CN109088827A - virtual machine traffic processing method, device and host - Google Patents

virtual machine traffic processing method, device and host Download PDF

Info

Publication number
CN109088827A
CN109088827A CN201810758121.0A CN201810758121A CN109088827A CN 109088827 A CN109088827 A CN 109088827A CN 201810758121 A CN201810758121 A CN 201810758121A CN 109088827 A CN109088827 A CN 109088827A
Authority
CN
China
Prior art keywords
flow
host
forwarded
operating system
processing software
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810758121.0A
Other languages
Chinese (zh)
Other versions
CN109088827B (en
Inventor
韩欢乐
任维春
常利民
兰天
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Cloud Technologies Co Ltd
Original Assignee
New H3C Cloud Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Cloud Technologies Co Ltd filed Critical New H3C Cloud Technologies Co Ltd
Priority to CN201810758121.0A priority Critical patent/CN109088827B/en
Publication of CN109088827A publication Critical patent/CN109088827A/en
Application granted granted Critical
Publication of CN109088827B publication Critical patent/CN109088827B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances

Abstract

The present invention relates to technical field of virtualization, a kind of virtual machine traffic processing method, device and host are provided, which comprises the operating system nucleus protocol stack of the host receives the first flow to be forwarded that the virtual machine is sent;The flow that the operating system nucleus protocol stack of the host executes the test point redirects function and the described first flow to be forwarded is redirected to the flow processing software;By the flow processing software, treated that the first flow to be forwarded is back to the virtual switch according to the flow return function for the operating system nucleus protocol stack of the host.The present invention is by the interaction between realization virtual switch and flow processing software, on the host where allowing flow processing software to be directly installed on virtual machine, considerably reduces the workload of installation flow processing software, improves installation effectiveness and reliability.

Description

Virtual machine traffic processing method, device and host
Technical field
The present invention relates to technical field of virtualization, in particular to a kind of virtual machine traffic processing method, device and master Machine.
Background technique
Current virtualization technique is widely used among cloud calculation service, and virtual machine is as a kind of tool simulated by software Complete computer having complete hardware system function, operating in a completely isolated environment is able to extensively in cloud computing General use, virtual machine, which is used as client, can satisfy the biggish demand of number of users.Usually using virtual switch between virtual machine Machine carries out flow forwarding.For the scene that the flow of disengaging virtual machine needs flow software to handle, existing technology is virtual Flow processing software is installed, the flow for passing in and out virtual machine first passes around the processing of flow processing software, then returns virtual on machine Flow is sent to virtual switch again by machine, virtual machine, is forwarded to other virtual machines through virtual switch, when virtual machine quantity very When big, need to be respectively mounted a flow processing software for every virtual machine, while also to ensure the stream installed on every virtual machine Amount processing software can operate normally, and in the prior art, install heavy workload, low efficiency and the reliability of flow processing software It is low.
Summary of the invention
The embodiment of the present invention is designed to provide a kind of virtual machine traffic processing method, device and host, passes through realization Interaction between virtual switch and flow software allows flow processing software to be directly installed on the host where virtual machine On, the workload of installation flow processing software is considerably reduced, installation effectiveness and reliability are improved.
To achieve the goals above, technical solution used in the embodiment of the present invention is as follows:
In a first aspect, being applied to host the embodiment of the invention provides a kind of virtual machine traffic processing method, being transported on host Row virtual machine and virtual switch, virtual switch register with stream to the test point of the operating system nucleus protocol stack of host in advance Amount redirects function, and host is equipped with flow processing software in advance, and flow processing software is in advance to the operating system nucleus of host Protocol stack registers with flow return function, which comprises the operating system nucleus protocol stack of host receives virtual machine and sends The first flow to be forwarded;The flow that the operating system nucleus protocol stack of host executes test point redirects function for first wait turn Hair flow is redirected to flow processing software;The operating system nucleus protocol stack of host is handled flow according to flow return function Treated that the first flow to be forwarded is back to virtual switch for software.
Second aspect is applied to host the embodiment of the invention also provides a kind of virtual machine traffic processing unit, on host Operation virtual machine and virtual switch, virtual switch are registered with to the test point of the operating system nucleus protocol stack of host in advance Flow redirects function, and host is equipped with flow processing software in advance, and flow processing software is in advance into the operating system of host Core protocol stack registers with flow return function, and described device includes the first receiving module, the first execution module and the first return mould Block.Wherein, the first receiving module is used to receive the first flow to be forwarded of virtual machine transmission;First execution module is for executing inspection The flow of measuring point redirects function and the first flow to be forwarded is redirected to flow processing software, and the first return module is used for foundation Treated that the first flow to be forwarded is back to virtual switch by flow processing software for flow return function.
The third aspect runs virtual machine and virtual switch the embodiment of the invention also provides a kind of host on host, empty Quasi- interchanger registers with flow to the test point of the operating system nucleus protocol stack of host in advance and redirects function, and host is pacified in advance Equipped with flow processing software, flow processing software registers with flow to the operating system nucleus protocol stack of host in advance and returns to letter Number, the host includes: one or more processors;Memory, for storing one or more programs, when one or more When a program is executed by one or more of processors, so that one or more of processors realize above-mentioned virtual machine stream Measure processing method.
Compared with the prior art, a kind of virtual machine traffic processing method, device and host provided in an embodiment of the present invention, host Upper operation virtual machine and virtual switch, virtual switch are registered to the test point of the operating system nucleus protocol stack of host in advance There is flow to redirect function, host is equipped with flow processing software in advance, and flow processing software is in advance to the operating system of host Kernel protocol stack registers with flow return function.Firstly, the first flow to be forwarded is sent to the operating system of host by virtual machine Kernel protocol stack;Then, the flow that the operating system nucleus protocol stack of host executes test point redirects function for first wait turn Hair flow is redirected to flow processing software, next, flow processing software handles the first flow to be forwarded, and is locating The operating system nucleus protocol stack of host is back to after reason, finally, the operating system nucleus protocol stack of host is returned according to flow Treated that the first flow to be forwarded is back to virtual switch by flow processing software for function, will be located by virtual machine interchanger The first flow to be forwarded after reason is sent to another virtual machine or network forwarding equipment.Compared with prior art, of the invention Embodiment is mounted directly flow processing software by realizing the interaction between virtual switch and flow processing software On the host where virtual machine, the workload of installation flow processing software is considerably reduced, improves installation effectiveness and can By property.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, special embodiment below, and appended by cooperation Attached drawing is described in detail below.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1 shows the application scenarios schematic diagram of virtual machine traffic processing method provided in an embodiment of the present invention.
Fig. 2 shows the block diagrams of host provided in an embodiment of the present invention.
Fig. 3 shows virtual machine traffic processing method flow chart provided in an embodiment of the present invention.
What Fig. 4 showed out the first flow to be forwarded of virtual machine flows to schematic diagram.
What Fig. 5 showed the second flow to be forwarded into virtual machine flows to schematic diagram.
Fig. 6 is the sub-step flow chart of the step S103 shown in Fig. 3.
Fig. 7 is the sub-step flow chart of the step S106 shown in Fig. 3.
Fig. 8 shows the block diagram of virtual machine traffic processing unit provided in an embodiment of the present invention.
Icon: 100- host;101- memory;102- communication interface;103- processor;104- bus;200- virtual machine Flow processing unit;The first receiving module of 201-;The first execution module of 202-;The first return module of 203-;204- second is received Module;The second execution module of 205-;The second return module of 206-;300- virtual machine;400- virtual switch.
Specific embodiment
Below in conjunction with attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete Ground description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Usually exist The component of the embodiment of the present invention described and illustrated in attached drawing can be arranged and be designed with a variety of different configurations herein.Cause This, is not intended to limit claimed invention to the detailed description of the embodiment of the present invention provided in the accompanying drawings below Range, but it is merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art are not doing Every other embodiment obtained under the premise of creative work out, shall fall within the protection scope of the present invention.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.Meanwhile of the invention In description, term " first ", " second " etc. are only used for distinguishing description, are not understood to indicate or imply relative importance.
Fig. 1 is please referred to, Fig. 1 shows the application scenarios signal of virtual machine traffic processing method provided in an embodiment of the present invention Scheme, virtual machine 300 and virtual switch 400 are run on host 100, virtual machine 300 refers to passes through what software was simulated on host 100 Complete computer with complete hardware system function, virtual switch 400 refer to simulated by software, be able to achieve flow The virtual network forwarding equipment of the switch functions such as forwarding, Port Mirroring.Host 100 is equipped with flow processing software in advance, Flow to be forwarded is sent to the operating system nucleus protocol stack of host 100 by virtual machine 300 and virtual switch 400 first, main The operating system nucleus protocol stack of machine 100 executes flow and redirects function that flow to be forwarded is redirected to flow processing is soft Part, flow processing software return to the operating system nucleus protocol stack of host 100, host after handling flow to be forwarded 100 operating system nucleus protocol stack executes flow return function, and by flow processing software, treated that flow to be forwarded is back to Virtual switch 400.
Referring to figure 2., Fig. 2 shows the block diagrams of host 100 provided in an embodiment of the present invention.Host 100 can be with Be, but be not limited to PC (personal computer, PC), server etc..The operating system of host 100 can be, But it is not limited to, Windows system, linux system etc..The host 100 includes memory 101, communication interface 102, processor 103 and bus 104, the memory 101, communication interface 102 and processor 103 are connected by bus 104, and processor 103 is used The executable module stored in execution memory 101, such as computer program.
Wherein, memory 101 may include high-speed random access memory (RAM:Random Access Memory), It may further include non-labile memory (non-volatile memory), for example, at least a magnetic disk storage.By extremely A few communication interface 102 (can be wired or wireless) realize the host 100 and at least one other host 100 and Communication connection between External memory equipment.
Bus 104 can be isa bus, pci bus or eisa bus etc..It is only indicated with a four-headed arrow in Fig. 2, but It is not offered as only a bus or a type of bus.
Wherein, memory 101 is for storing program, such as virtual machine traffic processing unit 200 shown in Fig. 8.This is virtual Machine flow processing unit 200 includes that at least one can be stored in the memory in the form of software or firmware (firmware) In 101 or the software function mould that is solidificated in the operating system (operating system, OS) of the server host 100 Block.The processor 103 executes described program after receiving and executing instruction to realize void that the above embodiment of the present invention discloses Quasi- machine flow processing method.
Processor 103 may be a kind of IC chip, the processing capacity with signal.It is above-mentioned during realization Each step of method can be completed by the integrated logic circuit of the hardware in processor 103 or the instruction of software form.On The processor 103 stated can be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network processing unit (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (DSP), dedicated Integrated circuit (ASIC), ready-made programmable gate array (FPGA) either other programmable logic device, discrete gate or transistor Logical device, discrete hardware components.
First embodiment
Referring to figure 3., Fig. 4 and Fig. 5, Fig. 3 show 300 flow processing method stream of virtual machine provided in an embodiment of the present invention Cheng Tu, Fig. 4 show out the first flow to be forwarded of virtual machine 300 flow to schematic diagram, Fig. 5 is shown into virtual machine 300 Second flow to be forwarded flows to schematic diagram.300 flow processing method of virtual machine the following steps are included:
Step S101, the operating system nucleus protocol stack of host receive the first flow to be forwarded that virtual machine is sent.
In embodiments of the present invention, the operating system nucleus protocol stack of host 100 realizes virtual machine 300 and virtual switch Flow exchange between machine 400, can be forwarded to external equipment for the flow of virtual machine 300 by virtual switch 400, can also The flow of external equipment is forwarded to virtual machine 300, wherein external equipment can be and the same host of the virtual machine 300 Other virtual machines 300 on 100, the virtual machine 300 or virtual switch for being also possible to hosts 100 different from the virtual machine 300 Machine 400 can also be the network forwarding equipments such as interchanger or router.First flow to be forwarded refers to be issued from virtual machine 300 Message, wherein the data that virtual machine 300 needs to be sent to external equipment are encapsulated in message.
Step S102, the flow that the operating system nucleus protocol stack of host executes test point redirect function for first wait turn Hair flow is redirected to flow processing software.
In embodiments of the present invention, what test point referred to the operating system nucleus protocol stack of host 100 can register hook letter Several registration point, wherein Hook Function is also referred to as HOOK function, can be in the registration point of registration Hook Function by Hook Function The flow to be forwarded that handles in the operating system nucleus protocol stack of host 100 is temporarily intercepted, according to Hook Function by converting flow It guides to specified entrance.In this step, it is virtual switch 400 in advance to the operation system of host 100 that flow, which redirects function, Hook Function that kernel protocol stack of uniting is registered, for the first flow to be forwarded to be guided to the entrance to flow processing software.Stream Amount processing software can with but to be not limited to the third party that antivirus software, traffic monitoring software etc. handle target flow soft Part.
As an implementation, by taking the operating system of host 100 is Linux as an example, in (SuSE) Linux OS kernel There are the frame Netfilter of an offer packet filtering, Netfilter to provide the administrative mechanism of a whole set of HOOK function, make Obtaining packet filtering, network address translation and connection tracking based on protocol type etc. becomes possibility, and Netfilter is provided 5 HOOK points, are respectively as follows: PRE_ROUTING, LOCAL_IN, FORWARD, LOCAL_OUT, POST_ROUTING, for example, Flow can be redirected function registration to host in advance by registration function nf_register_hook by virtual switch 400 The PRE_ROUTING registration point of 100 operating system nucleus protocol stack.When the operating system nucleus protocol stack of host 100 executes When to PRE_ROUTING registration point, it can transfer to execute pre-registered flow and redirect function, be redirected by executing the flow Function guides the first flow to be forwarded to the entrance of flow processing software, and virtual switch 400 can also pass through registration function Nf_register_hook is in advance by the operating system nucleus protocol stack of flow redirection function registration to host 100 FORWARD perhaps POST_ROUTING registration point when the operating system nucleus protocol stack of host 100 go to FORWARD or When POST_ROUTING registration point, it can transfer to execute pre-registered flow redirection function, be redirected by executing the flow Function guides the first flow to be forwarded to the entrance of flow processing software.
The operating system nucleus protocol stack of step S103, host will be after the processing of flow processing software according to flow return function The first flow to be forwarded be back to virtual switch.
In embodiments of the present invention, in this step, flow return function is flow processing software in advance to host 100 The registration of operating system nucleus protocol stack, by treated the first flow to be forwarded from the operating system nucleus agreement of host 100 Stack is back to the Hook Function of the entrance of virtual switch 400.
As an implementation, by taking the operating system of host 100 is Linux as an example, flow processing software can pass through Flow return function is registered to the operating system nucleus protocol stack of host 100 by registration function nf_reinject in advance, works as flow Processing software by treated after the first flow to be forwarded is sent to the operating system nucleus protocol stack of host 100, host 100 Operating system nucleus protocol stack can execute flow return function, and by treated, the first flow to be forwarded is back to virtual switch 400。
Fig. 6 is please referred to, step S103 further includes following sub-step:
Sub-step S1031, the operating system nucleus protocol stack of host receive flow processing software treated first wait turn Send out flow.
Sub-step S1032, the operating system nucleus protocol stack of host execute flow return function will treated first to Converting flow is back to virtual switch.
In embodiments of the present invention, due to the flow direction of flow be it is two-way, both can be sent to outside from virtual machine 300 and set It is standby, virtual machine 300 can also be sent to from external equipment, step S101-S103 realizes first for the flow for going out virtual machine 300 It is handled using flow processing software, treated flow by virtual switch 400 is then sent to external equipment again, The flow for entering virtual machine 300 can also be handled first using flow processing software in order to realize, then pass through void again Quasi- interchanger 400 is sent to virtual machine 300, and therefore, the embodiment of the invention also includes step S104-S106.
Step S104, the operating system nucleus protocol stack of host receive the second flow to be forwarded that virtual switch is sent.
In embodiments of the present invention, the second flow to be forwarded refers to the message issued from virtual switch 400, wherein message It is that external equipment is sent to virtual switch 400 and needs to be forwarded to the data of virtual machine 300 by virtual switch 400.
Step S105, the flow that the operating system nucleus protocol stack of host executes test point redirect function for second wait turn Hair flow is redirected to flow processing software.
In embodiments of the present invention, in this step, it is virtual switch 400 in advance to host that flow, which redirects function, 100 operating system nucleus protocol stack registration, for guiding the second flow to be forwarded to the entrance of flow processing software Hook Function.
As an implementation, by taking the operating system of host 100 is Linux as an example, for example, virtual switch 400 can Flow to be redirected to the operating system nucleus of function registration to host 100 in advance by registration function nf_register_hook POST_ROUTING the or Forward registration point of protocol stack.When the operating system nucleus protocol stack of host 100 goes to POST_ When ROUTING or Forward registration point, it can transfer to execute pre-registered flow redirection function, by executing the flow weight Orientation function guides the second flow to be forwarded to the entrance of flow processing software.
The operating system nucleus protocol stack of step S106, host will be after the processing of flow processing software according to flow return function The second flow to be forwarded be back to virtual switch.
In embodiments of the present invention, in this step, flow return function is flow processing software in advance to host 100 The registration of operating system nucleus protocol stack, execute the flow return function can will treated the second flow to be forwarded from host 100 operating system nucleus protocol stack is back to virtual switch 400 and continues with.
As an implementation, by taking the operating system of host 100 is Linux as an example, flow processing software can pass through Flow return function is registered to the operating system nucleus protocol stack of host 100 by registration function nf_reinject in advance, works as flow Processing software by treated after the second flow to be forwarded is sent to the operating system nucleus protocol stack of host 100, host 100 Operating system nucleus protocol stack can execute flow return function, and by treated, the second flow to be forwarded is back to virtual switch 400。
Fig. 7 is please referred to, step S106 further includes following sub-step:
Sub-step S1061, the operating system nucleus protocol stack of host receive flow processing software treated second wait turn Send out flow.
Sub-step S1062, the operating system nucleus protocol stack of host execute flow return function will treated second to Converting flow is back to virtual switch.
It should be noted that redirecting holding for function due to increasing flow in the operating system nucleus protocol stack of host 100 The row time affects the treatment effeciency of the operating system nucleus protocol stack of host 100 to a certain extent, in order to facilitate user according to Practical application scene performs corresponding processing, and in the embodiment of the present invention, user can be configured by the operating system in host 100 HOOK is arranged in file to switch to control whether that virtual switch 400 is allowed to register HOOK function, and then decides whether data Flow processing software is sent to be handled.
In embodiments of the present invention, it by realizing the interaction between virtual switch 400 and flow processing software, enters and leaves empty The flow to be forwarded of quasi- machine 300 is when by virtual switch 400, by advance to the operating system nucleus agreement of host 100 The flow of stack registration redirects function and enters to flow processing software, so that flow processing software is treated at converting flow It is returned again to after reason to virtual switch 400 and is had the advantages that compared with prior art
First, flow processing software does not need to be mounted on each virtual machine 300, it is only necessary to be directly installed on virtual machine On host 100 where 300, the workload of installation flow processing software is considerably reduced, improves installation effectiveness and reliable Property.
Second, to by virtual switch 400 enter and leave virtual machine 300 flow can guide to flow processing software into Row processing realizes the two-way control that virtual machine 300 passes in and out flow, increases the control power of disengaging flow especially sensitive flow Degree.
Third, user can be controlled whether by the way that HOOK switch is arranged in the operating system configuration file of host 100 Allow virtual switch 400 to register HOOK function, and then decide whether that data are sent to flow processing software to be handled, improves Support the flexibility of plurality of application scenes.
Second embodiment
Fig. 8 is please referred to, Fig. 8 shows the box signal of virtual machine traffic processing unit 200 provided in an embodiment of the present invention Figure.Virtual machine traffic processing unit 200 is applied to host 100, and virtual machine traffic processing unit 200 operates in host 100 Functional module in operating system nucleus protocol stack comprising the first receiving module 201;First execution module 202;First returns Module 203;Second receiving module 204;Second execution module 205;Second return module 206.
First receiving module 201, for receiving the first flow to be forwarded of virtual machine transmission.
In embodiments of the present invention, the first receiving module 201 is for executing step S101.
First execution module 202, the flow for executing test point redirect function and redirect the first flow to be forwarded To flow processing software.
In embodiments of the present invention, the first execution module 202 is for executing step S102.
First return module 203, for that treated to be first to be forwarded by flow processing software according to flow return function Flow is back to virtual switch.
In embodiments of the present invention, the first return module 203 is for executing step S103.
In embodiments of the present invention, the first return module 203 is specifically used for:
Receive flow processing software treated the first flow to be forwarded;
Executing flow return function, the first flow to be forwarded is back to virtual switch by treated.
Second receiving module 204, for receiving the second flow to be forwarded of virtual switch transmission.
In embodiments of the present invention, the second receiving module 204 is for executing step S104.
Second execution module 205, the flow for executing test point redirect function and redirect the second flow to be forwarded To flow processing software.
In embodiments of the present invention, the second execution module 205 is for executing step S105.
Second return module 206, for that treated to be second to be forwarded by flow processing software according to flow return function Flow is back to virtual switch.
In embodiments of the present invention, the second return module 206 is for executing step S106.
In embodiments of the present invention, the second return module 206 is specifically also used to:
Receive flow processing software treated the second flow to be forwarded;
Executing flow return function, the second flow to be forwarded is back to virtual switch by treated.
In conclusion a kind of virtual machine traffic processing method, device and host provided by the invention, virtual machine traffic processing Method is applied to host, runs virtual machine and virtual switch on host, virtual switch is in advance into the operating system of host The test point of core protocol stack registers with flow and redirects function, and host is equipped with flow processing software, flow processing software in advance Flow return function is registered with to the operating system nucleus protocol stack of host in advance, which comprises the operating system of host Kernel protocol stack receives the first flow to be forwarded that virtual machine is sent;The operating system nucleus protocol stack of host executes test point Flow redirects function and the first flow to be forwarded is redirected to flow processing software;The operating system nucleus protocol stack of host according to According to flow return function, by flow processing software, treated that the first flow to be forwarded is back to virtual switch.With the prior art It compares, the present invention allows flow processing software straight by realizing the interaction between virtual switch and flow processing software It connects on the host where being mounted on virtual machine, considerably reduces the workload of installation flow processing software, improve installation effect Rate and reliability.
In several embodiments provided herein, it should be understood that disclosed device and method can also pass through Other modes are realized.The apparatus embodiments described above are merely exemplary, for example, flow chart and block diagram in attached drawing Show the device of multiple embodiments according to the present invention, the architectural framework in the cards of method and computer program product, Function and operation.In this regard, each box in flowchart or block diagram can represent the one of a module, section or code Part, a part of the module, section or code, which includes that one or more is for implementing the specified logical function, to be held Row instruction.It should also be noted that function marked in the box can also be to be different from some implementations as replacement The sequence marked in attached drawing occurs.For example, two continuous boxes can actually be basically executed in parallel, they are sometimes It can execute in the opposite order, this depends on the function involved.It is also noted that every in block diagram and or flow chart The combination of box in a box and block diagram and or flow chart can use the dedicated base for executing defined function or movement It realizes, or can realize using a combination of dedicated hardware and computer instructions in the system of hardware.
In addition, each functional module in each embodiment of the present invention can integrate one independent portion of formation together Point, it is also possible to modules individualism, an independent part can also be integrated to form with two or more modules.
It, can be with if the function is realized and when sold or used as an independent product in the form of software function module It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention. And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.It needs Illustrate, herein, relational terms such as first and second and the like be used merely to by an entity or operation with Another entity or operation distinguish, and without necessarily requiring or implying between these entities or operation, there are any this realities The relationship or sequence on border.Moreover, the terms "include", "comprise" or its any other variant are intended to the packet of nonexcludability Contain, so that the process, method, article or equipment for including a series of elements not only includes those elements, but also including Other elements that are not explicitly listed, or further include for elements inherent to such a process, method, article, or device. In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including the element Process, method, article or equipment in there is also other identical elements.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.It should also be noted that similar label and letter exist Similar terms are indicated in following attached drawing, therefore, once being defined in a certain Xiang Yi attached drawing, are then not required in subsequent attached drawing It is further defined and explained.

Claims (10)

1. a kind of virtual machine traffic processing method is applied to host, virtual machine and virtual switch are run on the host, it is special Sign is that the virtual switch registers with flow to the test point of the operating system nucleus protocol stack of the host in advance and resets To function, the host is equipped with flow processing software in advance, and the flow processing software is in advance to the operation system of the host System kernel protocol stack registers with flow return function, which comprises
The operating system nucleus protocol stack of the host receives the first flow to be forwarded that the virtual machine is sent;
The flow that the operating system nucleus protocol stack of the host executes the test point redirects function for described first wait turn Hair flow is redirected to the flow processing software;
The operating system nucleus protocol stack of the host will be after flow processing software processing according to the flow return function The first flow to be forwarded be back to the virtual switch.
2. virtual machine traffic processing method as described in claim 1, which is characterized in that the operating system nucleus of the host is assisted Discussing stack, by the flow processing software, treated that the first flow to be forwarded is back to the void according to the flow return function The step of quasi- interchanger, comprising:
The operating system nucleus protocol stack of the host receives the flow processing software treated first stream to be forwarded Amount;
The operating system nucleus protocol stack of the host executes the flow return function will treated the first flow to be forwarded It is back to the virtual switch.
3. virtual machine traffic processing method as described in claim 1, which is characterized in that the method also includes:
The operating system nucleus protocol stack of the host receives the second flow to be forwarded that the virtual switch is sent;
The flow that the operating system nucleus protocol stack of the host executes the test point redirects function for described second wait turn Hair flow is redirected to the flow processing software;
The operating system nucleus protocol stack of the host will be after flow processing software processing according to the flow return function The second flow to be forwarded be back to the virtual switch.
4. virtual machine traffic processing method as claimed in claim 3, which is characterized in that the operating system nucleus of the host is assisted Discussing stack, by the flow processing software, treated that the second flow to be forwarded is back to the void according to the flow return function The step of quasi- interchanger, comprising:
The operating system nucleus protocol stack of the host receives the flow processing software treated second stream to be forwarded Amount;
The operating system nucleus protocol stack of the host executes the flow return function will treated the second flow to be forwarded It is back to the virtual switch.
5. virtual machine traffic processing method as described in claim 1, which is characterized in that the flow redirects function and flow Return function is Hook Function.
6. a kind of virtual machine traffic processing unit, which is characterized in that be applied to host, virtual machine and virtual is run on the host Interchanger, which is characterized in that the virtual switch is infused to the test point of the operating system nucleus protocol stack of the host in advance Volume has flow to redirect function, and the host is equipped with flow processing software in advance, and the flow processing software is in advance to described The operating system nucleus protocol stack of host registers with flow return function, and described device includes:
First receiving module, the first flow to be forwarded sent for receiving the virtual machine;
First execution module, the flow for executing the test point redirect function and redirect the described first flow to be forwarded To the flow processing software;
First return module, for that treated to be first to be forwarded by the flow processing software according to the flow return function Flow is back to the virtual switch.
7. virtual machine traffic processing unit as claimed in claim 6, which is characterized in that first return module is specifically used In:
Receive the flow processing software treated first flow to be forwarded;
Executing the flow return function, the first flow to be forwarded is back to the virtual switch by treated.
8. virtual machine traffic processing unit as claimed in claim 6, which is characterized in that described device further include:
Second receiving module, the second flow to be forwarded sent for receiving the virtual switch;
Second execution module, the flow for executing the test point redirect function and redirect the described second flow to be forwarded To the flow processing software;
Second return module, for that treated to be second to be forwarded by the flow processing software according to the flow return function Flow is back to the virtual switch.
9. virtual machine traffic processing unit as claimed in claim 8, second return module is specifically used for:
Receive the flow processing software treated second flow to be forwarded;
Executing the flow return function, the second flow to be forwarded is back to the virtual switch by treated.
10. a kind of host, virtual machine and virtual switch are run on the host, which is characterized in that the virtual switch is pre- Flow first is registered with to the test point of the operating system nucleus protocol stack of the host and redirects function, and the host is installed in advance There is flow processing software, the flow processing software registers with flow to the operating system nucleus protocol stack of the host in advance and returns Letter in reply number, the host include:
One or more processors;
Memory, for storing one or more programs, when one or more of programs are by one or more of processors When execution, so that one or more of processors realize method according to any one of claims 1 to 5.
CN201810758121.0A 2018-07-11 2018-07-11 Virtual machine flow processing method and device and host Active CN109088827B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810758121.0A CN109088827B (en) 2018-07-11 2018-07-11 Virtual machine flow processing method and device and host

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810758121.0A CN109088827B (en) 2018-07-11 2018-07-11 Virtual machine flow processing method and device and host

Publications (2)

Publication Number Publication Date
CN109088827A true CN109088827A (en) 2018-12-25
CN109088827B CN109088827B (en) 2019-12-13

Family

ID=64837442

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810758121.0A Active CN109088827B (en) 2018-07-11 2018-07-11 Virtual machine flow processing method and device and host

Country Status (1)

Country Link
CN (1) CN109088827B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111580936A (en) * 2020-05-19 2020-08-25 山东超越数控电子股份有限公司 Virtualized data processing method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973578A (en) * 2013-01-31 2014-08-06 杭州华三通信技术有限公司 Virtual machine traffic redirection method and device
CN104917653A (en) * 2015-06-26 2015-09-16 北京奇虎科技有限公司 Virtual flow monitoring method based on cloud platform and device thereof
CN106411863A (en) * 2016-09-14 2017-02-15 南京安贤信息科技有限公司 Virtualization platform for processing network traffic of virtual switches in real time
WO2017155545A1 (en) * 2016-03-11 2017-09-14 Tektronix Texas, Llc. Timestamping data received by monitoring system in nfv
CN107645472A (en) * 2016-07-21 2018-01-30 由国峰 A kind of virtual machine traffic detecting system based on OpenFlow
US9893977B2 (en) * 2012-03-26 2018-02-13 Oracle International Corporation System and method for supporting live migration of virtual machines in a virtualization environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9893977B2 (en) * 2012-03-26 2018-02-13 Oracle International Corporation System and method for supporting live migration of virtual machines in a virtualization environment
CN103973578A (en) * 2013-01-31 2014-08-06 杭州华三通信技术有限公司 Virtual machine traffic redirection method and device
CN104917653A (en) * 2015-06-26 2015-09-16 北京奇虎科技有限公司 Virtual flow monitoring method based on cloud platform and device thereof
WO2017155545A1 (en) * 2016-03-11 2017-09-14 Tektronix Texas, Llc. Timestamping data received by monitoring system in nfv
CN107645472A (en) * 2016-07-21 2018-01-30 由国峰 A kind of virtual machine traffic detecting system based on OpenFlow
CN106411863A (en) * 2016-09-14 2017-02-15 南京安贤信息科技有限公司 Virtualization platform for processing network traffic of virtual switches in real time

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111580936A (en) * 2020-05-19 2020-08-25 山东超越数控电子股份有限公司 Virtualized data processing method and system
CN111580936B (en) * 2020-05-19 2024-02-09 超越科技股份有限公司 Virtualized data processing method and system

Also Published As

Publication number Publication date
CN109088827B (en) 2019-12-13

Similar Documents

Publication Publication Date Title
US10374952B2 (en) Method for increasing layer-3 longest prefix match scale
US10044616B2 (en) Co-existence of routable and non-routable RDMA solutions on the same network interface
US9678912B2 (en) Pass-through converged network adaptor (CNA) using existing ethernet switching device
US9509616B1 (en) Congestion sensitive path-balancing
CN101304389B (en) Method, apparatus and system for processing packet
KR20150030738A (en) Systems and methods for input/output virtualization
US20140075243A1 (en) Tunnel health check mechanism in overlay network
WO2016159813A1 (en) Network address sharing in a multitenant, monolithic application environment
US11334503B2 (en) Handling an input/output store instruction
US9832040B2 (en) Redirecting virtual machine traffic
EP3028417A1 (en) Data packet processing
US9654421B2 (en) Providing real-time interrupts over ethernet
CN109120454B (en) QoS flow rate limiting system and method
CN108984327B (en) Message forwarding method, multi-core CPU and network equipment
CN109088827A (en) virtual machine traffic processing method, device and host
US20180375954A1 (en) Mobile device identification
US9503278B2 (en) Reflective relay processing on logical ports for channelized links in edge virtual bridging systems
US9904654B2 (en) Providing I2C bus over ethernet
CN109213566B (en) Virtual machine migration method, device and equipment
US9374308B2 (en) Openflow switch mode transition processing
US10284501B2 (en) Technologies for multi-core wireless network data transmission
US20200304598A1 (en) Instruction initialization in a dataflow architecture
US20110107066A1 (en) Cascaded accelerator functions

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant