JP2009301117A - Virtual machine system and program for virtual machine monitor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To perform communication without differing from before movement of a guest OS even if a movement destination of the guest OS belongs to a network segment different from a movement source. <P>SOLUTION: A virtual machine monitor (VMM) 12-1 stores an IP (Internet Protocol) packet of first communication data into second communication data addressed to a VMM 12-2 and transfers them to the VMM 12-2 when communication data are the first communication data addressed to the guest OS 14 having moved to the VMM 12-2 from the VMM 12-1. When the VMM 12-2 receives the second communication data, the VMM 12-2 takes out, from the second communication data, the IP packet of the first communication data addressed to the guest OS 14 having moved to the VMM 12-2 from the second communication data, and delivers the communication data including the taken-out IP packet to the guest OS 14 having moved to the VMM 12-2. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  According to the present invention, the first hardware on which the first virtual machine monitor capable of operating the guest OS operates and the second hardware on which the second virtual machine monitor capable of operating the guest OS operate are connected via a network. The present invention relates to a connected virtual machine system, and more particularly to a virtual machine system and a virtual machine monitor program program suitable when a guest OS moves between virtual machine monitors.

An environment in which a virtual machine monitor (VMM) operates on hardware (real hardware) and a plurality of virtual machines emulating the hardware (HW) on the monitor can exist is a virtual machine environment ( Or virtualized environment). In such a virtual machine environment, a virtual machine monitor capable of constructing a plurality of guest OS environments on one HW by operating an operating system (hereinafter referred to as a guest OS) on each virtual machine. Are classified into a type realized as a module on the kernel of an operating system (hereinafter referred to as a host OS) operating on the HW, and a type realized as a kernel itself called a hypervisor. The Regardless of which type of virtual machine monitor is applied, a plurality of guest OS environments can be constructed on one HW. That is, both types of virtual machine monitors are the same in that the virtual machine monitor emulates a request for the guest OS's HW, and the virtual machine monitor receives the emulated request and accesses the HW. .

In a virtual machine environment, a guest OS can be moved (migrated) between HWs (virtual machine monitors running on it) by connecting multiple HWs with virtual machine monitors to the shared disk device that stores the guest OS images. ), That is, the virtual machine can be moved. A guest OS image is a storage image of a guest OS installed and set in a storage area.
Such migration (migration) of a virtual machine (guest OS) across HWs (virtual machine monitors operating on the above) is used in various situations. For example, Patent Document 1 discloses that when a HW is stopped, a virtual machine running in a virtual machine environment realized by a virtual machine monitor operating on the HW (that is, a virtual machine monitor of the HW) is replaced with another HW. Moving to (virtual machine monitor running on) or moving a running virtual machine to another lightly loaded HW (virtual machine monitor running on) when the HW load increases Has been.
JP 2006-244481 A

  However, the movement of the virtual machine (guest OS) as described in Patent Document 1 may cause problems as described below. Assume that the HW on which the migration source virtual machine monitor operates is connected to the first network segment. On the other hand, it is assumed that the HW on which the destination virtual machine monitor operates is connected to a second network segment different from the first network segment. In this case, the virtual machine after moving (guest OS) may not be able to communicate with the other party (client terminal) that was communicating with the virtual machine before moving. Such a problem occurs because the router cannot relay the communication related to the IP (Internet Protocol) address of the virtual machine (guest OS) after movement.

  The present invention has been made in consideration of the above circumstances, and an object of the present invention is to provide a network segment connected to hardware on which the virtual machine monitor to which the guest OS is moved operates and hardware on which the migration source virtual machine monitor operates. The present invention provides a system and method capable of communicating without changing from a guest OS moving even if it is different from the network segment connected to the hardware.

  According to one aspect of the present invention, a first virtual machine monitor that can operate a guest OS, first hardware that operates the first virtual machine monitor, and a second virtual machine that can operate the guest OS. Provided is a virtual machine system comprising a virtual machine monitor, second hardware on which the second virtual machine monitor operates, and a network connecting the first hardware and the second hardware. .

  The first virtual machine monitor includes input / output control means for controlling input / output of communication data between the first hardware and a guest OS operating on the first virtual machine monitor; Guest OS control means for controlling the movement of the guest OS from the virtual machine monitor to the second virtual machine monitor and the movement of the guest OS from the second virtual machine monitor to the first virtual machine monitor; Based on the migration status of the guest OS managed by the migration management means and the migration status of the guest OS managed by the migration management means, the communication data is stored in the first virtual machine monitor and the first virtual machine monitor. First communication data including a first IP packet addressed to a guest OS that has moved between two virtual machine monitors, and the first IP packet storing the first IP packet. The communication data, the third communication data including the second IP packet transmitted by the moved guest OS, or the fourth communication data in which the second IP packet is stored. Communication transfer control means for controlling transfer of the communication data according to the result. The communication transfer control means of the first virtual machine monitor is configured such that the communication data is first communication data addressed to a guest OS that has been moved from the first virtual machine monitor to the second virtual machine monitor. The first IP packet of the first communication data is stored in the second communication data addressed to the second virtual machine monitor, and the second communication data in which the first IP packet is stored is stored. The communication data is transferred to the second virtual machine monitor by the input / output control means, and the communication data is transferred from the second virtual machine monitor to the first virtual machine monitor. In the case of the second communication data addressed to the first virtual machine monitor storing the first IP packet, the first address addressed to the guest OS moved to the first virtual machine monitor. The first IP packet of the communication data is extracted from the second communication data, and the fifth communication data including the extracted first IP packet is transferred to the first virtual machine monitor. When the communication data provided by the input / output control means is the third communication data transmitted by the guest OS moved to the first virtual machine monitor, the fourth data addressed to the second virtual machine monitor A second IP packet of the third communication data is stored in communication data, and the fourth virtual machine monitor stores the fourth communication data in which the second IP packet is stored by the input / output control means. And the communication data is transferred from the first virtual machine monitor to the second virtual machine monitor. And the second communication data addressed to the first virtual machine monitor and stored in the second virtual machine monitor, the second communication data sent by the guest OS moved to the second virtual machine monitor. An IP packet is extracted from the fourth communication data, and sixth communication data including the extracted second IP packet is transmitted to the network by the input / output control means.

  According to the present invention, the network segment connected to the hardware on which the virtual machine monitor to which the guest OS is moved operates is different from the network segment connected to the hardware on which the migration source virtual machine monitor is operated. Even in this case, communication can be performed without changing the guest OS.

Embodiments of the present invention will be described below with reference to the drawings.
<Virtual machine system configuration>
FIG. 1 is a block diagram showing a configuration of a virtual machine system according to an embodiment of the present invention. In FIG. 1, virtual machine monitors 12-1 and 12-2 are arranged on hardware (HW) 11-1 and 11-2, respectively. The virtual machine monitors 12-1 and 12-2 have IP addresses (network addresses) “192.168.1.10” and “192.168.2.10”, respectively, and are TCP / IP (Transmission Control Protocol / Internet). Protocol).

  A virtual machine 13 is arranged on the virtual machine monitor 12-1, and a guest OS 14 is arranged on the virtual machine 13 so as to be operable. The guest OS 14 has an IP address “192.168.1.100”. The HWs 11-1 and 11-2 each include a CPU, a memory, and an input / output device (all not shown).

  The HWs 11-1 and 11-2 are connected to the shared disk device 15 by, for example, storage area networks (SAN) 19-1 and 19-2. The shared disk device 15 stores a guest OS image 150 for realizing the guest OS 14. The HWs 11-1 and 11-2 are also connected to network segments 16-1 and 16-2 having different network addresses, respectively. Assume that the network addresses of the network segments 16-1 and 16-2 are “192.168.1.0/24” and “192.168.2.0/24”, respectively. The network segments 16-1 and 16-2 constitute a network, for example, a local area network (LAN) 16. The network segments 16-1 and 16-2 are connected by a router 17. The router 17 has a routing function for connecting the network segments 16-1 and 16-2 having different network addresses.

  A client terminal (hereinafter referred to as a client) 18 is connected to the network segment 16-1. The client 18 has, for example, an IP address “192.168.1.50”. In the state of FIG. 1, the client 18 can communicate with the guest OS 14 via TCP / IP via the network segment 16-1.

  Here, it is assumed that the virtual machine 13 and the guest OS 14 are moved from the virtual machine monitor 12-1 to the virtual machine monitor 12-2 as indicated by an arrow A1 in FIG. The network address of the network segment 16-2 to which the HW 11-2 where the virtual machine monitor 12-2 (that is, the virtual machine monitor 12-2 to which the virtual machine 13 and the guest OS 14 are moved) is connected is the above-described network address. As described above, the network of the network segment 16-1 to which the HW 11-1 to which the virtual machine monitor 12-1 (that is, the virtual machine monitor 12-1 that is the migration source of the virtual machine 13 and the guest OS 14) is connected is connected. It is different from the address. Therefore, according to the conventional technique, after the virtual machine 13 and the guest OS 14 are moved, the client 18 cannot communicate with the guest OS 14 after the movement.

  Therefore, in the present embodiment, in order to enable communication between the client 18 and the guest OS 14 even after the guest OS 14 (the virtual machine 13 and the guest OS 14) is moved to a network segment with a different network address, the following communication data Is used. That is, communication data (second / fourth communication data) transmitted / received to / from the guest OS 14 between the virtual machine monitors 12-1 and 12-2 (second / fourth communication data). The second / fourth communication data stored (encapsulated) and stored with the first / third communication data (specifically, the IP packet included in the first / third communication data). Is used. The IP addresses of the virtual machine monitors 12-1 and 12-2 are used as the source IP address and destination IP address of the second / fourth communication data, or the destination IP address and source IP address. The second / fourth communication data is relayed between the virtual machine monitors 12-1 and 12-2 by the router 17, so that the first / second stored in the second / fourth communication data. The communication data can be exchanged between the client 18 and the guest OS 14.

<Communication sequence before and after moving the guest OS>
Next, referring to the sequence chart of FIG. 2, the communication sequence applied before and after the movement of the guest OS 14 in the system of FIG. 1 will be described with reference to an example in which communication data is exchanged between the guest OS 14 and the client 18. I will explain.

First, communication between the guest OS 14 and the client 18 performed before the guest OS 14 is moved will be described.
When the client 18 needs to transmit communication data to the guest OS 14 and the MAC address (physical address) of the guest OS 14 is not known, the ARP (Address Resolution Protocol) for obtaining the MAC address is obtained. A request (ARP request packet) is broadcast on the network segment 16-1 (step S1). This ARP request includes the MAC address and IP address of the client 18 as the source MAC address and source IP address, respectively. The ARP request includes the IP address of the guest OS 14 as the destination IP address.

  Upon receiving the ARP request from the client 18, the guest OS 14 returns an ARP response (ARP response packet) for notifying the client 18 of the MAC address of the guest OS 14 (step S2). The client 18 uses the MAC address of the guest OS 14 notified by the ARP response from the guest OS 14 as the destination MAC address, thereby transmitting communication data (seventh communication data) to the guest OS 14 (step S3).

  On the other hand, when the guest OS 14 needs to transmit communication data to the client 18 and the MAC address of the client 18 is not known, the guest OS 14 broadcasts an ARP request for acquiring the MAC address on the network segment 16-1. (Step S4).

  Upon receiving the ARP request from the guest OS 14, the client 18 returns an ARP response for notifying the guest OS 14 of the MAC address of the client 18 (step S5). The guest OS 14 transmits the communication data (eighth communication data) to the client 18 by using the MAC address of the client 18 notified by the ARP response from the client 18 as the destination MAC address (step S6).

  In the address resolution by the ARP packet in steps S1, S2, S4, and S5, a cache (ARP cache) for storing the address resolution result exists on the client 18 and the guest OS 14, and the guest OS 14 is stored in the cache. And the MAC address of the client 18 are stored in association with the IP addresses of the guest OS 14 and the client 18.

  Next, in addition to the sequence chart of FIG. 2, the communication between the guest OS 14 and the client 18 that is performed after the guest OS 14 has been moved is transmitted from the client 18 to the guest OS 14 as an example. A description will be given with reference to communication data examples in FIGS.

  Now, assume that the (virtual machine 13) and guest OS 14 have been moved from the virtual machine monitor 12-1 to the virtual machine monitor 12-2 as indicated by an arrow A1 in FIG. In this state, an ARP request 30 in the format shown in FIG. 3 for broadcasting the MAC address of the guest OS 14 is broadcast on the network segment 16-1 from the client 18 that has not recognized the movement of the guest OS 14. (Step S7).

  The ARP request 30 from the client 18 includes a data link layer header 31 and an ARP request packet 32. As the destination MAC address and the source MAC address of the data link layer header 31, the broadcast address and the MAC address of the client 18 are used, respectively. The ARP request packet 32 includes a target MAC address and a target IP address, and a transmission source MAC address and a transmission source IP address. As the target IP address of the ARP request packet 32, the IP address “192.168.1.100” of the guest OS 14 is used. The MAC address of the client 18 is used as the transmission source MAC address of the ARP request packet 32, and the IP address “192.168.1.50” of the client 18 is used as the transmission source IP address of the ARP request packet 32.

  The migration source virtual machine monitor 12-1 of the guest OS 14 responds to the ARP request 30 from the client 18 regarding the IP address “192.168.1.100” of the guest OS 14 after the migration of the guest OS 14. Instead of the guest OS 14, the ARP response 40 in the format shown in FIG. 4 for notifying the client 18 of the MAC address used by the guest OS 14 is returned to the client 18 (step S8).

  The ARP response 40 includes a data link layer header 41 and an ARP response packet 42. As the destination MAC address and the source MAC address of the data link layer header 41, the MAC addresses of the client 18 and the guest OS 14 are used, respectively. The ARP response packet 42 includes a destination MAC address and a destination IP address, and a source MAC address and a source IP address. As the destination MAC address and the source MAC address of the ARP response packet 42, the MAC addresses of the client 18 and the guest OS 14 are used, respectively. As the destination IP address and the source IP address of the ARP response packet 42, the IP address “192.168.1.50” of the client 18 and the IP address “192.168.1.100” of the guest OS 14 are used, respectively.

  When the client 18 receives the ARP response 40 from the virtual machine monitor 12-1, the communication data (first communication data) in the format shown in FIG. 5 is based on the MAC address of the guest OS 14 notified by the ARP response 40. 50 is transmitted to the MAC address of the guest OS 14 (step S9).

  The communication data 50 includes a data link layer header 51, an IP header 52, and an IP payload 53. As the destination MAC address and the source MAC address of the data link layer header 51, the MAC addresses of the guest OS 14 and the client 18 are used, respectively. As the destination IP address and the source IP address of the IP header 52, the IP address “192.168.1.100” of the guest OS 14 and the IP address “192.168.1.50” of the client 18 are used, respectively.

  The communication data 50 from the client 18 is transmitted to the ARP request 30 from the client 18 by the virtual machine monitor 12-1 that has transmitted the ARP response 40 (that is, the ARP response 40 for notifying the MAC address of the guest OS 14). Received. That is, the virtual machine monitor 12-1 receives the communication data 50 from the client 18 instead of the guest OS 14 moved from the virtual machine monitor 12-1.

  Then, based on the communication data 50 from the client 18, the virtual machine monitor 12-1 transmits / receives communication data in the format shown in FIG. 5 (second communication data) exchanged between the virtual machine monitors 12-1 and 12-2. ) 54 is created. This communication data 54 includes an IP header 55 and an IP payload 56. The IP address “192.168.2.10” and virtual address of the virtual machine monitor 12-2 (the virtual machine monitor 12-2 that is the migration destination of the guest OS 14) are included in the destination IP address and the source IP address of the IP header 55, respectively. The IP address “192.168.1.10” of the machine monitor 12-1 (the migration source virtual machine monitor 12-1 of the guest OS 14) is used. The IP payload 56 includes an IP header 52 and an IP payload 53 in the communication data 50 from the client 18, that is, an IP packet (IP packet addressed to the moved guest OS) in the communication data 50.

  As described above, the virtual machine monitor 12-1 removes the data link layer header 51 from the communication data 50 from the client 18, and replaces the remaining IP packet portion (IP header 52 and IP payload 53) with the virtual machine monitor 12-. 1 (192.168.1.10) and the virtual machine monitor 12-2 (192.168.2.10) are stored in the communication data (IP payload 56) of the communication data 54 Create In other words, the virtual machine monitor 12-1 receives the communication data (first communication data) 50 from the client 18 (specifically, the IP header 52 and the IP payload 53 that are IP packets of the communication data 50) in the IP payload 56. ) The stored communication data (second communication data) 54 is created (step S10).

  When the virtual machine monitor 12-1 creates the communication data 54, the communication data 54 is transmitted (relayed) to the virtual machine monitor 12-2 specified by the destination IP address of the IP header 55 included in the communication data 54. (Step S11). A data link layer header (not shown) is added to the communication data (second communication data) 54. The addition of the data link layer header will be described later in the process of step S76 with reference to FIG.

  When the virtual machine monitor 12-2 receives the communication data (second communication data) 54 relayed by the virtual machine monitor 12-1, the virtual machine monitor 12-2 receives communication data (first data) transmitted from the communication data 54 by the client 18. An IP packet (IP header 52 and IP payload 53) addressed to the guest OS to which the (communication data) 50 has moved is taken out (step S12). In step S12, the virtual machine monitor 12-2 includes the extracted data (the IP header 52 and the IP payload 53) and includes the communication data (fifth communication data) addressed to the MAC address of the guest OS 14 in the format shown in FIG. ) 60 is created (step S12).

  The communication data 60 includes a data link layer header 61 and the extracted communication data (IP header 52 and IP payload 53). As the destination MAC address and the source MAC address of the data link layer header 61, the MAC address and the fake MAC address of the guest OS 14 are used, respectively. That is, the virtual machine monitor 12-2 uses the data link in which the MAC address and the fake MAC address of the guest OS 14 are the destination MAC address and the source MAC address, respectively, in the extracted communication data (IP header 52 and IP payload 53). Communication data 60 to which the layer header 61 is added is created.

  Any MAC address may be used as the fake MAC address as long as the data link layer header 51 can be created. In this embodiment, a nonexistent MAC address, for example, a value that does not exist in the vendor ID corresponding to the upper 3 bytes of the MAC address is used as the fake MAC address.

  The virtual machine monitor 12-2 displays the created communication data 60 on the guest OS 14 specified by the destination IP address set in the data link layer header 61 of the communication data 60, that is, on the virtual machine monitor 12-2. Is transmitted to the guest OS 14 moved to (step S13). In this way, the communication data 50 (the IP header 52 and the IP payload 53 included) addressed to the guest OS 14 (the MAC address thereof) moved on the virtual machine monitor 12-2 from the client 18 is virtualized. It is relayed by the machine monitors 12-1 and 12-2 and transmitted to the guest OS 14.

  Next, for communication between the guest OS 14 and the client 18 that is performed after the guest OS 14 has been moved, in addition to the sequence chart of FIG. A description will be given with reference to communication data examples in FIGS.

  Assume that the ARP request 70 in the format shown in FIG. 7 for acquiring the MAC address of the client 18 is broadcast on the network segment 16-2 from the guest OS 14 (step S14).

  The ARP request 70 from the guest OS 14 includes a data link layer header 71 and an ARP request packet 72. For the destination MAC address and the source MAC address of the data link layer header 71, the broadcast address and the MAC address of the guest OS 14 are used, respectively. As the target IP address of the ARP request packet 72, the IP address “192.168.1.50” of the client 18 is used. The MAC address of the guest OS 14 is used as the transmission source MAC address of the ARP request packet 72, and the IP address “192.168.1.100” of the guest OS 14 is used as the transmission source IP address of the ARP request packet 72.

  When the virtual machine monitor 12-2 receives the ARPM request 70 transmitted from the guest OS 14 (192.168.1.100) moved on the virtual machine monitor 12-2, the virtual machine monitor 12-2 assigns a fake MAC address to the guest OS 14. A fake ARP response 80 in the format shown in FIG. 8 for notification is returned to the guest OS 14 (step S15).

  The ARP response 80 includes a data link layer header 81 and an ARP response packet 82. As the destination MAC address and the source MAC address of the data link layer header 81, the MAC address and the fake MAC address of the guest OS 14 are used, respectively. The fake MAC address includes a MAC address that does not exist, for example, the upper 3 MAC addresses, similar to the source MAC address of the data link layer header 81 included in the communication data 60 relayed by the virtual machine monitor 12-2. A value that does not exist in the vendor ID corresponding to the byte is used.

  As the destination MAC address and the source MAC address of the ARP response packet 82, the MAC address of the guest OS 14 and the fake MAC address are used, respectively. As the destination IP address and the source IP address of the ARP response packet 82, the IP address “192.168.1.100” of the guest OS 14 and the IP address “192.168.1.50” of the client 18 are used, respectively.

  When the guest OS 14 receives the ARP response 80 from the virtual machine monitor 12-2, based on the fake MAC address notified by the ARP response 80, the guest OS 14 has the communication data (third communication data) 90 in the format shown in FIG. Is transmitted to the fake MAC address (step S16).

  The communication data 90 includes a data link layer header 91, an IP header 92, and an IP payload 93. As the destination MAC address and the source MAC address of the data link layer header 91, a fake MAC address and a MAC address of the guest OS 14 are used, respectively. The IP address “192.168.1.50” of the client 18 and the IP address “192.168.1.100” of the guest OS 14 are used for the destination IP address and the source IP address of the IP header 92, respectively.

  The communication data 90 from the guest OS 14 is the virtual machine monitor 12-2 that has transmitted the ARP response 80 (that is, the fake ARP response 80 for notifying the fake MAC address) to the ARP request 70 from the guest OS 14. Received by. That is, the virtual machine monitor 12-2 receives the communication data 90 from the guest OS 14 moved on the virtual machine monitor 12-2.

  Then, the virtual machine monitor 12-2 transmits and receives between the virtual machine monitors 12-1 and 12-2 based on the communication data (third communication data) 90 from the guest OS 14, and has the format shown in FIG. Data (third communication data) 94 is created. This communication data 94 includes an IP header 95 and an IP payload 96. The IP address “192.168.1.10” and the virtual address of the virtual machine monitor 12-1 (the migration source virtual machine monitor 12-1 of the guest OS 14) are included in the destination IP address and the transmission source IP address of the IP header 95, respectively. The IP address “192.168.2.10” of the machine monitor 12-2 (the virtual machine monitor 12-2 to which the guest OS 14 is moved) is used. The IP payload 96 includes an IP header 92 and an IP payload 93 (IP packet) in the communication data 90 from the guest OS 14.

  That is, the virtual machine monitor 12-2 removes the data link layer header 91 from the communication data 90 from the guest OS 14, and transfers the remaining IP packets (IP header 92 and IP payload 93) to the virtual machine monitor 12-1 (192.192). 168.1.10) and the virtual machine monitor 12-2 (192.168.2.10) are stored in the communication data (IP payload 96 thereof) to create communication data 94. As described above, the virtual machine monitor 12-2 includes the communication data (third communication data) 90 (specifically, the IP header 92 and the IP payload 93 which are IP packets of the communication data 90) from the guest OS 14 (IP payload). The communication data (fourth communication data) 94 stored in (96) is created (step S17).

  When the virtual machine monitor 12-2 creates the communication data 94, the communication data 94 is transmitted (relayed) to the virtual machine monitor 12-1 specified by the destination IP address of the IP header 95 included in the communication data 94. (Step S18). A data link layer header is added to the communication data (fourth communication data) 94. The addition of the data link layer header will be described later in the process of step S76 with reference to FIG.

  When the virtual machine monitor 12-1 receives the communication data 94 relayed by the virtual machine monitor 12-2, the destination MAC address (IP header 92 and IP payload 93) of the IP packet (IP header 92 and IP payload 93) included in the communication data 94 is received. The ARP request 100 in the format shown in FIG. 10 for acquiring the MAC address of the client 18 is broadcast on the network segment 16-1 (step S19).

  The ARP request 100 from the virtual machine monitor 12-1 includes a data link layer header 101 and an ARP request packet 102. As the destination MAC address and the source MAC address of the data link layer header 101, the broadcast address and the MAC address of the guest OS 14 are used, respectively. The IP address “192.168.1.50” of the client 18 is used as the target IP address of the ARP request packet 102. The MAC address of the guest OS 14 is used as the transmission source MAC address of the ARP request packet 102, and the IP address “192.168.1.100” of the guest OS 14 is used as the transmission source IP address of the ARP request packet 102.

  Upon receipt of the ARPM request 100 from the virtual machine monitor 12-1, the client 18 sends an ARP response 110 in the format shown in FIG. 11 to notify the virtual machine monitor 12-1 of the MAC address of the client 18. Return to the virtual machine monitor 12-1 (step S20).

  The ARP response 110 includes a data link layer header 111 and an ARP response packet 112. As the destination MAC address and the source MAC address of the data link layer header 111, the MAC addresses of the guest OS 14 and the client 18 are used, respectively. The MAC addresses of the guest OS 14 and the client 18 are used for the destination MAC address and the source MAC address of the ARP response packet 112, respectively, and the destination IP address and the source IP address of the ARP response packet 112 are respectively the guest OS 14 and the source IP address. The IP address “192.168.1.100” and the IP address “192.168.1.50” of the client 18 are used.

  The ARP response 110 from the client 18 is received by the virtual machine monitor 12-1 that has transmitted the ARP request 100 for acquiring the MAC address of the client 18. When the virtual machine monitor 12-1 receives the ARP response 110 from the client 18, the virtual machine monitor 12-1 receives from the guest OS 14 stored in the communication data (fourth communication data) 94 previously received from the virtual machine monitor 12-2. The communication data (sixth communication data) 120 shown in FIG. 12 addressed to the client 18 including the IP packet (IP header 92 and IP payload 93) of the communication data (third communication data) is created (step S21). That is, the virtual machine monitor 12-1 uses the communication data 94 received from the virtual machine monitor 12-2, and the IP packet (IP header 92 and IP payload 93) of the communication data from the guest OS 14 stored in the communication data 94. Take out. The virtual machine monitor 12-2 uses the MAC address of the client 18 as the destination MAC address based on the ARP response 110 received from the client 18 in the extracted IP packet (IP header 92 and IP payload 93). By adding the data link layer header 121, communication data 120 addressed to the MAC address of the client 18 is created. The virtual machine monitor 12-1 transmits the created communication data 120 to the client 18 (step S22).

  With the above communication sequence, in the system of FIG. 1, the HW 11-2 in which the virtual machine monitor 12-2 to which the guest OS 14 is moved is arranged, and the virtual machine monitor 12-1 in which the guest OS 14 is moved is arranged. Even if it exists in a different network segment from the HW 11-1, the communication between the guest OS 14 and the client 18 can be performed without changing from the state before the guest OS 14 moves.

<Virtual machine monitor configuration>
Next, the configuration of the virtual machine monitor 12-i (i = 1, 2) shown in FIG. 1 will be described. FIG. 13 is a block diagram showing a configuration of the virtual machine monitor 12-i.

  The virtual machine monitor 12-i includes an input / output control unit (I / O control unit) 120, a guest OS control unit 121, and a communication transfer control unit 122. The I / O control unit 120 is a module that controls various I / Os of the guest OS 14, such as memory access of the guest OS 14, disk I / O, and communication data I / O. The I / O control unit 120 sets the communication transfer control unit 122 so that all communication data between the HW 11-i and the guest OS 14 always relays a communication data determination unit 124 described later in the communication transfer control unit 122. Control. The guest OS control unit 121 controls the start / stop of the guest OS 14, the movement of the guest OS 14 from the virtual machine monitor 12-i to another virtual machine monitor, and the movement from the other virtual machine monitor to the virtual machine monitor 12-i. It is a module to do.

  Under the control of the I / O control unit 120, the communication transfer control unit 122 transfers all communication data between the HW 11-i and the guest OS 14 to the communication transfer control unit 122 (internal communication data determination unit 124). Relay. The communication transfer control unit 122 receives a notification of the movement of the guest OS 14 from the guest OS control unit 121 and records information regarding the movement of the guest OS 14. It is assumed that the guest OS 14 (the virtual machine 13 on which it operates) is set with its own IP address, subnet mask, and router address (IP address of the router 17). The communication transfer control unit 122 can refer to these data.

  The communication transfer control unit 122 includes a guest OS state reception unit 123, a communication data determination unit 124, a communication data transmission unit 125, and an ARP processing unit 126, a migration destination address table 127, a migration source address table 128, and an ARP table 129. And each table.

  The migration destination address table 127 manages information related to the migration destination (migration destination information) among the information related to migration of the guest OS under the control of the guest OS control unit 121 in association with the information (guest OS information) of the guest OS. Used to do. In this embodiment, the IP address of the virtual machine monitor that is the migration destination of the guest OS is used as the migration destination information, and the MAC address and IP address of the guest OS are used as the guest OS information. Information registration in the table 127 is performed by the receiving unit 123 when the guest OS state receiving unit 123 receives a notification that the guest OS has moved to another virtual machine monitor.

  FIG. 14A shows an example of the data structure of the destination address table 127. In the example of FIG. 14A, the MAC address and IP address of the guest OS and the IP address of the virtual machine monitor that is the migration destination of the guest OS are registered in each entry of the migration destination address table 127.

  The migration source address table 128 manages information on the migration source (migration source information) in the information on migration of the guest OS under the control of the guest OS control unit 121 in association with the information on the guest OS (guest OS information). Used to do. For the migration source information, the IP address of the migration source virtual machine monitor of the guest OS is used. The information registration in the table 128 is performed by the receiving unit 123 when the guest OS state receiving unit 123 receives a notification that the guest OS has moved from another virtual machine monitor.

  FIG. 14B shows an example of the data structure of the source address table 128. In the example of FIG. 14B, the MAC address and IP address of the guest OS and the IP address of the virtual machine monitor that is the migration source of the guest OS are registered in each entry of the migration source address table 128.

  The migration destination address table 127 and the migration source address table 128 constitute a migration management unit 130 for managing the migration status of the guest OS under the control of the guest OS control unit 121.

  When the guest OS is moved to another virtual machine monitor, the ARP table 129 is used when the virtual machine monitor 12-i having the ARP table 129 processes an ARP request / ARP response on behalf of the guest OS. Used. Similar to the well-known ARP table, the ARP table 129 is used to manage the MAC address / IP address pair and the expiration date of registration of the MAC address / IP address pair. The information registration in the table 129 is performed by the communication data determination unit 124 when the communication data determination unit 124 receives an ARP response packet related to the guest OS being moved.

  FIG. 15 shows an example of the data structure of the ARP table 129. In the example of FIG. 15, in each entry of the ARP table 129, a pair of a MAC address and an IP address and information indicating an expiration date related to registration of the pair are registered. Here, the expiration date is in seconds, but other units may be used.

<Operation of guest OS status receiver>
Next, the operation of the guest OS state reception unit 123 will be described with reference to the flowchart of FIG.
The guest OS state reception unit 123 receives a notification of the state related to the guest OS from the guest OS control unit 121 of the virtual machine monitor 12-i, and performs the following processing according to the notified content.

(1) Operation upon completion of movement of guest OS to other virtual machine monitor First, as a result of the guest OS 14 on the virtual machine monitor 12-i being moved to another virtual machine monitor, the virtual machine monitor 12-i A process of the guest OS state reception unit 123 when the guest OS control unit 121 notifies the communication transfer control unit 122 of the completion of the guest OS migration to the other virtual machine monitor will be described.

  When the guest OS state reception unit 123 is notified of a state related to the guest OS from the guest OS control unit 121 to the communication transfer control unit 122, the guest OS state reception unit 123 receives the notification. The guest OS control unit 121 determines the content of the received notification (steps S31 to S33). If the received notification indicates the completion of the migration of the guest OS from the virtual machine monitor (VMM) 12-i to another virtual machine monitor (VMM) as described above (YES in step S31), the guest OS status The receiving unit 123 adds the MAC address and IP address pair of the guest OS that has been moved to another virtual machine monitor to the entry of the movement destination address table 127 and the other virtual machine monitor (that is, the destination virtual machine). Monitor) IP address is registered (step S34).

(2) Operation upon completion of moving the guest OS from another virtual machine monitor Next, as a result of the guest OS 14 being moved from the other virtual machine monitor to the virtual machine monitor 12-i, the virtual machine monitor 12-i It is assumed that the guest OS control unit 121 notifies the communication transfer control unit 122 of the completion of the guest OS migration from the other virtual machine monitor, and the guest OS state reception unit 123 receives the notification.

  The guest OS state reception unit 123 indicates that the received notification indicates the completion of the movement of the guest OS from another virtual machine monitor (including the guest OS state reception unit 123) to the virtual machine monitor 12-i as in this example. If so (YES in step S32), it is determined whether the MAC address and IP address of the guest OS (guest OS that has been migrated) are registered in the migration destination address table 127 (step S35).

  If the MAC address and IP address of the guest OS that has been migrated are registered in the migration destination address table 127 (YES in step S35), the guest OS state reception unit 123 indicates that the guest OS is a virtual machine monitor. After moving from 12-i to another virtual machine monitor, it is determined that the virtual machine monitor 12-i has returned. In this case, the guest OS state reception unit 123 deletes the information related to the guest OS that has returned to the virtual machine monitor 12-i from the migration destination address table 127.

  On the other hand, if the MAC address and IP address of the guest OS that has been migrated are not registered in the migration destination address table 127 (NO in step S35), the guest OS state reception unit 123 adds the migration source address table 128 to the migration source address table 128. Then, the MAC address and IP address pair of the guest OS (guest OS that has been migrated) and the IP address of the migration source virtual machine monitor are registered.

(3) Operation when guest OS is stopped Next, as a result of the guest OS running on the virtual machine monitor 12-i being stopped, the guest OS control unit 121 of the virtual machine monitor 12-i performs a communication transfer control unit. Assume that the stop of the guest OS is notified to 122, and the notification is received by the guest OS state receiving unit 123.

  If the received notification indicates that the guest OS is stopped as in this example (YES in step S33), the guest OS state receiving unit 123 stores the MAC address and IP address of the stopped guest OS in the source address table 128. Is registered (step S38).

  If it is registered in the migration source address table 128 (YES in step S38), the guest OS state reception unit 123 notifies the migration source virtual machine monitor of the completion of migration in order to stop the transfer of communication data. Judge that it is necessary. Therefore, the guest OS state reception unit 123 determines the migration source based on the IP address of the migration source virtual machine monitor registered in the migration source address table 128 in association with the MAC address and IP address pair of the stopped guest OS. The movement stop data addressed to the IP address of the virtual machine monitor is created (step S39). This movement stop data will be described later.

  The guest OS state reception unit 123 sends the generated movement stop data to the communication data transmission unit 125, thereby transmitting the movement stop data from the communication data transmission unit 125 (via the I / O control unit 120). It is transmitted to the virtual machine (step S40). Finally, the guest OS state reception unit 123 deletes information on the stopped guest OS from the migration source address table 128 (step S41).

<Movement stop data>
Next, the movement stop data will be described.
If the migration stop data is communication data that includes the IP address of the migration source virtual machine monitor as the destination IP address and includes the MAC address and IP address of the stopped guest OS in the data part and can be identified from the migration stop data, It may be anything.

  FIG. 17 shows an example of movement stop data in association with the movement source address table 128. In FIG. 17, the movement stop data 170 includes an IP header 171 and an IP payload (data portion) 172.

  In the destination IP address of the IP header 171, the IP address of the migration source virtual machine monitor registered in the migration source address table 128 in association with the MAC address and IP address of the stopped guest OS is indicated by an arrow A11. Used as follows. As the source IP address of the IP header 171, the IP address of the virtual machine monitor 12-i itself (the virtual machine monitor 12-i that is the migration destination of the stopped guest OS) is used as indicated by the arrow A12.

  The IP payload 172 includes the MAC address and IP address of the guest OS. For the MAC address and IP address of the guest OS, the MAC address and IP address of the stopped guest OS registered in the migration source address table 128 are used as indicated by arrows A13 and A14.

<Operation of communication data determination unit>
Next, the operation of the communication data determination unit 124 will be described with reference to the flowchart of FIG.
In this embodiment, the I / O control unit 120 of the virtual machine monitor 12-i inputs all communication data that passes through the I / O control unit 120 to the communication data determination unit 124 of the communication transfer control unit 122. Thus, the communication data determination unit 124 is also passed. The communication data determination unit 124 performs processing according to the type of communication data input by the I / O control unit 120. Therefore, the communication data determination unit 124 first determines whether the communication data input by the I / O control unit 120 is an ARP request or an ARP response (step S51).

(1) When communication data is an ARP request / response If the input communication data is either an ARP request or an ARP response (that is, an ARP packet) (YES in step S51), communication data determination The unit 124 sends the input communication data to the ARP processing unit 126 (step S52), and ends the process. In Steps S7, S8, S14, S15, S19, and S20 in FIG. 2, the determination in Step S51 is YES.

  On the other hand, if it is neither an input communication data ARP request nor an ARP response (that is, it is not an ARP packet) (NO in step S51), the communication data determination unit 124 matches the destination IP address of the input communication data. It is determined whether the IP address of the OS is registered in the destination address table 127 (step S53).

(2) In the case of communication data addressed to the moved guest OS If the determination in step S53 is YES, the communication data determination unit 124 indicates that the input communication data is transmitted from the virtual machine monitor 12-i to another virtual data. It is determined that the communication data is addressed to the guest OS moved to the machine monitor (first communication data). In this case, it is necessary to transfer the communication data to the destination virtual machine monitor. Therefore, the communication data determination unit 124 creates data (IP packet) to be transferred to the destination virtual machine monitor (step S54). That is, the communication data determination unit 124 associates with the IP address of the guest OS that matches the destination IP address of the input communication data and is registered in the migration destination address table 127 and is the virtual machine monitor of the migration destination of the guest OS. Data (IP packet) having the destination IP address as the destination IP address is created. Then, the IP packet (IP header and IP payload) of the input communication data (first communication data) is stored in the created data (its IP payload). The communication data determination unit 124 sends the created data (second communication data) to the communication data transmission unit 125 (step S55), and ends the process.

  If the input communication data is, for example, the communication data transmitted from the client 18 in step S9 in FIG. 2 (communication data 50 shown in FIG. 5), the determination in step S53 is YES, and steps S54 and S55 are performed. Done.

  FIG. 19 shows an example of the data created in step S54 (data sent to the communication data transmission unit 125) in association with the input communication data and the destination address table 127.

  19, input communication data (first communication data) 190 and created () data (second communication data) 194 correspond to the communication data 50 and 54 shown in FIG. 5, respectively.

  The communication data 190 includes a data link layer header 191, an IP header 192, and an IP payload 193. The destination MAC address of the data link layer header 191 and the destination IP address of the IP header 192 are associated with the IP address “192.168.2.10” of the destination virtual machine monitor, as indicated by arrows A21 and A22, respectively. Thus, the MAC address “aa: aa: aa: aa: aa: aa” and the IP address “192.168.1.100” of the guest OS registered in the destination address table 127 are matched.

  In this case, the IP address “192.168.2.10” of the destination virtual machine monitor is used as the destination IP address of the IP header 195 of the created data 194, as indicated by arrow A23. As the transmission source IP address of the IP header 195 of the data 194, the IP address of the virtual machine monitor 12-i itself is used as indicated by an arrow A24. The IP payload 196 of the data 194 stores the IP header 192 and the IP payload 193 (IP packet) of the input communication data 190.

  On the other hand, if the determination in step S53 is NO, the communication data determination unit 124 sets the destination IP address of the input communication data to the IP address of the virtual machine monitor 12-i itself including the communication data determination unit 124. It is determined whether they match (step S56). If the determination in step S56 is YES, the communication data determination unit 124 determines whether the IP address of the virtual machine monitor that matches the transmission source IP address of the input communication data is registered in the movement destination address table 127. (Step S57).

(3) In the case of communication data sent from the virtual machine monitor that is the migration destination of the guest OS If the determination in step S57 is YES, the communication data determination unit 124 indicates that the input communication data is the migration destination of the guest OS. It is determined that the communication data is sent from the virtual machine monitor to the virtual machine monitor 12-i. In this case, the communication data determination unit 124 determines whether the input communication data is movement stop data (step S58).

  If the input communication data is movement stop data (YES in step S58), the communication data determination unit 124 determines that the moved guest OS has stopped at the movement destination. The information about the guest OS of the MAC address and the IP address stored in the movement stop data (the IP payload) is deleted from the table 127 (step S59).

  FIG. 20 is a diagram for explaining the operation in step S59. In FIG. 20, the format of the input movement stop data 200 matches that of the movement stop data 170 shown in FIG. The movement stop data 200 includes an IP header 201 and an IP payload 202. The IP payload 202 includes a guest OS MAC address and IP address. The guest OS MAC address and IP address included in the IP payload 202 are moved in association with the IP address “192.168.2.10” of the destination virtual machine monitor, as indicated by an arrow A31. It matches the MAC address “aa: aa: aa: bb: bb: bb” and the IP address “192.168.1.150” of the guest OS registered in the destination address table 127. In this case, data (entry data) related to the guest OS including the matching MAC address “aa: aa: aa: bb: bb: bb” and the IP address “192.168.1.150” is stored in the migration destination address table 127. , Deleted as indicated by arrow A32.

  On the other hand, if the input communication data is other than the movement stop data (NO in step S58), the communication data determination unit 124 indicates that the communication data is the communication data (first communication data) transmitted by the moved guest OS. ) Including the IP packet is transferred to the virtual machine monitor 12-i by the destination virtual machine monitor (fourth communication data). In this case, the communication data determination unit 124 extracts, from the input communication data, the original communication data (IP packet) transmitted by the moved guest OS stored in the communication data (step S60). The communication data determination unit 124 transmits the extracted original communication data (its IP packet) to the network segment 16-i by the communication data transmitting unit 125 so that the communication data transmission unit 125 transmits the original communication data (its IP packet). ) Is sent to the communication data transmission unit 125 (step S61), and the process ends.

  If the input communication data is, for example, the communication data (communication data 94 shown in FIGS. 9 and 12) transmitted from the virtual machine monitor 12-2 to the virtual machine monitor 12-1 in step S18 of FIG. The determinations in S56 and S57 are YES, the determination in step S58 is NO, and steps S60 and S61 are performed. In practice, the data link layer header is added to the communication data 94 shown in FIGS. 9 and 12 as described above.

  FIG. 21 shows the data (IP packet) sent from the communication data determination unit 124 to the communication data transmission unit 125 in step S61 in association with the input communication data and the destination address table 127.

  In FIG. 21, the input communication data (fourth communication data) 210 and the data (third communication data) 216 sent to the communication data transmission unit 125 are the communication data 94 (shown in the data link layer) shown in FIG. ) And communication data 120 (IP header 92 and IP payload 93 which are part of the IP packet).

  The communication data 210 includes a data link layer header 211, an IP header 212, and an IP payload 213. The destination IP address of the IP header 212 matches the IP address of the virtual machine monitor 12-i itself as indicated by the arrow A41, and the source IP address of the IP header 212 is the destination of movement as indicated by the arrow A42. This matches the IP address “192.168.2.10” of the destination virtual machine monitor registered in the address table 127.

  The IP payload 213 of the communication data 210 stores an IP packet of data (third communication data) transmitted by the moved guest OS, that is, an IP header 214 and an IP payload 215. The transmission source IP address of the IP header 214 is registered in the movement destination address table 127 in association with the IP address “192.168.2.10” of the movement destination virtual machine monitor, as indicated by an arrow A43. It coincides with the IP address “192.168.1.150” of the guest OS.

  In this case, the IP header 214 and the IP payload 215 that are stored in the IP payload 213 of the communication data 210 (input communication data 210) and are part of the IP packet of the communication data transmitted by the moved guest OS are communicated. The data to be sent to the data transmission unit 125 (original communication data transmitted by the moved guest OS) 216 is extracted from the IP payload 213. This data (IP packet) 216 is sent from the communication data determination unit 124 to the communication data transmission unit 125.

  On the other hand, if the determination in step S57 is NO, the communication data determination unit 124 determines that the input communication data is sent from other than the virtual machine monitor to which the guest OS is moved. In this case, the communication data determination unit 124 determines whether the transmission source IP address of the input communication data matches the IP address of the virtual machine monitor registered in the movement source address table 128 (step S62).

(4) In the case of communication data sent from the virtual machine monitor that is the migration source of the guest OS If the determination in step S62 is YES, the communication data determination unit 124 indicates that the input communication data has been transferred to the guest This is communication data (second communication data) in which an IP packet of data (first communication data) addressed to the guest OS transferred to the virtual machine monitor 12-i by the virtual machine monitor of the OS migration source is stored. Judge. In this case, the communication data determination unit 124 extracts from the input communication data the original communication data (IP packet) addressed to the guest OS transferred by the migration source virtual machine monitor, stored in the communication data. (Step S63).

  Next, the communication data determination unit 124 creates communication data (fifth communication data) in which a data link layer header is added to the extracted original communication data (its IP packet) (step S64). The source MAC address of the data link layer header is set to a fake MAC address, and the destination MAC address of the data link layer header is set to the IP address and the source address of the virtual machine monitor determined to match in step S62. The MAC address of the guest OS associated in the table 128 is set. The communication data determination unit 124 passes the created communication data to the I / O control unit 120 in the virtual machine monitor 12-i (including the communication data determination unit 124) instead of the input communication data. Thus, the created communication data is transmitted from the I / O control unit 120 to the guest OS (step S65).

  For example, if the input communication data is communication data (communication data 54 shown in FIGS. 5 and 6) transmitted from the virtual machine monitor 12-1 to the virtual machine monitor 12-2 in step S11 of FIG. The determinations in S56 and S58 are YES, the determination in step S57 is NO, and steps S63 to S65 are performed.

FIG. 22 shows the communication data created in step S64 in association with the input communication data and the source address table 128.
In FIG. 22, the input communication data (second communication data) 220 and the created communication data (sent to the I / O control unit 120) (fifth communication data) 227 are shown in FIG. It corresponds to communication data 54 (data obtained by adding a data link layer) and communication data 60.

  The communication data 220 includes a data link layer header 221, an IP header 222, and an IP payload 223. The destination IP address of the IP header 222 matches the IP address of the virtual machine monitor 12-i itself as indicated by the arrow A51, and the source IP address of the IP header 222 is the source of the movement as indicated by the arrow A52. It matches the IP address “192.168.2.10” of the migration source virtual machine monitor registered in the address table 128.

  In the IP payload 223 of the communication data (second communication data) 220, the IP packet of the original communication data (first communication data) addressed to the guest OS transferred by the migration source virtual machine monitor, that is, the IP header 224 and An IP payload 225 is stored. The destination IP address of the IP header 224 is a guest registered in the source address table 128 in association with the IP address “192.168.2.10” of the source virtual machine monitor, as indicated by an arrow A53. It matches the OS IP address “192.168.2.100”.

  In this case, the IP packet of the original communication data addressed to the guest OS transferred by the migration source virtual machine monitor stored in the IP payload 223 of the communication data 220 (input communication data 220), that is, the IP header 224 and The IP payload 225 is extracted from the IP payload 223. Communication data (fifth communication data) 227 with a data link layer header 226 added to the extracted IP header 224 and IP payload 225 is created. The destination MAC address of the data link layer header 226 of the communication data 227 is associated with the IP address “192.168.2.10” of the migration source virtual machine monitor, as indicated by the arrow A54. The guest OS MAC address “bb: bb: bb: aa: aa: aa” registered in 128 is used. As the source MAC address of the data link layer header 226 of the communication data 227, a fake MAC address is used as indicated by an arrow A54. Communication data 227 is sent from communication data determination unit 124 to I / O control unit 120 instead of communication data 220.

  On the other hand, if the determination in step S56 is NO, the communication data determination unit 124 matches the source IP address of the input communication data with the IP address of the virtual machine monitor registered in the source address table 128. It is determined whether or not to perform (step S66).

(5) In the case of the communication data transmitted by the moving guest OS If the determination in step S66 is YES, the communication data determination unit 124 indicates that the input guest communication data It is determined that it is the transmitted communication data (third communication data). In this case, it is necessary to transfer communication data to the migration source virtual machine monitor. Therefore, the communication data determination unit 124 creates communication data (fourth communication data) to be transferred to the migration source virtual machine monitor (step S67). In other words, the communication data determination unit 124 associates the IP address of the guest OS that matches the transmission source IP address of the input communication data and is registered in the movement source address table 128 and registered in the movement source address table 128. Create communication data (IP packet) with the IP address of the monitor as the destination IP address. Then, the communication data determination unit 124 stores the IP packet (IP header and IP payload portion) of the input communication data in the created communication data. The communication data determination unit 124 sends the created communication data to the communication data transmission unit 125 (step S68), and ends the process.

FIG. 23 shows the communication data (IP packet) created in step S67 in association with the input communication data and the source address table 128.
23, the input communication data 230 and the created data 234 (sent to the communication data transmission unit 125) are communication data 90 (data with a data link layer added) and communication shown in FIG. 9, respectively. It corresponds to the data 94.

  The communication data 230 includes a data link layer header 231, an IP header 232, and an IP payload 233. The destination MAC address of the data link layer header 231 and the destination IP address of the IP header 232 are associated with the IP address “192.168.2.10” of the migration source virtual machine monitor, as indicated by arrows A61 and A62, respectively. Accordingly, the MAC address “bb: bb: bb: aa: aa: aa” and the IP address “192.168.2.100” of the guest OS registered in the migration source address table 128 are matched.

  In FIG. 23, data 234 sent from the communication data determination unit 124 to the communication data transmission unit 125 is an IP packet. As the destination IP address of the IP header 235 of the data 234, the IP address “192.168.2.10” of the migration source virtual machine monitor is used as indicated by an arrow A63. As the transmission source IP address of the IP header 235 of the data 234, the IP address of the virtual machine monitor 12-i itself is used as indicated by an arrow A64. The IP payload 236 of the data 234 stores the IP header 232 and the IP payload 233 (IP packet) of the input communication data 230.

(6) In the case of communication data that does not fall under any of the above (1) to (5) When the determination in step S62 or S66 is NO, that is, the input communication data is the same as in (1) to (5) above. If the communication data does not correspond to any of them, the communication data determination unit 124 determines that the communication data does not need to be processed, such as the communication data of the guest OS that has not moved. In this case, the communication data determination unit 124 returns the input communication data (including the communication data determination unit 124) to the I / O control unit 120 in the virtual machine monitor 12-i as it is (step S69), and the process is performed. finish.

<Operation of communication data transmitter>
Next, the operation of the communication data transmission unit 125 will be described.
The communication data transmission unit 125 creates communication data to be transmitted by adding a data link layer header to the communication data (IP packet) transmitted from the communication data determination unit 124. The communication data transmission unit 125 performs a process of passing the generated communication data to the I / O control unit 120 in the virtual machine monitor 12-i in order to transmit the generated communication data.

Hereinafter, the operation of the communication data transmission unit 125 will be described with reference to the flowchart of FIG.
First, when an IP packet is transmitted (input) from the communication data determination unit 124, the communication data transmission unit 125 indicates that the destination IP address of the IP packet is the virtual machine monitor 12-i including the communication data transmission unit 125. It is determined whether or not the network segment 16-i where the HW11-i where the HW11-i is located belongs belongs to a different network segment (step S71). That is, the communication data transmission unit 125 determines whether the destination IP address belongs to a network segment different from the network segment 16-i.

  When the determination in step S71 is YES, the communication data transmission unit 125 refers to the ARP table 129, thereby including data including the IP address of the router 17 (specifically, including the pair of the MAC address and IP address of the router 17). It is determined whether (data) is registered (step S72).

  If data including the IP address of the router 17 is not registered in the ARP table 129 (NO in step S72), the communication data transmitting unit 125 makes an ARP request with the IP address of the router 17 as the destination IP address. The ARP request is transmitted from the I / O control unit 120 to the network segment 16-i by being sent to the / O control unit 120 (step S73). The ARP request is relayed by the communication data determination unit 124 in the communication transfer control unit 122 under the control of the I / O control unit 120 and input to the ARP processing unit 126 (step S52 in FIG. 18).

  When executing step S73, the communication data transmission unit 125 determines again whether data including the IP address of the router 17 is registered in the ARP table 129 (step S74).

  If it is determined in step S72 or S74 that the data including the IP address of the router 17 is registered in the ARP table 129, the communication data transmitting unit 125 sets a pair with the IP address of the router 17 from the ARP table 129. The obtained MAC address (that is, the MAC address of the router 17) is acquired (step S75). The communication data transmission unit 125 uses the input IP packet and the acquired MAC address (here, the MAC address of the router 17) to create communication data with the acquired MAC address as the destination (step S76). . In step S76, the communication data transmitting unit 125 transmits the generated communication data to the I / O control unit 120, thereby transmitting the communication data from the I / O control unit 120 to the network segment 16-i (step S76). ). Here, the communication data transmission unit 125 creates communication data destined for the acquired MAC address as follows.

  First, the communication data transmission unit 125 sets the acquired MAC address as the destination MAC address, and uses the MAC address of the HW 11-i in which the virtual machine monitor 12-i including the communication data transmission unit 125 is operating as the transmission source MAC address. Create a data link layer header. The communication data transmission unit 125 creates communication data with the acquired MAC address as the destination by adding the created data link layer header to the input IP packet.

FIG. 25 shows an example of the communication data created in step S76 in association with the input IP packet and the ARP table 129.
25, the input IP packet (data) 250 corresponds to the data 194 shown in FIG. 19, the data 216 shown in FIG. 21, or the data 234 shown in FIG. The IP packet 250 includes an IP header 251 and an IP payload 252. The communication data transmission unit 125 adds the data link layer header 253 to the IP packet 250 to create communication data 254 to be sent from the communication data transmission unit 125 to the I / O control unit 120.

  In the example of FIG. 25, as indicated by an arrow A71, an IP address “192.168.1.150” that matches the destination IP address of the IP header 251 is registered in the ARP table 129. In this case, the destination MAC address of the data link layer header 253 of the communication data 254 is paired with the matching IP address “192.168.1.150” and the MAC address “dd” registered in the ARP table 129. : Dd: dd: dd: dd: dd: dd "is used as indicated by arrow A72. As described above, the MAC address of the HW 11-i in which the virtual machine monitor 12-i is operating is used as the transmission source MAC address of the data link layer header 253. When step S76 is executed following step S75, the matching IP address “192.168.1.150” is the IP address of the router 17, and is registered in the ARP table 129 in a pair with the IP address. The MAC address “dd: dd: dd: dd: dd: dd” is the MAC address of the router 17.

  On the other hand, if it is determined that the data matching the IP address of the router 17 is not registered in the ARP table 129 even in the above determination (step S74), the communication data transmission unit 125 ends the process as it is.

  If the determination in step S71 is NO, that is, if the destination IP address belongs to the network segment 16-i, the communication data transmission unit 125 stores the data including the IP address that matches the destination IP address in the ARP table. Whether it is registered in 129 is determined (step S77).

  If the determination in step S77 is NO, the communication data transmission unit 125 sends an ARP request with the destination IP address of the input IP packet as the destination IP address to the I / O control unit 120, thereby making the ARP request I The transmission is transmitted from the / O control unit 120 to the network segment 16-i (step S78). The ARP request is relayed by the communication data determination unit 124 in the communication transfer control unit 122 under the control of the I / O control unit 120 and input to the ARP processing unit 126 (step S52 in FIG. 18).

  When executing step S78, the communication data transmitting unit 125 determines again whether data including an IP address that matches the destination IP address of the input IP packet is registered in the ARP table 129 (step S79).

  If it is determined in step S77 or S79 that data including an IP address that matches the destination IP address of the input IP packet is registered in the ARP table 129, the communication data transmission unit 125 determines from the ARP table 129, A MAC address paired with the IP address that matches the destination IP address is acquired (step S80). Then, the communication data transmission unit 125 proceeds to step S76, and uses the input IP packet and the acquired MAC address to create communication data destined for the acquired MAC address, and performs I / O control. Send to section 120. This process is performed in the same manner as when the destination IP address of the input IP packet belongs to a network segment different from the network segment 16-i. However, the destination MAC address is different. That is, the destination MAC address is not the MAC address of the router 17 but the MAC address acquired in step S80 (specifically, the ARP is paired with the IP address that matches the destination IP address of the input IP packet). MAC address registered in the table 129) is used.

<Operation of ARP processing section>
Next, the operation of the ARP processing unit 126 will be described.
The processing executed by the ARP processing unit 126 is roughly divided into (1) processing when an ARP packet (that is, an ARP request or ARP response) is input, and (2) periodic check of the ARP table. In the process (1), the ARP processing unit 126 adds data to the ARP table 129 based on the input ARP packet and transmits the ARP packet. In the process (2), the ARP processing unit 126 checks the ARP table 129 at predetermined time intervals, and reduces the expiration date. Further, the ARP processing unit 126 deletes the expired data from the ARP table 129. Details of the processes (1) and (2) are as follows.

(1) Processing when an ARP packet is input First, the operation of the ARP processing unit 126 when an ARP packet is input will be described with reference to the flowchart of FIG.

  The ARP processing unit 126 determines whether the input ARP packet is an ARP response (step S91). If the response is an ARP response (YES in step S91), the ARP processing unit 126 adds data to the ARP table 129 based on the ARP response packet of the ARP response (step S92). The data added to the ARP table 129 includes a MAC address / IP address pair and expiration date information. Here, the source MAC address and source IP address of the ARP response packet are used as the MAC address and IP address, respectively. For the expiration date information, for example, information indicating 600 seconds predetermined by the system is used. However, a value designated by the user may be used for the expiration date.

FIG. 27 shows an example of data added to the ARP table 129 in step S92 in association with the input ARP response.
In FIG. 27, the input ARP response 270 corresponds to, for example, the ARP response 40 shown in FIG. 4 or the ARP response 80 shown in FIG. The ARP response 270 includes a data link layer header 271 and an ARP response packet 272. The source MAC address and source IP address of the ARP response packet 272 are registered in the ARP table 129 as indicated by arrows A81 and A82, respectively. At this time, information indicating the expiration date of the MAC address / IP address pair registered in the ARP table 129 is also registered in the ARP table 129 in association with the MAC address / IP address pair.

  On the other hand, if the input ARP packet is not an ARP response (NO in step S91), that is, if it is an ARP request, the ARP processing unit 126 determines that the destination IP address (target IP address) of the ARP request is the ARP process. It is determined whether the IP address of the virtual machine monitor 12-i including the unit 126 is itself (step S93).

  If the destination IP address (target IP address) of the ARP request is the IP address of the virtual machine monitor 12-i itself (YES in step S93), the ARP processing unit 126 transmits the source address (transmission) of the input ARP request. The ARP response of the virtual machine monitor 12-i for the original MAC address and the transmission source IP address) is created (step S94). In step S94, the ARP processing unit 126 transmits the created ARP response to the I / O control unit 120, thereby causing the I / O control unit 120 to transmit the ARP response to the network segment 16-i.

FIG. 28 shows an example of the ARP response created / transmitted in step S94 in association with the input ARP request.
28, the input ARP request 280 corresponds to, for example, the ARP request 30 shown in FIG. 3, the ARP request 70 shown in FIG. 7, or the ARP request 100 shown in FIG. The ARP request 280 includes a data link layer header 281 and an ARP request packet 282. On the other hand, the created / transmitted ARP response 283 includes a data link layer header 284 and an ARP response packet 285.

  The destination MAC address and source MAC address of the data link layer header 284 of the ARP response 283 include the source MAC address and the virtual machine of the data link layer header 281 of the ARP request 280, as indicated by arrows A91 and A92, respectively. The MAC address of the HW11-i where the monitor 12-i is operating is used. The destination MAC address and the destination IP address of the ARP response packet 285 of the ARP response 283 include the source MAC address and the source IP address of the ARP request packet 282 of the ARP request 280 as indicated by arrows A93 and A94, respectively. Used. The source MAC address and source IP address of the ARP response packet 285 of the ARP response 283 include the MAC address of the HW 11-i in which the virtual machine monitor 12-i is operating, as indicated by arrows A95 and A95, respectively. And the IP address of the virtual machine monitor 12-i itself is used.

  On the other hand, if the determination in step S93 is NO, that is, if the destination IP address (target IP address) of the ARP request is different from the IP address of the virtual machine monitor 12-i itself, the ARP processing unit 126 determines the destination IP address. It is determined whether the IP address of the guest OS that matches the address is registered in the destination address table 127 (step S95).

  If the determination in step S95 is YES, the ARP processing unit 126 determines that the input ARP request is an ARP request for the moved guest OS. In this case, the ARP processing unit 126 makes a pair with the IP address of the guest OS that matches the destination IP address (target IP address) of the ARP request registered in the destination address table 127 and the IP address of the guest OS. Using the guest OS MAC address, a guest OS ARP response to the input source address of the input ARP request is created (step S96). In step S96, the ARP processing unit 126 transmits the created ARP response to the I / O control unit 120, thereby causing the I / O control unit 120 to transmit the ARP response to the network segment 16-i.

FIG. 29 shows an example of the ARP response created / transmitted in step S96 in association with the input ARP request and the destination address table 127.
In FIG. 29, the input ARP request 290 includes a data link layer header 291 and an ARP request packet 292. On the other hand, the created / transmitted ARP response 293 includes a data link layer header 294 and an ARP response packet 295. In the example of FIG. 29, the destination address table 127 includes an IP address “192. IP address of the guest OS that matches the destination IP address (target IP address) of the ARP request packet 292 of the ARP request 290, as indicated by the arrow A101. 168.1.100 "is registered.

  In this case, the transmission source MAC address of the data link layer header 291 of the ARP request 290 is used as the destination MAC address of the data link layer header 294 of the ARP response 293, as indicated by an arrow A102. The source MAC address of the data link layer header 294 of the ARP response 293 is paired with the IP address “192.168.1.100” of the guest OS as shown by the arrow A103, and the destination address table 127 The MAC address “aa: aa: aa: aa: aa: aa” of the guest OS registered in is used.

  Further, the destination MAC address and the destination IP address of the ARP response packet 295 of the ARP response 293 include the source MAC address and the source IP address of the ARP request packet 292 of the ARP request 290, as indicated by arrows A104 and 105, respectively. An address is used. As indicated by arrows A106 and A107, the MAC address “aa: aa: aa: aa: aa: of the guest OS is included in the source MAC address and source IP address of the ARP response packet 295 of the ARP response 293, respectively. aa ”and the IP address“ 192.168.1.100 ”are used.

  On the other hand, if the determination in step S95 is NO, that is, if the IP address of the guest OS that matches the destination IP address of the input ARP request is not registered in the migration destination address table 127, the ARP processing unit 126 Then, it is determined whether or not the IP address of the guest OS that matches the source IP address of the ARP request is registered in the source address table 128 (step S97).

  If the determination in step S97 is YES, the ARP processing unit 126 determines that the input ARP request is an ARP request transmitted by the moving guest OS. In this case, the ARP processing unit 126 creates an ARP response that stores a fake MAC address (step S98). In step S98, the ARP processing unit 126 transmits the created ARP response to the I / O control unit 120, thereby causing the I / O control unit 120 to transmit the ARP response to the network segment 16-i.

FIG. 30 shows an example of the ARP response created / transmitted in step S98 in association with the input ARP request and the source address table 128.
In FIG. 30, the input ARP request 300 includes a data link layer header 301 and an ARP request packet 302. On the other hand, the created / transmitted ARP response 303 includes a data link layer header 304 and an ARP response packet 305. In the example of FIG. 30, the migration source address table 128 includes an IP address “192.168.8.2. Of the guest OS that matches the transmission source IP address of the ARP request packet 302 of the ARP request 300, as indicated by an arrow A111. 100 "is registered.

  In this case, the source MAC address of the data link layer header 301 of the ARP request 300 is used as the destination MAC address of the data link layer header 304 of the ARP response 303, as indicated by an arrow A112. As the source MAC address of the data link layer header 304 of the ARP response 303, a fake MAC address is used as indicated by an arrow A113.

  Further, the destination MAC address and the destination IP address of the ARP response packet 305 of the ARP response 303 include the source MAC address and the source IP address of the ARP request packet 302 of the ARP request 300 as indicated by arrows A114 and 115, respectively. An address is used. The source MAC address and the source IP address of the ARP response packet 305 of the ARP response 303 are the above-described fake MAC address and the destination IP address (target IP address) of the ARP request packet 302, as indicated by arrows A116 and A117, respectively. Address) is used.

  On the other hand, if the determination in step S97 is NO, that is, if the IP address of the guest OS that matches the source IP address of the input ARP request is not registered in the source address table 128, the ARP processing unit 126. Determines that the ARP request is communication data that does not need to be processed by itself (ARP request from a guest OS that has not moved). In this case, the ARP processing unit 126 returns the input ARP request to the I / O control unit 120 as it is (step S99).

(2) Periodic Check of ARP Table Next, the periodic check of the ARP table 129 by the ARP processing unit 126 will be described with reference to the flowchart of FIG.

  The ARP processing unit 126 periodically checks the ARP table 129 and performs processing for deleting data whose expiration date is 0 or less from the table 129 as follows according to the flowchart of FIG.

  The ARP processing unit 126 refers to the entry of the ARP table 129 and reduces the value of the expiration date by the time of the periodic check interval (step S101). Next, the ARP processing unit 126 determines whether the value of the expiration date after being reduced by the period of the regular check is 0 or less (step S102). If the determination in step S102 is YES, the ARP processing unit 126 deletes the entry data of the ARP table 129 including the value of the expiration date determined in step S102 from the table 129 (step S103). ). On the other hand, if the determination in step S102 is NO, the ARP processing unit 126 skips step S103.

  The ARP processing unit 126 repeats the above processing for all entries in the ARP table 129 (step S104). When the ARP processing unit 126 completes the above processing for all entries in the ARP table 129 (step S104), the ARP processing unit 126 waits for the period of the regular check (step S105). In this embodiment, the interval (time interval) of the periodic check for the ARP table 129 is predetermined as 1 second. However, a configuration may be adopted in which the periodic check interval can be set by the user.

  Each time the ARP processing unit 126 waits for the period of the regular check interval, the ARP processing unit 126 checks all entries in the ARP table 129 described above, and performs processing for deleting data whose expiration date is 0 or less from the table 129. Repeat (step S106).

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. For example, in the above embodiment, there are two virtual machine monitors on which the guest OS can operate. However, the present invention can also be applied to a virtual machine system having three or more virtual machine monitors in the same manner as in the above embodiment. In addition, various inventions can be formed by appropriately combining a plurality of components disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment.

1 is a block diagram showing a configuration of a virtual machine system according to an embodiment of the present invention. The sequence chart which shows the communication sequence before and behind the movement of guest OS applied with the system of FIG. The figure which shows an example of the ARP request | requirement transmitted from a client in the communication sequence of FIG. The figure which shows an example of the ARP response with respect to the ARP request | requirement shown in FIG. The figure which matches and shows the communication data addressed to the moved guest OS transmitted from the client in the communication sequence of FIG. 2, and the communication data created in order to relay the said communication data to the moved guest OS. The figure which matches and shows the communication data relayed in the communication sequence of FIG. 2, and the communication data addressed to the moved guest OS created based on the said communication data. The figure which shows an example of the ARP request | requirement transmitted from the guest OS moved in the communication sequence of FIG. The figure which shows an example of the ARP response with respect to the ARP request | requirement shown in FIG. The figure which matches and shows the communication data transmitted from the guest OS moved in the communication sequence of FIG. 2, and the communication data produced in order to relay the said communication data. The figure which shows an example of the ARP request | requirement transmitted from a virtual machine monitor in the communication sequence of FIG. The figure which shows an example of the ARP response with respect to the ARP request | requirement shown in FIG. The figure which matches and shows the communication data relayed in the communication sequence of FIG. 2, and the communication data addressed to the client created based on the said communication data. The block diagram which shows the structure of the virtual machine monitor shown by FIG. FIG. 14 is a diagram showing an example of the data structure of a destination address table shown in FIG. 13. FIG. 14 is a diagram showing an example of the data structure of a source address table shown in FIG. 13. The figure which shows the example of a data structure of the ARP table shown by FIG. 14 is a flowchart for explaining the operation of the guest OS state reception unit shown in FIG. 13. The figure which shows an example of the movement stop data produced by the guest OS state receiving part in association with the movement source address table. 14 is a flowchart for explaining the operation of the communication data determination unit shown in FIG. 13. FIG. 19 is a diagram showing an example of data (IP packet) created in step 54 in FIG. 18 in association with input communication data and a destination address table. The figure for demonstrating the operation | movement which deletes entry data from the movement destination address table 127 based on movement stop data. FIG. 19 is a diagram showing an IP packet sent from the communication data determination unit to the communication data transmission unit in step 61 in FIG. 18 in association with input communication data and a destination address table. FIG. 19 is a diagram showing an example of communication data created in step 64 in FIG. 18 in association with input communication data and a source address table. FIG. 19 is a diagram showing an example of data (IP packet) created in step 67 in FIG. 18 in association with input communication data and a source address table. 14 is a flowchart for explaining the operation of the communication data transmission unit shown in FIG. 13. FIG. 25 is a diagram showing an example of communication data created and transmitted in step 76 in FIG. 24 in association with an input IP packet and an ARP table. 14 is a flowchart for explaining an operation when an ARP packet of the ARP processing unit shown in FIG. 13 is input. FIG. 27 is a diagram showing an example of data added to an ARP table in step S92 in FIG. 26 in association with an input ARP response. FIG. 27 is a diagram showing an example of an ARP response created / transmitted in step S94 in FIG. 26 in association with an input ARP request. FIG. 27 is a diagram showing an example of an ARP response created and transmitted in step S96 in FIG. 26 in association with an input ARP request and a destination address table. FIG. 27 is a diagram showing an example of an ARP response created / transmitted in step S98 in FIG. 26 in association with an input ARP request and a source address table. 14 is a flowchart for explaining a periodic check of the ARP table by the ARP processing unit shown in FIG. 13.

Explanation of symbols

  11-1, 11-2 ... HW (hardware), 12-1, 12-2, 12-i ... virtual machine monitor, 13 ... virtual machine, 14 ... guest OS, 15 ... shared disk device, 16 ... LAN, 16-1, 16-2, 16-i ... network segment, 120 ... I / O control unit, 121 ... guest OS control unit, 122 ... communication transfer control unit, 123 ... guest OS state receiving unit, 124 ... communication data determination 125: Communication data transmission unit, 126 ... ARP processing unit, 127 ... Migration destination address table, 128 ... Migration source address table, 129 ... ARP table, 130 ... Migration management unit.

Claims (7)

A first virtual machine monitor capable of operating a guest OS;
First hardware on which the first virtual machine monitor operates;
A second virtual machine monitor capable of operating the guest OS;
Second hardware on which the second virtual machine monitor operates;
A virtual machine system comprising: a network connecting the first hardware and the second hardware;
The first virtual machine monitor is
Input / output control means for controlling input / output of communication data between the first hardware and the guest OS operating on the first virtual machine monitor;
Guest OS control means for controlling the movement of the guest OS from the first virtual machine monitor to the second virtual machine monitor and the movement of the guest OS from the second virtual machine monitor to the first virtual machine monitor When,
Movement management means for managing the movement state of the guest OS under the control of the guest OS control means;
Based on the movement state of the guest OS managed by the movement management unit, the communication data includes a first IP packet addressed to the guest OS that has moved between the first virtual machine monitor and the second virtual machine monitor. Including first communication data, second communication data storing the first IP packet, third communication data including a second IP packet transmitted by the moved guest OS, or the second IP Communication transfer control means for determining whether the packet is stored fourth communication data, and controlling transfer of the communication data according to the determination result,
The communication transfer control means of the first virtual machine monitor is:
When the communication data is the first communication data addressed to the guest OS moved from the first virtual machine monitor to the second virtual machine monitor, the first IP packet of the first communication data is Store in second communication data addressed to the second virtual machine monitor, and transfer the second communication data storing the first IP packet to the second virtual machine monitor by the input / output control means. And
The communication data addressed to the first virtual machine monitor storing the first IP packet of the first communication data addressed to the guest OS moved from the second virtual machine monitor to the first virtual machine monitor The first IP packet of the first communication data addressed to the guest OS moved to the first virtual machine monitor is extracted from the second communication data, and the extracted second communication data. Providing the fifth communication data including the first IP packet to the guest OS moved to the first virtual machine monitor by the input / output control unit;
When the communication data is the third communication data transmitted by the guest OS moved to the first virtual machine monitor, the third communication data is added to the fourth communication data addressed to the second virtual machine monitor. The second IP packet is stored, and the fourth communication data in which the second IP packet is stored is transferred to the second virtual machine monitor by the input / output control unit,
The first virtual machine monitor in which the communication data stores a second IP packet of third communication data transmitted by a guest OS that has moved from the first virtual machine monitor to the second virtual machine monitor. If it is the fourth communication data addressed to, the second IP packet of the third communication data transmitted by the guest OS moved to the second virtual machine monitor is extracted from the fourth communication data, A virtual machine system, wherein sixth communication data including the extracted second IP packet is transmitted to the network by the input / output control means. The movement management means of the first virtual machine monitor is:
A first table for registering the IP address of the guest OS and the IP address of the destination virtual machine monitor of the guest OS;
A second table for registering the IP address of the guest OS and the IP address of the migration source virtual machine monitor of the guest OS,
The first virtual machine monitor is a guest OS state reception unit that receives a guest OS state transition notification from the guest OS control unit under the control of the guest OS control unit, When the notification of the completion of the movement of the guest OS to the second virtual machine monitor is received, the pair of the physical address and IP address of the guest OS and the movement destination of the second virtual machine monitor of the guest OS Data including an IP address is registered in the first table of the first virtual machine monitor, and a notification that the migration of the guest OS from the second virtual machine monitor to the first virtual machine monitor is completed If received, the pair of the physical address and IP address of the guest OS and the I of the second virtual machine monitor from which the guest OS is moved Virtual machine system according to claim 1, characterized in that it comprises a guest OS state receiving means for registering the data containing the address to the second table of the first virtual machine monitor. The communication transfer control means of the first virtual machine monitor includes communication data determination means for executing determination of the communication data based on the first and second tables;
The communication data determination means includes
If the pair of the physical address and IP address of the guest OS that matches the destination of the communication data is registered in the first table, the communication data is addressed to the guest OS that has been moved to the second virtual machine monitor. Determining that the first communication data;
The destination IP address of the communication data is the IP address of the first virtual machine monitor itself, and the IP address of the second virtual machine monitor that matches the source IP address of the communication data is the second table. The communication data is the second communication data in which the first IP packet of the first communication data addressed to the guest OS moved to the first virtual machine monitor is stored. And
If the physical address and IP address of the guest OS that matches the transmission source of the communication data are registered in the second table, the guest OS that the communication data has moved to the second virtual machine monitor has transmitted. It is determined that the third communication data,
The destination IP address of the communication data is the IP address of the first virtual machine monitor itself, and the IP address of the second virtual machine monitor that matches the source IP address of the communication data is the first virtual machine monitor. If registered in the first table of the machine monitor, the communication data stores the second IP packet of the third communication data transmitted by the guest OS moved to the second virtual machine monitor. The virtual machine monitor system according to claim 2, wherein the fourth communication data is determined. The communication transfer control means of the first virtual machine monitor is:
When it is determined that the communication data is the first communication data addressed to the guest OS moved to the second virtual machine monitor, the second IP packet storing the first IP packet of the first communication data is stored. Communication data, and the IP address of the second virtual machine monitor registered in the first table in association with the physical address and IP address of the guest OS that matches the destination of the first communication data The second communication data with the destination address as the destination IP address and the IP address of the first virtual machine monitor itself as the source IP address,
When it is determined that the communication data is the second communication data storing the first IP packet of the first communication data addressed to the guest OS moved to the first virtual machine monitor, the second In the second table, the first IP packet stored in the communication data is associated with the IP address of the second virtual machine monitor that matches the source IP address of the second communication data. Creating a data link layer frame to which a data link layer header having a physical address of a registered guest OS as a destination physical address and a fake physical address as a transmission source physical address is added as the fifth communication data;
When it is determined that the communication data is the third communication data transmitted by the guest OS that has moved to the second virtual machine monitor, the second IP packet storing the second IP packet of the third communication data is stored. 4 of the second virtual machine monitor registered in the second table in association with the physical address and IP address of the guest OS that matches the transmission source of the third communication data. Creating the fourth communication data with the IP address as the destination address and the IP address of the first virtual machine monitor itself as the source IP address;
When it is determined that the communication data is the fourth communication data storing the second IP packet of the third communication data transmitted by the guest OS moved to the second virtual machine monitor, The second IP packet stored in the communication data 4 is taken out, the physical address corresponding to the destination IP address of the second IP packet is taken as the destination physical address, and the source IP address of the second IP packet A data link layer in which the physical address of the guest OS registered in the first table of the first virtual machine monitor is associated with the IP address of the second virtual machine monitor that matches 4. The virtual machine according to claim 3, wherein a data link layer frame to which a header is added is created as the sixth communication data. System. The communication data determination means of the first virtual machine monitor determines whether the communication data is an address resolution protocol request or an address resolution protocol response;
The communication transfer control unit of the first virtual machine monitor operates when the communication data determination unit determines that the communication data is the address resolution protocol request or the address resolution protocol response. Including means,
The address resolution protocol processing means, if the communication data is the address resolution protocol request, the destination IP address of the address resolution protocol request matches the IP address of the guest OS registered in the first table To determine whether the IP address of the transmission source of the address resolution protocol request matches the IP address of the guest OS registered in the second table. In this case, an address resolution protocol response for notifying the physical address registered in the second table in a pair with the matching IP address is returned to the source of the address resolution protocol request, and the second If the input / output control means sends an address resolution protocol response for notifying a fake physical address Virtual machine system according to claim 3 or 4, characterized in that return to the source of the address resolution protocol request Ri. The communication data determination means of the first virtual machine monitor is
When the communication data is received data addressed to the guest OS, if the IP address of the guest OS that matches the destination IP address of the communication data is not registered in the first table, the communication data is It is determined that the communication data is the seventh communication data addressed to the non-moving guest OS operating on one virtual machine monitor,
When the communication data is transmission data from the guest OS, if the IP address of the guest OS that matches the transmission source IP address of the communication data is not registered in the second table, the communication data is It is determined that the communication data is the eighth communication data transmitted by the non-moving guest OS operating on one virtual machine monitor,
The communication transfer control unit of the first virtual machine monitor passes the communication data determined to be the seventh communication data by the communication data determination unit to the guest OS that has not moved, and determines the communication data determination The virtual machine monitor system according to claim 3 or 4, wherein communication data determined by the means to be the eighth communication data is transmitted to the network by the input / output control means. The first hardware on which the first virtual machine monitor capable of operating the guest OS operates and the second hardware on which the second virtual machine monitor capable of operating the guest OS operate are connected via a network, The first virtual machine monitor controls the input / output of communication data between the first hardware and the guest OS operating on the first virtual machine monitor from the first virtual machine monitor to the first virtual machine monitor. The guest OS control means for controlling the movement of the guest OS to the second virtual machine monitor and the movement of the guest OS from the second virtual machine monitor to the first virtual machine monitor, and the control of the guest OS control means A virtual machine monitor program applied to a virtual machine system having movement management means for managing the movement state of a guest OS,
In the first virtual machine monitor,
Based on the movement state of the guest OS managed by the movement management unit, the communication data includes a first IP packet addressed to the guest OS that has moved between the first virtual machine monitor and the second virtual machine monitor. Including first communication data, second communication data storing the first IP packet, third communication data including a second IP packet transmitted by the moved guest OS, or the second IP Determining whether the packet is stored fourth communication data;
When the communication data is the first communication data addressed to the guest OS moved from the first virtual machine monitor to the second virtual machine monitor, the first IP packet of the first communication data is Store in the second communication data addressed to the second virtual machine monitor, and transfer the second communication data in which the first IP packet is stored to the second virtual machine monitor by the input / output control means Step to
The communication data addressed to the first virtual machine monitor storing the first IP packet of the first communication data addressed to the guest OS moved from the second virtual machine monitor to the first virtual machine monitor The first IP packet of the first communication data addressed to the guest OS moved to the first virtual machine monitor is extracted from the second communication data, and the extracted second communication data. Providing the guest OS moved to the first virtual machine monitor by the input / output control means with the fifth communication data including the received first IP packet;
When the communication data is the third communication data transmitted by the guest OS moved to the first virtual machine monitor, the third communication data is added to the fourth communication data addressed to the second virtual machine monitor. Storing the second IP packet, and transferring the fourth communication data in which the second IP packet is stored to the second virtual machine monitor by the input / output control unit;
The first virtual machine monitor in which the communication data stores a second IP packet of third communication data transmitted by a guest OS that has moved from the first virtual machine monitor to the second virtual machine monitor. If it is the fourth communication data addressed to, the second IP packet of the third communication data transmitted by the guest OS moved to the second virtual machine monitor is extracted from the fourth communication data, A program program for virtual machine monitoring for causing the input / output control means to transmit the sixth communication data including the extracted second IP packet to the network.

Images