CN108471383B

CN108471383B - Message forwarding method, device and system

Info

Publication number: CN108471383B
Application number: CN201810130678.XA
Authority: CN
Inventors: 何灿; 李晓; 徐聪; 黄志�
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Cloud Computing Technologies Co Ltd
Priority date: 2018-02-08
Filing date: 2018-02-08
Publication date: 2021-02-12
Anticipated expiration: 2038-02-08
Also published as: CN108471383A

Abstract

The application provides a message forwarding method, a message forwarding device and a message forwarding system. The message forwarding method is applied to a message forwarding system, the message forwarding system comprises a virtual switch and at least one virtual machine, the virtual switch comprises an integrated network bridge and an intranet network bridge, each virtual machine is connected with the integrated network bridge, and a preset flow table is stored in the intranet network bridge. The message forwarding method comprises the following steps: the internal network bridge receives the message sent by the integrated network bridge; and the intranet bridge forwards the message according to the message and a preset flow table. According to the message forwarding method, the internal network bridge is adopted to replace a name space in the existing message forwarding technology, the internal network bridge receives the message forwarded by the integrated network bridge and forwards the message according to the message and the preset flow table stored in the internal network bridge, so that switching between a user mode and an inner core mode caused when the name space forwards the message is avoided, and the message forwarding performance is improved.

Description

Message forwarding method, device and system

Technical Field

The present application relates to network technologies, and in particular, to a method, an apparatus, and a system for forwarding a packet.

Background

In a cloud computing virtual network based on a cloud computing management platform Openstack, there are two types of important traffic: one is communication message traffic between Virtual Machines (VMs) belonging to different subnets, and this type of traffic generally uses a Distributed Virtual Router (DVR) technology when being forwarded, and this type of traffic is referred to as DVR traffic; the other is communication message traffic between the VM and the external network Internet, and this type of traffic generally uses Floating IP (FIP) technology when forwarding, and this type of traffic is called FIP traffic.

In a cloud computing virtual network, route forwarding of DVR traffic and FIP traffic is generally implemented by using Linux namespace technology and policy routing technology. Fig. 1 is a schematic diagram of an embodiment of an architecture of a conventional virtual network system 100. Policy path information is stored in the intranet namespace 104 and the extranet namespace 107, respectively, and is used for identifying and forwarding different flows. Fig. 1 shows an example of a message communication path in forwarding of DVR traffic and FIP traffic. The communication path of DVR traffic is shown by the solid line in fig. 1: first virtual machine 101 → first virtual machine bridge 102 → integrated bridge (BR-INT)103 → intranet namespace 104 → BR-INT103 → second virtual machine bridge 105 → second virtual machine 106. The communication path of FIP traffic is shown in fig. 1 by the dashed line: first virtual machine 101 → first virtual machine bridge 102 → BR-INT103 → Intranet namespace 104 → Extranet namespace 107 → BR-INT103 → Extranet.

Referring to the communication path shown in fig. 1, a DVR traffic packet enters and exits an intranet namespace once during forwarding, and an FIP traffic packet enters and exits the intranet namespace and an extranet namespace once during forwarding. Because namespace is an environment isolation method at kernel level, user mode kernel mode switching processing of an operating system exists when a message enters and exits namespace every time, and serious performance loss is brought by the user mode kernel mode switching processing. Therefore, the performance of the existing message forwarding mode is low.

Disclosure of Invention

The application provides a message forwarding method, a message forwarding device and a message forwarding system, which are used for solving the problem of low performance of the existing message forwarding mode.

In a first aspect, the present application provides a message forwarding method, which is applied to a message forwarding system, where the message forwarding system includes a virtual switch and at least one virtual machine, the virtual switch includes an integrated network bridge, an internal network bridge, and an external network bridge, each virtual machine is connected to the integrated network bridge, and a preset flow table is stored in the internal network bridge; the method comprises the following steps:

the intranet bridge receives a message sent by the integrated bridge; and the intranet bridge forwards the message according to the preset flow table.

The intranet bridge is adopted to replace namespace in the prior art, the intranet bridge receives the message sent by the integrated bridge and forwards the message according to the message and the preset flow table stored in the intranet bridge, so that switching between a user mode and an inner core mode caused when the message is forwarded in the namespace is avoided, and the message forwarding performance is improved.

In a possible implementation manner, the packet carries a type identifier, and the type identifier is used for indicating a destination network segment of the packet;

the intranet bridge forwards the message according to the message and the preset flow table, and the forwarding method comprises the following steps:

the intranet bridge matches the message with each flow table entry in the preset flow table according to the type identifier of the message in a preset sequence until determining a first flow table entry matched with the message; the type identification in the message is the same as the type identification in the first flow table item; and the intranet bridge forwards the message according to the first flow table item.

In a possible implementation manner, when the first flow entry does not include a type identifier, the packet is matched with the first flow entry.

The message received by the intranet bridge carries the type identification, so that the intranet bridge can conveniently analyze only the Ethernet message header of the message without analyzing three layers of information such as the IP message header of the message, and the message forwarding performance is improved. The flow table item matched with the message is determined in the preset flow table according to the type identifier of the message, and then the message is forwarded according to the matched flow table item, so that the message forwarding process is simplified, and the problems that a Linux command related to the message entering and exiting namespace needs to be analyzed and a routing strategy stored in the namespace needs to be analyzed in the conventional message forwarding mode are solved.

In a possible implementation manner, the packet carries a type identifier, and the type identifier is used for indicating a destination network segment of the packet; the intranet bridge forwards the message according to the preset flow table, and the forwarding comprises the following steps:

the intranet bridge matches the message with each flow table entry in the preset flow table according to the type identifier and the metadata of the message in a preset sequence until a second flow table entry matched with the message is determined; the type identification in the message is the same as the type identification in the second flow table item;

the intranet bridge modifies the metadata of the message according to the second flow table entry to obtain a modified message;

the intranet bridge matches the modified message with each flow table item in the preset flow table according to the type identifier and the metadata of the modified message according to a preset sequence until a third flow table item matched with the modified message is determined;

and the intranet bridge forwards the message according to the third flow table item.

In a possible implementation manner, when the second flow entry does not include a type identifier, the packet is matched with the second flow entry.

In the above embodiment, the intranet bridge modifies the packet according to the flow entry matched with the packet before modification, and then implements packet forwarding according to the flow entry matched with the modified packet, and implements a port for forwarding the packet through an individual flow entry, thereby reducing workload for modifying the flow table when port identification changes, improving stability of the flow table and readability of flow table codes, and being beneficial to implementation of the flow table codes.

In a possible implementation manner, when the type identifier indicates that the destination network segment of the packet is an intranet segment, the packet output port indicated by the first flow table entry is an integrated bridge port;

the forwarding of the message by the intranet bridge according to the first flow table entry includes:

the intranet bridge forwards the message to the integrated bridge through the integrated bridge port;

and the integrated network bridge forwards the message to the destination address of the message.

In a possible implementation manner, when the type identifier indicates that the destination network segment of the packet is an external network segment, the packet output port indicated by the first flow table entry is an external network bridge port;

and the internal network bridge forwards the message to the external network bridge through the external network bridge port.

In a possible implementation manner, when the type identifier indicates that a destination network segment of the packet is a preset network segment, a packet output port indicated by the first flow table entry is a preset port of a destination device indicated by a destination address of the packet;

and the intranet bridge forwards the message to the destination equipment indicated by the destination address of the message through the preset port.

Before the intranet bridge receives the message sent by the integrated bridge, the message forwarding method further includes:

the virtual machine network bridge receives a message sent by a virtual machine;

the virtual machine network bridge determines the type identification of the message according to the destination network segment of the message, and adds the type identification in the message;

and the virtual machine bridge forwards the message carrying the type identifier to the integrated bridge.

The message carries the type identifier, which facilitates the intranet bridge to only analyze the Ethernet message header of the message without analyzing three layers of information such as the IP message header of the message, and also avoids setting an IP address routing table in the intranet bridge, thereby simplifying the forwarding flow of the intranet bridge, facilitating the intranet bridge to forward the message, and improving the message sending performance.

In a possible implementation manner, before the intranet bridge receives the message sent by the integrated bridge, the message forwarding method further includes:

the integrated network bridge receives a message sent by the virtual machine network bridge;

and the integrated network bridge forwards the message to the intranet network bridge.

In a possible implementation manner, before the integrated bridge forwards the packet to the intranet bridge, the packet forwarding method further includes:

and the integrated network bridge determines that the message is a three-layer message according to the destination Media Access Control (MAC) address of the message.

In a possible implementation manner, the message forwarding method further includes:

and if the integrated network bridge determines that the message is a two-layer message according to the destination MAC address of the message, the integrated network bridge forwards the message to the destination MAC address.

Before sending the message to the intranet bridge, the integrated bridge needs to determine whether the message belongs to a three-layer message or not, so that the phenomenon that the two-layer message is sent to the intranet bridge is avoided, and the workload of the intranet bridge is reduced.

the outer network bridge receives the message sent by the inner network bridge, modifies the target MAC address of the message into the MAC address of the outer network gateway, and obtains the outer network message;

the external network bridge forwards the external network message to the integrated network bridge;

In a second aspect, the present application further provides a message forwarding apparatus, configured to execute the message forwarding method of the first aspect, and have the same technical features and technical effects. This application will not be described in detail herein.

A second aspect of the present application provides a message forwarding apparatus,

the system comprises an integrated network bridge, an internal network bridge and an external network bridge, wherein a preset flow table is stored in the internal network bridge; the intranet bridge is configured to,

receiving a message sent by the integrated network bridge;

and forwarding the message according to the preset flow table.

the intranet bridge is specifically configured to match the packet with each flow table entry in the preset flow table according to the type identifier of the packet in a preset sequence until a first flow table entry matched with the packet is determined; wherein, the type identifier in the message is the same as the type identifier in the first flow table item; and forwarding the message according to the forwarding flow table entry.

In one possible embodiment, the intranet bridge is specifically configured to,

according to the type identification and the metadata of the message, matching the message with each flow table item in the preset flow table according to a preset sequence until a second flow table item matched with the message is determined; the type identification in the message is the same as the type identification in the second flow table item;

and forwarding the message according to the third flow table.

In a possible implementation manner, when the type identifier indicates that the destination network segment of the packet is an intranet segment, the packet output port indicated by the forwarding flow table entry is an integrated bridge port;

the intranet bridge is specifically configured to forward the packet to the integrated bridge through the integrated bridge port;

and the integrated network bridge is also used for forwarding the message to the destination address of the message after receiving the message sent by the intranet network bridge.

In a possible implementation manner, when the type identifier indicates that the destination network segment of the packet is an external network segment, the packet output port indicated by the forwarding flow table entry is an external network bridge port;

the intranet bridge is specifically configured to forward the packet to the extranet bridge through the extranet bridge port.

In a possible implementation manner, when the type identifier indicates that a destination network segment of the packet is a preset network segment, a packet output port indicated by the forwarding flow table entry is a preset port of a destination device indicated by a destination address of the packet;

the intranet bridge is specifically configured to forward the packet to the destination device indicated by the destination address of the packet through the preset port.

In a possible embodiment, the integrated bridge is configured to receive a packet sent by a virtual machine through a virtual machine bridge, and forward the packet to the intranet bridge.

In a possible implementation manner, the integrated bridge is further configured to determine that the packet is a three-layer packet according to a destination MAC address of the packet before forwarding the packet to the intranet bridge.

In a possible implementation manner, the integrated network bridge is further configured to forward the packet to the destination MAC address if it is determined that the packet is a layer two packet according to the destination MAC address of the packet.

In a possible implementation manner, the external network bridge is configured to receive a message sent by the internal network bridge, modify a destination MAC address of the message into an MAC address of an external network gateway, and obtain an external network message; forwarding the outer network packet to the integrated network bridge;

In a third aspect, the present application further provides a packet forwarding system, where the packet forwarding system includes a packet forwarding apparatus and at least one virtual machine in any possible implementation of the above second or fifth aspect, and each virtual machine is connected to the integrated bridge through a virtual machine bridge corresponding to each virtual machine; the virtual machine network bridge is used for receiving a message sent by a virtual machine; determining the type identifier of the message according to the destination network segment of the message, and adding the type identifier in the message; and forwarding the message carrying the type identifier to the integrated network bridge.

In a fourth aspect, the present application further provides a host, including a processor, a memory, a communication interface, and a bus, where the processor, the memory, and the communication interface are connected via the bus and complete communication therebetween, the memory is used to store a computer execution instruction, and when the host runs, the processor executes the computer execution instruction in the memory to execute the operation steps in the first aspect or any possible implementation of the first aspect by using hardware resources in the host.

A fifth aspect of the present application provides a computer-readable storage medium having stored therein instructions which, when run on a computer, cause the computer to perform the instructions of the first aspect or the method of any possible implementation of the first aspect.

The present application may be further combined to provide further implementations on the basis of the implementations provided by the above-mentioned aspects.

Drawings

FIG. 1 is a diagram of an embodiment of a conventional virtual network system 100;

fig. 2 is a schematic diagram of a first embodiment of a message forwarding system architecture applicable to the embodiment of the present application;

fig. 3 is a schematic flowchart of a message forwarding method according to an embodiment of the present application;

fig. 4 is a schematic flowchart of a message forwarding method according to a second embodiment of the present application;

fig. 5 is a schematic flowchart of a packet forwarding method according to a third embodiment of the present application;

fig. 6 is a schematic flowchart of a message forwarding method according to a fourth embodiment of the present application;

fig. 7 is a schematic signaling flow diagram of a packet forwarding method according to a fifth embodiment of the present application;

fig. 8 is a schematic structural diagram of a host according to an embodiment of the present application.

Detailed Description

In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly described below with reference to the drawings in the embodiments of the present application. It is to be understood that the described embodiments are merely exemplary of some, and not all, of the present application.

Fig. 2 is a schematic diagram of a first embodiment of a message forwarding system architecture applicable to this embodiment. As shown in fig. 2, the message forwarding system 200 provided in this embodiment at least may include a virtual switch (OpenvSwitch)10 and at least one virtual machine. In fig. 2, three virtual machines, a first virtual machine 21, a second virtual machine 22, and a third virtual machine 23, are exemplified. Illustratively, virtual switch 10 and virtual machines are deployed on one compute node. The virtual switch 10 includes an integrated bridge (BR-INT)11, an intranet bridge (DVR)12, and an extranet bridge (FIP) 13. Each virtual machine is connected to the integrated bridge 11 via a respective virtual machine bridge (qbr). For example, the first virtual machine 21 is connected to the integrated bridge 11 via a corresponding first virtual machine bridge 31, the second virtual machine 22 is connected to the integrated bridge 11 via a corresponding second virtual machine bridge 32, and the third virtual machine 23 is connected to the integrated bridge 11 via a corresponding third virtual machine bridge 33. It should be noted that, in the message forwarding system 200 provided in the embodiment of the present application, in addition to the device apparatus shown in fig. 2, the message forwarding system 200 may further include other devices such as a virtual memory, which is not limited herein.

Virtual switch 10 is a type of virtual switching software running on a virtualization platform. The virtual switch 10 can well control access policies, network isolation, traffic monitoring, etc. in the virtual network. Illustratively, the virtual switch 10 may be used to pass traffic between different virtual machines and to enable communication between the virtual machines and an external network. The virtual switch 10 may be deployed in a Linux operating system. The flow tables are stored in the integrated network bridge 11, the internal network bridge 12 and the external network bridge 13, and are used for forwarding the packet. The flow table is a set of a series of message forwarding rules, and the virtual switch 10 processes the messages entering the virtual switch 10 according to the flow table configured inside each bridge.

The integrated bridge 11, the intranet bridge 12 and the extranet bridge 13 in the virtual switch 10 are connected through a patch port, and message transmission among the bridges is in the same data path, so that switching between a kernel mode and a user mode is not caused. Illustratively, the intranet bridge 12 is communicatively connected to the integrated bridge 11 through a patch port 1 and a patch port 2, for example, the integrated bridge 11 sends a message of a first subnet to the intranet bridge 12 through the port 1, the integrated bridge 11 sends a message of a second subnet to the intranet bridge 12 through the port 2, the intranet bridge 12 may send a message of a destination network segment belonging to the first subnet to the integrated bridge 11 through the port 1, and the intranet bridge 12 may send a message of the destination network segment belonging to the second subnet to the integrated bridge 11 through the port 2. Intranet bridge 12 passes through patch port 5 and outer net bridge 13's patch port 6 communication connection, and outer net bridge 13 passes through patch port 7 and integrated bridge 11 communication connection, is provided with intranet gateway port 3 on the intranet bridge 12, and when the destination address of the message that intranet bridge 12 received was intranet gateway's address, intranet bridge 12 sent the message to port 3. The external network bridge 13 is provided with an external network gateway port 8, and when the destination address of the message received by the external network bridge 13 is the address of the external network gateway, the external network bridge 13 sends the message to the port 8.

Multiple virtual machines in the message forwarding system 200 may belong to the same or different subnets, and virtual machines within the same subnet have the same subnet mask. Messages are sent and received between the virtual machines through the virtual switch 10. The virtual switch 10 monitors and forwards the message sent by the virtual machine.

The virtual machine is connected with the virtual machine switch 10 through a virtual machine bridge, so as to realize communication with other virtual machines or an external network, and the virtual machine bridge is provided with iptables. The Iptables is a firewall of the Linux operating system, comprises a plurality of rules, can be used for realizing security groups, detects messages and realizes access control.

When a message is transmitted in the existing virtual network system shown in fig. 1, the message will enter and exit namespace no matter whether the message is DVR traffic or FIP traffic. The namespace is an environment isolation method at a kernel level, user mode kernel mode switching processing exists when a message enters and exits the namespace every time, and the user mode kernel mode switching processing causes serious performance loss and influences the forwarding speed of the message. Therefore, in the existing message forwarding method, the communication performance of the message is poor, the time delay is long, and the flow throughput is low.

In order to improve the performance of message forwarding, embodiments of the present application provide a message forwarding method, device, and system.

The following describes a message forwarding method, a message forwarding device, and a message forwarding system provided in the embodiments of the present application in detail with reference to specific embodiments. In the following several embodiments, the same or similar concepts or processes may not be described in detail in some embodiments.

One aspect of the present application provides a method for forwarding a packet. Fig. 3 is a schematic flowchart of a message forwarding method according to an embodiment of the present application. The message forwarding method provided in this embodiment is applied to the message forwarding system 200 shown in fig. 2. As shown in fig. 3, the message forwarding method provided in this embodiment includes:

s301, the first virtual machine 21 sends a message to the first virtual machine bridge 31.

Illustratively, each virtual machine is connected to the virtual switch 10 through a virtual machine bridge, so that when the virtual machine performs message forwarding, the virtual machine first sends a message to the virtual machine bridge. In the following embodiments of the present application, the first virtual machine 21 is taken as an example to exemplarily describe a method for forwarding a blog entry.

S302, the first virtual machine network bridge 31 determines the type of the message according to the destination network segment of the received message, and adds the type identifier to the message.

For example, the first virtual machine bridge 31 classifies the message to obtain the type of the message by using iptables, and adds a tag corresponding to the type in the message according to the type of the message. For example, the first virtual machine bridge 31 may classify the packet according to the destination network segment of the packet, and may specifically assign different values to the type identifier pkt _ mark of the packet to add the type identifier in the packet.

Specifically, the process of adding the type identifier to the packet may specifically include:

s3021, judging whether the destination network segment of the message is an intranet segment; if yes, executing S3022; if not; then S3024 is performed;

s3022, judging whether the destination network segment of the message is a virtual machine address; if yes, executing S3023; if not; then S3025 is performed;

s3023, assigning the pkt _ mark of the message to be an IP address of the destination virtual machine represented by a 16-system;

s3024, assigning the pkt _ mark of the message as a first numerical value; the first value may be 0x7f 000002.

S3025, assigning the pkt _ mark of the message as a second numerical value; the second value may be 0x7f 000004.

Illustratively, when it is determined that the destination network segment of the packet does not belong to the intranet segment and the type of the packet is FIP traffic, the pkt _ mark of the packet is assigned to 0x7f 000002. When the target network segment of the message is determined to belong to the intranet segment, further determining whether the target network segment of the message belongs to the virtual machine address, if so, determining that the type of the message is DVR flow, and assigning pkt _ mark of the message to be a target IP address expressed by a 16-system; if not, the target network segment of the message is regarded as a preset network segment, the type of the message is determined to be other flow, and the pkt _ mark of the message is assigned to be 0x7f 000004. For example, in this embodiment, a rule for packet classification is added to an original iptables in the virtual machine bridge, so that the virtual machine bridge is slightly modified, an IP address routing table is not set in the internal network bridge, and the overall performance of the packet forwarding system is improved.

S303, the first virtual machine bridge 31 sends the packet with the type identifier to the integrated bridge 11.

S304, the integrated network bridge 11 determines whether the message belongs to a three-layer message according to the destination MAC address of the message; if not, executing S305; if yes, executing S306;

for example, after receiving the packet with the type identifier, the integrated network bridge 11 may determine that the packet belongs to a two-layer packet if it is determined that the virtual machine receiving the packet and the virtual machine sending the packet belong to the same subnet according to the destination MAC address of the packet, and may determine that the packet belongs to a three-layer packet if it is determined that the destination MAC address of the packet is the network management MAC address. The two-layer message refers to traffic in the same subnet, the integrated bridge 11 may directly send the two-layer message to the virtual machine in the subnet without passing through the intranet bridge 12 and the extranet bridge 13, and the three-layer message refers to traffic between different subnets, such as DVR traffic and FIP traffic. Because the two-layer message can be directly forwarded through the integrated network bridge 11 without passing through the route of the intranet network bridge 12, before the message is sent to the intranet network bridge 12, the integrated network bridge 11 needs to determine whether the message belongs to the three-layer message or not, so as to avoid sending the two-layer message to the intranet network bridge 12, and reduce the workload of the intranet network bridge 12.

S305, the integrated bridge 11 forwards the packet to the destination MAC address.

S306, the integrated network bridge 11 sends the message to the intranet bridge 12.

S307, the intranet bridge 12 forwards the packet according to the type identifier in the packet and a preset flow table in the intranet bridge 12.

Illustratively, the intranet bridge 12 determines a flow entry corresponding to the packet according to the type identifier in the packet, and forwards the packet according to the flow entry. Specifically, when the flow table entry matched with the message is determined in the preset flow table, the flow table entries are matched one by one according to a preset sequence of the flow table entries in the preset flow table. Different messages of the target network segment are matched with different flow table items, so that the action after the matching corresponding to the different flow table items is executed, and the messages of different target network segments are forwarded through different ports.

Illustratively, the manner in which the intranet bridge 12 forwards the packet according to the preset flow table specifically includes:

s3071, the intranet bridge 12 determines whether the pkt _ mark value of the message is a second value according to the type identifier of the message; if yes, go to S3072; if not; then S3073 is performed;

for example, taking pkt _ mark as a matching object, matching the message with each flow entry in a preset flow table according to a preset sequence, and if the message can be matched with the flow entry whose pkt _ mark is a second value, then the intranet bridge 12 performs the action after matching the flow entry, that is, S3072.

S3072, the intranet bridge 12 forwards the packet to the destination MAC address.

When the destination network segment of the message is determined to be the preset network segment, the intranet bridge 12 can directly send the message to the destination MAC address according to the destination MAC address of the message.

S3073, judging whether the pkt _ mark value of the message is a first numerical value or not and whether the value of the metadata of the message is 0 or not; if yes, go to S3074; if not; then S3075 is performed;

for example, the initial value of the metadata of the message received by the intranet bridge 12 is 0. Taking pkt _ mark and metadata as matching objects, matching the message with each flow table entry in a preset flow table according to a preset sequence, and if the message and pkt _ mark are the first numerical value and a flow table entry with a metadata value of 0 can be matched, then the intranet bridge 12 performs the action after matching the flow table entry, that is, S3074.

S3074, modifying the value of the metadata of the message to be 2, and executing S3071;

exemplarily, the value of the metadata of the packet is modified to 2, so that the modified packet can be matched with the flow entry whose pkt _ mark value is the first value and the value of the metadata of the packet is 2, thereby performing the post-matching action of the flow entry.

Illustratively, in the actual matching process, the intranet bridge 12 determines the flow table entries matched with the respective messages according to the type identifier, metadata, and other information carried by the messages. The matched action in each flow entry usually indicates different ports, so that the intranet bridge 12 sends out messages of different destination network segments through different ports, and message forwarding is realized. The port identifier is not fixed, and may change when the virtual switch is restarted, and at this time, the port identifier in each flow entry needs to be modified. Since there may be a case where a plurality of flow entries indicate the same port, it is a large work to modify the port identification in the flow entry one by one. In order to simplify the flow table modification process, a port flow table entry can be specially designed for each port in a preset flow table, so that when the port identifier changes, only the port identifier in each port flow table entry needs to be modified. Correspondingly, the original flow table entry does not indicate a port any more, but is used for indicating the metadata in the modification message.

S3075, judging whether the value of the metadata of the message is 0 or not; if yes, go to S3076; if not, executing S3077;

for example, when it is determined according to S3071 that the message does not belong to the message whose destination network segment is the preset network segment and the message does not belong to the DVR traffic of the unmodified metadata, it is determined according to the metadata value that the message is the FIP message or the DVR traffic of the modified metadata.

S3076, modifying the value of the metadata of the message to be 5, and executing S3071;

for example, when the metadata value of the message is 0, the message is determined to be DVR traffic, and the metadata value of the modified message is 5.

S3077, judging whether the value of the metadata of the message is 2; if yes, go to S3078; if not, executing S3080;

s3078, the intranet bridge 12 forwards the packet to the extranet bridge 13;

s3079, the external network bridge 13 forwards the message to the integrated network bridge 11; executing S308;

illustratively, the external network bridge 12 modifies the destination MAC address of the packet into the MAC address of the external network gateway after receiving the packet, and then sends the modified packet to the integrated bridge 11.

S3080, judging whether the value of the metadata of the message is 2; if yes, go to S3081; if not, executing S3082;

illustratively, when the destination network segment of the packet is determined to be the external network segment according to the type identifier of the packet, the internal network bridge 12 sends the packet to the external network bridge 13.

S3081, forwarding the message to the integrated network bridge 11 by the intranet network bridge 12; executing S308;

illustratively, when the destination network segment of the packet is determined to be the intranet segment according to the type identifier of the packet, the intranet bridge 12 modifies the source MAC address and the destination MAC address of the packet, and then sends the modified packet to the integrated bridge 11.

S3082, the intranet bridge 12 discards the message.

S308, the integrated network bridge 11 receives the packet sent by the intranet bridge 12 or the extranet bridge 13, and forwards the packet to the destination address of the packet.

Illustratively, the integrated bridge 11 forwards the message after receiving the message sent by the internal network bridge 12 or the external network bridge 13, and the manner of forwarding the message by the integrated bridge in this step is the same as that of forwarding the message by the existing integrated bridge.

In this embodiment, the internal network bridge and the external network bridge are used to replace namespace in the prior art, the intranet bridge receives the message sent by the integrated network bridge and forwards the message according to the message and the preset flow table, so that switching between a user mode and an inner core mode caused by the forwarding of the message by the namespace is avoided, and the message forwarding performance is improved.

One aspect of the present application provides a method for forwarding a packet. Fig. 4 is a flowchart illustrating a message forwarding method according to a second embodiment of the present application. In this embodiment, the intranet bridge is used to replace namespace in the prior art, the intranet bridge receives the message sent by the integrated bridge, and forwards the message according to the message and the preset flow table, so that switching between a user mode and an inner core mode caused by the namespace when forwarding the message is avoided, and the message forwarding performance is improved. As shown in fig. 4, the message forwarding method provided in this embodiment is applied to the message forwarding system 200 shown in fig. 2, and an execution main body of the message forwarding method may be the intranet bridge 12 in fig. 2. Illustratively, the packet forwarding method includes:

s401, the intranet bridge receives the message sent by the integrated bridge.

Illustratively, when the first virtual machine 21 sends a message to the outside, the first virtual machine 21 sends the message to the virtual switch 10, and the virtual switch 10 sends the message to different destination addresses through different ports according to different destination IP addresses of the message. Further, inside the virtual machine switch 10, the message is first sent to the integrated network bridge 11, and then the integrated network bridge 11 sends the message to the intranet network bridge 12. Illustratively, the integrated bridge 11 may be the same as the integrated bridge 103 in the existing virtual network system 200. The intranet bridge 12 is used for replacing the existing intranet namespace 104, the function of message routing in namespace is achieved, the intranet bridge 12 and the integrated bridge 11 communicate through a patch port, when a message is sent to the intranet bridge 12 from the integrated bridge 11, the message is consistently located on the same data path datapath, switching between an inner core state and a user state is not generated as the same as the namespace, the message forwarding performance is improved, the message forwarding delay is reduced, and the message flow throughput is improved.

S402, the intranet bridge forwards the message according to a preset flow table.

Illustratively, the intranet bridge 12 is used to implement forwarding of the message. Specifically, the intranet bridge 12 stores a preset flow table, where the flow table includes at least one flow table entry. The intranet bridge 12 determines a processing mode of message matching in a preset flow table according to information such as a destination network segment or a quintuple of the message, and sends the message according to the matching processing mode. The packet carries quintuple information, which includes: source IP address, source port, destination IP address, destination port, and transport layer protocol. The destination network segment of the message can be determined according to the destination IP address of the message. Illustratively, the destination network segment of the message may be divided into an intranet segment, an extranet segment, and the like. When the destination network segment of the message is an intranet segment, the message belongs to messages between different virtual machines, the virtual machine sending the message and the virtual machine receiving the message belong to different subnets, and the message belongs to DVR flow at the moment. When the destination network segment of the message is an external network segment, the message belongs to the message between the virtual machine and the external network, at the moment, the virtual machine sending the message communicates with the virtual machine receiving the message through the external network, and the message belongs to FIP flow. For example, when the destination IP address of the packet and the source IP address of the packet have the same subnet mask, the virtual machine that sends the packet and the virtual machine that receives the packet belong to the same subnet. When the destination IP address of the message and the source IP address of the message have different subnet masks, the virtual machine that sends the message and the virtual machine that receives the message belong to different subnets.

Illustratively, when the destination network segment of the message is an intranet segment, the intranet bridge 12 determines, according to the destination IP address of the message, a processing mode of matching the message in a preset flow table to return the message to the integrated bridge 11, and the integrated bridge 11 sends the message to the destination address of the message; when the destination network segment of the message is the gateway, the intranet bridge 12 determines that the message is directly sent to the gateway according to the destination IP address of the message in the preset flow table in a processing mode of message matching. By adopting the intranet bridge 12 to replace the intranet namespace 104 and adopting the preset flow table to replace the routing strategy in the intranet bridge 12, the intranet bridge 12 receives the message sent by the integrated bridge 11, and determines the processing mode of message matching according to the preset flow table, thereby realizing the forwarding of the message.

The embodiment of the application provides a message forwarding method, which is applied to a message forwarding system, wherein the message forwarding system comprises a virtual switch and at least one virtual machine, the virtual switch comprises an integrated network bridge and an intranet network bridge, each virtual machine is connected with the integrated network bridge, and a preset flow table is stored in the intranet network bridge. The message forwarding method comprises the following steps: the internal network bridge receives the message sent by the integrated network bridge; and the intranet bridge forwards the message according to the message and a preset flow table. The intranet bridge is adopted to replace namespace in the prior art, the intranet bridge receives the message sent by the integrated bridge and forwards the message according to the message and the preset flow table stored in the intranet bridge, so that switching between a user mode and an inner core mode caused when the message is forwarded in the namespace is avoided, and the message forwarding performance is improved.

Illustratively, on the basis of the embodiment shown in fig. 4, the embodiment of the present application further provides a message forwarding method. Fig. 5 is a flowchart illustrating a packet forwarding method according to a third embodiment of the present application. The difference from the embodiment shown in fig. 4 is that in this embodiment, the intranet bridge receives 12 the packet with the type identifier, which further improves the packet forwarding performance. As shown in fig. 5, the message forwarding method includes:

s501, the intranet bridge receives a message sent by the integrated bridge, wherein the message carries a type identifier, and the type identifier is used for indicating a destination network segment of the message.

For example, in the embodiment shown in fig. 4, in order to determine the processing mode matched with the message, three layers of information, such as an IP message header of the message, need to be analyzed to obtain a destination IP address of the message, and a destination network segment of the message is determined according to a preset IP address routing table, and then the processing mode matched with the message is determined in a preset flow table according to the destination network segment of the message. The message forwarding method has the disadvantages of complicated steps and low speed. In this embodiment, the message received by the intranet bridge 12 carries the type identifier, and the type identifier indicates the destination network segment of the message, so that the intranet bridge 12 only needs to analyze the ethernet packet header of the message, but does not need to analyze three layers of information, such as the IP packet header of the message, and an IP address routing table is also avoided being set in the intranet bridge 12, thereby simplifying the forwarding flow of the intranet bridge 12, facilitating the intranet bridge 12 to forward the message, and improving the message sending performance.

S502, the intranet bridge matches the message with each flow table entry in a preset flow table according to the type identifier of the message in a preset sequence until determining a first flow table entry matched with the message.

The type identifier in the message is the same as the type identifier in the first flow table entry, or the first flow table entry does not contain the type identifier.

Illustratively, the preset flow table includes at least one flow entry, and each flow entry may include at least basic information, a matching entry, and a post-matching action. The basic information is related information of the flow entry, and generally includes the issue time, idle time, priority, and the like of the flow entry. The matching items comprise type identifications, metadata and the like, and are used for comparing with the type identifications, the metadata and the like in the message. For example, the matching entry in the flow table entry may be less than the matching entry in the message, and at this time, the matching entry in the message is not compared, and whether the message is matched with the flow table entry is determined only according to the other matching entries in the flow table entry. The post-match action is used to indicate subsequent processing operations of the packet that matches the flow entry. Exemplary may be forwarding the message on a preset port, modifying a source/destination IP address of the message, modifying one or more matching items of the message, and the like. In the specific matching process, after receiving a message, the intranet bridge matches the type identifier of the message with each flow table entry in a preset flow table according to a preset sequence, and when detecting that the type identifier of a certain flow table entry is the same as the type identifier of the message or detecting that the certain flow table entry does not include the type identifier, the intranet bridge records the flow table entry as a first flow table entry, and determines that the first flow table entry is matched with the message. The preset sequence may be, for example, an arrangement sequence of each flow entry in the flow table or a sequence determined from high to low according to the priority of each flow entry.

S503, the intranet bridge forwards the message according to the first flow table item.

For example, after the intranet bridge 12 determines the first flow table entry matched with the packet in the preset flow table, the packet is forwarded according to the action after matching included in the first flow table entry. For example, the intranet bridge sends the message through the port indicated by the action after matching in the first flow table entry.

In the message forwarding method provided in the embodiment of the present application, the intranet bridge matches the type identifier of the message with each flow table entry in a preset flow table according to a preset sequence, determines a first flow table entry matched with the message, and forwards the message according to the first flow table entry. In this embodiment, the packet carries the type identifier, which facilitates the intranet bridge to analyze only the ethernet packet header of the packet without analyzing three layers of information such as the IP packet header of the packet, and also avoids setting an IP address routing table in the intranet bridge, thereby simplifying the forwarding flow of the intranet bridge, facilitating the intranet bridge to forward the packet, and improving the packet sending performance. Meanwhile, the flow table item matched with the message is determined in the preset flow table according to the type identifier of the message, and then the message is forwarded according to the matched flow table item, so that the message forwarding process is simplified, and the problems that the Linux command related to the message entering and exiting of the namespace needs to be analyzed and the routing strategy stored in the namespace needs to be analyzed in the conventional message forwarding mode are avoided.

For example, based on the embodiment shown in fig. 5, the following describes a message forwarding method in detail according to different type identifiers of the message.

In a feasible implementation manner, when the type identifier indicates that the destination network segment of the packet is an intranet segment, the packet output port indicated by the first flow table entry is an integrated bridge port. At this time, the message belongs to VDR traffic.

Correspondingly, the forwarding of the packet by the intranet bridge 12 in S503 according to the forwarding flow entry specifically includes:

the intranet bridge 12 forwards the packet to the integrated bridge 11 through the integrated bridge port 2.

Illustratively, the integrated bridge 22 sends the received message to the message's destination address.

In another possible implementation manner, when the type identifier indicates that the destination network segment of the packet is an external network segment, the packet output port indicated by the forwarding flow table entry is an external network bridge port. At this time, the packet belongs to FIP traffic.

the intranet bridge 12 forwards the message to the extranet bridge 13 through the extranet bridge port 5.

Illustratively, the external network bridge 13 sends the message to the integrated bridge 11 through the port 7, so that the integrated bridge 11 sends the message to the destination address of the message.

In another feasible implementation manner, when the type identifier indicates that the destination network segment of the packet is the preset network segment, the packet output port indicated by the forwarding flow table entry is the preset port of the destination device indicated by the destination address of the packet. For example, the destination address of the message may be a local area network gateway.

the intranet bridge 12 forwards the message to the destination device indicated by the destination address of the message through the preset port 3.

Illustratively, on the basis of the embodiment shown in fig. 5, the embodiment of the present application further provides a message forwarding method. Fig. 6 is a schematic flowchart of a message forwarding method according to a fourth embodiment of the present application. This embodiment describes flow entries in the flow table in further detail based on the embodiment shown in fig. 5. As shown in fig. 6, the message forwarding method includes:

s601, the intranet bridge receives a message sent by the integrated bridge, wherein the message carries a type identifier, and the type identifier is used for indicating a destination network segment of the message.

S602, the intranet bridge matches the message with each flow table entry in a preset flow table according to the type identifier and the metadata of the message in a preset sequence until a second flow table entry matched with the message is determined.

The type identifier and the metadata in the message are the same as those in the second flow table item; or the type identifier in the message is the same as the type identifier in the second flow table item, and the second flow table item does not contain metadata; or the metadata in the message is the same as the metadata in the second flow table item, and the second flow table item does not contain the type identifier; or, the second flow entry does not contain the type identifier and the metadata. The metadata is used for indicating a port for forwarding the message.

For example, S601 and S602 in this embodiment are the same as or similar to S501 and S502 in the embodiment shown in fig. 5, and are not repeated herein.

S603, the intranet bridge modifies the metadata of the message according to the second flow table entry to obtain a modified message.

S604, the intranet bridge matches the modified message with each flow table entry in a preset flow table according to the type identifier and the metadata of the modified message according to a preset sequence until a third flow table entry matched with the modified message is determined.

The type identifier and the metadata in the modified message are the same as those in the third flow table item; or the type identifier in the modified message is the same as the type identifier in the third flow table item, and the third flow table item does not contain metadata; or the metadata in the modified message is the same as the metadata in the third flow table item, and the third flow table item does not contain the type identifier; or, the third flow entry does not contain the type identifier and the metadata.

For example, the intranet bridge 12 determines a third flow entry, that is, a port flow entry, in the flow table, which is matched with the modified packet, according to the type identifier and the metadata of the modified packet. Illustratively, the packets with the same type identifier pass through the same port when being forwarded by the intranet bridge 12, and have the same metadata after being modified according to the second flow table entry. The messages with different type identifications have different metadata values after being modified according to the second flow table item. The workload of port identification modification can be reduced by setting the port flow table entry, so that the stability of the flow table is improved, the readability of the flow table code is improved, and the realization of the flow table code is facilitated.

And S605, forwarding the message by the intranet bridge according to the third flow table item.

Illustratively, the intranet bridge 12 forwards the modified packet according to the matched action in the third flow entry.

In the message forwarding method provided in the embodiment of the application, after determining the second flow entry matched with the message according to the type identifier and the metadata, the intranet bridge modifies the metadata of the message according to the second flow entry, determines the third flow entry matched with the message according to the type identifier and the metadata of the modified message, and forwards the message according to the third flow entry. The message forwarding method provided by the embodiment of the application modifies the message according to the flow table item matched with the message before modification, then realizes message forwarding according to the flow table item matched with the modified message, and realizes the port for message forwarding through an independent flow table item, thereby reducing the workload of flow table modification when the port identification changes, improving the stability of the flow table and the readability of flow table codes, and being beneficial to the realization of the flow table codes.

The embodiment shown in fig. 6 is exemplarily described below with reference to a specific flow table example on the basis of the packet forwarding system 200 shown in fig. 2.

Illustratively, with reference to the existing OpenFlow flow table protocol, one flow table scheme in the intranet bridge 12 may be as follows, including:

(1)cookie＝0x0，duration＝87552.187s，table＝0，n_packets＝0，n_bytes＝0，idle_age＝65534，hard_age＝65534，priority＝2，pkt_mark＝0x7f000004，metadata＝0，in_port＝1，dl_dst＝fa:16:3e:aa:22:b6actions＝output:3

(2)cookie＝0x0，duration＝1161.965s，table＝0，n_packets＝1，n_bytes＝42，idle_age＝798，priority＝1，metadata＝0，in_port＝2，dl_dst＝fa:16:3e:be:41:1dactions＝load:0x5->OXM_OF_METADATA[]，resubmit(，0)

(3)cookie＝0x0，duration＝1152.466s，table＝0，n_packets＝0，n_bytes＝0，idle_age＝1152，priority＝1，pkt_mark＝0xC0A80A02，metadata＝0x5actions＝mod_dl_src:fa:16:3e:aa:22:b6，mod_dl_dst:fa:16:3e:68:c9:28，output:1

(4)cookie＝0x0，duration＝87552.133s，table＝0，n_packets＝4，n_bytes＝392，idle_age＝65534，hard_age＝65534，priority＝2，pkt_mark＝0x7f000002，metadata＝0，in_port＝1actions＝load:0x2->OXM_OF_METADATA[]，resubmit(，0)

(5)cookie＝0x0，duration＝87545.975s，table＝0，n_packets＝4，n_bytes＝392，idle_age＝65534，hard_age＝65534，priority＝1，metadata＝0x2actions＝output:5

wherein, the current flow list item indicates to send the FIP type message to the external network bridge.

For example, for the flow entries (1) to (5), a preset flow table is stored in the intranet bridge 12, the flow entries included in the preset flow table may be divided into different tables (tables), and the sequence of the packets when the flow entries are matched is determined by the value of the tables. For example, the packet is first matched with the flow entry whose table takes a value of 0, and then matched with the flow entries whose tables take values of 1, 2, and 3 … …. For example, priority is the priority of the flow entry, and in a table, the packet is matched with the flow entry according to priority. In this embodiment, the larger the value of priority is, the higher the priority is, and when the flow table entries are matched, the packet preferentially matches the flow table entry with the larger priority. And for the flow table entries with the same priority in one table, matching according to the serial number sequence of the flow table entries.

Illustratively, pkt _ mark is a type identifier, metadata is metadata, and actions corresponding to actions are actions after matching. In this embodiment, the value of pkt _ mark is 0x7f000002, which indicates that the destination IP address of the packet is an external network IP, and the packet belongs to FIP traffic; the value of pkt _ mark is 0x7f000004, which indicates that the destination IP address of the packet is the intranet IP and the packet does not belong to the DVR traffic, and the destination IP address of the packet is, for example, the IP address of the gateway.

Illustratively, when it is determined that the packet matches the flow entry (1) according to the type identifier and the metadata, it may be determined that the destination network segment of the packet is the preset network segment, and at this time, the flow entry (1) instructs to forward the packet from the port 3 of the intranet bridge 12. When the message is determined to be matched with the flow table entry (2) according to the type identifier and the metadata, actions of the flow table entry (2) indicate that metadata of the message is modified to be 0x5, and the modified message is matched again from the flow table entry with the table value of 0. When it is determined that the packet matches the flow entry (3) according to the type identifier and the metadata, a destination address 192.168.10.2 of the packet may be determined, the destination network segment is an intranet segment, actions in the flow entry (3) indicate that a source MAC address and a destination MAC address of the packet are modified, and the modified packet is forwarded from port 1 of the intranet bridge 12 to the integrated bridge 11. When the message is determined to be matched with the flow table entry (4) according to the type identifier and the metadata, the target network segment of the message can be determined to be an external network segment, the message is FIP flow, the flow table entry (4) indicates that the metadata of the message is modified to be 0x2, and the modified message is matched again from the flow table entry with the table value of 0. When it is determined that the packet matches the flow entry (5) based on the type identifier and the metadata, the flow entry (5) instructs forwarding of the packet from the port 5 of the intranet bridge 12 to the extranet bridge 13.

An exemplary flow table scheme in the outer network bridge 13 is as follows, including:

(6)cookie＝0x0，duration＝87556.376s，table＝0，n_packets＝4，n_bytes＝392，idle_age＝65534，hard_age＝65534，priority＝1，in_port＝6actions＝resubmit(，17)

illustratively, the flow entry indicates that the packet is resubmitted to the flow entry with a table value of 17 for flow entry matching.

(7)cookie＝0x0，duration＝87553.203s，table＝17，n_packets＝4，n_bytes＝392，idle_age＝65534，hard_age＝3，actions＝load:0x707be875a399->NXM_OF_ETH_DST[]，output:7

Illustratively, the present flow entry indicates that the destination MAC address of the packet is modified to the MAC address of the outer network gateway and the packet is forwarded from port 7 of the outer network bridge 13 to the integrated bridge 11.

For example, in combination with the flow table entry, when the packet belongs to FIP traffic, the packet forwarding process in the packet forwarding system is exemplarily: according to the fact that the type identifier pkt _ mark of the message takes a value of 0x7f000002, the message is matched with the flow table entry (1) with the priority of 2, mismatching is found, the message is matched with the flow table entry (4) with the priority of 2, and matching with the flow table entry (4) is determined. And modifying the metadata field of the message from 0x0 to 0x2 according to the flow table entry (4), and resubmitting the message to the flow table entry with table of 0 according to actions for flow table entry matching. Illustratively, the values of the metadata of the packet for which the flow entry matching is performed for the first time are all 0x 0. When the modified packet is matched again, because metadata has been modified to 0x2, the modified packet does not match with the flow table entry with priority 2, then matching is performed in sequence according to the order of the flow table entries (2), (3) and (5), finally it is determined that the modified packet matches with the flow table entry (5), and the packet is forwarded to the external network bridge 13 from the port with port identifier 5 according to action ═ output:5 in the flow table entry (5). After receiving the message, the external network bridge 13 first determines that the message matches the flow table entry (6), resubmits the message into the flow table entry with table 17 according to the flow table entry (6) to match the flow table entry of the message, thereby determining that the message matches the flow table entry (7), modifies the destination MAC address of the message into the MAC address of the external network gateway according to the flow table entry (7), and sends the message back to the integrated bridge 11 through the port 7. Exemplarily, the matching workload during the secondary matching of the message can be reduced by dividing the flow table entries in the preset flow table into different tables.

For example, in combination with the above flow table entry, when a packet belongs to DVR traffic, a packet forwarding process in the packet forwarding system is exemplarily: since the message belongs to the DVR traffic and the value of pkt _ mark of the message is not 0x7f000004 or 0x7f000002, the message cannot be matched with the flow table entry (1) or (4). In the flow table entries (2), (3), and (5), the packet matches the flow table entry (2). Modifying the metadata field of the message to be 0x5 according to the flow table entry (2), and resubmitting the message to the flow table entry with table being 0 for matching the flow table entry of the message, since the metadata of the message has been modified to be 0x5, the message is matched with the flow table entry (3), modifying the source MAC address and the destination MAC address of the message according to the flow table entry (3), and forwarding the modified message to the integrated bridge 11 through the port with the port identifier being 1.

For example, in combination with the flow table entry, when the packet belongs to other traffic (for example, the destination address is the traffic of the local area network gateway), the packet forwarding process in the packet forwarding system is exemplarily: according to the fact that the value of the type identifier pkt _ mark of the message is 0x7f000004, the matching of the message and the flow table item (1) with the priority of 2 can be determined, and the message is directly sent to the target device through the port 3 to be processed according to the flow table item (1).

For example, the processing manner of the integrated bridge 11 for the messages received from the intranet bridge 12 and the extranet bridge 13 is the same as that of the integrated bridge 104 in the conventional virtual network architecture 100, and details thereof are not repeated herein.

Illustratively, on the basis of any of the above embodiments, the embodiments of the present application further provide a message forwarding method. Fig. 7 is a schematic signaling flow diagram of a packet forwarding method according to a fifth embodiment of the present application. In this embodiment, each network bridge in the message forwarding system is used as an execution main body, and a detailed description is given to a general process of message forwarding in the system. As shown in fig. 7, the message forwarding method includes:

s701, the virtual machine bridge receives the message sent by the virtual machine.

Illustratively, each virtual machine is connected to the virtual switch through a virtual machine bridge, so that the first virtual machine 21 first sends a message to the first virtual machine bridge 31 when forwarding the message.

S702, the virtual machine network bridge determines the type identification of the message according to the destination network segment of the message, and adds the type identification in the message.

Illustratively, the first virtual machine bridge 31 classifies the messages by means of iptables, and adds a tag to the message according to the type of the message. For example, a corresponding tag is marked in the pkt _ mark attribute of the message according to the destination network segment of the message. When determining that the message belongs to FIP flow according to the destination network segment of the message, assigning the pkt _ mark of the message to be 0x7f000002, when determining that the message belongs to DVR flow according to the destination network segment of the message, assigning the pkt _ mark of the message to be a destination IP address represented by a 16 system, and when determining that the destination network segment of the message is a preset network segment according to the destination network segment of the message, and determining that the message belongs to other flow, assigning the pkt _ mark of the message to be 0x7f 000004. For example, in this embodiment, a rule for packet classification is added to an original iptables in the virtual machine bridge, so that the virtual machine bridge is slightly modified, an IP address routing table is not set in the internal network bridge, and the overall performance of the packet forwarding system is improved.

S703, the first virtual machine bridge 31 sends the packet with the type identifier to the integrated bridge 11.

Optionally, after S703, the message forwarding method further includes:

s7031, the integrated bridge 11 determines that the packet is a three-layer packet according to the destination MAC address of the packet.

For example, after receiving the message, the integrated network bridge 11 may determine that the message belongs to a two-layer message if it is determined that the virtual machine receiving the message and the virtual machine sending the message belong to the same subnet according to the destination MAC address of the message, and may determine that the message belongs to a three-layer message otherwise. Since the two-layer packet can be directly forwarded through the integrated network bridge 11 without passing through the routing of the intranet network bridge 12, the integrated network bridge 11 needs to determine that the packet belongs to the three-layer packet before sending the packet to the intranet network bridge 12.

Optionally, in the message forwarding method provided in this embodiment, after S703, the method further includes:

if the integrated network bridge 11 determines that the packet is a two-layer packet according to the destination MAC address of the packet, the integrated network bridge 11 forwards the packet to the destination MAC address.

S704, the integrated bridge 11 sends the packet to the intranet bridge 12.

S705, the intranet bridge 12 forwards the packet according to the type identifier and the preset flow table.

Illustratively, the intranet bridge 12 determines a flow entry corresponding to the packet according to the type identifier in the packet, and forwards the packet according to the flow entry. Specifically, when forwarding the packet, the intranet bridge 12 forwards the packet to the extranet bridge 13 or the integrated bridge 11 according to the difference of the type identifier of the packet.

In a possible implementation manner, S705 specifically includes:

s7051, the intranet bridge 12 forwards the packet to the extranet bridge 13 according to the type identifier and the preset flow table.

Correspondingly, the message forwarding method further comprises the following steps:

s7052, the external network bridge 13 forwards the packet to the integrated bridge 11.

Illustratively, the external network bridge 13 modifies the destination MAC address of the packet into the MAC address of the external network gateway after receiving the packet, and then sends the modified packet to the integrated bridge 11.

In another possible implementation manner, S705 specifically includes:

s7053, the intranet bridge 12 forwards the packet to the integrated bridge 11 according to the type identifier and the preset flow table.

S706, the integrated network bridge 11 receives the packet sent by the intranet bridge 12 or the extranet bridge 13, and forwards the packet to the destination address of the packet.

Illustratively, the integrated bridge 11 forwards the message after receiving the message sent by the internal network bridge 12 or the external network bridge 13, and the way that the integrated bridge 11 forwards the message in this step is the same as the way that the integrated bridge 104 forwards the message in fig. 1.

The message forwarding method provided by the embodiment of the application is applied to a message forwarding system, the virtual machine network bridge adds a type identifier to a received message to improve the performance of the internal network bridge, the integrated network bridge receives the message sent by the virtual machine network bridge and forwards the message to the internal network bridge, the internal network bridge sends the message with the target network segment being the internal network segment to the integrated network bridge, the message with the target network segment being the external network segment is sent to the integrated network bridge through the external network bridge, and then the integrated network bridge forwards the message. The message forwarding method provided by the embodiment of the application has high performance.

Another aspect of the embodiments of the present application further provides a message forwarding apparatus, configured to execute the message forwarding method in the foregoing embodiments, and have the same technical features and technical effects.

The message forwarding device provided in the embodiment of the present application may be exemplarily the virtual switch 10 in fig. 2, and the structure of the message forwarding device may be as shown in fig. 2, and includes an integrated bridge 11, an intranet bridge 12, and an extranet bridge 13, where the intranet bridge 12 stores a preset flow table. Specifically, intranet bridge 1212 is used to,

receiving a message sent by the integrated network bridge 11;

and forwarding the message according to a preset flow table.

Optionally, the packet carries a type identifier, where the type identifier is used to indicate a destination network segment of the packet;

the intranet bridge 12 is specifically configured to match the packet with each flow table entry in a preset flow table according to the type identifier of the packet, until a first flow table entry matched with the packet is determined; the type identification in the message is the same as the type identification in the first flow table item; and forwarding the message according to the forwarding flow table entry.

Optionally, the intranet bridge 12 is specifically configured to,

matching the message with each flow table entry in a preset flow table according to the type identifier and the metadata of the message in a preset sequence until a second flow table entry matched with the message is determined; the type identification in the message is the same as the type identification in the second flow table item;

the intranet bridge 12 modifies the metadata of the message according to the second flow table entry to obtain a modified message;

the intranet bridge 12 matches the modified message with each flow table entry in a preset flow table according to the type identifier and the metadata of the modified message in a preset sequence until a third flow table entry matched with the modified message is determined;

and forwarding the message according to the third flow table.

Optionally, when the type identifier indicates that the destination network segment of the packet is an intranet segment, the packet output port indicated by the forwarding flow table entry is an integrated network bridge 11 port;

the intranet bridge 12 is specifically configured to forward the packet to the integrated bridge 11 through the port of the integrated bridge 11;

the integrated network bridge 11 is further configured to, after receiving the packet sent by the intranet network bridge 12, forward the packet to a destination address of the packet.

Optionally, when the type identifier indicates that the destination network segment of the packet is an external network segment, the packet output port indicated by the forwarding flow table entry is an external network bridge 13 port;

the intranet bridge 12 is specifically configured to forward the packet to the extranet bridge 13 through the extranet bridge 13 port.

Optionally, when the type identifier indicates that the destination network segment of the packet is a preset network segment, the packet output port indicated by the forwarding flow table entry is a preset port of the destination device indicated by the destination address of the packet;

the intranet bridge 12 is specifically configured to forward the packet to the destination device indicated by the destination address of the packet through a preset port.

Optionally, the integrated network bridge 11 is configured to receive a packet sent by the virtual machine through the virtual machine network bridge, and forward the packet to the intranet network bridge 12.

Optionally, the integrated network bridge 11 is further configured to determine that the packet is a three-layer packet according to the destination MAC address of the packet before forwarding the packet to the intranet network bridge 12.

Optionally, the integrated network bridge 11 is further configured to, if it is determined that the packet is a two-layer packet according to the destination MAC address of the packet, forward the packet to the destination MAC address.

Optionally, the external network bridge 13 is configured to receive a message sent by the internal network bridge 12, modify a destination MAC address of the message into an MAC address of the external network gateway, and obtain an external network message; forwarding the extranet packet to the integrated network bridge 11;

the integrated bridge 11 forwards the packet to the destination address of the packet.

Another aspect of the present embodiment further provides a message forwarding system, as shown in fig. 2, where the message forwarding system 200 includes a message forwarding apparatus and at least one virtual machine in any of the above embodiments, and each virtual machine is connected to the integrated bridge 11 through a virtual machine bridge corresponding to each virtual machine; the virtual machine bridge is used to,

receiving a message sent by a virtual machine;

determining the type identifier of the message according to the destination network segment of the message, and adding the type identifier in the message;

the packet carrying the type identifier is forwarded to the integrated bridge 11.

Another aspect of the embodiments of the present application further provides a host. Fig. 8 is a schematic structural diagram of a host according to an embodiment of the present application. As shown in fig. 8, the host includes a processor 801, a memory 802, a communication interface 803, and a bus 804; wherein the content of the first and second substances,

the processor 801, the memory 802 and the communication interface 803 are connected by a bus 804 and complete communication with each other, the memory 802 is used for storing computer execution instructions, and when the host runs, the processor 801 executes the computer execution instructions in the memory 802 to execute the steps in the message forwarding method of any one of fig. 3 to fig. 7 by using hardware resources in the host.

In another aspect, an embodiment of the present invention further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed on a computer, the instructions cause the computer to execute the message forwarding method in any one of fig. 3 to fig. 7.

It should be noted that the examples provided in this application are only illustrative. It will be clear to those skilled in the art that, for convenience and brevity of description, the description of each embodiment has been given with emphasis on the description of the embodiments, and some parts not described in detail in a certain embodiment may be referred to the related description of other embodiments. The features disclosed in the embodiments and figures of the present application may exist independently or in combination. Features described in the embodiments of the present application in hardware may be implemented by software and vice versa. And are not limited herein.

In addition, it should be noted that the division of each bridge in the virtual switch is only one division of logical functions, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, in the present application, each functional unit may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.

Those of ordinary skill in the art will appreciate that the various illustrative method steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wired (e.g., coaxial cable, optical fiber) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a variety of non-transitory (non-transitory) machine-readable medium that can store program code, such as magnetic media (e.g., floppy disks, hard disks, magnetic tapes), optical media (e.g., compact disks), or semiconductor media (e.g., solid-state drives (SSDs)).

Claims

1. A message forwarding method is characterized in that the method is applied to a message forwarding system, the message forwarding system comprises a virtual switch and at least one virtual machine, the virtual switch comprises an integrated network bridge, an internal network bridge and an external network bridge, each virtual machine is connected with the integrated network bridge through a corresponding virtual machine network bridge, and a preset flow table is stored in the internal network bridge; the method comprises the following steps:

the intranet bridge receives a message sent by the integrated bridge; the message carries a type identifier, and the type identifier is used for indicating a destination network segment of the message;

the intranet bridge forwards the message according to the type identifier and the preset flow table;

before the intranet bridge receives the message sent by the integrated bridge, the method further includes:

2. The method according to claim 1, wherein forwarding the packet by the intranet bridge according to the type identifier and the preset flow table comprises:

the intranet bridge matches the message with each flow table entry in the preset flow table according to the type identifier of the message in a preset sequence until determining a first flow table entry matched with the message; the type identification in the message is the same as the type identification in the first flow table item;

and the intranet bridge forwards the message according to the first flow table item.

3. The method according to claim 1, wherein forwarding the packet by the intranet bridge according to the type identifier and the preset flow table comprises:

4. The method according to claim 2, wherein when the type identifier indicates that the destination network segment of the packet is an intranet segment, the packet output port indicated by the first flow table entry is an integrated bridge port;

5. The method according to claim 2, wherein when the type identifier indicates that the destination network segment of the packet is an external network segment, the packet output port indicated by the first flow table entry is an external network bridge port;

6. The method according to claim 2, wherein when the type identifier indicates that the destination network segment of the packet is a predetermined network segment, the packet output port indicated by the first flow table entry is a predetermined port of a destination device indicated by a destination address of the packet;

7. The method according to claim 1, wherein before the intranet bridge receives the message sent by the integrated bridge, the method further comprises:

8. The method of claim 7, wherein before the integrated bridge forwards the packet to the intranet bridge, the method further comprises:

9. The method of claim 8, further comprising:

10. The method of claim 5, further comprising:

11. A message forwarding device is characterized by comprising an integrated network bridge, an internal network bridge and an external network bridge, wherein a preset flow table is stored in the internal network bridge; the intranet bridge is configured to,

receiving a message sent by the integrated network bridge; the message carries a type identifier, and the type identifier is used for indicating a destination network segment of the message;

forwarding the message according to the type identifier and the preset flow table;

the message carrying the type identifier is a message sent by a virtual machine received by a virtual machine network bridge, the type identifier of the message is determined according to a destination network segment of the message, and the type identifier is added to the message to obtain the message and the message is forwarded to the integrated network bridge; and each virtual machine is connected with the integrated network bridge through the corresponding virtual machine network bridge.

12. The message forwarding device of claim 11,

13. The message forwarding device of claim 11, wherein the intranet bridge is specifically configured to,

and forwarding the message according to the third flow table.

14. The message forwarding device according to claim 12, wherein when the type identifier indicates that the destination network segment of the message is an intranet segment, the message output port indicated by the forwarding flow entry is an integrated network bridge port;

15. The message forwarding apparatus according to claim 12, wherein when the type identifier indicates that the destination network segment of the message is an extranet network segment, the message output port indicated by the forwarding flow table entry is an extranet bridge port;

16. The message forwarding apparatus according to claim 12, wherein when the type identifier indicates that the destination network segment of the message is a preset network segment, the message output port indicated by the forwarding flow table entry is a preset port of a destination device indicated by a destination address of the message;

17. The message forwarding device according to any one of claims 11 to 16, wherein the integrated bridge is configured to receive a message sent by a virtual machine through a virtual machine bridge, and forward the message to the intranet bridge.

18. The message forwarding device of claim 17, wherein the integrated bridge is further configured to determine that the message is a three-layer message according to the destination MAC address of the message before forwarding the message to the intranet bridge.

19. The message forwarding device of claim 18, wherein the integrated bridge is further configured to forward the message to the destination MAC address if it is determined that the message is a layer two message according to the destination MAC address of the message.

20. The message forwarding device according to claim 15, wherein the extranet bridge is configured to receive the message sent by the intranet bridge, modify a destination MAC address of the message into an MAC address of an extranet gateway, and obtain an extranet message; forwarding the outer network packet to the integrated network bridge;

21. A message forwarding system, characterized in that the message forwarding system comprises the message forwarding apparatus according to any one of claims 11 to 20 and at least one virtual machine, each virtual machine being connected to the integrated bridge through a virtual machine bridge corresponding to each virtual machine; the virtual machine bridge is configured to,

receiving a message sent by a virtual machine;

and forwarding the message carrying the type identifier to the integrated network bridge.

22. A host computer, comprising a processor, a memory, a communication interface and a bus, wherein the processor, the memory and the communication interface are connected via the bus and communicate with each other, the memory is used for storing computer execution instructions, and when the host computer is running, the processor executes the computer execution instructions in the memory to perform the operation steps of the method according to any one of claims 1 to 10 by using hardware resources in the host computer.