CN109088827A - virtual machine traffic processing method, device and host - Google Patents
virtual machine traffic processing method, device and host Download PDFInfo
- Publication number
- CN109088827A CN109088827A CN201810758121.0A CN201810758121A CN109088827A CN 109088827 A CN109088827 A CN 109088827A CN 201810758121 A CN201810758121 A CN 201810758121A CN 109088827 A CN109088827 A CN 109088827A
- Authority
- CN
- China
- Prior art keywords
- flow
- host
- forwarded
- operating system
- processing software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45562—Creating, deleting, cloning virtual machine instances
Abstract
The present invention relates to technical field of virtualization, a kind of virtual machine traffic processing method, device and host are provided, which comprises the operating system nucleus protocol stack of the host receives the first flow to be forwarded that the virtual machine is sent;The flow that the operating system nucleus protocol stack of the host executes the test point redirects function and the described first flow to be forwarded is redirected to the flow processing software;By the flow processing software, treated that the first flow to be forwarded is back to the virtual switch according to the flow return function for the operating system nucleus protocol stack of the host.The present invention is by the interaction between realization virtual switch and flow processing software, on the host where allowing flow processing software to be directly installed on virtual machine, considerably reduces the workload of installation flow processing software, improves installation effectiveness and reliability.
Description
Technical field
The present invention relates to technical field of virtualization, in particular to a kind of virtual machine traffic processing method, device and master
Machine.
Background technique
Current virtualization technique is widely used among cloud calculation service, and virtual machine is as a kind of tool simulated by software
Complete computer having complete hardware system function, operating in a completely isolated environment is able to extensively in cloud computing
General use, virtual machine, which is used as client, can satisfy the biggish demand of number of users.Usually using virtual switch between virtual machine
Machine carries out flow forwarding.For the scene that the flow of disengaging virtual machine needs flow software to handle, existing technology is virtual
Flow processing software is installed, the flow for passing in and out virtual machine first passes around the processing of flow processing software, then returns virtual on machine
Flow is sent to virtual switch again by machine, virtual machine, is forwarded to other virtual machines through virtual switch, when virtual machine quantity very
When big, need to be respectively mounted a flow processing software for every virtual machine, while also to ensure the stream installed on every virtual machine
Amount processing software can operate normally, and in the prior art, install heavy workload, low efficiency and the reliability of flow processing software
It is low.
Summary of the invention
The embodiment of the present invention is designed to provide a kind of virtual machine traffic processing method, device and host, passes through realization
Interaction between virtual switch and flow software allows flow processing software to be directly installed on the host where virtual machine
On, the workload of installation flow processing software is considerably reduced, installation effectiveness and reliability are improved.
To achieve the goals above, technical solution used in the embodiment of the present invention is as follows:
In a first aspect, being applied to host the embodiment of the invention provides a kind of virtual machine traffic processing method, being transported on host
Row virtual machine and virtual switch, virtual switch register with stream to the test point of the operating system nucleus protocol stack of host in advance
Amount redirects function, and host is equipped with flow processing software in advance, and flow processing software is in advance to the operating system nucleus of host
Protocol stack registers with flow return function, which comprises the operating system nucleus protocol stack of host receives virtual machine and sends
The first flow to be forwarded;The flow that the operating system nucleus protocol stack of host executes test point redirects function for first wait turn
Hair flow is redirected to flow processing software;The operating system nucleus protocol stack of host is handled flow according to flow return function
Treated that the first flow to be forwarded is back to virtual switch for software.
Second aspect is applied to host the embodiment of the invention also provides a kind of virtual machine traffic processing unit, on host
Operation virtual machine and virtual switch, virtual switch are registered with to the test point of the operating system nucleus protocol stack of host in advance
Flow redirects function, and host is equipped with flow processing software in advance, and flow processing software is in advance into the operating system of host
Core protocol stack registers with flow return function, and described device includes the first receiving module, the first execution module and the first return mould
Block.Wherein, the first receiving module is used to receive the first flow to be forwarded of virtual machine transmission;First execution module is for executing inspection
The flow of measuring point redirects function and the first flow to be forwarded is redirected to flow processing software, and the first return module is used for foundation
Treated that the first flow to be forwarded is back to virtual switch by flow processing software for flow return function.
The third aspect runs virtual machine and virtual switch the embodiment of the invention also provides a kind of host on host, empty
Quasi- interchanger registers with flow to the test point of the operating system nucleus protocol stack of host in advance and redirects function, and host is pacified in advance
Equipped with flow processing software, flow processing software registers with flow to the operating system nucleus protocol stack of host in advance and returns to letter
Number, the host includes: one or more processors;Memory, for storing one or more programs, when one or more
When a program is executed by one or more of processors, so that one or more of processors realize above-mentioned virtual machine stream
Measure processing method.
Compared with the prior art, a kind of virtual machine traffic processing method, device and host provided in an embodiment of the present invention, host
Upper operation virtual machine and virtual switch, virtual switch are registered to the test point of the operating system nucleus protocol stack of host in advance
There is flow to redirect function, host is equipped with flow processing software in advance, and flow processing software is in advance to the operating system of host
Kernel protocol stack registers with flow return function.Firstly, the first flow to be forwarded is sent to the operating system of host by virtual machine
Kernel protocol stack;Then, the flow that the operating system nucleus protocol stack of host executes test point redirects function for first wait turn
Hair flow is redirected to flow processing software, next, flow processing software handles the first flow to be forwarded, and is locating
The operating system nucleus protocol stack of host is back to after reason, finally, the operating system nucleus protocol stack of host is returned according to flow
Treated that the first flow to be forwarded is back to virtual switch by flow processing software for function, will be located by virtual machine interchanger
The first flow to be forwarded after reason is sent to another virtual machine or network forwarding equipment.Compared with prior art, of the invention
Embodiment is mounted directly flow processing software by realizing the interaction between virtual switch and flow processing software
On the host where virtual machine, the workload of installation flow processing software is considerably reduced, improves installation effectiveness and can
By property.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, special embodiment below, and appended by cooperation
Attached drawing is described in detail below.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 shows the application scenarios schematic diagram of virtual machine traffic processing method provided in an embodiment of the present invention.
Fig. 2 shows the block diagrams of host provided in an embodiment of the present invention.
Fig. 3 shows virtual machine traffic processing method flow chart provided in an embodiment of the present invention.
What Fig. 4 showed out the first flow to be forwarded of virtual machine flows to schematic diagram.
What Fig. 5 showed the second flow to be forwarded into virtual machine flows to schematic diagram.
Fig. 6 is the sub-step flow chart of the step S103 shown in Fig. 3.
Fig. 7 is the sub-step flow chart of the step S106 shown in Fig. 3.
Fig. 8 shows the block diagram of virtual machine traffic processing unit provided in an embodiment of the present invention.
Icon: 100- host;101- memory;102- communication interface;103- processor;104- bus;200- virtual machine
Flow processing unit;The first receiving module of 201-;The first execution module of 202-;The first return module of 203-;204- second is received
Module;The second execution module of 205-;The second return module of 206-;300- virtual machine;400- virtual switch.
Specific embodiment
Below in conjunction with attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete
Ground description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Usually exist
The component of the embodiment of the present invention described and illustrated in attached drawing can be arranged and be designed with a variety of different configurations herein.Cause
This, is not intended to limit claimed invention to the detailed description of the embodiment of the present invention provided in the accompanying drawings below
Range, but it is merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art are not doing
Every other embodiment obtained under the premise of creative work out, shall fall within the protection scope of the present invention.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.Meanwhile of the invention
In description, term " first ", " second " etc. are only used for distinguishing description, are not understood to indicate or imply relative importance.
Fig. 1 is please referred to, Fig. 1 shows the application scenarios signal of virtual machine traffic processing method provided in an embodiment of the present invention
Scheme, virtual machine 300 and virtual switch 400 are run on host 100, virtual machine 300 refers to passes through what software was simulated on host 100
Complete computer with complete hardware system function, virtual switch 400 refer to simulated by software, be able to achieve flow
The virtual network forwarding equipment of the switch functions such as forwarding, Port Mirroring.Host 100 is equipped with flow processing software in advance,
Flow to be forwarded is sent to the operating system nucleus protocol stack of host 100 by virtual machine 300 and virtual switch 400 first, main
The operating system nucleus protocol stack of machine 100 executes flow and redirects function that flow to be forwarded is redirected to flow processing is soft
Part, flow processing software return to the operating system nucleus protocol stack of host 100, host after handling flow to be forwarded
100 operating system nucleus protocol stack executes flow return function, and by flow processing software, treated that flow to be forwarded is back to
Virtual switch 400.
Referring to figure 2., Fig. 2 shows the block diagrams of host 100 provided in an embodiment of the present invention.Host 100 can be with
Be, but be not limited to PC (personal computer, PC), server etc..The operating system of host 100 can be,
But it is not limited to, Windows system, linux system etc..The host 100 includes memory 101, communication interface 102, processor
103 and bus 104, the memory 101, communication interface 102 and processor 103 are connected by bus 104, and processor 103 is used
The executable module stored in execution memory 101, such as computer program.
Wherein, memory 101 may include high-speed random access memory (RAM:Random Access Memory),
It may further include non-labile memory (non-volatile memory), for example, at least a magnetic disk storage.By extremely
A few communication interface 102 (can be wired or wireless) realize the host 100 and at least one other host 100 and
Communication connection between External memory equipment.
Bus 104 can be isa bus, pci bus or eisa bus etc..It is only indicated with a four-headed arrow in Fig. 2, but
It is not offered as only a bus or a type of bus.
Wherein, memory 101 is for storing program, such as virtual machine traffic processing unit 200 shown in Fig. 8.This is virtual
Machine flow processing unit 200 includes that at least one can be stored in the memory in the form of software or firmware (firmware)
In 101 or the software function mould that is solidificated in the operating system (operating system, OS) of the server host 100
Block.The processor 103 executes described program after receiving and executing instruction to realize void that the above embodiment of the present invention discloses
Quasi- machine flow processing method.
Processor 103 may be a kind of IC chip, the processing capacity with signal.It is above-mentioned during realization
Each step of method can be completed by the integrated logic circuit of the hardware in processor 103 or the instruction of software form.On
The processor 103 stated can be general processor, including central processing unit (Central Processing Unit, abbreviation
CPU), network processing unit (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (DSP), dedicated
Integrated circuit (ASIC), ready-made programmable gate array (FPGA) either other programmable logic device, discrete gate or transistor
Logical device, discrete hardware components.
First embodiment
Referring to figure 3., Fig. 4 and Fig. 5, Fig. 3 show 300 flow processing method stream of virtual machine provided in an embodiment of the present invention
Cheng Tu, Fig. 4 show out the first flow to be forwarded of virtual machine 300 flow to schematic diagram, Fig. 5 is shown into virtual machine 300
Second flow to be forwarded flows to schematic diagram.300 flow processing method of virtual machine the following steps are included:
Step S101, the operating system nucleus protocol stack of host receive the first flow to be forwarded that virtual machine is sent.
In embodiments of the present invention, the operating system nucleus protocol stack of host 100 realizes virtual machine 300 and virtual switch
Flow exchange between machine 400, can be forwarded to external equipment for the flow of virtual machine 300 by virtual switch 400, can also
The flow of external equipment is forwarded to virtual machine 300, wherein external equipment can be and the same host of the virtual machine 300
Other virtual machines 300 on 100, the virtual machine 300 or virtual switch for being also possible to hosts 100 different from the virtual machine 300
Machine 400 can also be the network forwarding equipments such as interchanger or router.First flow to be forwarded refers to be issued from virtual machine 300
Message, wherein the data that virtual machine 300 needs to be sent to external equipment are encapsulated in message.
Step S102, the flow that the operating system nucleus protocol stack of host executes test point redirect function for first wait turn
Hair flow is redirected to flow processing software.
In embodiments of the present invention, what test point referred to the operating system nucleus protocol stack of host 100 can register hook letter
Several registration point, wherein Hook Function is also referred to as HOOK function, can be in the registration point of registration Hook Function by Hook Function
The flow to be forwarded that handles in the operating system nucleus protocol stack of host 100 is temporarily intercepted, according to Hook Function by converting flow
It guides to specified entrance.In this step, it is virtual switch 400 in advance to the operation system of host 100 that flow, which redirects function,
Hook Function that kernel protocol stack of uniting is registered, for the first flow to be forwarded to be guided to the entrance to flow processing software.Stream
Amount processing software can with but to be not limited to the third party that antivirus software, traffic monitoring software etc. handle target flow soft
Part.
As an implementation, by taking the operating system of host 100 is Linux as an example, in (SuSE) Linux OS kernel
There are the frame Netfilter of an offer packet filtering, Netfilter to provide the administrative mechanism of a whole set of HOOK function, make
Obtaining packet filtering, network address translation and connection tracking based on protocol type etc. becomes possibility, and Netfilter is provided
5 HOOK points, are respectively as follows: PRE_ROUTING, LOCAL_IN, FORWARD, LOCAL_OUT, POST_ROUTING, for example,
Flow can be redirected function registration to host in advance by registration function nf_register_hook by virtual switch 400
The PRE_ROUTING registration point of 100 operating system nucleus protocol stack.When the operating system nucleus protocol stack of host 100 executes
When to PRE_ROUTING registration point, it can transfer to execute pre-registered flow and redirect function, be redirected by executing the flow
Function guides the first flow to be forwarded to the entrance of flow processing software, and virtual switch 400 can also pass through registration function
Nf_register_hook is in advance by the operating system nucleus protocol stack of flow redirection function registration to host 100
FORWARD perhaps POST_ROUTING registration point when the operating system nucleus protocol stack of host 100 go to FORWARD or
When POST_ROUTING registration point, it can transfer to execute pre-registered flow redirection function, be redirected by executing the flow
Function guides the first flow to be forwarded to the entrance of flow processing software.
The operating system nucleus protocol stack of step S103, host will be after the processing of flow processing software according to flow return function
The first flow to be forwarded be back to virtual switch.
In embodiments of the present invention, in this step, flow return function is flow processing software in advance to host 100
The registration of operating system nucleus protocol stack, by treated the first flow to be forwarded from the operating system nucleus agreement of host 100
Stack is back to the Hook Function of the entrance of virtual switch 400.
As an implementation, by taking the operating system of host 100 is Linux as an example, flow processing software can pass through
Flow return function is registered to the operating system nucleus protocol stack of host 100 by registration function nf_reinject in advance, works as flow
Processing software by treated after the first flow to be forwarded is sent to the operating system nucleus protocol stack of host 100, host 100
Operating system nucleus protocol stack can execute flow return function, and by treated, the first flow to be forwarded is back to virtual switch
400。
Fig. 6 is please referred to, step S103 further includes following sub-step:
Sub-step S1031, the operating system nucleus protocol stack of host receive flow processing software treated first wait turn
Send out flow.
Sub-step S1032, the operating system nucleus protocol stack of host execute flow return function will treated first to
Converting flow is back to virtual switch.
In embodiments of the present invention, due to the flow direction of flow be it is two-way, both can be sent to outside from virtual machine 300 and set
It is standby, virtual machine 300 can also be sent to from external equipment, step S101-S103 realizes first for the flow for going out virtual machine 300
It is handled using flow processing software, treated flow by virtual switch 400 is then sent to external equipment again,
The flow for entering virtual machine 300 can also be handled first using flow processing software in order to realize, then pass through void again
Quasi- interchanger 400 is sent to virtual machine 300, and therefore, the embodiment of the invention also includes step S104-S106.
Step S104, the operating system nucleus protocol stack of host receive the second flow to be forwarded that virtual switch is sent.
In embodiments of the present invention, the second flow to be forwarded refers to the message issued from virtual switch 400, wherein message
It is that external equipment is sent to virtual switch 400 and needs to be forwarded to the data of virtual machine 300 by virtual switch 400.
Step S105, the flow that the operating system nucleus protocol stack of host executes test point redirect function for second wait turn
Hair flow is redirected to flow processing software.
In embodiments of the present invention, in this step, it is virtual switch 400 in advance to host that flow, which redirects function,
100 operating system nucleus protocol stack registration, for guiding the second flow to be forwarded to the entrance of flow processing software
Hook Function.
As an implementation, by taking the operating system of host 100 is Linux as an example, for example, virtual switch 400 can
Flow to be redirected to the operating system nucleus of function registration to host 100 in advance by registration function nf_register_hook
POST_ROUTING the or Forward registration point of protocol stack.When the operating system nucleus protocol stack of host 100 goes to POST_
When ROUTING or Forward registration point, it can transfer to execute pre-registered flow redirection function, by executing the flow weight
Orientation function guides the second flow to be forwarded to the entrance of flow processing software.
The operating system nucleus protocol stack of step S106, host will be after the processing of flow processing software according to flow return function
The second flow to be forwarded be back to virtual switch.
In embodiments of the present invention, in this step, flow return function is flow processing software in advance to host 100
The registration of operating system nucleus protocol stack, execute the flow return function can will treated the second flow to be forwarded from host
100 operating system nucleus protocol stack is back to virtual switch 400 and continues with.
As an implementation, by taking the operating system of host 100 is Linux as an example, flow processing software can pass through
Flow return function is registered to the operating system nucleus protocol stack of host 100 by registration function nf_reinject in advance, works as flow
Processing software by treated after the second flow to be forwarded is sent to the operating system nucleus protocol stack of host 100, host 100
Operating system nucleus protocol stack can execute flow return function, and by treated, the second flow to be forwarded is back to virtual switch
400。
Fig. 7 is please referred to, step S106 further includes following sub-step:
Sub-step S1061, the operating system nucleus protocol stack of host receive flow processing software treated second wait turn
Send out flow.
Sub-step S1062, the operating system nucleus protocol stack of host execute flow return function will treated second to
Converting flow is back to virtual switch.
It should be noted that redirecting holding for function due to increasing flow in the operating system nucleus protocol stack of host 100
The row time affects the treatment effeciency of the operating system nucleus protocol stack of host 100 to a certain extent, in order to facilitate user according to
Practical application scene performs corresponding processing, and in the embodiment of the present invention, user can be configured by the operating system in host 100
HOOK is arranged in file to switch to control whether that virtual switch 400 is allowed to register HOOK function, and then decides whether data
Flow processing software is sent to be handled.
In embodiments of the present invention, it by realizing the interaction between virtual switch 400 and flow processing software, enters and leaves empty
The flow to be forwarded of quasi- machine 300 is when by virtual switch 400, by advance to the operating system nucleus agreement of host 100
The flow of stack registration redirects function and enters to flow processing software, so that flow processing software is treated at converting flow
It is returned again to after reason to virtual switch 400 and is had the advantages that compared with prior art
First, flow processing software does not need to be mounted on each virtual machine 300, it is only necessary to be directly installed on virtual machine
On host 100 where 300, the workload of installation flow processing software is considerably reduced, improves installation effectiveness and reliable
Property.
Second, to by virtual switch 400 enter and leave virtual machine 300 flow can guide to flow processing software into
Row processing realizes the two-way control that virtual machine 300 passes in and out flow, increases the control power of disengaging flow especially sensitive flow
Degree.
Third, user can be controlled whether by the way that HOOK switch is arranged in the operating system configuration file of host 100
Allow virtual switch 400 to register HOOK function, and then decide whether that data are sent to flow processing software to be handled, improves
Support the flexibility of plurality of application scenes.
Second embodiment
Fig. 8 is please referred to, Fig. 8 shows the box signal of virtual machine traffic processing unit 200 provided in an embodiment of the present invention
Figure.Virtual machine traffic processing unit 200 is applied to host 100, and virtual machine traffic processing unit 200 operates in host 100
Functional module in operating system nucleus protocol stack comprising the first receiving module 201;First execution module 202;First returns
Module 203;Second receiving module 204;Second execution module 205;Second return module 206.
First receiving module 201, for receiving the first flow to be forwarded of virtual machine transmission.
In embodiments of the present invention, the first receiving module 201 is for executing step S101.
First execution module 202, the flow for executing test point redirect function and redirect the first flow to be forwarded
To flow processing software.
In embodiments of the present invention, the first execution module 202 is for executing step S102.
First return module 203, for that treated to be first to be forwarded by flow processing software according to flow return function
Flow is back to virtual switch.
In embodiments of the present invention, the first return module 203 is for executing step S103.
In embodiments of the present invention, the first return module 203 is specifically used for:
Receive flow processing software treated the first flow to be forwarded;
Executing flow return function, the first flow to be forwarded is back to virtual switch by treated.
Second receiving module 204, for receiving the second flow to be forwarded of virtual switch transmission.
In embodiments of the present invention, the second receiving module 204 is for executing step S104.
Second execution module 205, the flow for executing test point redirect function and redirect the second flow to be forwarded
To flow processing software.
In embodiments of the present invention, the second execution module 205 is for executing step S105.
Second return module 206, for that treated to be second to be forwarded by flow processing software according to flow return function
Flow is back to virtual switch.
In embodiments of the present invention, the second return module 206 is for executing step S106.
In embodiments of the present invention, the second return module 206 is specifically also used to:
Receive flow processing software treated the second flow to be forwarded;
Executing flow return function, the second flow to be forwarded is back to virtual switch by treated.
In conclusion a kind of virtual machine traffic processing method, device and host provided by the invention, virtual machine traffic processing
Method is applied to host, runs virtual machine and virtual switch on host, virtual switch is in advance into the operating system of host
The test point of core protocol stack registers with flow and redirects function, and host is equipped with flow processing software, flow processing software in advance
Flow return function is registered with to the operating system nucleus protocol stack of host in advance, which comprises the operating system of host
Kernel protocol stack receives the first flow to be forwarded that virtual machine is sent;The operating system nucleus protocol stack of host executes test point
Flow redirects function and the first flow to be forwarded is redirected to flow processing software;The operating system nucleus protocol stack of host according to
According to flow return function, by flow processing software, treated that the first flow to be forwarded is back to virtual switch.With the prior art
It compares, the present invention allows flow processing software straight by realizing the interaction between virtual switch and flow processing software
It connects on the host where being mounted on virtual machine, considerably reduces the workload of installation flow processing software, improve installation effect
Rate and reliability.
In several embodiments provided herein, it should be understood that disclosed device and method can also pass through
Other modes are realized.The apparatus embodiments described above are merely exemplary, for example, flow chart and block diagram in attached drawing
Show the device of multiple embodiments according to the present invention, the architectural framework in the cards of method and computer program product,
Function and operation.In this regard, each box in flowchart or block diagram can represent the one of a module, section or code
Part, a part of the module, section or code, which includes that one or more is for implementing the specified logical function, to be held
Row instruction.It should also be noted that function marked in the box can also be to be different from some implementations as replacement
The sequence marked in attached drawing occurs.For example, two continuous boxes can actually be basically executed in parallel, they are sometimes
It can execute in the opposite order, this depends on the function involved.It is also noted that every in block diagram and or flow chart
The combination of box in a box and block diagram and or flow chart can use the dedicated base for executing defined function or movement
It realizes, or can realize using a combination of dedicated hardware and computer instructions in the system of hardware.
In addition, each functional module in each embodiment of the present invention can integrate one independent portion of formation together
Point, it is also possible to modules individualism, an independent part can also be integrated to form with two or more modules.
It, can be with if the function is realized and when sold or used as an independent product in the form of software function module
It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.It needs
Illustrate, herein, relational terms such as first and second and the like be used merely to by an entity or operation with
Another entity or operation distinguish, and without necessarily requiring or implying between these entities or operation, there are any this realities
The relationship or sequence on border.Moreover, the terms "include", "comprise" or its any other variant are intended to the packet of nonexcludability
Contain, so that the process, method, article or equipment for including a series of elements not only includes those elements, but also including
Other elements that are not explicitly listed, or further include for elements inherent to such a process, method, article, or device.
In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including the element
Process, method, article or equipment in there is also other identical elements.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.It should also be noted that similar label and letter exist
Similar terms are indicated in following attached drawing, therefore, once being defined in a certain Xiang Yi attached drawing, are then not required in subsequent attached drawing
It is further defined and explained.
Claims (10)
1. a kind of virtual machine traffic processing method is applied to host, virtual machine and virtual switch are run on the host, it is special
Sign is that the virtual switch registers with flow to the test point of the operating system nucleus protocol stack of the host in advance and resets
To function, the host is equipped with flow processing software in advance, and the flow processing software is in advance to the operation system of the host
System kernel protocol stack registers with flow return function, which comprises
The operating system nucleus protocol stack of the host receives the first flow to be forwarded that the virtual machine is sent;
The flow that the operating system nucleus protocol stack of the host executes the test point redirects function for described first wait turn
Hair flow is redirected to the flow processing software;
The operating system nucleus protocol stack of the host will be after flow processing software processing according to the flow return function
The first flow to be forwarded be back to the virtual switch.
2. virtual machine traffic processing method as described in claim 1, which is characterized in that the operating system nucleus of the host is assisted
Discussing stack, by the flow processing software, treated that the first flow to be forwarded is back to the void according to the flow return function
The step of quasi- interchanger, comprising:
The operating system nucleus protocol stack of the host receives the flow processing software treated first stream to be forwarded
Amount;
The operating system nucleus protocol stack of the host executes the flow return function will treated the first flow to be forwarded
It is back to the virtual switch.
3. virtual machine traffic processing method as described in claim 1, which is characterized in that the method also includes:
The operating system nucleus protocol stack of the host receives the second flow to be forwarded that the virtual switch is sent;
The flow that the operating system nucleus protocol stack of the host executes the test point redirects function for described second wait turn
Hair flow is redirected to the flow processing software;
The operating system nucleus protocol stack of the host will be after flow processing software processing according to the flow return function
The second flow to be forwarded be back to the virtual switch.
4. virtual machine traffic processing method as claimed in claim 3, which is characterized in that the operating system nucleus of the host is assisted
Discussing stack, by the flow processing software, treated that the second flow to be forwarded is back to the void according to the flow return function
The step of quasi- interchanger, comprising:
The operating system nucleus protocol stack of the host receives the flow processing software treated second stream to be forwarded
Amount;
The operating system nucleus protocol stack of the host executes the flow return function will treated the second flow to be forwarded
It is back to the virtual switch.
5. virtual machine traffic processing method as described in claim 1, which is characterized in that the flow redirects function and flow
Return function is Hook Function.
6. a kind of virtual machine traffic processing unit, which is characterized in that be applied to host, virtual machine and virtual is run on the host
Interchanger, which is characterized in that the virtual switch is infused to the test point of the operating system nucleus protocol stack of the host in advance
Volume has flow to redirect function, and the host is equipped with flow processing software in advance, and the flow processing software is in advance to described
The operating system nucleus protocol stack of host registers with flow return function, and described device includes:
First receiving module, the first flow to be forwarded sent for receiving the virtual machine;
First execution module, the flow for executing the test point redirect function and redirect the described first flow to be forwarded
To the flow processing software;
First return module, for that treated to be first to be forwarded by the flow processing software according to the flow return function
Flow is back to the virtual switch.
7. virtual machine traffic processing unit as claimed in claim 6, which is characterized in that first return module is specifically used
In:
Receive the flow processing software treated first flow to be forwarded;
Executing the flow return function, the first flow to be forwarded is back to the virtual switch by treated.
8. virtual machine traffic processing unit as claimed in claim 6, which is characterized in that described device further include:
Second receiving module, the second flow to be forwarded sent for receiving the virtual switch;
Second execution module, the flow for executing the test point redirect function and redirect the described second flow to be forwarded
To the flow processing software;
Second return module, for that treated to be second to be forwarded by the flow processing software according to the flow return function
Flow is back to the virtual switch.
9. virtual machine traffic processing unit as claimed in claim 8, second return module is specifically used for:
Receive the flow processing software treated second flow to be forwarded;
Executing the flow return function, the second flow to be forwarded is back to the virtual switch by treated.
10. a kind of host, virtual machine and virtual switch are run on the host, which is characterized in that the virtual switch is pre-
Flow first is registered with to the test point of the operating system nucleus protocol stack of the host and redirects function, and the host is installed in advance
There is flow processing software, the flow processing software registers with flow to the operating system nucleus protocol stack of the host in advance and returns
Letter in reply number, the host include:
One or more processors;
Memory, for storing one or more programs, when one or more of programs are by one or more of processors
When execution, so that one or more of processors realize method according to any one of claims 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810758121.0A CN109088827B (en) | 2018-07-11 | 2018-07-11 | Virtual machine flow processing method and device and host |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810758121.0A CN109088827B (en) | 2018-07-11 | 2018-07-11 | Virtual machine flow processing method and device and host |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109088827A true CN109088827A (en) | 2018-12-25 |
CN109088827B CN109088827B (en) | 2019-12-13 |
Family
ID=64837442
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810758121.0A Active CN109088827B (en) | 2018-07-11 | 2018-07-11 | Virtual machine flow processing method and device and host |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109088827B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111580936A (en) * | 2020-05-19 | 2020-08-25 | 山东超越数控电子股份有限公司 | Virtualized data processing method and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973578A (en) * | 2013-01-31 | 2014-08-06 | 杭州华三通信技术有限公司 | Virtual machine traffic redirection method and device |
CN104917653A (en) * | 2015-06-26 | 2015-09-16 | 北京奇虎科技有限公司 | Virtual flow monitoring method based on cloud platform and device thereof |
CN106411863A (en) * | 2016-09-14 | 2017-02-15 | 南京安贤信息科技有限公司 | Virtualization platform for processing network traffic of virtual switches in real time |
WO2017155545A1 (en) * | 2016-03-11 | 2017-09-14 | Tektronix Texas, Llc. | Timestamping data received by monitoring system in nfv |
CN107645472A (en) * | 2016-07-21 | 2018-01-30 | 由国峰 | A kind of virtual machine traffic detecting system based on OpenFlow |
US9893977B2 (en) * | 2012-03-26 | 2018-02-13 | Oracle International Corporation | System and method for supporting live migration of virtual machines in a virtualization environment |
-
2018
- 2018-07-11 CN CN201810758121.0A patent/CN109088827B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9893977B2 (en) * | 2012-03-26 | 2018-02-13 | Oracle International Corporation | System and method for supporting live migration of virtual machines in a virtualization environment |
CN103973578A (en) * | 2013-01-31 | 2014-08-06 | 杭州华三通信技术有限公司 | Virtual machine traffic redirection method and device |
CN104917653A (en) * | 2015-06-26 | 2015-09-16 | 北京奇虎科技有限公司 | Virtual flow monitoring method based on cloud platform and device thereof |
WO2017155545A1 (en) * | 2016-03-11 | 2017-09-14 | Tektronix Texas, Llc. | Timestamping data received by monitoring system in nfv |
CN107645472A (en) * | 2016-07-21 | 2018-01-30 | 由国峰 | A kind of virtual machine traffic detecting system based on OpenFlow |
CN106411863A (en) * | 2016-09-14 | 2017-02-15 | 南京安贤信息科技有限公司 | Virtualization platform for processing network traffic of virtual switches in real time |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111580936A (en) * | 2020-05-19 | 2020-08-25 | 山东超越数控电子股份有限公司 | Virtualized data processing method and system |
CN111580936B (en) * | 2020-05-19 | 2024-02-09 | 超越科技股份有限公司 | Virtualized data processing method and system |
Also Published As
Publication number | Publication date |
---|---|
CN109088827B (en) | 2019-12-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10374952B2 (en) | Method for increasing layer-3 longest prefix match scale | |
US10044616B2 (en) | Co-existence of routable and non-routable RDMA solutions on the same network interface | |
US9678912B2 (en) | Pass-through converged network adaptor (CNA) using existing ethernet switching device | |
US9509616B1 (en) | Congestion sensitive path-balancing | |
CN101304389B (en) | Method, apparatus and system for processing packet | |
KR20150030738A (en) | Systems and methods for input/output virtualization | |
US20140075243A1 (en) | Tunnel health check mechanism in overlay network | |
WO2016159813A1 (en) | Network address sharing in a multitenant, monolithic application environment | |
US11334503B2 (en) | Handling an input/output store instruction | |
US9832040B2 (en) | Redirecting virtual machine traffic | |
EP3028417A1 (en) | Data packet processing | |
US9654421B2 (en) | Providing real-time interrupts over ethernet | |
CN109120454B (en) | QoS flow rate limiting system and method | |
CN108984327B (en) | Message forwarding method, multi-core CPU and network equipment | |
CN109088827A (en) | virtual machine traffic processing method, device and host | |
US20180375954A1 (en) | Mobile device identification | |
US9503278B2 (en) | Reflective relay processing on logical ports for channelized links in edge virtual bridging systems | |
US9904654B2 (en) | Providing I2C bus over ethernet | |
CN109213566B (en) | Virtual machine migration method, device and equipment | |
US9374308B2 (en) | Openflow switch mode transition processing | |
US10284501B2 (en) | Technologies for multi-core wireless network data transmission | |
US20200304598A1 (en) | Instruction initialization in a dataflow architecture | |
US20110107066A1 (en) | Cascaded accelerator functions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |