting system platform on a VF hybrid mode system platform; the setting supports a VF promiscuous mode, which comprises a VF manual starting promiscuous mode for distributing SR-IOV for the virtual machine, and is used for ensuring that all the flow received by the PF can be sent to the corresponding VF;
the setting of the VF hybrid mode also comprises bridging interfaces corresponding to two VFs respectively belonging to different PFs in the virtual machine so as to realize the bridging function of the interior of the virtual machine on VFs derived from different PFs;
step 2, setting a sniff supporting mode: enabling a VF promiscuous mode for an SR-IOV used by a virtual machine, wherein the VF receives all request and response flows to realize bypass monitoring and detection;
step 3, starting a VF hybrid mode: in a normal state, setting a VF hybrid mode as default closing to avoid network congestion of the virtual machine; when a user needs a specific VF to support a VF promiscuous mode or a sniffing mode, manually starting the promiscuous mode for the specific VF;
step 4, configuring a built-in bridge mode to support port mirror images, and configuring the port mirror images on the basis of realizing the built-in bridge mode of the virtual machine for VFs derived from different PFs: when a VF manual start promiscuous mode for distributing SR-IOV for a virtual machine, the flow on the designated VF on the same PF is mirrored to another VF;
step 6, the physical interface starts the VF hybrid mode data flow direction control to control the forwarding and flow direction control of the data between the PF and the VF;
the VF hybrid mode data flow direction control method comprises the following sub-steps:
step 6.1, appointing PF, judging whether it is an outgoing message; if so, continuing to judge whether the target MAC/VLANtags is in the local MAC table, and if not, sending out the target MAC/VLANtags through the PF;
step 6.2, if the judgment is not the outbound message, continuously judging whether the open promiscuous mode VF exists; if the current MAC/VLANtags do not exist, the target MAC/VLANtags are continuously judged to belong to the local VF; if not, discarding the message; if the judgment judges that the target MAC/VLANtags belongs to the local VF, the target MAC/VLANtags is sent to the designated VF, and then whether the VF is configured as the mirror image source VF or not is judged, if the VF is configured as the mirror image source VF, the flow is copied to the mirror image target VF, and if the VF is not configured as the mirror image source VF, the message operation is ended;
step 6.3, if the started promiscuous mode VF exists, continuously judging whether the VF promiscuous mode is matched with the type of the message; if the MAC/VLANtags are matched with the local MAC table, the step 6.1 is repeated to judge whether the target MAC/VLANtags are in the local MAC table or not, and if the target MAC/VLANtags are not in the local MAC table, the target MAC/VLANtags are sent out through the PF; if the VF hash mode is judged not to be matched with the message type, the message is discarded.
2. A VF promiscuous mode-based bridging method as claimed in claim 1, wherein said step 3 of manually turning on promiscuous mode for specific VF further comprises the following sub-steps:
step 3.1, the sub-steps of starting the promiscuous mode for the specific VF are as follows:
portpromiscuous < physical port name > < VF number > < promiscuous mode ID > < vlan tag >.
3. The VF promiscuous mode-based bridging method according to claim 1, wherein said configuring internal bridging mode supported port mirror in step 4 further comprises the following sub-steps:
the configured built-in bridge mode supports port mirroring, and the configured port mirroring policy may be:
the port mirror < physical port name > < mirror destination VF > < mirror source VF > < mirror mode >.
4. The VF promiscuous mode-based bridging method as claimed in claim 1, further comprising: and 5, configuring communication between the virtual machines: unique and unchangeable MAC addresses are distributed to the VFs on each PF through the MACpool function so as to ensure the uniqueness of the MAC addresses of the virtual machine interfaces using the VFs, and when different virtual machines use the VFs on the same PF for communication, the SR-IOV virtual switch can correctly carry out MAC addressing according to the MAC address table so as to realize the intercommunication of the virtual machines.
CN201710063559.2A 2017-02-03 2017-02-03 Bridging method and system based on VF promiscuous mode Active CN108390809B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710063559.2A CN108390809B (en) 2017-02-03 2017-02-03 Bridging method and system based on VF promiscuous mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710063559.2A CN108390809B (en) 2017-02-03 2017-02-03 Bridging method and system based on VF promiscuous mode

Publications (2)

Publication Number Publication Date
CN108390809A CN108390809A (en) 2018-08-10
CN108390809B true CN108390809B (en) 2020-12-11

Family

ID=63075901

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710063559.2A Active CN108390809B (en) 2017-02-03 2017-02-03 Bridging method and system based on VF promiscuous mode

Country Status (1)

Country Link
CN (1) CN108390809B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111865801B (en) 2019-04-24 2021-10-22 厦门网宿有限公司 Virtio port-based data transmission method and system
CN111917894A (en) * 2020-03-19 2020-11-10 北京融汇画方科技有限公司 Network card mixed mode detection technology
CN112202646B (en) * 2020-12-03 2021-02-26 观脉科技(北京)有限公司 Flow analysis method and system
CN112905303B (en) * 2021-03-05 2024-04-09 深圳市网心科技有限公司 Non-perception network bridging method and device based on wired network card
CN113923080B (en) * 2021-10-11 2023-12-19 中认车联网技术服务(深圳)有限公司 Video signal monitoring platform based on vehicle-mounted Ethernet and data analysis method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102334112A (en) * 2009-02-27 2012-01-25 美国博通公司 Method and system for virtual machine networking
CN103621026A (en) * 2013-04-01 2014-03-05 华为技术有限公司 Virtual machine data exchange method, apparatus and system
CN103778018A (en) * 2014-01-16 2014-05-07 江苏华丽网络工程有限公司 Method for PCIE (Peripheral Component Interface Express) virtualized management
CN103873374A (en) * 2014-03-27 2014-06-18 杭州华三通信技术有限公司 Message processing method and device in virtualized system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9092274B2 (en) * 2011-12-07 2015-07-28 International Business Machines Corporation Acceleration for virtual bridged hosts

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102334112A (en) * 2009-02-27 2012-01-25 美国博通公司 Method and system for virtual machine networking
CN103621026A (en) * 2013-04-01 2014-03-05 华为技术有限公司 Virtual machine data exchange method, apparatus and system
CN103778018A (en) * 2014-01-16 2014-05-07 江苏华丽网络工程有限公司 Method for PCIE (Peripheral Component Interface Express) virtualized management
CN103873374A (en) * 2014-03-27 2014-06-18 杭州华三通信技术有限公司 Message processing method and device in virtualized system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于SR_IOV的IO虚拟化技术;李超;《电脑与信息技术》;20101015;第18卷(第5期);全文 *

Also Published As

Publication number Publication date
CN108390809A (en) 2018-08-10

Similar Documents

Publication Publication Date Title
CN108390809B (en) Bridging method and system based on VF promiscuous mode
US8989188B2 (en) Preventing leaks among private virtual local area network ports due to configuration changes in a headless mode
JP6605713B2 (en) Packet processing method, host and system in cloud computing system
US8462666B2 (en) Method and apparatus for provisioning a network switch port
WO2018086013A1 (en) Packet processing method in cloud computing system, host, and system
US8891375B2 (en) System and method for virtual Ethernet interface binding
US8379642B2 (en) Multicasting using a multitiered distributed virtual bridge hierarchy
US8472443B2 (en) Port grouping for association with virtual interfaces
US8619796B2 (en) Forwarding data frames with a distributed fiber channel forwarder
US8489763B2 (en) Distributed virtual bridge management
US20150135177A1 (en) Method and system for virtual port communications
US8571408B2 (en) Hardware accelerated data frame forwarding
US20100014526A1 (en) Hardware Switch for Hypervisors and Blade Servers
US8064458B2 (en) Method and apparatus for simulating IP multinetting
US8601133B1 (en) Highly scalable data center architecture with address resolution protocol (ARP)-free servers
CN114070723B (en) Virtual network configuration method and system of bare metal server and intelligent network card
US9590855B2 (en) Configuration of transparent interconnection of lots of links (TRILL) protocol enabled device ports in edge virtual bridging (EVB) networks
CN114338606B (en) Public cloud network configuration method and related equipment
US10257118B2 (en) Implementation method and device for VLAN to access VF network, and FCF
US10554618B2 (en) Domain identifier based access policy control
US20230017053A1 (en) Service chaining in fabric networks
CN108989206B (en) Message forwarding method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100125 Beijing city Chaoyang District Liangmaqiao Road No. 40 building 10 room 1001, twenty-first Century

Applicant after: Beijing Huayao Technology Co., Ltd

Address before: 100125 Beijing city Chaoyang District Liangmaqiao Road No. 40 building 10 room 1001, twenty-first Century

Applicant before: Huayao (China) Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant