CN114124813B - Method for realizing l3-agent based on flow table in openstack - Google Patents

Method for realizing l3-agent based on flow table in openstack Download PDF

Info

Publication number
CN114124813B
CN114124813B CN202111391756.XA CN202111391756A CN114124813B CN 114124813 B CN114124813 B CN 114124813B CN 202111391756 A CN202111391756 A CN 202111391756A CN 114124813 B CN114124813 B CN 114124813B
Authority
CN
China
Prior art keywords
fip
message
router
network
flow table
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111391756.XA
Other languages
Chinese (zh)
Other versions
CN114124813A (en
Inventor
陈玉林
高传集
谢涛涛
宋伟
杨燚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Cloud Information Technology Co Ltd
Original Assignee
Inspur Cloud Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Cloud Information Technology Co Ltd filed Critical Inspur Cloud Information Technology Co Ltd
Priority to CN202111391756.XA priority Critical patent/CN114124813B/en
Publication of CN114124813A publication Critical patent/CN114124813A/en
Application granted granted Critical
Publication of CN114124813B publication Critical patent/CN114124813B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/742Route cache; Operation thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24552Database cache management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a method for realizing l3-agent based on a flow table in openstack, which belongs to the technical field of cloud computing, and comprises the following steps of 1) realizing gateway arp proxy by using the flow table; 2) Using a flow table to realize gateway ICMPv4 for answering; 3) Three layers of routes among virtual machines are realized by using a flow table; 4) Using a flow table controller to realize FIP triggering of a remote-end arp request; 5) Realizing FIP function by using a flow table; 6) The FIP port forwarding function is realized by using a flow table; 7) A local updating content caching mechanism; 8) The function switch is realized through configuration. The network performance problem in a large-scale cloud environment can be solved.

Description

Method for realizing l3-agent based on flow table in openstack
Technical Field
The invention relates to the technical field of cloud computing, in particular to a method for realizing an l3-agent based on a flow table in openstack.
Background
In the current openstack l3-agent implementation, a large number of techniques such as linux network namespaces, linux bridges, iptables, tap/turn/veth interfaces are used, and in the scenario of using distributed routing, related network devices and network namespaces are created on network nodes and computing nodes after a router creation command is executed to realize functions such as routing forwarding.
The full flow table scheme is a relatively popular technology, such as OVN, OVN is easy to integrate with CMS (Cloud Management System), for various network functions of openstack, only the interface of OVN is actually required to be called, various agents can be omitted, and the message queue is not seriously depended, but from the practical use point of view, there are many problems, such as OVN functions are not supported by a low version, bottleneck problems exist in database nodes, the OVS environment is moved to OVN environment, much extra work is needed for network problem tracing is more complex, and more steps are introduced for updating and upgrading the version of the environment.
Disclosure of Invention
In order to solve the technical problems, the invention provides the l3-agent realization method based on the flow table in the openstack, which can solve the network performance problem in a large-scale cloud environment due to the reduction of the processing times of virtual network equipment in message processing, and is more suitable for the deployed OVS environment because the specific realization of the agent end is only changed, the change is small, and the whole architecture does not need to be adjusted compared with the schemes of OVN and the like.
The technical scheme of the invention is as follows:
a method for realizing l3-agent based on a flow table in an openstack comprises the following steps:
1) Gateway arp proxy using flow table
2) Implementing gateway ICMPv4 proxy using flow tables
3) Three-layer route between virtual machines using flow table
4) Implementing FIP triggered remote arp request using a flow table controller
5) Implementing FIP functions using flow tables
6) Implementing FIP port forwarding functions using flow tables
7) Local update content caching mechanism
8) The function switch is realized through configuration.
Further, the method comprises the steps of,
the method specifically comprises the following steps:
(1) When a server adds a network to a router, sending a message to a agent through a message queue to trigger the router gateway to create;
(2) When a server adds a network to a router, a message is sent to a agent through a message queue to trigger the router gateway to create;
(3) When a server adds a network to a router, a message is sent to a agent through a message queue to trigger the router gateway to create;
(4) When the server end binds FIP to the port, a message is sent to the agent end through a message queue, and the agent end realizes the FIP/FIP port forwarding function in a full flow table mode;
(5) No other virtual network devices are used;
(6) Introducing an update content caching mechanism to cache update information to a local area, and solving the access bottleneck problem of a control layer database;
(7) And a configuration switch is introduced to realize the smooth switching and migration of the original scheme and the existing scheme.
Still further, the method comprises the steps of,
gateway arp proxy
When the server end successfully creates a router and adds a network to the router, the server end sends a message that the network is already added to the router to the agent end through a message queue, and the agent end processes the message, namely a gateway corresponding to the network is created; in the original implementation, an entity gateway, namely an interface in a qrouter network naming space, can respond to an arp request; in the existing flow table implementation, because no entity gateway exists, the virtual machine is required to respond to the arp directly in the processing process of the local (computing node) flow table after sending the arp request.
Still further, the method comprises the steps of,
gateway ICMP (ICMP) proxy
When the server end successfully creates a router and adds a network to the router, the server end sends a message that the network is already added to the router to the agent end through a message queue, and the agent end processes the message, namely a gateway corresponding to the network is created; in the original implementation, the ICMP request can be directly responded due to the existence of the entity gateway, namely an interface in the name space of the qrouter network; in the existing flow table implementation, no entity gateway exists, so that the virtual machine is required to respond to ICMP directly in the local (computing node) flow table processing process after sending an ICMP request.
Still further, the method comprises the steps of,
three-layer routing between virtual machines using a flow table, including
1) Processing ip messages
2) And processing the lookup.
Still further, the method comprises the steps of,
implementation of FIP triggering far-end arp request
After receiving the request of port binding fip, the server sends a message through a message queue after the processing is completed, and after the agent receives the port binding fip message, the implementation of specific actions of binding fip is required to be completed;
when the virtual machine with fip accesses the external network, address conversion is performed, the source ip of the message is replaced by fip, and then the external network is accessed through fip; the arp request is triggered by the controller.
Still further, the method comprises the steps of,
implementing FIP functions using flow tables
After receiving the request of port binding fip, the server sends a message through a message queue after the processing is completed, and after the agent receives the port binding fip message, the implementation of specific actions of binding fip is required to be completed;
implementing a network address conversion function by using a flow table mode;
processing is performed by using a connrack module and nat, the outgoing direction converts the source ip address into FIP, and the opposite direction converts the FIP into source virtual machine ip.
Implementing FIP port forwarding functions using flow tables
After receiving a request of a specified port of port binding fip, the server sends a message through a message queue;
implementing a network address conversion function by using a flow table mode;
in the outgoing direction, if the port is the port specified by the port, ip is converted into fip, and the port is converted into the port specified by the binding fip, so as to form a mapping relation from the port to the fip port.
Still further, the method comprises the steps of,
local content update caching mechanism
The Agent end maintains all information of the router in the form of a file; when the Agent end performs synchronization, the Agent end only needs to acquire the router update time through the RPC, compares the router update time with the update time in the local file, and if the update time is inconsistent with the update time, pulls the latest change information of the router from the server, updates the local file, clears the router change information maintained by the server end, and then the Agent end executes change operation according to the router change information.
By introducing configuration, the full-flow surfacing function is freely opened and closed.
And (3) the information transmission between the server and the agent is realized by using the message queues in the steps (1) and (2), the agent uses the flow table to realize gateway arp response/icmp response, no entity gateway exists, and the processing of the arp message/icmp message is more efficient than the original realization mode.
And in the step (3), the information transmission between the server and the agent is realized by using a message queue mode, the agent end uses a flow table to realize route forwarding, and the method does not depend on a linux network naming space, a linux network virtual device and the like, so that the performance loss of processing messages is low.
And (3) in the step (4), information is transferred in a message queue mode, a agent end uses a flow table to realize FIP and FIP port forwarding functions, an sdn controller is introduced to trigger an remote-end initiation of an arp request, a remote-end mac address is cached by using a learning flow table, and normal communication in the north-south direction is ensured.
In the step (5), the l3-agent end is not processed by other virtual network equipment any more, so that the performance loss is reduced, and the method is suitable for a large-scale/high-performance forwarding scene.
In the step (6), by adding the cache layer, frequent access of the agent to the control plane database is effectively reduced, and the overall access performance of the platform control plane is improved.
In the step (7), the newly added functions are turned on and off in a switch configuration mode, so that the functions of the deployment environment can be switched and migrated conveniently.
The invention has the beneficial effects that
The full-flow tabulation mode is used for realizing the function of the l3-agent, and compared with the prior technical proposal of using the linux network naming space, tap/tun/veth equipment, iptables and the like:
1) The processing flow is simplified, and multiple virtual network equipment processing steps are not involved.
2) Re-implementing the function of the l3-agent route processing portion
3) A pure flow table scheme is used, and the technical stack is simplified
4) Performance loss is avoided, and network message processing performance is improved
5) Is suitable for high-performance forwarding scenes such as ovs +dpdk and the like
6) Introducing a local updating content caching mechanism, and greatly relieving the pressure of a control node for accessing a database
7) The method is suitable for the deployed server+agent environment, the overall architecture is unchanged, and the change is minimized
8) The original implementation and the existing implementation can be easily processed in a configuration mode, and the environment migration and testing are facilitated.
Drawings
FIG. 1 is a schematic diagram of the overall architecture of the present invention;
FIG. 2 is a schematic diagram of virtual gateway arp response;
FIG. 3 is a schematic diagram of a virtual gateway icmp response;
FIG. 4 is a virtual gateway routing schematic;
fig. 5 is a flow table fip implementation schematic.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments, and all other embodiments obtained by those skilled in the art without making any inventive effort based on the embodiments of the present invention are within the scope of protection of the present invention.
The original l3-agent implementation scheme of openstack is low in actual performance due to the fact that a large number of technologies such as a linux bridge, a linux network naming space and a linux network device are used, and network forwarding processing requirements in a high-performance scene cannot be met due to the fact that a plurality of virtual network devices are used in message processing.
The invention realizes a method for realizing the l3-agent by using the flow table in the cloud computing environment. The following functions are implemented using a flow table:
1. gateway arp proxy using flow table
2. Implementation of gateways ICMPv4 and ICMPv6 for answering using flow tables
3. Three-layer route between virtual machines using flow table
4. Implementing FIP triggered remote arp request using a flow table controller
5. Implementing FIP functions using flow tables
6. Implementing FIP port forwarding functions using flow tables
7. Local update content caching mechanism
8. Function switch realized by configuration
The specific implementation method is as follows
(1) Gateway arp proxy
When the server end successfully creates the router and adds the network to the router, the server end sends a message that the network has been added to the router to the agent end through the message queue, and the agent end processes the message, namely creates a gateway of the corresponding network. In the original implementation, the existing entity gateway, namely an interface in the name space of the qrouter network, can respond to the arp request. In the existing flow table implementation, because no entity gateway exists, the virtual machine is required to respond to the arp directly in the processing process of the local (computing node) flow table after sending the arp request. Because the arp response message is simpler, the method can be directly implemented by using a flow table, and the participation of a controller is not needed.
Message matching:
a. message type of the arp message
b. Network matching vlan tag identity
c.arp target Address: gateway
The type of the arp-request
Processing behavior:
map message Source mac Address- > map message destination mac Address
An arp message source ip address- > an arp message destination ip address
c. Setting the source mac address of the arp message as the gateway mac address
d. Setting ip address of an arp message as the ip address of a gateway
e. Ethernet Source mac Address- > Ethernet target mac Address
f. Setting the Ethernet source mac address as the gateway mac address
g. Output to IN_PORT PORT
(2) Gateway ICMP (ICMP) proxy
When the server end successfully creates the router and adds the network to the router, the server end sends a message that the network has been added to the router to the agent end through the message queue, and the agent end processes the message, namely creates a gateway of the corresponding network. In the original implementation, the ICMP request can be directly responded due to the existence of the entity gateway, namely the interface in the name space of the qrouter network. In the existing flow table implementation, no entity gateway exists, so that the virtual machine is required to respond to ICMP directly in the local (computing node) flow table processing process after sending an ICMP request. The ICMP message is more complex than the arp message, contains multiple request/response types and corresponds to different purposes. Here, only a simple echo reply (type=0, code=0) function to an echo request (type=8, code=0) needs to be implemented, and the echo reply can be implemented without a controller:
message matching:
a. message type icmp
b. Network matching vlan tag identity
c. Network destination address gateway ip
ICMP type 0x8
ICMP code 0
Processing behavior:
a. ethernet destination Address- > temporary register 0
b. Ethernet Source Address- > Ethernet destination Address
c. Message target ip address- > temporary register 1
d. Message Source ip Address- > message target ip Address
e. Zero time register 0- > ethernet source address
f. Temporary register 1- > message Source ip Address
ICMP type set to 0
The ICMP code is set to 0
i. Output to IN_PORT PORT
(3) Three-layer routing implementation
1. Processing ip messages
2. Processing alookup
Processing ip request (ingress direction):
message matching:
a. target ip Address local virtual machine ip Address
b. Network matching vlan tag identity
Processing behavior:
a. the target address is set as the virtual machine mac address
b. Care of ingress table processing (drop or output to corresponding port after firewall rule processing)
Processing ip request (egress direction):
message matching:
a. message type ip message
b. Target mac address gateway mac address
c. Network matching vlan tag identity
Processing behavior:
a. the source address is set as gateway mac address
TTL minus one
c. Message-to-lookup table processing
The method has the advantages that when the target mac address of the ip message is gateway mac and vlan tag is matched with the router function, the source address of the message is changed into gateway mac. Slightly different, the map mapping table does not exist in the flow table scheme, then the target ip address is required to be matched in a flow table mode, the target mac address is changed, and the output is directly carried out to the corresponding port.
Look up table:
message matching:
a. message type ip message
b. Target ip Address: local virtual machine ip
c. Network matching vlan tag identity
Processing behavior:
a. the target mac address is set as the local virtual machine mac address
b. Turning to the processing of the ingress table (drop or output to the corresponding port after firewall rule processing), namely adding a flow table when creating a new virtual machine, and forwarding a message to the corresponding port when finding that a matched destination address and vlan tag exist when the virtual machine is on.
(4) Implementation of FIP triggering far-end arp request
When the server receives the request of port binding fip, it sends the message through the message queue after the processing is completed, and after the agent receives the port binding fip message, it needs to complete the implementation of the specific action of binding fip.
When a virtual machine with fip accesses the external network, address translation is performed, the source ip of the message is replaced with fip, and then the external network is accessed via fip. fip does not know the mac address of the remote end when accessing the external network, but the stream table implementation does not actively initiate an arp request, and therefore requires triggering of the arp request by the controller.
Message matching:
a. message type ip
b. Source ip address fip
c. Network matching vlan tag identity
d. Target mac address-Special reserved mac address (used to identify unknown destination mac address)
Processing behavior:
a. and (5) processing by a controller. Controller parameters vlan tag fip, external gateway address
The controller processes:
a. acquiring source ip address and target mac address of request
b. Acquiring source mac address of request
c. Obtaining vlan tag fip and external gateway address information
d. Constructing an arp packet, wherein a source mac address is a source mac address of a message, and a target mac address is a broadcast address: ff: ff: ff: ff: ff, the arp packet opcode is 1 (arp request)
e. Sending an arp request
mac table learning implementation:
the above step, in which an arp request is sent, normally receives an arp response. A learning rule is created for caching mac information.
Message matching:
a. message type of the arp message
Arp message source ip Address: external gateway ip
Arp opcode: 2 (arp response)
Processing behavior:
a learn rule is created. The following are provided:
matching ip message with target mac address as special reserved address
Setting the message target mac address as the external gateway mac address and setting the overtime time of the learning table.
The method has the advantages that when the virtual machine of the tape fip accesses the external network, the first message triggers the controller to send an arp request, and after the external gateway responds to the arp, the first message triggers the creation of a learning table and sets the target mac address of the message as the correct target mac address.
(5) Implementing FIP functions using flow tables
When the server receives the request of port binding fip, it sends the message through the message queue after the processing is completed, and after the agent receives the port binding fip message, it needs to complete the implementation of the specific action of binding fip.
The FIP function is implemented essentially by implementing the network address translation function using a flow table.
Message matching:
a. message type ip message
b. Source ip address: virtual machine ip
Processing behavior:
processing is performed by using a connrack module and nat, the outgoing direction converts the source ip address into FIP, and the opposite direction converts the FIP into source virtual machine ip.
(6) Implementing FIP port forwarding functions using flow tables
The process is similar (5) except that ports for network address translation are restricted.
(7) Local content update caching mechanism
The latest change information of the router is maintained in the memory of the Server (data synchronization is maintained among a plurality of servers), and the latest change information comprises the latest update time. The Agent end maintains all information of the router in the form of a file. When the Agent end performs synchronization, the Agent end only needs to acquire the router update time through the RPC, compares the router update time with the update time in the local file, and if the update time is inconsistent with the update time, pulls the latest change information of the router from the server, updates the local file, clears the router change information maintained by the server end, and then the Agent end executes change operation according to the router change information. The step of regularly pulling the router information from the server database is not needed in the whole process, so that the pressure of the control node database is relieved. In addition, as the local end maintains all information of the router in the form of a file, after the l3-agent is restarted, the server end database is not required to be accessed in a large amount to acquire the information of the router, and the reconstruction and the update of the router can be realized.
(8) Realizing the switch function by configuration
By introducing configuration, the full-flow surfacing function is freely opened and closed, and the environment migration, incremental change and management are more convenient.
As shown in the figure:
and 1, calling the Open vSwitch by the L3-agent, and realizing the L3 network function by issuing a flow table.
The gateway device created by open vSwitch is virtual in nature.
3. The virtual machines can communicate with each other through a virtual gateway.
4. The virtual machine with floating ip implements DNAT functionality at the compute node by the virtual gateway.
5. The virtual machine outgoing network without floating ip is forwarded to the network node through the virtual gateway of the computing node, and is outgoing network through the virtual snat gateway of the gateway node.
6. And for performance consideration, a local cache layer is added on the computing node, and the updated information of the L3 is stored in a cache, so that the synchronization efficiency is improved.
The foregoing description is only illustrative of the preferred embodiments of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims (3)

1. A method for realizing l3-agent based on a flow table in an openstack is characterized in that,
comprising the following steps:
1) Gateway arp proxy using flow table
When a server adds a network to a router, sending a message to a agent through a message queue to trigger the router gateway to create;
2) Implementing gateway ICMPv4 proxy using flow tables
When a server adds a network to a router, a message is sent to a agent through a message queue to trigger the router gateway to create;
3) Three-layer route between virtual machines using flow table
Included
3.1 Processing the ip message;
3.2 Processing the logo;
when a server adds a network to a router, a message is sent to a agent through a message queue to trigger the router gateway to create;
4) Implementing FIP triggered remote arp request using a flow table controller
After receiving the request of port binding fip, the server sends a message through a message queue after the processing is completed, and after the agent receives the port binding fip message, the implementation of specific actions of binding fip is required to be completed;
when the virtual machine with fip accesses the external network, address conversion is performed, the source ip of the message is replaced by fip, and then the external network is accessed through fip; triggering an arp request by a controller;
5) Implementing FIP functions using flow tables
After receiving the request of port binding fip, the server sends a message through a message queue after the processing is completed, and after the agent receives the port binding fip message, the implementation of specific actions of binding fip is required to be completed;
implementing a network address conversion function by using a flow table mode;
processing by using a connrack module and nat, converting the source ip address into FIP in the outgoing direction, and converting the FIP into a source virtual machine ip in the opposite direction;
6) Implementing FIP port forwarding functions using flow tables
When the server end binds FIP to the port, a message is sent to the agent end through a message queue, and the agent end realizes the FIP/FIP port forwarding function in a full flow table mode;
7) No other virtual network devices are used;
8) Local update content caching mechanism
Introducing an update content caching mechanism to cache update information to a local area, and solving the access bottleneck problem of a control layer database;
9) Realizing a function switch through configuration;
a configuration switch is introduced to realize the smooth switching and migration of the original scheme and the existing scheme;
wherein,,
gateway arp proxy
When the server end successfully creates a router and adds a network to the router, the server end sends a message that the network is already added to the router to the agent end through a message queue, and the agent end processes the message, namely a gateway corresponding to the network is created; in the original implementation, an entity gateway, namely an interface in a qrouter network naming space, can respond to an arp request; in the existing flow table implementation, as no entity gateway exists, a virtual machine is required to respond to an arp directly in the processing process of a local (computing node) flow table after sending an arp request;
gateway ICMP (ICMP) proxy
When the server end successfully creates a router and adds a network to the router, the server end sends a message that the network is already added to the router to the agent end through a message queue, and the agent end processes the message, namely a gateway corresponding to the network is created; in the original implementation, the ICMP request can be directly responded due to the existence of the entity gateway, namely an interface in the name space of the qrouter network; in the existing flow table implementation, as no entity gateway exists, the virtual machine is required to respond to ICMP directly in the local (computing node) flow table processing process after sending the ICMP request;
implementing FIP port forwarding functions using flow tables
After receiving a request of a specified port of port binding fip, the server sends a message through a message queue;
implementing a network address conversion function by using a flow table mode;
in the outgoing direction, if the port is the port specified by the port, ip is converted into fip, and the port is converted into the port specified by the binding fip, so as to form a mapping relation from the port to the fip port.
2. A method as claimed in claim 1, characterized in that,
local content update caching mechanism
The Agent end maintains all information of the router in the form of a file; when the Agent end performs synchronization, the Agent end only needs to acquire the router update time through the RPC, compares the router update time with the update time in the local file, and if the update time is inconsistent with the update time, pulls the latest change information of the router from the server, updates the local file, clears the router change information maintained by the server end, and then the Agent end executes change operation according to the router change information.
3. A method as claimed in claim 1, characterized in that,
by introducing configuration, the full-flow surfacing function is freely opened and closed.
CN202111391756.XA 2021-11-23 2021-11-23 Method for realizing l3-agent based on flow table in openstack Active CN114124813B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111391756.XA CN114124813B (en) 2021-11-23 2021-11-23 Method for realizing l3-agent based on flow table in openstack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111391756.XA CN114124813B (en) 2021-11-23 2021-11-23 Method for realizing l3-agent based on flow table in openstack

Publications (2)

Publication Number Publication Date
CN114124813A CN114124813A (en) 2022-03-01
CN114124813B true CN114124813B (en) 2023-08-25

Family

ID=80440046

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111391756.XA Active CN114124813B (en) 2021-11-23 2021-11-23 Method for realizing l3-agent based on flow table in openstack

Country Status (1)

Country Link
CN (1) CN114124813B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2895001A1 (en) * 2013-12-31 2015-06-30 Tianyi WU Method and apparatus for implementing communication between virtual machines
WO2017173952A1 (en) * 2016-04-08 2017-10-12 中兴通讯股份有限公司 Method, device, and system for centralizing management of virtual machines and implementing communications between virtual machines
WO2019076471A1 (en) * 2017-10-20 2019-04-25 Telefonaktiebolaget Lm Ericsson (Publ) Security enforcement for virtual gateways
CN110572327A (en) * 2019-07-31 2019-12-13 苏州浪潮智能科技有限公司 Method for realizing cross-network-segment data forwarding of neutron network and flow controllable method
CN111314196A (en) * 2020-01-21 2020-06-19 山东汇贸电子口岸有限公司 Data center network hybrid overlay communication method
CN111614541A (en) * 2020-06-09 2020-09-01 山东汇贸电子口岸有限公司 Method for adding public cloud network physical host into VPC
CN112187517A (en) * 2020-09-07 2021-01-05 烽火通信科技股份有限公司 Configuration method, platform and controller for SDN virtual routing of data center
CN112291252A (en) * 2020-11-02 2021-01-29 浪潮云信息技术股份公司 Architecture and method for realizing symmetric flow guiding of north-south flow

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2895001A1 (en) * 2013-12-31 2015-06-30 Tianyi WU Method and apparatus for implementing communication between virtual machines
WO2017173952A1 (en) * 2016-04-08 2017-10-12 中兴通讯股份有限公司 Method, device, and system for centralizing management of virtual machines and implementing communications between virtual machines
WO2019076471A1 (en) * 2017-10-20 2019-04-25 Telefonaktiebolaget Lm Ericsson (Publ) Security enforcement for virtual gateways
CN110572327A (en) * 2019-07-31 2019-12-13 苏州浪潮智能科技有限公司 Method for realizing cross-network-segment data forwarding of neutron network and flow controllable method
CN111314196A (en) * 2020-01-21 2020-06-19 山东汇贸电子口岸有限公司 Data center network hybrid overlay communication method
CN111614541A (en) * 2020-06-09 2020-09-01 山东汇贸电子口岸有限公司 Method for adding public cloud network physical host into VPC
CN112187517A (en) * 2020-09-07 2021-01-05 烽火通信科技股份有限公司 Configuration method, platform and controller for SDN virtual routing of data center
CN112291252A (en) * 2020-11-02 2021-01-29 浪潮云信息技术股份公司 Architecture and method for realizing symmetric flow guiding of north-south flow

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
面向OpenStack云平台的网络优化技术研究与实现;朱梦瑶;《万方数据》;20210928;第2-5章 *

Also Published As

Publication number Publication date
CN114124813A (en) 2022-03-01

Similar Documents

Publication Publication Date Title
CN106936777B (en) Cloud computing distributed network implementation method and system based on OpenFlow
US11283707B2 (en) Segment routing with fast reroute for container networking
EP3747167B1 (en) Multi-cloud vpc routing and registration
EP3984181B1 (en) L3 underlay routing in a cloud environment using hybrid distributed logical router
US9281955B2 (en) Interoperability of data plane based overlays and control plane based overlays in a network environment
US9225636B2 (en) Method and apparatus for exchanging IP packets among network layer 2 peers
US9448821B2 (en) Method and system for realizing virtual machine mobility
Mann et al. CrossRoads: Seamless VM mobility across data centers through software defined networking
CN105706400B (en) The method and apparatus of grouping are forwarded on network
CN109474627B (en) Virtual tenant network isolation method and system based on SDN
CN111736958B (en) Virtual machine migration method, system, computer equipment and storage medium
US9560016B2 (en) Supporting IP address overlapping among different virtual networks
CN107770062A (en) A kind of data packet sending method, device and the network architecture
CN105871718B (en) A kind of SDN inter-domain routing implementation method
CN102355417A (en) Data center two-layer interconnection method and device
EP3937438A1 (en) Service chaining with physical network functions and virtualized network functions
CN111314196A (en) Data center network hybrid overlay communication method
US9467374B2 (en) Supporting multiple IEC-101/IEC-104 masters on an IEC-101/IEC-104 translation gateway
Yamanaka et al. AutoVFlow: Autonomous virtualization for wide-area OpenFlow networks
CN114363410B (en) Application access method, cloud agent, node agent component, device and medium
CN110752989A (en) Method and device for forwarding east-west traffic
US10484281B1 (en) Router operating methods and apparatus using virtual VPN instances for hosts of remote extranet VPNs
KR101794719B1 (en) Method and system for ip address virtualization in sdn-based network virthalization platform
CN114124813B (en) Method for realizing l3-agent based on flow table in openstack
CN113938448B (en) Method for realizing autonomous controllable virtual switch based on EVPN technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant