WO2014094420A1 - Message processing method and device - Google Patents

Message processing method and device Download PDF

Info

Publication number
WO2014094420A1
WO2014094420A1 PCT/CN2013/079571 CN2013079571W WO2014094420A1 WO 2014094420 A1 WO2014094420 A1 WO 2014094420A1 CN 2013079571 W CN2013079571 W CN 2013079571W WO 2014094420 A1 WO2014094420 A1 WO 2014094420A1
Authority
WO
WIPO (PCT)
Prior art keywords
local area
area network
virtual local
port
identifier
Prior art date
Application number
PCT/CN2013/079571
Other languages
French (fr)
Chinese (zh)
Inventor
骆绍开
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2014094420A1 publication Critical patent/WO2014094420A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Definitions

  • the present invention relates to the field of network technologies, and in particular, to a packet processing method and apparatus. Background technique
  • VMM Virtual Machine Manager
  • the virtualization technology enables the virtual machine to communicate with other devices on the network after establishing a corresponding relationship through the physical NIC on the physical server.
  • the physical network card that provides virtualization functions is called a virtual network card.
  • a virtual local area network is a communication technology that logically divides a local area network device into multiple broadcast domains (multiple virtual local area networks).
  • VMM manages virtual machines and physical resources into two categories: front-end mode and pass-through mode.
  • the Xen platform is used as an example.
  • a virtual local area network (LAN) is configured in advance on Domain 0 for each DomainU NIC.
  • the DomainO writes the corresponding virtual LAN label to the packet according to the configuration, and then sends the packet through the network card.
  • the NIC sends the packet to the domain O.
  • the domain O is checked by the domain O.
  • the label is removed from the packet and sent to the DomainU. Otherwise, the packet is discarded.
  • Embodiments of the present invention provide a packet processing method and apparatus to improve security and network performance.
  • the present invention provides a method for processing a message, including:
  • Gen data acquisition corresponding to the 4-port port identifier Gen packets, searching the port identifier corresponding to the configuration information, the configuration information includes a specified virtual local area network identifier, the designated virtual local area network identifier is allowed to pass through the port Virtual local area network identifier;
  • the method before the acquiring the packet, the method further includes:
  • the port is an uplink port or a downlink port of the network device, where the network device is installed on a physical server, and the physical server passes the network device The external device is connected, the uplink port is a physical port that the network device is connected to the external device, and the lower link is a queue that the network device is connected to the physical server, where the external device includes a switch, a router, or another physical network card.
  • the network device is a physical network card in a virtualized scenario.
  • Determining, according to whether the packet carries a virtual local area network identifier, determining the target virtual local area network identifier from the specified virtual local area network identifier includes:
  • the default virtual local area network identifier corresponding to the port is determined as the target virtual local area network identifier, and the default virtual local area network identifier is in the designated virtual local area network identifier;
  • the packet When the packet carries the virtual local area network identifier, it is determined whether the virtual local area network identifier in the packet is in the specified virtual local area network identifier;
  • the default virtual local area network identifier corresponding to the port is determined as the target virtual local area network identifier.
  • the method further includes: receiving the packet by using the target virtual local area network, and writing the target virtual local area network identifier into the packet that does not carry the virtual local area network identifier.
  • the method when the packet is a packet to be sent, the sending the packet to the target virtual local area network Before the corresponding target virtual local area network is identified, the method further includes: when the virtual local area network identifier carried by the packet is the same as the default virtual local area network identifier corresponding to the port, deleting the virtual local area network label carried by the fourth file, Virtual office
  • the present invention provides a network device, including:
  • An obtaining unit configured to acquire a message
  • a searching unit configured to search for configuration information corresponding to the port identifier according to the port identifier corresponding to the port of the packet obtained by the acquiring unit, where the configuration information includes a specified virtual local area network identifier, where the designated virtual local area network identifier is The virtual local area network identifier that the port allows to pass;
  • a first processing unit configured to determine, according to whether the packet carries a virtual local area network identifier, the target virtual local area network identifier from the specified virtual local area network identifier found by the searching unit;
  • the network device further includes: a receiving unit, configured to receive preset configuration information corresponding to the port identifier from the management device.
  • the port of the network device is an uplink port or a downlink port, where the network device is installed on a physical server, and the physical server passes the network device The external device is connected, the uplink port is a physical port that the network device is connected to the external device, and the lower link is a queue that the network device is connected to the physical server, where the external device includes a switch, a router, or another physical network card.
  • the network device is a physical network card in a virtualized scenario.
  • the first processing unit includes:
  • a first determining module configured to determine whether the packet carries a virtual local area network identifier, where the first processing module is configured to: when the first determining module determines that the packet does not carry a virtual local area network identifier, Determining, by the default virtual local area network identifier, the target virtual local area network identifier, where the default virtual local area network identifier is in the specified virtual local area network identifier;
  • a second determining module configured to: when the first determining module determines that the packet carries a virtual local area network identifier, determine whether the virtual local area network identifier in the packet is in the specified virtual local area network identifier;
  • the network device when the packet is a packet to be received, the network device further includes:
  • the network device when the packet is a packet to be sent, the network device further includes:
  • a third processing unit configured to: when the virtual local area network identifier carried by the packet is the same as the default virtual local area network identifier corresponding to the port, delete the virtual local area carried by the fourth embodiment of the present invention.
  • the message processing method and device by acquiring the message, And determining, according to the port identifier corresponding to the port of the packet, the configuration information corresponding to the port identifier, and determining the target from the specified virtual local area network identifier in the configuration information according to whether the packet carries the virtual local area network identifier.
  • the virtual local area network identifier is sent to the target virtual local area network corresponding to the target virtual local area network identifier.
  • the embodiment of the present invention solves the problem that all the packets need to be transferred by the virtual machine manager and the network performance is not high when the virtual local area network is divided and the packet processing is performed by using the front-end mode in the prior art, and the security and network performance are improved. .
  • FIG. 1 is a flowchart of a method for processing a packet according to Embodiment 1 of the present invention
  • FIG. 2 is a schematic diagram of a connection relationship between a network device and a physical server and an external device according to Embodiment 1 of the present invention
  • FIG. 3 is a schematic diagram of a connection relationship between a physical network card and a physical server and an external device according to Embodiment 1 of the present invention
  • FIG. 4 is a flowchart of still another method for processing a packet according to Embodiment 1 of the present invention
  • FIG. 5 is a diagram showing an example of a configuration of configuration information of an uplink and a backup port according to Embodiment 1 of the present invention
  • 1 provides a flow chart of the physical network card entering from the physical port 1 when the virtual LAN attribute of the physical port 1 is a trunk port;
  • FIG. 7 is a flowchart of a physical network card from a physical port 1 when a virtual local area network attribute of the physical port 1 is a hybr i d port according to Embodiment 1 of the present invention
  • FIG. 8 is a flowchart of a physical network card from a physical port 1 when a virtual local area network attribute of the physical port 1 is an acce s s port according to Embodiment 1 of the present invention
  • FIG. 9 is a flowchart of still another method for processing a packet according to Embodiment 1 of the present invention
  • 10 is a flowchart of a physical network card from a queue 1 when a virtual local area network attribute of queue 1 is an acce ss port according to Embodiment 1 of the present invention
  • FIG. 11 is a flowchart of a physical network card from a queue 1 when a virtual local area network attribute of queue 1 is a t runk port according to Embodiment 1 of the present invention
  • FIG. 12 is a flowchart of a physical network card from a queue 1 when a virtual local area network attribute of queue 1 is a hybr i d port according to Embodiment 1 of the present invention
  • FIG. 13 is a structural diagram of a network device 13 according to Embodiment 1 of the present invention
  • FIG. 14 is a structural diagram of another network device 13 according to Embodiment 2 of the present invention
  • FIG. 16 is a structural diagram of another network device 13 according to Embodiment 2 of the present invention
  • FIG. 17 is a schematic diagram of another network device 17 according to Embodiment 1 of the present invention
  • FIG. 18 is a structural diagram of a network device 18 according to Embodiment 3 of the present invention.
  • a packet processing method is provided in the embodiment of the present invention.
  • the embodiment is applied to a network virtualization scenario, and the network device implements virtual local area network division and packet processing in a direct mode, as shown in FIG. Including the following steps:
  • the port is an uplink port or a downlink port
  • the uplink port is a physical port to which the network device is connected to the external device
  • the downlink The port is a queue in which the network device is connected to the physical server, that is, the queue is a channel through which the network device interacts with the physical server, and each queue corresponds to a virtual machine on the physical server
  • the report is The packet is received from the external device through the uplink port, and is sent to the physical server through the downlink interface, or received from the physical server through the downlink interface, and is received by the physical server. A message sent by the interface to the external device.
  • the configuration information may be configured in the form of a list, for example, including a port identifier in the list, and configuration information corresponding to the port identifier, including a specified virtual local area network identifier, where the specified virtual local area network identifier includes a default virtual local area network. Identification, and a list of virtual local area network IDs that are allowed to pass.
  • the configuration information also includes virtual local area network attributes.
  • virtual local area network attributes are classified into three categories: The port, the trunk port, and the hybrid port, the virtual LAN attribute included in the configuration information is any one of an access port, a trunk port, or a hybrid port.
  • the access port can only belong to one virtual local area network, and is generally used for the connection between the switch and the end user.
  • the trunk port can belong to multiple virtual local area networks, and can receive and send packets of multiple virtual local area networks, which are generally used in switches.
  • the hybrid port can belong to multiple virtual LANs. It can receive and send packets of multiple virtual LANs. It is generally used for connection between switches, and can also be used to connect users' computers.
  • the hybrid port can allow multiple ports. The packets of the virtual local area network are not carried with the virtual local area network label.
  • the default virtual local area network identifier corresponding to the port is determined as the target virtual local area network identifier, and the default virtual local area network identifier is in the designated virtual local area network identifier;
  • the packet When the packet carries the virtual local area network identifier, it is determined whether the virtual local area network identifier in the packet is in the specified virtual local area network identifier;
  • the default virtual local area network identifier corresponding to the port is determined as the target virtual local area network identifier.
  • step 1 04 is not performed.
  • the packet is sent to the target virtual local area network corresponding to the target virtual local area network identifier, and the packet is forwarded by the target virtual local area network.
  • the method for processing a packet obtains a packet, and searches for the configuration information corresponding to the port identifier according to the port identifier corresponding to the port that obtains the packet, and then, according to the packet, Whether the virtual local area network identifier is carried, the target virtual local area network identifier is determined from the specified virtual local area network identifier in the configuration information, and the information is sent to the target virtual local area network corresponding to the target virtual local area network identifier.
  • the embodiment of the present invention solves the problem that all the packets need to be transferred by the virtual machine manager and the network performance is not high when the virtual local area network is divided and the packet processing is performed by using the front-end mode in the prior art, and the security and network performance are improved.
  • a method for processing a packet is provided.
  • the virtual LAN segmentation and packet processing are implemented in the pass-through mode by the physical network card.
  • the pass-through mode is a mode in which the obtained packet does not need to be transferred by the virtual machine manager and directly forwarded by the physical network card.
  • the physical network card is connected to the physical port of the physical network card, and the external device is a switch, a router, another physical network card or other network device.
  • the physical network card is connected to the physical network card and the physical server.
  • a queue, that is, the queue is a channel through which the network device interacts with the physical server, and each queue corresponds to a virtual machine on the physical server.
  • the process of entering and leaving the physical network card into four physical processes is divided into four processes, as shown in Figure 3, which are 1 packet processing from the uplink port (physical port) into the physical network card, and 2 from the lower link port (queue) to the physical network card.
  • the processing of receiving a packet from the uplink port (physical port) into the physical network card is taken as an example, that is, the processing of receiving the packet from the uplink port is taken as an example.
  • the physical network card receives preset configuration information corresponding to the port identifier from a management device.
  • the configuration information corresponding to the port identifier is preset in the management device having the management function, and is sent to the physical network card by using the management device, for example, configuring configuration information of the upper and lower links through the virtual machine manager, and Sent to the physical network card.
  • the virtual machine manager is connected to the physical network card, and configured to set and manage configuration information in the physical network card.
  • the physical network card acquires a packet.
  • the packet is obtained by the physical network card from the external device through the uplink port (physical port), and the external device is a switch, a router, or another physical network card.
  • the physical network card searches for the configuration information corresponding to the port identifier according to the port identifier corresponding to the port that obtains the packet.
  • the configuration information may be in the form of a list, as shown in FIG. 5, in the list.
  • the port identifier includes the configuration information corresponding to the port identifier, and the configuration information includes a specified virtual local area network identifier, where the designated virtual local area network identifier is a virtual local area network identifier that the port allows to pass, and the allowed virtual local area network identifier A default virtual local area network identifier and a list of allowed virtual local area network identifiers.
  • the configuration information further includes a virtual local area network attribute, and a virtual local area network identifier list of the packet that does not carry the virtual local area network label, and the identifier in the virtual local area network identification list that is allowed to pass, including the allowed non-portable The identifier in the virtual local area network identifier list of the packets of the virtual local area network label.
  • the port identifier is an identifier that is set for each port of the physical NIC in advance.
  • the default virtual local area network identifier ranges from 0 to 4095.
  • the default virtual local area network identifier corresponding to the port can be set according to the range, for example, the physical There are four physical ports on the NIC. You can set the corresponding port IDs to 0, 1, 1, and 3 for the four physical ports in sequence.
  • the default virtual LAN IDs are 0, 1, 2, and 3.
  • the virtual local area network attributes are classified into three types: acce ss port, t runk port, and hy id port, and the acces s port can belong to only one virtual local area network, generally used for the switch.
  • the connection to the end user; t runk port can belong to multiple virtual local area networks, can receive and send multiple virtual LAN messages, generally used for connection between switches; hybr id port can belong to multiple virtual local area networks, can Receiving and sending packets of multiple virtual local area networks, generally used for connection between switches, can also be used to connect users' computers, and the hybrid id port can allow multiple virtual local area networks to transmit without carrying virtual local area network labels. .
  • the virtual local area network attribute is different, and the corresponding virtual local area network identifier list that is allowed to pass and the virtual local area network identification list of the packets that do not carry the virtual local area network label are different.
  • the virtual local area network attribute is the acce ss port
  • the corresponding virtual local area network identification list and the allowed virtual local area network identification list of the packets that do not carry the virtual local area network label are empty; when the virtual local area network attribute is the t runk port, The corresponding allowed virtual local area network identifier list is valid, and the port is connected.
  • the virtual local area network identifier in the virtual local area network identifier list is allowed to pass, and the virtual local area network identification list of the packet that does not carry the virtual local area network label is allowed to be empty; when the virtual local area network attribute is hybr When the id port is used, the corresponding virtual local area network identifier list and the virtual local area network identifier list of the packets that do not carry the virtual local area network label are allowed to pass, and the port is allowed to carry the virtual local area network when receiving and sending the message.
  • the virtual local area network identifier in the identification list is passed, and the virtual local area network identifier carried in the 4 ⁇ text is in the allowed virtual local area network identification list, and is not allowed in the port.
  • the packet can carry the virtual local area network label for transmission when the virtual local area network identifier list of the packet carrying the virtual local area network label is not received.
  • the corresponding allowed virtual local area network identifier list includes a corresponding default virtual local area network identifier.
  • the virtual LAN attribute of the physical port is set to t runk port or hybr i d port.
  • it can also be acce s s port, which is not limited here.
  • the physical network card determines, according to whether the packet carries a virtual local area network identifier, a target virtual local area network identifier from the designated virtual local area network identifier.
  • the physical network card sends the message to a target virtual office or network corresponding to the target virtual local area network identifier.
  • the physical network card receives the packet by using the target virtual local area network.
  • the physical network card from the physical port 1 obtains the packet according to the physical port 1 as shown in FIG. 6, FIG. 7 and FIG. Port ID 1 is used to find the configuration information corresponding to the port identifier 1.
  • the configuration information includes the specified virtual local area network identifier, where the specified virtual local area network identifier includes a default virtual local area network identifier of 1 and the allowed virtual local area network identifier list includes 1, 2, 3, and the configuration information further includes a virtual local area network attribute.
  • the virtual local area network identifier list of the packets that do not carry the virtual local area network label is empty.
  • the method includes the following steps: 601.
  • the physical network card determines whether the four-dimensional text carries a virtual local area network identifier.
  • the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier.
  • the packet header that does not carry the virtual local area network label includes the destination address (DMAC), the source address (SMAC), and the packet type (Ether-Type).
  • the packet type does not carry the identifier of the 8100.
  • the 8100 identifier indicates the location.
  • the message carries a virtual local area network label.
  • the physical network card finds that the corresponding virtual local area network attribute is a trunk port according to the port identifier 1 corresponding to the physical port 1 of the obtained port, and the default virtual local area network identifier is 1. Determining the virtual local area network 1 corresponding to the default virtual local area network identifier as the target virtual local area network, receiving the information by using the target virtual local area network, and writing the target virtual local area network identifier to the non-carrying virtual In the message of the LAN identifier. The default virtual local area network identifier is written into the file, and the destination address and source address are included in the header, and the 8100 type, priority (PRI), specification flag (CFI), and virtual are carried.
  • PRI priority
  • CFI specification flag
  • the local area network identifier where the destination address and the source address are both 6 bytes, the packet type carrying the 8100 is 1 byte, the priority is 3 bits (bits), the specification flag is lbit, and the virtual local area network identifier is 12 bits.
  • the provincial virtual local area network identifier is written in the 12-bit virtual local area network identifier.
  • the physical network card determines whether the virtual local area network identifier in the packet is in the allowed virtual local area network identifier list;
  • the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier.
  • the packet carries the virtual local area network label
  • the physical network card acquires the virtual local area network identifier in the virtual local area network label.
  • the physical port 1 pair The virtual local area network identifier list that is allowed to pass includes 1, 2, 3, and when the virtual local area network identifier carried by the message is 1, the corresponding port is corresponding to the allowed virtual local area network identifier list.
  • the default virtual local area network identifier 1 is determined as the target virtual local area network identifier, and the packet is received by the target virtual local area network corresponding to the target virtual local area network identifier.
  • the packet is discarded in the virtual local area network identifier list that is allowed to pass.
  • the virtual local area network attribute is a hybrid port
  • the allowed virtual local area network identification list includes 1, 2, 3, and the allowed non-transported virtual local area network label is allowed.
  • the virtual local area network identifier list adopted by the text is 1, 2, as shown in Figure 7, which specifically includes the following steps:
  • the physical network card determines whether the fourth file carries a virtual local area network identifier.
  • the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier.
  • the packet header that does not carry the virtual local area network label includes the destination address (DMAC), the source address (SMAC), and the packet type (Ether-Type).
  • the packet type does not carry the identifier of the 8100.
  • the 8100 identifier indicates the location.
  • the message carries a virtual local area network label.
  • the physical network card finds that the corresponding virtual local area network attribute is a hybrid port, and the default virtual local area network identifier is 1, according to the port identifier 1 corresponding to the physical port 1 of the obtained port.
  • the virtual local area network 1 corresponding to the default virtual local area network identifier is determined as the target virtual local area network, the packet is received by the target virtual local area network, and the target virtual local area network identifier is written into the non-carrying virtual local area network identifier.
  • the default virtual local area network identifier is written into the packet, and the packet header includes the destination address and the source address, and the packet type of the 8100 is carried.
  • Priority Priority
  • specification flag CF I
  • virtual local area network identifier where the destination address and source address are both 6 bytes, the packet type carrying 8100 is 1 byte, and the priority is 3b it (bit) ), the specification flag is lb it , the virtual local area network identifier is 12b it , and the default virtual local area network identifier is written in the virtual local area network identifier of 12b it.
  • the physical network card determines whether the virtual local area network identifier in the packet is in the allowed virtual local area network identifier list.
  • the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier.
  • the packet carries the virtual local area network label, and the virtual local area network identifier in the virtual local area network label is obtained.
  • the virtual local area network identifier list corresponding to the physical port 1 includes 1, 2, and 3, and when the virtual local area network identifier carried in the packet is 1, the virtual local area network identifier list is allowed to pass.
  • the default virtual office i or the network identifier 1 corresponding to the port is determined as the target virtual office i or the network identifier, and the target virtual local area network corresponding to the target virtual local area network identifier is received by the target virtual local area network.
  • the packet is discarded.
  • the configuration information corresponding to the physical port 1 is that the default virtual local area network identifier is 1 and the virtual local area network attribute is an acce ss port
  • the corresponding allowed virtual local area network identifier list and the allowed packets that do not carry the virtual local area network label are allowed to pass.
  • the virtual local area network identifier list is empty, as shown in Figure 8, which specifically includes the following steps:
  • the physical network card determines whether the fourth file carries a virtual local area network identifier.
  • the physical NIC determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier. For the obtained packet header that does not carry the virtual LAN label, the destination address is included.
  • the 8100 identifier indicates that the packet carries the virtual local area network label.
  • the physical network card finds the corresponding virtual local area network attribute as the acce ss port according to the port identifier 1 corresponding to the physical port 1 of the obtained ⁇ ,, the default virtual office i or the network If the identifier is 1, the virtual local area network corresponding to the default virtual office i or the network identifier is determined as the target virtual local area network, the packet is received by the target virtual local area network, and the target virtual local area network identifier is written. The packet does not carry the virtual local area network identifier. The default virtual local area network identifier is written into the packet.
  • the packet header includes the destination address, the source address, the packet type carrying the 8100, the priority (PRI), the specification flag (CF I ), and the virtual local area network identifier.
  • the destination address and the source address are both 6 bytes
  • the packet type carrying 8100 is 1 byte
  • the priority is 3b it (bit)
  • the specification flag is lb it
  • the virtual local area network identifier is 12b it
  • the default virtual local area network identifier is written in the virtual local area network identifier of 12b it.
  • the physical network card determines whether the virtual local area network identifier in the text is the same as the default virtual local area network identifier corresponding to the port identifier, when the virtual local area network identifier is carried.
  • the packet carries the virtual local area network label, and the virtual local area network identifier in the virtual local area network label is obtained.
  • the default virtual local area network identifier corresponding to the physical port 1 is 1, and when the virtual local area network identifier carried by the fourth port is 1, the The virtual office i or the network identifier is the same as the default virtual office i or the network identifier corresponding to the port identifier, and the default virtual local area network identifier 1 corresponding to the port is determined as the target virtual local area network identifier, and the target virtual local area network identifier is determined by the target virtual area identifier.
  • a packet processing method is provided.
  • virtual local area network division and packet processing are implemented in a pass-through mode by using a physical network card, and the direct mode is The obtained packet does not need to be transferred by the virtual machine manager and directly forwarded by the physical network card.
  • the physical network card is connected to the physical port of the physical network card, and the external device is a switch, a router, another physical network card or other network device.
  • the physical network card is connected to the physical network card and the physical server.
  • a queue that is, the queue is a channel through which the network device interacts with the physical server, and each queue corresponds to a virtual machine on the physical server.
  • the process of entering and leaving the physical network card into four physical processes is divided into four processes, as shown in Figure 3, which are 1 packet processing from the uplink port (physical port) into the physical network card, and 2 from the lower link port (queue) to the physical network card. Packet processing, 3 processing from the lower joint port (queue) into the physical network card, 4 from the upper joint port (physical port) to the physical network card.
  • This implementation manner may be subsequent packet processing in the implementation manner shown in FIG. 4, that is, after the packet shown in FIG.
  • the physical network card sends the packet to the physical server, which is an example of the packet processing of the physical network card from the lower joint port (queue) in FIG.
  • the packet is determined by the destination address list in the physical network card.
  • the sent queue, and then the processing of sending the packet from the lower joint port, as shown in FIG. 9, the method includes:
  • the physical NIC receives, from the management device, configuration information corresponding to the port identifier that is preset.
  • the configuration information corresponding to the port identifier is preset by the management device having the management function, and is sent to the physical network card.
  • the configuration information of the upper and lower links is configured by the virtual machine manager, and sent to the physical Network card.
  • the virtual machine manager is connected to the physical network card, and configured to set and manage the physical network card.
  • the physical network card acquires a to-be-sent packet.
  • the packet to be sent from the physical network card carries a virtual local area network label, and the packet is a packet obtained from the downlink interface.
  • the physical network card searches for the configuration information corresponding to the port identifier according to the port identifier corresponding to the port that obtains the packet.
  • the configuration information may be in the form of a list. As shown in FIG. 5, the list includes a port identifier and configuration information corresponding to the port identifier, where the configuration information includes a specified virtual local area network identifier, and the specified virtual
  • the local area network identifier is a virtual local area network identifier that the port is allowed to pass, and the allowed virtual local area network identifier is a default virtual local area network identifier and a list of allowed virtual local area network identifiers.
  • the configuration information further includes a virtual local area network identifier, and a virtual local area network identifier list of the message that does not carry the virtual local area network label, and the virtual local area network identification list of the message that does not carry the virtual local area network label is allowed to be
  • the port of the virtual local area network identifier list that is allowed to pass, the port identifier is an identifier that is set for each queue of the physical network card in advance.
  • the default virtual local area network identifier ranges from 0 to 4095, and the default corresponding to the port can be set according to the range.
  • the virtual local area network identifier for example, has four queues of the physical network card, and the corresponding identifiers of the four queues may be set to 0, 1, 1, 3, and the default virtual local area network identifiers are 0, 1, 2, and 3.
  • the virtual local area network attributes are classified into three types: an access port, a trunk port, and a hybrid id port.
  • the access port can belong to only one virtual local area network, and is generally used for switches and end users.
  • the trunk port can belong to multiple virtual LANs. It can receive and send packets from multiple virtual LANs. It is generally used for connections between switches.
  • the hybrid port can belong to multiple virtual LANs and can receive and send multiple packets.
  • the packets of the virtual local area network are generally used for connecting between switches, and can also be used for connecting the user's computer, and the hybrid port can allow multiple virtual local area networks to transmit without carrying the virtual local area network label.
  • the virtual local area network attribute is different, and the corresponding virtual local area network identifier list that is allowed to pass and the virtual local area network identification list of the packets that do not carry the virtual local area network label are different.
  • the virtual local area network attribute is the access port
  • the corresponding virtual local area network identifier list and the allowed virtual local area network identifier list of the packets that do not carry the virtual local area network label are empty; when the virtual local area network attribute is a trunk port, the corresponding The virtual local area network identifier list that is allowed to pass is valid.
  • the port When the port receives and sends the message, the port is allowed to carry the virtual local area network identification message in the virtual local area network identifier list, and the allowed packet that does not carry the virtual local area network label is allowed to pass.
  • the virtual local area network identifier list is empty.
  • the corresponding allowed virtual local area network identifier list and the allowed virtual local area network identifier list of the packets that do not carry the virtual local area network label are valid, and the port is receiving.
  • the packet is sent, the virtual local area network identifier in the virtual local area network identifier list is allowed to pass, and the virtual local area network identifier carried in the 4 ⁇ text is allowed in the port when the port sends the message.
  • Virtual office Network identifier list does not allow the packets carrying no VLAN tag virtual local area network identifier list when the packets can carry a virtual LAN tags to transmit.
  • the corresponding allowed virtual local area network identifier list includes a corresponding default virtual local area network identifier.
  • the virtual LAN property of the queue is set to the access port, of course It can be a t runk port or a hyb rid port, which is not limited here.
  • the physical network card determines, according to whether the packet carries a virtual local area network identifier, a target virtual local area network identifier from the specified virtual local area network identifier.
  • the following takes the physical network card from the queue 1 as an example, as shown in FIG. 10, FIG. 1 1 and FIG. 12, as an example, when the queue 1 obtains the packet, according to the queue Port ID 1 of 1 searches for the configuration information corresponding to port ID 1.
  • the configuration information includes the specified virtual local area network identifier, where the specified virtual local area network identifier includes a default virtual local area network identifier of 1 and a virtual local area network identifier list that is allowed to pass, and the configuration information further includes a virtual local area network attribute of an ac ce ss port.
  • a virtual local area network identifier list of the packets that do not carry the virtual local area network label, and the list of the virtual local area network identifiers that are allowed to pass through and the virtual local area network identification list of the packets that do not carry the virtual local area network label are allowed to be empty, such as As shown in FIG. 10, the method includes the following steps: The default virtual local area network identifier corresponding to the port identifier is the same;
  • the physical network card determines the virtual local area network identifier in the information as the target virtual local area network identifier. .
  • the virtual local area network identifier in the message is the target virtual local area network identifier, the virtual local area network label carried in the packet is deleted, and the message is sent through the target virtual local area network.
  • the virtual local area network identifier in the four-dimensional text Comparing, by the physical network card, the virtual local area network identifier in the four-dimensional text with the default virtual local area network identifier corresponding to the port identifier, where the default virtual number corresponding to the queue 1 is The pseudo-local area network identifier is 1 and the virtual local area network identifier in the text is the same as the default virtual local area network identifier corresponding to the queue 1 when the virtual local area network identifier is 1 in the text, and the virtual local area network label is deleted.
  • the packet is sent to the physical server through the queue 1; when the virtual local area network identifier of the packet is 2, the virtual local area network identifier in the packet is different from the default virtual local area network identifier corresponding to the queue 1
  • the 4 files are discarded and are not sent to the physical server.
  • the allowed virtual local area network identifier list includes 1, 2, 3, and the virtual packets that are allowed to pass without carrying the virtual local area network label are virtual.
  • the method includes the following steps: The default virtual local area network identifier corresponding to the port identifier is the same.
  • the default virtual office corresponding to the port identifier of the virtual local area network identifier is the target virtual local area network identifier.
  • the physical network card deletes the virtual local area network label carried in the packet. And sent to the physical server through queue 1.
  • the virtual local area network identifier When the virtual local area network identifier is 2, the virtual local area network identifier and the default virtual local area network identifier corresponding to the queue 1 are different, and it is determined whether the virtual local area network identifier is allowed to pass in the queue 1
  • the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier.
  • the virtual local area network identifier When the virtual local area network identifier is 0, the virtual local area network identifier is different from the default virtual local area network identifier corresponding to the queue 1, but it is determined that the virtual local area network identifier is allowed to pass through the queue 1
  • the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier, and retains the virtual local area network label in the packet, and sends the packet Go to the target virtual local area network, and send the message to the physical server through the target virtual local area network.
  • the allowed virtual local area network identifier list includes 1, 2, 3, and the allowed virtual packets of the virtual local area network label are not allowed to pass.
  • the local area network identifier list is 1, 2, as shown in FIG. 12, and specifically includes the following steps: The virtual network local area identifier list corresponding to the port identifier is allowed to pass;
  • the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier. And the subsequent processing of the 4 ⁇ text.
  • the virtual local area network identifier When the virtual local area network identifier is 3, the virtual local area network identifier is in the virtual local area network identifier list corresponding to the queue 1 corresponding to the queue 1 After the virtual local area network identifier is 0, the virtual local area network identifier is not in the allowed virtual local area network identifier list corresponding to the queue 1, and the packet is discarded.
  • step 1 2 02 according to the settings in the virtual local area network identifier list of the packets that do not carry the virtual local area network label that are allowed to pass through the queue 1, the subsequent processing of the message is as follows:
  • a determining whether the virtual local area network identifier in the four-dimensional text is in the virtual local area network identifier list of the packet that does not carry the virtual local area network label corresponding to the port identifier; b. when the virtual local area network identifier is in the port And deleting the packet when the corresponding virtual network identifier list of the packet that does not carry the virtual local area network label is allowed to pass;
  • the virtual local area network identifier When the virtual local area network identifier is 2, the virtual local area network identifies the virtual office that is allowed to pass the packet that does not carry the virtual local area network label corresponding to the queue 1 and sends the virtual office to the physical server; When the virtual local area network identifier in the packet is 3, the virtual local area network identifier is not in the virtual local area network identifier list that passes the packet that does not carry the virtual local area network label corresponding to the queue 1 The message is sent to the physical server through queue 1.
  • the processing of the packet sent from the uplink interface to the physical NIC is similar to the processing of sending the packet from the lower interface as described in FIG. 9 to FIG. Narration.
  • a packet processing method is provided In the network virtualization scenario, the virtual LAN segmentation and packet processing are implemented in the pass-through mode by the physical network card.
  • the pass-through mode is a mode in which the obtained packet does not need to be transferred by the virtual machine manager and directly forwarded by the physical network card.
  • the physical network card is connected to the physical port of the physical network card, and the external device is a switch, a router, another physical network card or other network device.
  • the physical network card is connected to the physical network card and the physical server.
  • a queue that is, the queue is a channel through which the network device interacts with the physical server, and each queue corresponds to a virtual machine on the physical server.
  • the process of entering and leaving the physical network card into four physical processes is divided into four processes, as shown in Figure 3, which are 1 packet processing from the uplink port (physical port) into the physical network card, and 2 from the lower link port (queue) to the physical network card. Packet processing, 3 processing from the lower joint port (queue) into the physical network card, 4 from the upper joint port (physical port) to the physical network card.
  • the packet processing is performed on the physical network card from the uplink port (physical port) after the physical network card performs other processing.
  • the processing of the physical network card from the lower joint port (queue) it is similar to the processing of the packet from the upper joint port (physical port) to the physical network card as shown in Figure 4-8.
  • the packet processing of the physical NIC is similar to the processing of the physical NIC from the lower port (queue) shown in Figure 9-12.
  • the physical network cards including the physical network card from the uplink port (physical port) and the physical network card from the lower port (queue), it can be regarded as 4 from the peer device to the physical network card.
  • the implementation manner is that the packet is received from the downlink interface, and then the packet is sent from the uplink port, and the packet is received from the uplink port as described in FIG. 4-8 and FIG.
  • the processing of sending packets on the interface is similar, and is not mentioned here.
  • the embodiment of the present invention is not limited to a physical network card, and may be any network device capable of realizing virtual local area network division and processing.
  • the embodiments of the present invention can be applied to VEB (V i ua l E therne t Br i dge, virtual Ethernet bridge) and VEPA (V ir tua l
  • VEB V i ua l E therne t Br i dge, virtual Ethernet bridge
  • VEPA V ir tua l
  • the virtual machine 1 first sends a message to the physical network card, The physical network card sends the message to the virtual machine 2, that is, the VEB function is implemented; for the VEPA standard, after the physical network card receives the message sent by the virtual machine 1, the physical network card will The packet is sent to the external device connected to the physical network card, and is processed by the external device, and then returned to the physical network card.
  • the virtual local area network is divided in the network virtualization scenario, and the network is improved.
  • the security of management also encapsulates the configuration of virtual machine users, and at the same time realizes virtual LAN acceleration under the physical network card, improving network performance.
  • Example 2
  • the embodiment of the present invention provides a network device 13, as shown in FIG. 13, which includes an obtaining unit 131, a searching unit 132, a first processing unit 133, and a sending unit 134.
  • the obtaining unit 131 is configured to acquire a packet.
  • the searching unit 132 is configured to search for configuration information corresponding to the port identifier according to the port identifier corresponding to the port of the packet that is obtained by the acquiring unit, where the configuration information includes a specified virtual local area network identifier, and the specified virtual local area network identifier A virtual local area network identifier that is allowed to pass through for the port.
  • the first processing unit 133 is configured to determine, according to whether the packet carries a virtual local area network identifier, the target virtual local area network identifier from the specified virtual local area network identifier found by the searching unit;
  • the sending unit 134 is configured to send the packet to the target virtual office i or the target virtual office i or the network corresponding to the network identifier determined by the processing unit.
  • the packet is sent to the target virtual local area network corresponding to the target virtual local area network identifier, and the packet is forwarded by the target virtual local area network.
  • the network device provided by the embodiment of the present invention obtains the configuration information corresponding to the port identifier according to the port identifier corresponding to the port that obtains the port, and then according to whether the packet carries the virtual The local area network identifier is determined, and the target virtual local area network identifier is determined from the specified virtual local area network identifier in the configuration information, and the information is sent to the target virtual local area network corresponding to the target virtual local area network identifier.
  • the embodiment of the present invention solves the problem that all the packets need to be transferred by the virtual machine manager and the network performance is not high when the virtual local area network is divided and the packet processing is performed by using the front-end mode in the prior art, and the security and network performance are improved. .
  • the port is obtained by using a port in the network device, and the port is an uplink port or a downlink port, where the uplink port is a physical port connected to the external device, and the downlink port is the network device and the physical port.
  • a queue to which the server is connected that is, the queue is a channel through which the network device interacts with the physical server, and each queue corresponds to a virtual machine on the physical server, and the packet passes through the uplink port.
  • the configuration information may be configured in the form of a list, for example, including a port identifier in the list, and configuration information corresponding to the port identifier, including a specified virtual local area network identifier, where the specified virtual local area network identifier includes a default virtual local area network. Identification, and a list of virtual local area network IDs that are allowed to pass.
  • the configuration information further includes a virtual local area network attribute.
  • the virtual local area network attributes are classified into three categories: an acce ss port, a t runk port, and a hybrid id port.
  • the virtual local area network attribute included in the configuration information is any one of an acce ss port, a t runk port, or a hybrid id port.
  • the acce ss port can only belong to one virtual local area network, and is generally used for the connection between the switch and the end user.
  • the t runk port can belong to multiple virtual local area networks, and can receive and send multiple virtual local area network (LAN) packets, which are generally used for Connection between switches; hybr id
  • a port can belong to multiple virtual local area networks, can receive and send multiple virtual local area network messages, generally used for connection between switches, and can also be used to connect users' computers, and the hybrid id port can allow multiple virtual local area networks.
  • the virtual local area network label is not carried when the text is sent.
  • the port identifier is an identifier that is set for each port of the physical NIC in advance.
  • the default virtual local area network identifier ranges from 0 to 4095.
  • the default virtual local area network identifier corresponding to the port can be set according to the range, for example, the physical There are four physical ports on the NIC. You can set the corresponding port IDs to 0, 1, 1, and 3 for the four physical ports in sequence.
  • the default virtual LAN IDs are 0, 1, 2, and 3.
  • the virtual local area network attributes are different, and the corresponding virtual local area network identifier list that is allowed to pass and the virtual office i or network identification list that allows the passed packets that do not carry the virtual local area network label are also different.
  • the virtual office i or network attribute is an acce ss port
  • the corresponding allowed virtual local area network identifier list and the allowed virtual local area network identifier list of the packets that do not carry the virtual local area network label are empty; when the virtual local area network attribute is t runk
  • the corresponding virtual local area network identifier list is allowed to pass, and the port is allowed to carry the virtual local area network identification message in the virtual local area network identifier list when the port receives and sends the message, and the allowed non-carrying virtual local area network is allowed to pass.
  • the virtual local area network identifier list of the packet is empty.
  • the corresponding allowed virtual local area network identifier list and the allowed virtual local area network identifier list of the packets that do not carry the virtual local area network label are valid.
  • the port receives and sends a message
  • the port is allowed to carry the virtual local area network identifier in the virtual local area network identifier list, and the port only transmits the virtual data carried in the 4th text.
  • the local area network identifier is in the allowed virtual local area network identifier
  • the packet can carry the virtual local area network label for sending.
  • the corresponding allowed virtual local area network identifier list includes a corresponding default virtual local area network identifier.
  • the virtual LAN attribute of the physical port is set to t runk port or hybrid id port. Of course, it can also be acc ss port.
  • the virtual LAN attribute of the queue is set to acce ss port. Of course, it can also be t runk port or hybrid id port. , there is no limit here.
  • the network device further includes a receiving unit 1 35, configured to receive, from the management device, preset configuration information corresponding to the port identifier.
  • the configuration information corresponding to the port identifier is preset by the management device having the management function, and is sent to the physical network card, where the method can be sent once and supports the processing method of receiving the message, or can be modified.
  • the configuration information is sent, the updated configuration information is sent to the network device, and is not limited herein.
  • the network device receives the configuration information.
  • the configuration information of the upper and lower interfaces is configured by the virtual machine manager and sent to the physical network card.
  • the virtual machine manager is connected to the physical network card, and configured to set and manage the physical network card.
  • the first processing unit 1 33 includes:
  • the first determining module 151 is configured to determine whether the packet carries a virtual local area network identifier.
  • the first processing module 152 is configured to: when the first determining module determines that the packet does not carry a virtual local area network identifier, the port is Corresponding default virtual local area network identifier is determined as the target virtual local area network identifier, and the default virtual local area network identifier is in the designated virtual local area network identifier;
  • the packet header that does not carry the virtual local area network label includes the destination address (DMAC), the source address (SMAC), and the packet type (E ther-Type), and the packet type does not carry the identifier of the 8100.
  • the 8100 identifier indicates The message carries a virtual local area network label.
  • the packet header of the packet includes the packet type of the 8100
  • the packet carries the virtual local area network label, and the virtual office ID or the network identifier in the virtual local area network label is obtained.
  • the second determining module 153 is configured to: when the first determining module determines that the packet is carried When the virtual local area network identifier is used, it is determined whether the virtual local area network identifier in the four-dimensional text is in the specified virtual local area network identifier;
  • the second processing module 154 is configured to: when the second determining module determines that the virtual local area network identifier in the packet is in the specified virtual local area network identifier, determine a default virtual local area network identifier corresponding to the port as the Target virtual local area network identifier.
  • the network device when the packet is a packet to be received, the network device further includes:
  • the second processing unit 161 is configured to receive the packet by using the target virtual local area network, and write the target virtual local area network identifier into the packet that does not carry the virtual local area network identifier.
  • the default virtual local area network identifier is written into the packet.
  • the packet header includes the destination address, the source address, the packet type of the 8100, the priority (PRI), the specification flag (CFI), and the virtual local area network identifier.
  • the destination address and the source address are both 6 bytes.
  • the packet type carrying 8100 is 2 bytes, the priority is 3 bits (bits), the specification flag is lbit, and the virtual office i or network identifier is 12 bits.
  • the provincial virtual office i or network identifier is written in the 12-bit virtual local area network identifier.
  • the physical network card then performs subsequent processing in the prior art on the modified message.
  • the network device when the packet is a packet to be sent, the network device further includes:
  • the third processing unit 171 is configured to delete, when the virtual local area network identifier carried by the fourth file is the same as the default virtual local area network identifier corresponding to the port, delete the virtualized network device 13 in the foregoing embodiment. It is not limited to a physical NIC in a virtualization scenario, and may be any network device capable of realizing virtual LAN division and packet processing.
  • the embodiment of the present invention can be applied to a VEB (Virtual Ethernet Bridge) and VEPA (Virtual Ethernet Port Aggregator) standard, for example, when the virtual machine 1 on the physical server To be virtual
  • VEB Virtual Ethernet Bridge
  • VEPA Virtual Ethernet Port Aggregator
  • the virtual machine 1 first sends a message to the physical network card, and the physical network card sends the message to the virtual machine 2, that is, the VEB function is implemented; for the VEPA standard, when the physical After receiving the packet sent by the virtual machine 1, the physical network card sends the packet to an external device connected to the physical network card, and is processed by the external device, and then returned to the physical network card, and then The physical network card sends the processed packet to the virtual machine 2.
  • VEB Virtual Ethernet Bridge
  • VEPA Virtual Ethernet Port Aggregator
  • the embodiment of the invention realizes the virtual local area network division by using the through mode in the network virtualization scenario, improves the security of the network management, and also configures the configuration of the virtual machine user, and realizes the virtual local area network acceleration under the physical network card, thereby improving Network performance.
  • Example 3
  • the embodiment of the present invention provides a network device 1 8 , as shown in FIG. 18 , including a memory 1 8 1 and a processor 1 8 2 .
  • the memory 1 8 1 is configured to store the instruction, the obtained packet, and the configuration information corresponding to the port identifier;
  • the processor 1 82 is configured to execute the instruction in the memory 18 1 , and specifically:
  • Gen data acquisition corresponding to the 4-port port identifier Gen packets, searching the port identifier corresponding to the configuration information, the configuration information includes a specified virtual local area network identifier, the designated virtual local area network identifier is allowed to pass through the port Virtual local area network identifier;
  • the network device obtains the configuration information corresponding to the port identifier by acquiring the packet and obtaining the port identifier corresponding to the port corresponding to the port. Then, according to whether the packet carries the virtual local area network identifier, the target virtual local area network identifier is determined from the specified virtual local area network identifier in the configuration information, and the message is sent to the target virtual local area network corresponding to the target virtual local area network identifier.
  • the embodiment of the present invention solves the problem that all the packets need to be transferred by the virtual machine manager and the network performance is not high when the virtual local area network is divided and the packet processing is performed by using the front-end mode in the prior art, and the security and network performance are improved. .
  • the packets entering the network device including the network device from the uplink port (physical port) and the network device from the downlink port (queue)
  • outgoing network devices including the network device from the uplink port (physical port) and the network device from the downlink port (queue)
  • the external device is a switch, a router, or another physical network card.
  • the configuration information may be configured in the form of a list, for example, including a port identifier in the list, and configuration information corresponding to the port identifier, including a specified virtual local area network identifier, where the specified virtual local area network identifier includes a default virtual local area network. Identification, and a list of virtual local area network IDs that are allowed to pass.
  • the configuration information further includes a virtual local area network attribute.
  • the virtual local area network attributes are classified into three categories: an acce ss port, a t runk port, and a hybrid id port.
  • the virtual local area network attribute included in the configuration information is any one of an acce ss port, a t runk port, or a hybrid id port.
  • the acce ss port can only belong to one virtual local area network, and is generally used for the connection between the switch and the end user.
  • the t runk port can belong to multiple virtual local area networks, and can receive and send multiple virtual local area network (LAN) packets, which are generally used for The connection between the switches;
  • the hybr id port can belong to multiple virtual local area networks, can receive and send multiple virtual local area network messages, generally used for connection between switches, can also be used to connect users' computers, and hybrid id ports It is possible to allow multiple virtual local area networks to transmit without carrying a virtual local area network label.
  • the packet is sent to the target virtual local area network corresponding to the target virtual local area network identifier, and the packet is forwarded by the target virtual local area network.
  • the port identifier is an identifier that is set for each port of the physical NIC in advance.
  • the default virtual local area network identifier ranges from 0 to 4095.
  • the default virtual local area network identifier corresponding to the port can be set according to the range, for example, the physical There are four physical ports on the NIC. You can set the corresponding port IDs to 0, 1, 1, and 3 for the four physical ports in sequence.
  • the default virtual LAN IDs are 0, 1, 2, and 3.
  • the virtual local area network attributes are different, and the corresponding virtual local area network identifier list that is allowed to pass and the virtual office i or network identification list that allows the passed packets that do not carry the virtual local area network label are also different.
  • the virtual office i or network attribute is an acce ss port
  • the corresponding allowed virtual local area network identifier list and the allowed virtual local area network identifier list of the packets that do not carry the virtual local area network label are empty; when the virtual local area network attribute is t runk
  • the corresponding virtual local area network identifier list is allowed to pass, and the port is allowed to carry the virtual local area network identification message in the virtual local area network identifier list when the port receives and sends the message, and the allowed non-carrying virtual local area network is allowed to pass.
  • the virtual local area network identifier list of the packet is empty.
  • the corresponding allowed virtual local area network identifier list and the allowed virtual local area network identifier list of the packets that do not carry the virtual local area network label are valid.
  • the port receives and sends a message
  • the port is allowed to carry the virtual local area network identifier in the virtual local area network identifier list
  • the port is configured to send a message
  • only the virtual local area network identifier carried in the message is in the allowed virtual local area network identifier list, and is not in the virtual local area network identifier of the packet that does not carry the virtual local area network label.
  • the packet can carry the virtual local area network label for sending.
  • the corresponding allowed virtual local area network identifier list includes a corresponding default virtual local area network identifier.
  • the virtual LAN attribute of the physical port is set to t runk port or hybrid id port. Of course, it can also be acc ss port.
  • the virtual LAN attribute of the queue is set to acce ss port. Of course, it can also be t runk port or hybrid id port. , there is no limit here.
  • the processor 182 is further configured to: receive, from the management device, preset configuration information corresponding to the port identifier.
  • the configuration information corresponding to the port identifier is preset by the management device having the management function, and is sent to the physical network card, where the method can be sent once and supports the processing method of receiving the message, or can be modified.
  • the configuration information is sent, the updated configuration information is sent to the network device, and is not limited herein.
  • the network device receives the configuration information.
  • the configuration information of the upper and lower interfaces is configured by the virtual machine manager and sent to the physical network card.
  • the virtual machine manager is connected to the physical network card, and configured to set and manage the physical network card.
  • the processor 182 is further configured to:
  • the default virtual local area network identifier corresponding to the port is determined as the target virtual local area network identifier, and the default virtual local area network identifier is in the specified virtual local area network identifier.
  • the packet header that does not carry the virtual local area network label includes the destination address (DMAC), the source address (SMAC), and the packet type (E ther-Type), and the packet type does not carry the identifier of the 8100.
  • the 8100 identifier indicates The message carries a virtual local area network Label.
  • the packet header of the received packet includes the packet type of the 8100, the packet carries the virtual local area network label, and the virtual office i or the network identifier in the virtual local area network label is obtained.
  • the packet When the packet carries the virtual local area network identifier, it is determined whether the virtual local area network identifier in the packet is in the specified virtual local area network identifier;
  • the default virtual local area network identifier corresponding to the port is determined as the target virtual local area network identifier.
  • the message is discarded.
  • the processor 182 is further configured to:
  • the packet is received by the target virtual local area network, and the target virtual local area network identifier is written into the packet that does not carry the virtual local area network identifier.
  • the default virtual local area network identifier is written into the packet.
  • the packet header includes the destination address, the source address, the packet type of the 8100, the priority (PRI), the specification flag (CFI), and the virtual local area network identifier.
  • the destination address and the source address are both 6 bytes.
  • the packet type carrying 8100 is 2 bytes, the priority is 3 bits (bits), the specification flag is lbit, and the virtual office i or network identifier is 12 bits.
  • the provincial virtual office i or network identifier is written in the 12-bit virtual local area network identifier.
  • the physical network card then performs subsequent processing in the prior art on the modified message.
  • the processor 182 is further configured to:
  • the processor is further configured to execute: When the virtual local area network identifier is in the virtual local area network identifier list corresponding to the port identifier of the default virtual local area network corresponding to the port identifier;
  • the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier.
  • the message is discarded.
  • the processor is further executed according to the permission:
  • the network device 18 in the above embodiment is not limited to the physical network in the virtualization scenario.
  • the embodiment can be applied to VEB (Virtual Ethernet Bridge) and VEPA.
  • the virtual machine 1 on the physical server when the virtual machine 1 on the physical server is to communicate with the virtual machine 2, the virtual machine 1 first sends a message to the physical network card. Sending, by the physical network card, the packet to the virtual machine 2, that is, implementing the VEB function; For the VEPA standard, after the physical network card receives the packet sent by the virtual machine 1, the physical network card sends the packet to an external device connected to the physical network card, and is processed by the external device. Machine 2.
  • the embodiment of the invention realizes the virtual local area network division by using the through mode in the network virtualization scenario, improves the security of the network management, and also configures the configuration of the virtual machine user, and realizes the virtual local area network acceleration under the physical network card, thereby improving Network performance.
  • the disclosed system, apparatus, and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the modules or units is only a logical function division.
  • there may be another division manner for example, multiple units or components may be used. Combined or can be integrated into another system, or some features can be ignored, or not executed.
  • the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical, mechanical or otherwise.
  • the components displayed as the unit may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units.
  • the purpose of the embodiment of the present embodiment can be achieved by selecting some or all of the units according to actual needs.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware. It can also be implemented in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may contribute to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium.
  • the instructions include a plurality of instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (pr o ss or ) to perform all or part of the steps of the methods of the various embodiments of the present invention.
  • the foregoing storage medium includes: a USB flash drive, a mobile hard disk, a read-only memory (ROM, Read-Only Memory), a random access memory (RAM, Random Acce ss Memory), a magnetic disk or an optical disk, and the like, which can store program codes. Medium.

Abstract

Disclosed are a message processing method and device, which relate to the technical field of networks, and solve the problems that when virtual local area network division and message processing are performed using front-back-end modes in the prior art, all the messages need to be transferred by a virtual machine manager, and the network performance is not high. A network device acquires a message. According to a port identifier corresponding to the port where the message is acquired, configuration information corresponding to the port identifier is searched. According to whether the message carries a virtual local area network identifier, a target virtual local area network identifier is determined from the designated virtual local area network identifier. The message is sent to a target virtual local area network corresponding to the target virtual local area network identifier. The embodiments of the present invention are applied in the virtual local area network division and message processing process.

Description

一种报文的处理方法和装置 技术领域  Message processing method and device
本发明涉及网络技术领域,尤其涉及一种报文的处理方法和装置。 背景技术  The present invention relates to the field of network technologies, and in particular, to a packet processing method and apparatus. Background technique
随着云计算的发展, 网络实体不再拘泥于物理设备, 而是通过物 理设备模拟出多个虚拟设备, 一般通过物理服务器上的 VMM ( Virtual Machine Manager, 虚拟机管理器) 创建虚拟机, 通过虚拟化技术使虚 拟机通过物理服务器上的物理网卡建立对应关系之后, 与网络上的其 他设备进行通讯。 其中, 提供虚拟化功能的物理网卡, 称为虚拟网卡。  With the development of cloud computing, network entities no longer stick to physical devices, but simulate multiple virtual devices through physical devices. Generally, virtual machines are created through VMM (Virtual Machine Manager) on physical servers. The virtualization technology enables the virtual machine to communicate with other devices on the network after establishing a corresponding relationship through the physical NIC on the physical server. The physical network card that provides virtualization functions is called a virtual network card.
虚拟局域网 (Virtual Local Area Network, VLAN ) 是一种将局 域网设备在逻辑上划分为多个广播域(多个虚拟局域网)的通信技术。 在网络虚拟化场景中, VMM 对虚拟机和物理资源的管理分为两大类: 前后端模式和直通模式。 在现有技术中, 以 Xen平台为例, 利用前后 端模式进行虚拟局域网划分和报文处理时, 预先在 Domain (域) 0上 为每个 DomainU 的网卡配置虚拟局域网。 当发送 4艮文时, DomainU 的 所有报文都需要先到达 DomainO侧, 由 DomainO根据配置为报文写入 对应的虚拟局域网标签, 然后通过网卡将报文发送出去。 当网卡接收 报文时, 先将报文送到 DomainO侧, 由 DomainO根据配置检查报文的 虚拟局域网标签,如果通过检查,将报文中的标签剥离后送到 DomainU 侧, 否则丟弃。  A virtual local area network (VLAN) is a communication technology that logically divides a local area network device into multiple broadcast domains (multiple virtual local area networks). In a network virtualization scenario, VMM manages virtual machines and physical resources into two categories: front-end mode and pass-through mode. In the prior art, the Xen platform is used as an example. When the front-end mode is used for virtual local area network division and packet processing, a virtual local area network (LAN) is configured in advance on Domain 0 for each DomainU NIC. When a packet is sent, all the packets of the DomainU need to reach the DomainO side first. The DomainO writes the corresponding virtual LAN label to the packet according to the configuration, and then sends the packet through the network card. When receiving a packet, the NIC sends the packet to the domain O. The domain O is checked by the domain O. The label is removed from the packet and sent to the DomainU. Otherwise, the packet is discarded.
在实现上述虚拟局域网划分和报文处理的过程中, 所有报文都需 要由虚拟机管理器中转, 降低了网络性能。 如果利用直通模式进行虚 拟局域网划分和报文处理, 要将网络管理向虚拟机用户开放, 在管理 上存在安全隐患。 发明内容 During the implementation of the above-mentioned virtual LAN division and packet processing, all packets need to be transferred by the virtual machine manager, which reduces network performance. If the direct-pass mode is used for virtual LAN division and packet processing, network management should be opened to virtual machine users, which poses a security risk in management. Summary of the invention
本发明的实施例提供一种报文的处理方法和装置, 以提高安全性 和网络性能。  Embodiments of the present invention provide a packet processing method and apparatus to improve security and network performance.
为达到上述目的, 本发明的实施例采用如下技术方案:  In order to achieve the above object, the embodiment of the present invention adopts the following technical solutions:
第一方面, 本发明提供一种报文的处理方法, 包括:  In a first aspect, the present invention provides a method for processing a message, including:
获取报文;  Obtain a message;
^:艮据获取所述 4艮文的端口对应的端口标识, 查找所述端口标识对 应的配置信息, 所述配置信息包括指定虚拟局域网标识, 所述指定虚 拟局域网标识为所述端口允许通过的虚拟局域网标识; ^: Gen data acquisition corresponding to the 4-port port identifier Gen packets, searching the port identifier corresponding to the configuration information, the configuration information includes a specified virtual local area network identifier, the designated virtual local area network identifier is allowed to pass through the port Virtual local area network identifier;
根据所述报文是否携带虚拟局域网标识, 从所述指定虚拟局域网 标识中确定目标虚拟局域网标识;  Determining a target virtual local area network identifier from the specified virtual local area network identifier according to whether the packet carries a virtual local area network identifier;
将所述 4艮文发送到所述目标虚拟局域网标识对应的目标虚拟局域 网。 在第一方面的第一种可能的实现方式中, 在所述获取报文之前, 所述方法还包括:  Sending the message to the target virtual local area network corresponding to the target virtual local area network identifier. In a first possible implementation manner of the first aspect, before the acquiring the packet, the method further includes:
从管理设备接收预先设置的与所述端口标识对应的配置信息。 结合第一方面, 在第二种可能的实现方式中, 所述端口为网络设 备的上联口或下联口, 所述网络设备安装在物理服务器上, 且所述物 理服务器通过所述网络设备与外部设备连接, 所述上联口为所述网络 设备与外部设备连接的物理端口, 所述下联口为所述网络设备与物理 服务器连接的队列, 其中外部设备包括交换机、 路由器或者另一个物 理网卡。 结合第一方面的第二种可能的实现方式, 在第三种可能的实现方 式中, 所述网络设备为虚拟化场景下的物理网卡。 结合第一方面或第一方面的第一种可能的实现方式或第一方面的 第二种可能的实现方式或第一方面的第三种可能的实现方式, 在第四 种可能的实现方式中, 所述根据所述报文是否携带虚拟局域网标识, 从所述指定虚拟局域网标识中确定目标虚拟局域网标识包括: The preset configuration information corresponding to the port identifier is received from the management device. With reference to the first aspect, in a second possible implementation, the port is an uplink port or a downlink port of the network device, where the network device is installed on a physical server, and the physical server passes the network device The external device is connected, the uplink port is a physical port that the network device is connected to the external device, and the lower link is a queue that the network device is connected to the physical server, where the external device includes a switch, a router, or another physical network card. . With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner, the network device is a physical network card in a virtualized scenario. In combination with the first aspect or the first possible implementation of the first aspect or the second possible implementation of the first aspect or the third possible implementation of the first aspect, in a fourth possible implementation Determining, according to whether the packet carries a virtual local area network identifier, determining the target virtual local area network identifier from the specified virtual local area network identifier, includes:
判断所述报文是否携带虚拟局域网标识;  Determining whether the packet carries a virtual local area network identifier;
当所述报文没有携带虚拟局域网标识时, 将所述端口对应的缺省 虚拟局域网标识确定为所述目标虚拟局域网标识, 所述缺省虚拟局域 网标识在所述指定虚拟局域网标识中;  When the packet does not carry the virtual local area network identifier, the default virtual local area network identifier corresponding to the port is determined as the target virtual local area network identifier, and the default virtual local area network identifier is in the designated virtual local area network identifier;
当所述报文携带虚拟局域网标识时, 判断所述报文中的虚拟局域 网标识是否在所述指定虚拟局域网标识中;  When the packet carries the virtual local area network identifier, it is determined whether the virtual local area network identifier in the packet is in the specified virtual local area network identifier;
当所述 4艮文中的虚拟局域网标识在所述指定虚拟局域网标识中 时, 将所述端口对应的缺省虚拟局域网标识确定为所述目标虚拟局域 网标识。 结合第一方面的第四种可能的实现方式, 在第五种可能的实现方 式中, 当所述报文为待接收的报文时, 所述将所述报文发送到所述目 标虚拟局域网标识对应的目标虚拟局域网之后, 所述方法还包括: 通过所述目标虚拟局域网接收所述报文, 并将所述目标虚拟局域 网标识写入所述没有携带虚拟局域网标识的报文中。 结合第一方面的第四种可能的实现方式, 在第六种可能的实现方 式中, 当所述报文为待发送的报文时, 所述将所述报文发送到所述目 标虚拟局域网标识对应的目标虚拟局域网之前, 所述方法还包括: 当所述报文携带的虚拟局域网标识与所述端口对应的缺省虚拟局 域网标识相同时, 删除所述 4艮文携带的虚拟局域网标签, 所述虚拟局 第二方面, 本发明提供了一种网络设备, 包括: When the virtual local area network identifier in the specified virtual local area network identifier is in the specified virtual local area network identifier, the default virtual local area network identifier corresponding to the port is determined as the target virtual local area network identifier. With reference to the fourth possible implementation manner of the foregoing aspect, in a fifth possible implementation manner, when the packet is a packet to be received, the sending the packet to the target virtual local area network After the corresponding target virtual local area network is identified, the method further includes: receiving the packet by using the target virtual local area network, and writing the target virtual local area network identifier into the packet that does not carry the virtual local area network identifier. With reference to the fourth possible implementation manner of the foregoing aspect, in a sixth possible implementation manner, when the packet is a packet to be sent, the sending the packet to the target virtual local area network Before the corresponding target virtual local area network is identified, the method further includes: when the virtual local area network identifier carried by the packet is the same as the default virtual local area network identifier corresponding to the port, deleting the virtual local area network label carried by the fourth file, Virtual office In a second aspect, the present invention provides a network device, including:
获取单元, 用于获取报文;  An obtaining unit, configured to acquire a message;
查找单元, 用于根据所述获取单元获取的所述报文的端口对应的 端口标识, 查找所述端口标识对应的配置信息, 所述配置信息包括指 定虚拟局域网标识, 所述指定虚拟局域网标识为所述端口允许通过的 虚拟局域网标识;  a searching unit, configured to search for configuration information corresponding to the port identifier according to the port identifier corresponding to the port of the packet obtained by the acquiring unit, where the configuration information includes a specified virtual local area network identifier, where the designated virtual local area network identifier is The virtual local area network identifier that the port allows to pass;
第一处理单元, 用于根据所述报文是否携带虚拟局域网标识, 从 所述查找单元查找到的所述指定虚拟局域网标识中确定目标虚拟局域 网标识;  a first processing unit, configured to determine, according to whether the packet carries a virtual local area network identifier, the target virtual local area network identifier from the specified virtual local area network identifier found by the searching unit;
发送单元, 用于将所述报文发送到所述处理单元确定的所述目标 虚拟局 i或网标识对应的目标虚拟局 i或网。 在第二方面的第一种可能的实现方式中, 所述网络设备还包括: 接收单元, 用于从管理设备接收预先设置的与所述端口标识对应 的配置信息。 结合第二方面, 在第二种可能的实现方式中, 所述网络设备的端 口为上联口或下联口, 所述网络设备安装在物理服务器上, 且所述物 理服务器通过所述网络设备与外部设备连接, 所述上联口为所述网络 设备与外部设备连接的物理端口, 所述下联口为所述网络设备与物理 服务器连接的队列, 其中外部设备包括交换机、 路由器或者另一个物 理网卡。 结合第二方面的第二种可能的实现方式, 在第三种可能的实现方 式中, 所述网络设备为虚拟化场景下的物理网卡。 结合第二方面或第二方面的第一种可能的实现方式或第二方面的 第二种可能的实现方式或第二方面的第三种可能的实现方式, 在第四 种可能的实现方式中, 所述第一处理单元包括: And a sending unit, configured to send the packet to the target virtual office i or the network corresponding to the target virtual office i or the network identifier determined by the processing unit. In a first possible implementation manner of the second aspect, the network device further includes: a receiving unit, configured to receive preset configuration information corresponding to the port identifier from the management device. With reference to the second aspect, in a second possible implementation manner, the port of the network device is an uplink port or a downlink port, where the network device is installed on a physical server, and the physical server passes the network device The external device is connected, the uplink port is a physical port that the network device is connected to the external device, and the lower link is a queue that the network device is connected to the physical server, where the external device includes a switch, a router, or another physical network card. . With reference to the second possible implementation of the second aspect, in a third possible implementation manner, the network device is a physical network card in a virtualized scenario. With reference to the second aspect or the first possible implementation of the second aspect or the second possible implementation of the second aspect or the third possible implementation of the second aspect, in a fourth possible implementation manner The first processing unit includes:
第一判断模块, 用于判断所述报文是否携带虚拟局域网标识; 第一处理模块, 用于当所述第一判断模块判断所述报文没有携带 虚拟局域网标识时, 将所述端口对应的缺省虚拟局域网标识确定为所 述目标虚拟局域网标识, 所述缺省虚拟局域网标识在所述指定虚拟局 域网标识中;  a first determining module, configured to determine whether the packet carries a virtual local area network identifier, where the first processing module is configured to: when the first determining module determines that the packet does not carry a virtual local area network identifier, Determining, by the default virtual local area network identifier, the target virtual local area network identifier, where the default virtual local area network identifier is in the specified virtual local area network identifier;
第二判断模块, 用于当所述第一判断模块判断所述报文携带虚拟 局域网标识时, 判断所述报文中的虚拟局域网标识是否在所述指定虚 拟局域网标识中;  a second determining module, configured to: when the first determining module determines that the packet carries a virtual local area network identifier, determine whether the virtual local area network identifier in the packet is in the specified virtual local area network identifier;
第二处理模块, 用于当所述第二判断模块判断所述报文中的虚拟 局域网标识在所述指定虚拟局域网标识中时, 将所述端口对应的缺省 虚拟局域网标识确定为所述目标虚拟局域网标识。 结合第二方面的第四种可能的实现方式, 在第五种可能的实现方 式中, 当所述报文为待接收的报文时, 所述网络设备还包括:  a second processing module, configured to: when the second determining module determines that the virtual local area network identifier in the packet is in the specified virtual local area network identifier, determine a default virtual local area network identifier corresponding to the port as the target Virtual LAN ID. With the fourth possible implementation of the second aspect, in a fifth possible implementation, when the packet is a packet to be received, the network device further includes:
第二处理单元, 用于通过所述目标虚拟局域网接收所述报文, 并 将所述目标虚拟局域网标识写入所述没有携带虚拟局域网标识的报文 中。 结合第二方面的第四种可能的实现方式, 在第六种可能的实现方 式中, 当所述报文为待发送的报文时, 所述网络设备还包括:  And a second processing unit, configured to receive the packet by using the target virtual local area network, and write the target virtual local area network identifier into the packet that does not carry the virtual local area network identifier. With the fourth possible implementation of the second aspect, in a sixth possible implementation, when the packet is a packet to be sent, the network device further includes:
第三处理单元, 用于当所述报文携带的虚拟局域网标识与所述端 口对应的缺省虚拟局域网标识相同时, 删除所述 4艮文携带的虚拟局域 本发明实施例提供的一种报文的处理方法和装置,通过获取报文, 并根据获取所述报文的端口对应的端口标识, 查找所述端口标识对应 的配置信息, 然后根据所述报文是否携带虚拟局域网标识, 从所述配 置信息中的指定虚拟局域网标识中确定目标虚拟局域网标识, 将所述 艮文发送到所述目标虚拟局域网标识对应的目标虚拟局域网。 本发明 实施例解决了现有技术中利用前后端模式进行虚拟局域网划分和报文 处理时, 所有报文都需要由虚拟机管理器中转, 网络性能不高的问题, 提高了安全性和网络性能。 a third processing unit, configured to: when the virtual local area network identifier carried by the packet is the same as the default virtual local area network identifier corresponding to the port, delete the virtual local area carried by the fourth embodiment of the present invention. The message processing method and device, by acquiring the message, And determining, according to the port identifier corresponding to the port of the packet, the configuration information corresponding to the port identifier, and determining the target from the specified virtual local area network identifier in the configuration information according to whether the packet carries the virtual local area network identifier. The virtual local area network identifier is sent to the target virtual local area network corresponding to the target virtual local area network identifier. The embodiment of the present invention solves the problem that all the packets need to be transferred by the virtual machine manager and the network performance is not high when the virtual local area network is divided and the packet processing is performed by using the front-end mode in the prior art, and the security and network performance are improved. .
附图说明 DRAWINGS
为了更清楚地说明本发明实施例的技术方案, 下面将对本发明实 施例中所需要使用的附图作筒单地介绍, 显而易见地, 下面所描述的 附图仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在 不付出创造性劳动的前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings to be used in the embodiments of the present invention will be briefly described below. Obviously, the drawings described below are only some embodiments of the present invention. Other drawings may also be obtained from those of ordinary skill in the art in view of the drawings.
图 1为本发明实施例 1提供的一种报文的处理方法的流程图; 图 2为本发明实施例 1提供的网络设备与物理服务器和外部设备 的连接关系示意图;  1 is a flowchart of a method for processing a packet according to Embodiment 1 of the present invention; FIG. 2 is a schematic diagram of a connection relationship between a network device and a physical server and an external device according to Embodiment 1 of the present invention;
图 3为本发明实施例 1提供的物理网卡与物理服务器和外部设备 的连接关系示意图;  3 is a schematic diagram of a connection relationship between a physical network card and a physical server and an external device according to Embodiment 1 of the present invention;
图 4为本发明实施例 1提供的又一种报文的处理方法的流程图; 图 5为本发明实施例 1提供的上下联口的配置信息的列表示例图; 图 6为本发明实施例 1提供的当物理端口 1 的虚拟局域网属性为 t r unk端口时, 4艮文从物理端口 1进物理网卡的流程图;  4 is a flowchart of still another method for processing a packet according to Embodiment 1 of the present invention; FIG. 5 is a diagram showing an example of a configuration of configuration information of an uplink and a backup port according to Embodiment 1 of the present invention; 1 provides a flow chart of the physical network card entering from the physical port 1 when the virtual LAN attribute of the physical port 1 is a trunk port;
图 7为本发明实施例 1提供的当物理端口 1 的虚拟局域网属性为 hybr i d端口时, 4艮文从物理端口 1进物理网卡的流程图;  7 is a flowchart of a physical network card from a physical port 1 when a virtual local area network attribute of the physical port 1 is a hybr i d port according to Embodiment 1 of the present invention;
图 8为本发明实施例 1提供的当物理端口 1 的虚拟局域网属性为 acce s s端口时, 4艮文从物理端口 1进物理网卡的流程图;  8 is a flowchart of a physical network card from a physical port 1 when a virtual local area network attribute of the physical port 1 is an acce s s port according to Embodiment 1 of the present invention;
图 9为本发明实施例 1提供的再一种报文的处理方法的流程图; 图 10 为本发明实施例 1 提供的当队列 1 的虚拟局域网属性为 acce s s端口时, 艮文从队列 1 出物理网卡的流程图; FIG. 9 is a flowchart of still another method for processing a packet according to Embodiment 1 of the present invention; 10 is a flowchart of a physical network card from a queue 1 when a virtual local area network attribute of queue 1 is an acce ss port according to Embodiment 1 of the present invention;
图 11 为本发明实施例 1 提供的当队列 1 的虚拟局域网属性为 t runk端口时, 艮文从队列 1 出物理网卡的流程图;  11 is a flowchart of a physical network card from a queue 1 when a virtual local area network attribute of queue 1 is a t runk port according to Embodiment 1 of the present invention;
图 12 为本发明实施例 1 提供的当队列 1 的虚拟局域网属性为 hybr i d端口时, 艮文从队列 1 出物理网卡的流程图;  12 is a flowchart of a physical network card from a queue 1 when a virtual local area network attribute of queue 1 is a hybr i d port according to Embodiment 1 of the present invention;
图 1 3为本发明实施例 1提供的一种网络设备 1 3的结构图; 图 14为本发明实施例 2提供的另一种网络设备 1 3的结构图; 图 15为本发明实施例 2提供的第一处理单元 1 33的结构图; 图 16为本发明实施例 2提供的又一种网络设备 1 3的结构图; 图 17为本发明实施例 1提供的再一种网络设备 17的结构图; 图 18为本发明实施例 3提供的一种网络设备 18的结构图。  FIG. 13 is a structural diagram of a network device 13 according to Embodiment 1 of the present invention; FIG. 14 is a structural diagram of another network device 13 according to Embodiment 2 of the present invention; FIG. 16 is a structural diagram of another network device 13 according to Embodiment 2 of the present invention; FIG. 17 is a schematic diagram of another network device 17 according to Embodiment 1 of the present invention; FIG. 18 is a structural diagram of a network device 18 according to Embodiment 3 of the present invention.
具体实施方式 detailed description
下面将结合本发明实施例中的附图, 对本发明实施例中的技术方 案进行清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部 分实施例, 而不是全部的实施例。 基于本发明中的实施例, 本领域普 通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例, 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
实施例 1  Example 1
本发明实施例提供的一种报文的处理方法, 本实施例应用在网络 虚拟化场景中, 通过网络设备在直通模式下实现虚拟局域网划分和报 文处理, 如图 1所示, 所述方法包括如下步骤:  A packet processing method is provided in the embodiment of the present invention. The embodiment is applied to a network virtualization scenario, and the network device implements virtual local area network division and packet processing in a direct mode, as shown in FIG. Including the following steps:
101、 获取报文。  101. Obtain a message.
通过网络设备中的端口获取报文, 如图 2所示, 为所述网络设备 与物理服务器和外部设备的连接关系, 其中, 所述端口为上联口或下 联口, 所述上联口为网络设备与外部设备连接的物理端口, 所述下联 口为所述网络设备与物理服务器连接的队列, 即所述队列就是所述网 络设备与所述物理服务器进行交互的通道, 且每一个队列对应所述物 理服务器上的一个虚拟机, 所述报文为通过所述上联口从所述外部设 备接收, 并通过所述下联口向所述物理服务器待发送的报文, 或者通 过所述下联口从所述物理服务器接收, 并通过所述上联口向所述外部 设备待发送的报文。 Obtaining a packet through a port in the network device, as shown in FIG. 2, the connection relationship between the network device and the physical server and the external device, where the port is an uplink port or a downlink port, and the uplink port is a physical port to which the network device is connected to the external device, the downlink The port is a queue in which the network device is connected to the physical server, that is, the queue is a channel through which the network device interacts with the physical server, and each queue corresponds to a virtual machine on the physical server, and the report is The packet is received from the external device through the uplink port, and is sent to the physical server through the downlink interface, or received from the physical server through the downlink interface, and is received by the physical server. A message sent by the interface to the external device.
102、 艮据获取所述 ^艮文的端口对应的端口标识, 查找所述端口标 识对应的配置信息, 所述配置信息包括指定虚拟局域网标识, 所述指 定虚拟局域网标识为所述端口允许通过的虚拟局域网标识。  102. Search for the port identifier corresponding to the port that obtains the port, and search for the configuration information corresponding to the port identifier, where the configuration information includes a specified virtual local area network identifier, where the designated virtual local area network identifier is allowed to pass through the port. Virtual LAN ID.
所述配置信息可以以列表的形式进行设置, 例如, 在所述列表中 包括端口标识, 以及所述端口标识对应的配置信息, 包括指定虚拟局 域网标识, 所述指定虚拟局域网标识包括缺省虚拟局域网标识, 以及 允许通过的虚拟局域网标识列表。  The configuration information may be configured in the form of a list, for example, including a port identifier in the list, and configuration information corresponding to the port identifier, including a specified virtual local area network identifier, where the specified virtual local area network identifier includes a default virtual local area network. Identification, and a list of virtual local area network IDs that are allowed to pass.
另外, 所述配置信息中还包括虚拟局域网属性, 根据 IEEE ( Institute of Electrical and Electronics Engineers , 美国电气 和电子工程师协会) 802.1Q标准中关于虚拟局域网帧的定义, 虚拟局 域网属性分为三类: access端口、 trunk端口和 hybr id端口, 则在所 述配置信息中包括的所述虚拟局域网属性为 access端口、 trunk端口 或者 hybrid端口中的任一种。 其中, access 端口只能属于 1 个虚拟 局域网, 一般用于交换机与终端用户之间的连接; trunk 端口可以属 于多个虚拟局域网, 可以接收和发送多个虚拟局域网的报文, 一般用 于交换机之间的连接; hybrid端口可以属于多个虚拟局域网, 可以接 收和发送多个虚拟局域网的报文, 一般用于交换机之间的连接, 也可 以用于连接用户的计算机, 而且 hybrid端口可以允许多个虚拟局域网 的报文发送时不携带虚拟局域网标签。  In addition, the configuration information also includes virtual local area network attributes. According to the definition of virtual local area network frames in the IEEE (Institute of Electrical and Electronics Engineers) 802.1Q standard, virtual local area network attributes are classified into three categories: The port, the trunk port, and the hybrid port, the virtual LAN attribute included in the configuration information is any one of an access port, a trunk port, or a hybrid port. The access port can only belong to one virtual local area network, and is generally used for the connection between the switch and the end user. The trunk port can belong to multiple virtual local area networks, and can receive and send packets of multiple virtual local area networks, which are generally used in switches. The hybrid port can belong to multiple virtual LANs. It can receive and send packets of multiple virtual LANs. It is generally used for connection between switches, and can also be used to connect users' computers. The hybrid port can allow multiple ports. The packets of the virtual local area network are not carried with the virtual local area network label.
103、 根据所述报文是否携带虚拟局域网标识, 从所述指定虚拟局 域网标识中确定目标虚拟局域网标识。 其中, 所述报文携带虚拟局域网标识的情况分为携带虚拟局域网 标识和没有携带虚拟局域网标识。 103. Determine, according to whether the packet carries a virtual local area network identifier, determine a target virtual local area network identifier from the designated virtual local area network identifier. The case where the packet carries the virtual local area network identifier is classified into carrying the virtual local area network identifier and not carrying the virtual local area network identifier.
当所述报文没有携带虚拟局域网标识时, 将所述端口对应的缺省 虚拟局域网标识确定为所述目标虚拟局域网标识, 所述缺省虚拟局域 网标识在所述指定虚拟局域网标识中;  When the packet does not carry the virtual local area network identifier, the default virtual local area network identifier corresponding to the port is determined as the target virtual local area network identifier, and the default virtual local area network identifier is in the designated virtual local area network identifier;
当所述报文携带虚拟局域网标识时, 判断所述报文中的虚拟局域 网标识是否在所述指定虚拟局域网标识中;  When the packet carries the virtual local area network identifier, it is determined whether the virtual local area network identifier in the packet is in the specified virtual local area network identifier;
当所述 4艮文中的虚拟局域网标识在所述指定虚拟局域网标识中 时, 将所述端口对应的缺省虚拟局域网标识确定为所述目标虚拟局域 网标识。  When the virtual local area network identifier in the specified virtual local area network identifier is in the specified virtual local area network identifier, the default virtual local area network identifier corresponding to the port is determined as the target virtual local area network identifier.
当所述报文中的虚拟局域网标识不在所述指定虚拟局域网标识中 时, 则丟弃所述报文, 不执行 1 04步骤。  When the virtual local area network identifier in the packet is not in the specified virtual local area network identifier, the packet is discarded, and step 1 04 is not performed.
1 04、将所述 ^艮文发送到所述目标虚拟局域网标识对应的目标虚拟 局域网。  1 04. Send the message to the target virtual local area network corresponding to the target virtual local area network identifier.
当确定所述目标虚拟局域网标识之后, 将所述报文发送到所述目 标虚拟局域网标识对应的目标虚拟局域网, 由所述目标虚拟局域网将 所述报文进行转发。  After the target virtual local area network identifier is determined, the packet is sent to the target virtual local area network corresponding to the target virtual local area network identifier, and the packet is forwarded by the target virtual local area network.
本发明实施例提供的一种报文的处理方法, 通过获取报文, 并根 据获取所述 4艮文的端口对应的端口标识, 查找所述端口标识对应的配 置信息, 然后根据所述报文是否携带虚拟局域网标识, 从所述配置信 息中的指定虚拟局域网标识中确定目标虚拟局域网标识, 将所述 4艮文 发送到所述目标虚拟局域网标识对应的目标虚拟局域网。 本发明实施 例解决了现有技术中利用前后端模式进行虚拟局域网划分和报文处理 时, 所有报文都需要由虚拟机管理器中转, 网络性能不高的问题, 提 高了安全性和网络性能。 在本发明实施例的第一种实现方式中,提供一种报文的处理方法, 在网络虚拟化场景中, 通过物理网卡在直通模式下实现虚拟局域网划 分和报文处理, 所述直通模式就是获取到的报文不需要虚拟机管理器 进行中转, 直接由物理网卡进行转发的模式。 其中, 物理网卡的上联 口是物理网卡与外部设备连接的物理端口, 所述外部设备为交换机、 路由器、 另一个物理网卡或其他网络设备, 物理网卡的下联口是物理 网卡与物理服务器连接的队列, 即所述队列就是所述网络设备与所述 物理服务器进行交互的通道, 且每一个队列对应所述物理服务器上的 一个虚拟机。 将 4艮文进出物理网卡分为四个处理过程, 如图 3所示, 分别是①从上联口 (物理端口 ) 进物理网卡的报文处理, ②从下联口 (队列) 出物理网卡的报文处理, ③从下联口 (队列) 进物理网卡的 艮文处理, ④从上联口 (物理端口 ) 出物理网卡的 4艮文处理。 在本实 现方式中, 如图 4所示, 以①从上联口 (物理端口) 进物理网卡的报 文处理为例, 即从上联口接收报文的处理为例进行说明, 所述方法包 括: The method for processing a packet according to the embodiment of the present invention, obtains a packet, and searches for the configuration information corresponding to the port identifier according to the port identifier corresponding to the port that obtains the packet, and then, according to the packet, Whether the virtual local area network identifier is carried, the target virtual local area network identifier is determined from the specified virtual local area network identifier in the configuration information, and the information is sent to the target virtual local area network corresponding to the target virtual local area network identifier. The embodiment of the present invention solves the problem that all the packets need to be transferred by the virtual machine manager and the network performance is not high when the virtual local area network is divided and the packet processing is performed by using the front-end mode in the prior art, and the security and network performance are improved. . In a first implementation manner of the embodiment of the present invention, a method for processing a packet is provided. In the network virtualization scenario, the virtual LAN segmentation and packet processing are implemented in the pass-through mode by the physical network card. The pass-through mode is a mode in which the obtained packet does not need to be transferred by the virtual machine manager and directly forwarded by the physical network card. . The physical network card is connected to the physical port of the physical network card, and the external device is a switch, a router, another physical network card or other network device. The physical network card is connected to the physical network card and the physical server. A queue, that is, the queue is a channel through which the network device interacts with the physical server, and each queue corresponds to a virtual machine on the physical server. The process of entering and leaving the physical network card into four physical processes is divided into four processes, as shown in Figure 3, which are 1 packet processing from the uplink port (physical port) into the physical network card, and 2 from the lower link port (queue) to the physical network card. Packet processing, 3 processing from the lower joint port (queue) into the physical network card, 4 from the upper joint port (physical port) to the physical network card. In this implementation, as shown in FIG. 4, the processing of receiving a packet from the uplink port (physical port) into the physical network card is taken as an example, that is, the processing of receiving the packet from the uplink port is taken as an example. include:
401、所述物理网卡从管理设备接收预先设置的与所述端口标识对 应的配置信息。  401. The physical network card receives preset configuration information corresponding to the port identifier from a management device.
所述端口标识对应的配置信息是在具有管理功能的管理设备上预 先设置的, 并通过所述管理设备发送给所述物理网卡, 例如, 通过虚 拟机管理器配置上下联口的配置信息, 并发送给所述物理网卡。 其中, 所述虚拟机管理器与所述物理网卡连接, 用于对所述物理网卡中的配 置信息进行设置和管理。  The configuration information corresponding to the port identifier is preset in the management device having the management function, and is sent to the physical network card by using the management device, for example, configuring configuration information of the upper and lower links through the virtual machine manager, and Sent to the physical network card. The virtual machine manager is connected to the physical network card, and configured to set and manage configuration information in the physical network card.
402、 所述物理网卡获取报文。  402. The physical network card acquires a packet.
所述报文是物理网卡通过上联口 (物理端口 )从外部设备获取的, 所述外部设备为交换机、 路由器或者另一个物理网卡。  The packet is obtained by the physical network card from the external device through the uplink port (physical port), and the external device is a switch, a router, or another physical network card.
403、 所述物理网卡根据获取所述报文的端口对应的端口标识, 查 找所述端口标识对应的配置信息。  403. The physical network card searches for the configuration information corresponding to the port identifier according to the port identifier corresponding to the port that obtains the packet.
其中, 所述配置信息可以为列表形式, 如图 5 所示, 在所述列表 中包括端口标识, 以及所述端口标识对应的配置信息, 所述配置信息 包括指定虚拟局域网标识, 所述指定虚拟局域网标识为所述端口允许 通过的虚拟局域网标识, 所述允许通过的虚拟局域网标识为缺省虚拟 局域网标识和允许通过的虚拟局域网标识列表。 所述配置信息还包括 虚拟局域网属性, 以及允许通过的不携带虚拟局域网标签的报文的虚 拟局域网标识列表,且所述允许通过的虚拟局域网标识列表中的标识, 包括所述允许通过的不携带虚拟局域网标签的报文的虚拟局域网标识 列表中的标识。 The configuration information may be in the form of a list, as shown in FIG. 5, in the list. The port identifier includes the configuration information corresponding to the port identifier, and the configuration information includes a specified virtual local area network identifier, where the designated virtual local area network identifier is a virtual local area network identifier that the port allows to pass, and the allowed virtual local area network identifier A default virtual local area network identifier and a list of allowed virtual local area network identifiers. The configuration information further includes a virtual local area network attribute, and a virtual local area network identifier list of the packet that does not carry the virtual local area network label, and the identifier in the virtual local area network identification list that is allowed to pass, including the allowed non-portable The identifier in the virtual local area network identifier list of the packets of the virtual local area network label.
其中, 端口标识为预先为物理网卡的每个端口设置的标识, 缺省 虚拟局域网标识的范围为 0-4095 , 可以根据该范围设置所述端口对应 的缺省虚拟局域网标识, 例如, 所述物理网卡的物理端口有 4 个, 可 以依次对 4个物理端口设置对应的端口标识为 0、 1、 1、 3 , 缺省虚拟 局域网标识为 0、 1、 2、 3。  The port identifier is an identifier that is set for each port of the physical NIC in advance. The default virtual local area network identifier ranges from 0 to 4095. The default virtual local area network identifier corresponding to the port can be set according to the range, for example, the physical There are four physical ports on the NIC. You can set the corresponding port IDs to 0, 1, 1, and 3 for the four physical ports in sequence. The default virtual LAN IDs are 0, 1, 2, and 3.
其中, 根据 IEEE802. 1Q标准中关于虚拟局域网帧的定义, 虚拟局 域网属性分为三类: acce s s端口、 t runk端口和 hybr i d端口, acces s 端口只能属于 1 个虚拟局域网, 一般用于交换机与终端用户之间的连 接; t runk 端口可以属于多个虚拟局域网, 可以接收和发送多个虚拟 局域网的报文, 一般用于交换机之间的连接; hybr i d端口可以属于多 个虚拟局域网, 可以接收和发送多个虚拟局域网的报文, 一般用于交 换机之间的连接, 也可以用于连接用户的计算机, 而且 hybr i d端口可 以允许多个虚拟局域网的 4艮文发送时不携带虚拟局域网标签。  According to the definition of the virtual local area network frame in the IEEE802.1Q standard, the virtual local area network attributes are classified into three types: acce ss port, t runk port, and hy id port, and the acces s port can belong to only one virtual local area network, generally used for the switch. The connection to the end user; t runk port can belong to multiple virtual local area networks, can receive and send multiple virtual LAN messages, generally used for connection between switches; hybr id port can belong to multiple virtual local area networks, can Receiving and sending packets of multiple virtual local area networks, generally used for connection between switches, can also be used to connect users' computers, and the hybrid id port can allow multiple virtual local area networks to transmit without carrying virtual local area network labels. .
其中, 在配置信息中, 虚拟局域网属性不同, 对应的允许通过的 虚拟局域网标识列表和允许通过的不携带虚拟局域网标签的报文的虚 拟局域网标识列表也不相同。 当虚拟局域网属性为 acce s s端口时, 对 应的允许通过的虚拟局域网标识列表和允许通过的不携带虚拟局域网 标签的报文的虚拟局域网标识列表均为空;当虚拟局域网属性为 t runk 端口时, 对应的允许通过的虚拟局域网标识列表有效, 所述端口在接 收和发送报文时, 允许携带所述虚拟局域网标识列表中的虚拟局域网 标识报文通过, 而允许通过的不携带虚拟局域网标签的报文的虚拟局 域网标识列表为空; 当虚拟局域网属性为 hybr i d端口时, 对应的允许 通过的虚拟局域网标识列表和允许通过的不携带虚拟局域网标签的报 文的虚拟局域网标识列表均有效, 所述端口在接收和发送报文时, 允 许携带所述虚拟局域网标识列表中的虚拟局域网标识 4艮文通过, 而所 述端口在发送 4艮文时, 只有所述 4艮文中携带的虚拟局域网标识在所述 允许通过的虚拟局域网标识列表, 且不在所述允许通过的不携带虚拟 局域网标签的报文的虚拟局域网标识列表中时, 所述报文才能携带虚 拟局域网标签进行发送。 另外, 当所述虚拟局域网属性为 t runk端口 或者 hybr i d端口时,对应的允许通过的虚拟局域网标识列表中均包括 对应的缺省虚拟局域网标识。 In the configuration information, the virtual local area network attribute is different, and the corresponding virtual local area network identifier list that is allowed to pass and the virtual local area network identification list of the packets that do not carry the virtual local area network label are different. When the virtual local area network attribute is the acce ss port, the corresponding virtual local area network identification list and the allowed virtual local area network identification list of the packets that do not carry the virtual local area network label are empty; when the virtual local area network attribute is the t runk port, The corresponding allowed virtual local area network identifier list is valid, and the port is connected. When receiving and sending a packet, the virtual local area network identifier in the virtual local area network identifier list is allowed to pass, and the virtual local area network identification list of the packet that does not carry the virtual local area network label is allowed to be empty; when the virtual local area network attribute is hybr When the id port is used, the corresponding virtual local area network identifier list and the virtual local area network identifier list of the packets that do not carry the virtual local area network label are allowed to pass, and the port is allowed to carry the virtual local area network when receiving and sending the message. The virtual local area network identifier in the identification list is passed, and the virtual local area network identifier carried in the 4 艮 text is in the allowed virtual local area network identification list, and is not allowed in the port. The packet can carry the virtual local area network label for transmission when the virtual local area network identifier list of the packet carrying the virtual local area network label is not received. In addition, when the virtual local area network attribute is a t runk port or a hy id port, the corresponding allowed virtual local area network identifier list includes a corresponding default virtual local area network identifier.
一般情况下, 物理端口的虚拟局域网属性设置为 t runk端口或者 hybr i d端口, 当然也可以是 acce s s端口, 在这里不做限定。  In general, the virtual LAN attribute of the physical port is set to t runk port or hybr i d port. Of course, it can also be acce s s port, which is not limited here.
404、 所述物理网卡根据所述报文是否携带虚拟局域网标识, 从所 述指定虚拟局域网标识中确定目标虚拟局域网标识;  404. The physical network card determines, according to whether the packet carries a virtual local area network identifier, a target virtual local area network identifier from the designated virtual local area network identifier.
405、所述物理网卡将所述 4艮文发送到所述目标虚拟局域网标识对 应的目标虚拟局 i或网;  405. The physical network card sends the message to a target virtual office or network corresponding to the target virtual local area network identifier.
406、 所述物理网卡通过所述目标虚拟局域网接收所述报文。  406. The physical network card receives the packet by using the target virtual local area network.
对于步骤 404-步骤 406 , 下面以图 6、 图 7、 图 8所述 4艮文从物理 端口 1进物理网卡为例进行详细说明, 当物理端口 1获取到所述报文, 根据物理端口 1的端口标识 1 , 查找所述端口标识 1对应的配置信息。 所述配置信息包括所述指定虚拟局域网标识, 所述指定虚拟局域网标 识包括缺省虚拟局域网标识为 1 和允许通过的虚拟局域网标识列表包 含 1、 2、 3 , 所述配置信息还包括虚拟局域网属性为 t runk 端口, 允 许通过的不携带虚拟局域网标签的报文的虚拟局域网标识列表为空, 如图 6所示, 具体包括如下步骤: 601、 所述物理网卡判断所述 4艮文是否携带虚拟局域网标识;For the step 404-step 406, the following describes the physical network card from the physical port 1 as an example. The physical port 1 obtains the packet according to the physical port 1 as shown in FIG. 6, FIG. 7 and FIG. Port ID 1 is used to find the configuration information corresponding to the port identifier 1. The configuration information includes the specified virtual local area network identifier, where the specified virtual local area network identifier includes a default virtual local area network identifier of 1 and the allowed virtual local area network identifier list includes 1, 2, 3, and the configuration information further includes a virtual local area network attribute. For the t runk port, the virtual local area network identifier list of the packets that do not carry the virtual local area network label is empty. As shown in FIG. 6, the method includes the following steps: 601. The physical network card determines whether the four-dimensional text carries a virtual local area network identifier.
602、 当所述 4艮文没有携带虚拟局域网标识时, 所述物理网卡将所 述端口对应的缺省虚拟局域网标识确定为所述目标虚拟局域网标识。 602. When the virtual network identifier is not carried, the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier.
对于获取的没有携带虚拟局域网标签的报文头包括目的地址 ( DMAC ) 、 源地址 (SMAC) 、 报文类型 (Ether-Type ) , 且在报文类 型中没有携带 8100 的标识, 8100 标识表示所述报文携带虚拟局域网 标签。  The packet header that does not carry the virtual local area network label includes the destination address (DMAC), the source address (SMAC), and the packet type (Ether-Type). The packet type does not carry the identifier of the 8100. The 8100 identifier indicates the location. The message carries a virtual local area network label.
对于没有携带虚拟局域网标签的报文, 所述物理网卡根据获取所 述 4艮文的物理端口 1 对应的端口标识 1, 查找到对应的虚拟局域网属 性为 trunk 端口, 缺省虚拟局域网标识为 1, 则将所述缺省虚拟局域 网标识对应的虚拟局域网 1 确定为所述目标虚拟局域网, 通过所述目 标虚拟局域网接收所述 4艮文, 并将所述目标虚拟局域网标识写入所述 没有携带虚拟局域网标识的报文中。 即将缺省虚拟局域网标识写入所 述 4艮文中, 此时 4艮文头中包括目的地址、 源地址, 携带 8100的 4艮文类 型, 优先级 (PRI ) 、 规范标志位 (CFI ) 、 虚拟局域网标识, 其中目 的地址和源地址均为 6个字节, 携带 8100的报文类型为 1个字节, 优 先级为 3bit (比特), 规范标志位为 lbit, 虚拟局域网标识为 12bit, 将缺省虚拟局域网标识写在 12bit的虚拟局域网标识中。  For the packet that does not carry the virtual local area network label, the physical network card finds that the corresponding virtual local area network attribute is a trunk port according to the port identifier 1 corresponding to the physical port 1 of the obtained port, and the default virtual local area network identifier is 1. Determining the virtual local area network 1 corresponding to the default virtual local area network identifier as the target virtual local area network, receiving the information by using the target virtual local area network, and writing the target virtual local area network identifier to the non-carrying virtual In the message of the LAN identifier. The default virtual local area network identifier is written into the file, and the destination address and source address are included in the header, and the 8100 type, priority (PRI), specification flag (CFI), and virtual are carried. The local area network identifier, where the destination address and the source address are both 6 bytes, the packet type carrying the 8100 is 1 byte, the priority is 3 bits (bits), the specification flag is lbit, and the virtual local area network identifier is 12 bits. The provincial virtual local area network identifier is written in the 12-bit virtual local area network identifier.
603、 当所述 4艮文携带虚拟局域网标识时, 所述物理网卡判断所述 报文中的虚拟局域网标识是否在所述允许通过的虚拟局域网标识列表 中;  603, when the virtual network local area network identifier is carried, the physical network card determines whether the virtual local area network identifier in the packet is in the allowed virtual local area network identifier list;
604、 当所述 4艮文中的虚拟局域网标识在所述允许通过的虚拟局域 网标识列表中时, 所述物理网卡将所述端口对应的缺省虚拟局域网标 识确定为所述目标虚拟局域网标识。 文类型时, 表示所述报文携带虚拟局域网标签, 则所述物理网卡获取 所述虚拟局域网标签中的虚拟局域网标识。 其中, 所述物理端口 1 对 应的允许通过的虚拟局域网标识列表包含 1、 2、 3, 当所述报文携带 的虚拟局域网标识为 1 时, 则在所述允许通过的虚拟局域网标识列表 中, 则将所述端口对应的缺省虚拟局域网标识 1 确定为所述目标虚拟 局域网标识, 通过所述目标虚拟局域网标识对应的目标虚拟局域网接 收所述报文。 604. When the virtual local area network identifier in the allowed network identifier is in the allowed virtual local area network identifier list, the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier. In the case of the text type, the packet carries the virtual local area network label, and the physical network card acquires the virtual local area network identifier in the virtual local area network label. Wherein, the physical port 1 pair The virtual local area network identifier list that is allowed to pass includes 1, 2, 3, and when the virtual local area network identifier carried by the message is 1, the corresponding port is corresponding to the allowed virtual local area network identifier list. The default virtual local area network identifier 1 is determined as the target virtual local area network identifier, and the packet is received by the target virtual local area network corresponding to the target virtual local area network identifier.
605、 当所述 4艮文中的虚拟局域网标识不在所述允许通过的虚拟局 域网标识列表中时, 丟弃所述报文。  605. When the virtual local area network identifier in the text is not in the allowed virtual local area network identifier list, discard the message.
例如, 当所述报文携带的虚拟局域网标识为 Q时, 不在所述允许 通过的虚拟局域网标识列表中, 则丟弃所述报文。  For example, when the virtual local area network identifier carried by the packet is Q, the packet is discarded in the virtual local area network identifier list that is allowed to pass.
当所述物理端口 1 对应的配置信息为缺省虚拟局域网标识为 1, 虚拟局域网属性为 hybrid端口,允许通过的虚拟局域网标识列表包含 1、 2、 3, 允许通过的不携带虚拟局域网标签的 4艮文通过的虚拟局域网 标识列表为 1、 2, 如图 7所示, 具体包括如下步骤:  When the configuration information corresponding to the physical port 1 is the default virtual local area network identifier is 1, the virtual local area network attribute is a hybrid port, and the allowed virtual local area network identification list includes 1, 2, 3, and the allowed non-transported virtual local area network label is allowed. The virtual local area network identifier list adopted by the text is 1, 2, as shown in Figure 7, which specifically includes the following steps:
701、 所述物理网卡判断所述 4艮文是否携带虚拟局域网标识;  701. The physical network card determines whether the fourth file carries a virtual local area network identifier.
702、 当所述 4艮文没有携带虚拟局域网标识时, 所述物理网卡将所 述端口对应的缺省虚拟局域网标识确定为所述目标虚拟局域网标识。  702. When the virtual network identifier is not carried, the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier.
对于获取的没有携带虚拟局域网标签的报文头包括目的地址 ( DMAC ) 、 源地址 (SMAC ) 、 报文类型 (Ether-Type ) , 且在报文类 型中没有携带 8100 的标识, 8100 标识表示所述报文携带虚拟局域网 标签。  The packet header that does not carry the virtual local area network label includes the destination address (DMAC), the source address (SMAC), and the packet type (Ether-Type). The packet type does not carry the identifier of the 8100. The 8100 identifier indicates the location. The message carries a virtual local area network label.
对于没有携带虚拟局域网标签的报文, 所述物理网卡根据获取所 述 4艮文的物理端口 1 对应的端口标识 1, 查找到对应的虚拟局域网属 性为 hybrid端口, 缺省虚拟局域网标识为 1, 则所述缺省虚拟局域网 标识对应的虚拟局域网 1 确定为所述目标虚拟局域网, 通过所述目标 虚拟局域网接收所述报文, 并将所述目标虚拟局域网标识写入所述没 有携带虚拟局域网标识的报文中。 即将缺省虚拟局域网标识写入所述 报文中, 此时报文头中包括目的地址、 源地址,携带 8100的报文类型, 优先级 (PRI ) 、 规范标志位 (CF I ) 、 虚拟局域网标识, 其中目的地 址和源地址均为 6个字节, 携带 8100的报文类型为 1个字节, 优先级 为 3b i t (比特) , 规范标志位为 lb i t , 虚拟局域网标识为 12b i t , 将 缺省虚拟局域网标识写在 12b i t的虚拟局域网标识中。 For the packet that does not carry the virtual local area network label, the physical network card finds that the corresponding virtual local area network attribute is a hybrid port, and the default virtual local area network identifier is 1, according to the port identifier 1 corresponding to the physical port 1 of the obtained port. The virtual local area network 1 corresponding to the default virtual local area network identifier is determined as the target virtual local area network, the packet is received by the target virtual local area network, and the target virtual local area network identifier is written into the non-carrying virtual local area network identifier. In the message. The default virtual local area network identifier is written into the packet, and the packet header includes the destination address and the source address, and the packet type of the 8100 is carried. Priority (PRI), specification flag (CF I ), virtual local area network identifier, where the destination address and source address are both 6 bytes, the packet type carrying 8100 is 1 byte, and the priority is 3b it (bit) ), the specification flag is lb it , the virtual local area network identifier is 12b it , and the default virtual local area network identifier is written in the virtual local area network identifier of 12b it.
703、 当所述 4艮文携带虚拟局域网标识时, 所述物理网卡判断所述 报文中的虚拟局域网标识是否在允许通过的虚拟局域网标识列表中; 703. When the virtual network local area network identifier is carried, the physical network card determines whether the virtual local area network identifier in the packet is in the allowed virtual local area network identifier list.
704、 当所述 4艮文中的虚拟局域网标识在允许通过的虚拟局域网标 识列表中时, 所述物理网卡将所述端口对应的缺省虚拟局域网标识确 定为所述目标虚拟局域网标识。 文类型时, 表示所述报文携带虚拟局域网标签, 则获取所述虚拟局域 网标签中的虚拟局域网标识。 其中, 所述物理端口 1 对应的允许通过 的虚拟局域网标识列表包含 1、 2、 3 , 当所述报文携带的虚拟局域网 标识为 1 时, 则在所述允许通过的虚拟局域网标识列表中, 则将所述 端口对应的缺省虚拟局 i或网标识 1 确定为所述目标虚拟局 i或网标识, 通过所述目标虚拟局域网标识对应的目标虚拟局域网接收所述 4艮文。 704. When the virtual local area network identifier in the text is in the allowed virtual local area network identifier list, the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier. In the case of the text type, the packet carries the virtual local area network label, and the virtual local area network identifier in the virtual local area network label is obtained. The virtual local area network identifier list corresponding to the physical port 1 includes 1, 2, and 3, and when the virtual local area network identifier carried in the packet is 1, the virtual local area network identifier list is allowed to pass. The default virtual office i or the network identifier 1 corresponding to the port is determined as the target virtual office i or the network identifier, and the target virtual local area network corresponding to the target virtual local area network identifier is received by the target virtual local area network.
705、 当所述 4艮文中的虚拟局域网标识不在允许通过的虚拟局域网 标识列表中时, 丟弃所述报文。  705. When the virtual local area network identifier in the text is not in the allowed virtual local area network identifier list, discard the message.
例如, 当所述报文携带的虚拟局域网标识为 Q 时, 不在所述允许 通过的所有虚拟局域网标识列表中, 则丟弃所述报文。  For example, when the virtual local area network identifier carried by the packet is Q, not in the list of all the virtual local area network identifiers allowed to pass, the packet is discarded.
当所述物理端口 1 对应的配置信息为缺省虚拟局域网标识为 1 , 虚拟局域网属性为 acce s s端口时,对应的允许通过的虚拟局域网标识 列表和允许通过的不携带虚拟局域网标签的报文的虚拟局域网标识列 表均为空, 如图 8所示, 具体包括如下步骤:  When the configuration information corresponding to the physical port 1 is that the default virtual local area network identifier is 1 and the virtual local area network attribute is an acce ss port, the corresponding allowed virtual local area network identifier list and the allowed packets that do not carry the virtual local area network label are allowed to pass. The virtual local area network identifier list is empty, as shown in Figure 8, which specifically includes the following steps:
801、 所述物理网卡判断所述 4艮文是否携带虚拟局域网标识; 801. The physical network card determines whether the fourth file carries a virtual local area network identifier.
802、 当所述 4艮文没有携带虚拟局域网标识时, 所述物理网卡将所 述端口对应的缺省虚拟局域网标识确定为所述目标虚拟局域网标识。 对于获取的没有携带虚拟局域网标签的报文头包括目的地址802. When the WLAN does not carry the virtual local area network identifier, the physical NIC determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier. For the obtained packet header that does not carry the virtual LAN label, the destination address is included.
( DMAC ) 、 源地址 (SMAC ) 、 报文类型 (E ther-Type ) , 且在报文类 型中没有携带 8100 的标识, 8100 标识表示所述报文携带虚拟局域网 标签。 (DMAC), the source address (SMAC), and the packet type (E ther-Type), and the packet type does not carry the identifier of the 8100. The 8100 identifier indicates that the packet carries the virtual local area network label.
对于没有携带虚拟局域网标签的报文, 所述物理网卡根据获取所 述 4艮文的物理端口 1 对应的端口标识 1 , 查找到对应的虚拟局域网属 性为 acce s s端口, 缺省虚拟局 i或网标识为 1 , 则所述缺省虚拟局 i或网 标识对应的虚拟局域网 1 确定为所述目标虚拟局域网, 通过所述目标 虚拟局域网接收所述报文, 并将所述目标虚拟局域网标识写入所述没 有携带虚拟局域网标识的报文中。 即将缺省虚拟局域网标识写入所述 报文中, 此时报文头中包括目的地址、 源地址,携带 8100的报文类型, 优先级 (PRI ) 、 规范标志位 (CF I ) 、 虚拟局域网标识, 其中目的地 址和源地址均为 6个字节, 携带 8100的报文类型为 1个字节, 优先级 为 3b i t (比特) , 规范标志位为 lb i t , 虚拟局域网标识为 12b i t , 将 缺省虚拟局域网标识写在 12b i t的虚拟局域网标识中。  For the packet that does not carry the virtual local area network label, the physical network card finds the corresponding virtual local area network attribute as the acce ss port according to the port identifier 1 corresponding to the physical port 1 of the obtained 艮 ,, the default virtual office i or the network If the identifier is 1, the virtual local area network corresponding to the default virtual office i or the network identifier is determined as the target virtual local area network, the packet is received by the target virtual local area network, and the target virtual local area network identifier is written. The packet does not carry the virtual local area network identifier. The default virtual local area network identifier is written into the packet. The packet header includes the destination address, the source address, the packet type carrying the 8100, the priority (PRI), the specification flag (CF I ), and the virtual local area network identifier. , the destination address and the source address are both 6 bytes, the packet type carrying 8100 is 1 byte, the priority is 3b it (bit), the specification flag is lb it, and the virtual local area network identifier is 12b it, The default virtual local area network identifier is written in the virtual local area network identifier of 12b it.
803、 当所述 4艮文携带虚拟局域网标识时, 所述物理网卡判断所述 艮文中的虚拟局域网标识是否与所述端口标识对应的缺省虚拟局域网 标识相同。  803. The physical network card determines whether the virtual local area network identifier in the text is the same as the default virtual local area network identifier corresponding to the port identifier, when the virtual local area network identifier is carried.
804、 当所述 4艮文中的虚拟局域网标识与所述端口标识对应的缺省 识确定为所述目标虚拟局域网标识。  804. Determine, when the virtual local area network identifier in the message is a default identifier corresponding to the port identifier, the target virtual local area network identifier.
805、 当所述 4艮文中的虚拟局域网标识与所述端口标识对应的缺省 虚拟局域网标识不相同时, 丟弃所述 4艮文。 文类型时, 表示所述报文携带虚拟局域网标签, 则获取所述虚拟局域 网标签中的虚拟局域网标识。 其中, 所述物理端口 1 对应的缺省虚拟 局域网标识为 1 , 当所述 4艮文携带的虚拟局域网标识为 1 时, 则所述 虚拟局 i或网标识与所述端口标识对应的缺省虚拟局 i或网标识相同, 则 将所述端口对应的缺省虚拟局域网标识 1 确定为所述目标虚拟局域网 标识, 通过所述目标虚拟局域网标识对应的目标虚拟局域网接收所述 艮文; 当所述 4艮文携带的虚拟局域网标识不为 1 时, 所述虚拟局域网 标识与所述端口标识对应的缺省虚拟局域网标识不相同, 则丟弃所述 报文。 805. When the virtual local area network identifier in the text is different from the default virtual local area network identifier corresponding to the port identifier, discard the message. In the case of the text type, the packet carries the virtual local area network label, and the virtual local area network identifier in the virtual local area network label is obtained. The default virtual local area network identifier corresponding to the physical port 1 is 1, and when the virtual local area network identifier carried by the fourth port is 1, the The virtual office i or the network identifier is the same as the default virtual office i or the network identifier corresponding to the port identifier, and the default virtual local area network identifier 1 corresponding to the port is determined as the target virtual local area network identifier, and the target virtual local area network identifier is determined by the target virtual area identifier. Receiving, by the target virtual local area network corresponding to the local area network identifier, the virtual local area network identifier corresponding to the port identifier is different, and the virtual local area network identifier corresponding to the port identifier is different, Discard the message.
对于图 3 中的③从下联口进物理网卡的 4艮文处理, 即从下联口接 收报文的处理, 与上述图 4-图 8所述的从上联口接收报文的处理方式 类似, 此处不再赘述。 在本发明实施例的第二种实现方式中,提供一种报文的处理方法, 在网络虚拟化场景中, 通过物理网卡在直通模式下实现虚拟局域网划 分和报文处理, 所述直通模式就是获取到的报文不需要虚拟机管理器 进行中转, 直接由物理网卡进行转发的模式。 其中, 物理网卡的上联 口是物理网卡与外部设备连接的物理端口, 所述外部设备为交换机、 路由器、 另一个物理网卡或其他网络设备, 物理网卡的下联口是物理 网卡与物理服务器连接的队列, 即所述队列就是所述网络设备与所述 物理服务器进行交互的通道, 且每一个队列对应所述物理服务器上的 一个虚拟机。 将 4艮文进出物理网卡分为四个处理过程, 如图 3所示, 分别是①从上联口 (物理端口 ) 进物理网卡的报文处理, ②从下联口 (队列) 出物理网卡的报文处理, ③从下联口 (队列) 进物理网卡的 艮文处理, ④从上联口 (物理端口 ) 出物理网卡的 4艮文处理。 本实现 方式可以是图 4所示的实现方式的后续报文处理, 即图 4所示的报文 从上联口 (物理端口 ) 进物理网卡之后, 经过所述物理网卡其他处理 之后, 需要从所述物理网卡向物理服务器发送所述报文, 即本实现方 式为图 3中②从下联口 (队列) 出物理网卡的报文处理为例进行说明。 根据现有技术, 由所述物理网卡内的目的地址列表, 确定所述报文待 发送的队列, 然后从下联口发送报文的处理, 如图 9 所示, 所述方法 包括: For the process of receiving the message from the lower link, the process of receiving the message from the uplink port is similar to the process of receiving the message from the uplink port as described in FIG. 4-8. I will not repeat them here. In the second implementation manner of the embodiment of the present invention, a packet processing method is provided. In a network virtualization scenario, virtual local area network division and packet processing are implemented in a pass-through mode by using a physical network card, and the direct mode is The obtained packet does not need to be transferred by the virtual machine manager and directly forwarded by the physical network card. The physical network card is connected to the physical port of the physical network card, and the external device is a switch, a router, another physical network card or other network device. The physical network card is connected to the physical network card and the physical server. A queue, that is, the queue is a channel through which the network device interacts with the physical server, and each queue corresponds to a virtual machine on the physical server. The process of entering and leaving the physical network card into four physical processes is divided into four processes, as shown in Figure 3, which are 1 packet processing from the uplink port (physical port) into the physical network card, and 2 from the lower link port (queue) to the physical network card. Packet processing, 3 processing from the lower joint port (queue) into the physical network card, 4 from the upper joint port (physical port) to the physical network card. This implementation manner may be subsequent packet processing in the implementation manner shown in FIG. 4, that is, after the packet shown in FIG. 4 enters the physical network card from the uplink port (physical port), after the physical network card performs other processing, it needs to be The physical network card sends the packet to the physical server, which is an example of the packet processing of the physical network card from the lower joint port (queue) in FIG. According to the prior art, the packet is determined by the destination address list in the physical network card. The sent queue, and then the processing of sending the packet from the lower joint port, as shown in FIG. 9, the method includes:
901、所述物理网卡从管理设备接收预先设置的与所述端口标识对 应的配置信息。  901. The physical NIC receives, from the management device, configuration information corresponding to the port identifier that is preset.
所述端口标识对应的配置信息是通过具有管理功能的管理设备上 预先设置的, 并发送给所述物理网卡, 例如, 通过虚拟机管理器配置 上下联口的配置信息, 并发送给所述物理网卡。 其中, 所述虚拟机管 理器与所述物理网卡连接, 用于对所述物理网卡进行设置和管理。  The configuration information corresponding to the port identifier is preset by the management device having the management function, and is sent to the physical network card. For example, the configuration information of the upper and lower links is configured by the virtual machine manager, and sent to the physical Network card. The virtual machine manager is connected to the physical network card, and configured to set and manage the physical network card.
902、 所述物理网卡获取待发送报文。  902. The physical network card acquires a to-be-sent packet.
对于从所述物理网卡中待发送的报文, 均携带有虚拟局域网标签 , 且所述报文是从下联口获取的报文。  The packet to be sent from the physical network card carries a virtual local area network label, and the packet is a packet obtained from the downlink interface.
903、 所述物理网卡根据获取所述报文的端口对应的端口标识, 查 找所述端口标识对应的配置信息。  903. The physical network card searches for the configuration information corresponding to the port identifier according to the port identifier corresponding to the port that obtains the packet.
其中, 所述配置信息可以为列表形式, 如图 5 所示, 在所述列表 中包括端口标识, 以及所述端口标识对应的配置信息, 所述配置信息 包括指定虚拟局域网标识, 所述指定虚拟局域网标识为所述端口允许 通过的虚拟局域网标识, 所述允许通过的虚拟局域网标识为缺省虚拟 局域网标识和允许通过的虚拟局域网标识列表。 所述配置信息还包括 虚拟局域网属性, 以及允许通过的不携带虚拟局域网标签的报文的虚 拟局域网标识列表, 且所述允许通过的不携带虚拟局域网标签的报文 的虚拟局域网标识列表是所述允许通过的虚拟局域网标识列表的子 其中, 端口标识为预先为物理网卡的每个队列设置的标识, 缺省 虚拟局域网标识的范围为 0-4095 , 可以根据该范围设置所述端口对应 的缺省虚拟局域网标识, 例如, 所述物理网卡的队列有 4 个, 可以依 次对 4个队列设置对应的标识为 0、 1、 1、 3 , 缺省虚拟局域网标识为 0、 1、 2、 3。 其中, 根据 IEEE802.1Q标准中关于虚拟局域网帧的定义, 虚拟局 域网属性分为三类: access端口、 trunk端口和 hybr id端口, access 端口只能属于 1 个虚拟局域网, 一般用于交换机与终端用户之间的连 接; trunk 端口可以属于多个虚拟局域网, 可以接收和发送多个虚拟 局域网的报文, 一般用于交换机之间的连接; hybrid端口可以属于多 个虚拟局域网, 可以接收和发送多个虚拟局域网的报文, 一般用于交 换机之间的连接, 也可以用于连接用户的计算机, 而且 hybrid端口可 以允许多个虚拟局域网的 4艮文发送时不携带虚拟局域网标签。 The configuration information may be in the form of a list. As shown in FIG. 5, the list includes a port identifier and configuration information corresponding to the port identifier, where the configuration information includes a specified virtual local area network identifier, and the specified virtual The local area network identifier is a virtual local area network identifier that the port is allowed to pass, and the allowed virtual local area network identifier is a default virtual local area network identifier and a list of allowed virtual local area network identifiers. The configuration information further includes a virtual local area network identifier, and a virtual local area network identifier list of the message that does not carry the virtual local area network label, and the virtual local area network identification list of the message that does not carry the virtual local area network label is allowed to be The port of the virtual local area network identifier list that is allowed to pass, the port identifier is an identifier that is set for each queue of the physical network card in advance. The default virtual local area network identifier ranges from 0 to 4095, and the default corresponding to the port can be set according to the range. The virtual local area network identifier, for example, has four queues of the physical network card, and the corresponding identifiers of the four queues may be set to 0, 1, 1, 3, and the default virtual local area network identifiers are 0, 1, 2, and 3. According to the definition of the virtual local area network frame in the IEEE802.1Q standard, the virtual local area network attributes are classified into three types: an access port, a trunk port, and a hybrid id port. The access port can belong to only one virtual local area network, and is generally used for switches and end users. The trunk port can belong to multiple virtual LANs. It can receive and send packets from multiple virtual LANs. It is generally used for connections between switches. The hybrid port can belong to multiple virtual LANs and can receive and send multiple packets. The packets of the virtual local area network are generally used for connecting between switches, and can also be used for connecting the user's computer, and the hybrid port can allow multiple virtual local area networks to transmit without carrying the virtual local area network label.
其中, 在配置信息中, 虚拟局域网属性不同, 对应的允许通过的 虚拟局域网标识列表和允许通过的不携带虚拟局域网标签的报文的虚 拟局域网标识列表也不相同。 当虚拟局域网属性为 access端口时, 对 应的允许通过的虚拟局域网标识列表和允许通过的不携带虚拟局域网 标签的报文的虚拟局域网标识列表均为空;当虚拟局域网属性为 trunk 端口时, 对应的允许通过的虚拟局域网标识列表有效, 所述端口在接 收和发送报文时, 允许携带所述虚拟局域网标识列表中的虚拟局域网 标识报文通过, 而允许通过的不携带虚拟局域网标签的报文的虚拟局 域网标识列表为空; 当虚拟局域网属性为 hybrid端口时, 对应的允许 通过的虚拟局域网标识列表和允许通过的不携带虚拟局域网标签的报 文的虚拟局域网标识列表均有效, 所述端口在接收和发送报文时, 允 许携带所述虚拟局域网标识列表中的虚拟局域网标识 4艮文通过, 而所 述端口在发送 4艮文时, 只有所述 4艮文中携带的虚拟局域网标识在所述 允许通过的虚拟局域网标识列表, 且不在所述允许通过的不携带虚拟 局域网标签的报文的虚拟局域网标识列表中时, 所述报文才能携带虚 拟局域网标签进行发送。 另外, 当所述虚拟局域网属性为 trunk端口 或者 hybrid端口时,对应的允许通过的虚拟局域网标识列表中均包括 对应的缺省虚拟局域网标识。  Among them, in the configuration information, the virtual local area network attribute is different, and the corresponding virtual local area network identifier list that is allowed to pass and the virtual local area network identification list of the packets that do not carry the virtual local area network label are different. When the virtual local area network attribute is the access port, the corresponding virtual local area network identifier list and the allowed virtual local area network identifier list of the packets that do not carry the virtual local area network label are empty; when the virtual local area network attribute is a trunk port, the corresponding The virtual local area network identifier list that is allowed to pass is valid. When the port receives and sends the message, the port is allowed to carry the virtual local area network identification message in the virtual local area network identifier list, and the allowed packet that does not carry the virtual local area network label is allowed to pass. The virtual local area network identifier list is empty. When the virtual local area network attribute is a hybrid port, the corresponding allowed virtual local area network identifier list and the allowed virtual local area network identifier list of the packets that do not carry the virtual local area network label are valid, and the port is receiving. When the packet is sent, the virtual local area network identifier in the virtual local area network identifier list is allowed to pass, and the virtual local area network identifier carried in the 4 艮 text is allowed in the port when the port sends the message. Virtual office Network identifier list, and does not allow the packets carrying no VLAN tag virtual local area network identifier list when the packets can carry a virtual LAN tags to transmit. In addition, when the virtual local area network attribute is a trunk port or a hybrid port, the corresponding allowed virtual local area network identifier list includes a corresponding default virtual local area network identifier.
一般情况下, 队列的虚拟局域网属性设置为 access端口, 当然也 可以是 t runk端口或者 hyb r i d端口, 在这里不做限定。 In general, the virtual LAN property of the queue is set to the access port, of course It can be a t runk port or a hyb rid port, which is not limited here.
904、 所述物理网卡根据所述报文是否携带虚拟局域网标识, 从所 述指定虚拟局域网标识中确定目标虚拟局域网标识;  904. The physical network card determines, according to whether the packet carries a virtual local area network identifier, a target virtual local area network identifier from the specified virtual local area network identifier.
905、将所述 ^艮文发送到所述目标虚拟局域网标识对应的目标虚拟 局域网;  905. Send the message to the target virtual local area network corresponding to the target virtual local area network identifier.
906、 通过所述目标虚拟局域网发送所述 ^艮文。  906. Send the message by using the target virtual local area network.
对于步骤 9 04 -步骤 9 06 , 下面以图 1 0、 图 1 1、 图 1 2所述 4艮文从 队列 1 出物理网卡为例进行说明, 当队列 1获取到所述报文, 根据队 列 1 的端口标识 1 , 查找所述端口标识 1对应的配置信息。 所述配置 信息包括所述指定虚拟局域网标识, 所述指定虚拟局域网标识包括缺 省虚拟局域网标识为 1 和允许通过的虚拟局域网标识列表, 所述配置 信息还包括虚拟局域网属性为 ac ce s s端口,允许通过的不携带虚拟局 域网标签的报文的虚拟局域网标识列表, 其中, 所述允许通过的虚拟 局域网标识列表和允许通过的不携带虚拟局域网标签的报文的虚拟局 域网标识列表均为空, 如图 1 0所示, 具体包括如下步骤: 述端口标识对应的缺省虚拟局域网标识相同;  For the step 9 04 - step 9 06, the following takes the physical network card from the queue 1 as an example, as shown in FIG. 10, FIG. 1 1 and FIG. 12, as an example, when the queue 1 obtains the packet, according to the queue Port ID 1 of 1 searches for the configuration information corresponding to port ID 1. The configuration information includes the specified virtual local area network identifier, where the specified virtual local area network identifier includes a default virtual local area network identifier of 1 and a virtual local area network identifier list that is allowed to pass, and the configuration information further includes a virtual local area network attribute of an ac ce ss port. A virtual local area network identifier list of the packets that do not carry the virtual local area network label, and the list of the virtual local area network identifiers that are allowed to pass through and the virtual local area network identification list of the packets that do not carry the virtual local area network label are allowed to be empty, such as As shown in FIG. 10, the method includes the following steps: The default virtual local area network identifier corresponding to the port identifier is the same;
1 002、 当所述 4艮文中的虚拟局域网标识与所述端口标识对应的缺 省虚拟局域网标识相同时, 所述物理网卡将所述 4艮文中的虚拟局域网 标识确定为所述目标虚拟局域网标识。  1 002. When the virtual local area network identifier in the fourth network is the same as the default virtual local area network identifier corresponding to the port identifier, the physical network card determines the virtual local area network identifier in the information as the target virtual local area network identifier. .
相同时, 即所述 4艮文中的虚拟局域网标识为所述目标虚拟局域网 标识, 则删除所述报文中携带的虚拟局域网标签, 并通过所述目标虚 拟局域网发送所述 4艮文。  If the virtual local area network identifier in the message is the target virtual local area network identifier, the virtual local area network label carried in the packet is deleted, and the message is sent through the target virtual local area network.
1 003、 当所述 4艮文中的虚拟局域网标识与所述端口标识对应的缺 省虚拟局域网标识不相同时, 丟弃所述 4艮文。  1 003. When the virtual local area network identifier in the text is different from the default virtual local area network identifier corresponding to the port identifier, discard the message.
所述物理网卡将所述 4艮文中的虚拟局域网标识与所述端口标识对 应的缺省虚拟局域网标识进行比较, 其中, 所述队列 1对应的缺省虚 拟局域网标识为 1 , 当所述 4艮文携带的虚拟局域网标识为 1 时, 所述 艮文中的虚拟局域网标识与所述队列 1对应的缺省虚拟局域网标识相 同,将删除虚拟局域网标签的报文通过队列 1发送给所述物理服务器; 当所述报文携带的虚拟局域网标识为 2 时, 则所述报文中的虚拟局域 网标识与所述队列 1 对应的缺省虚拟局域网标识不相同, 将所述 4艮文 丟弃, 不发送给所述物理服务器。 Comparing, by the physical network card, the virtual local area network identifier in the four-dimensional text with the default virtual local area network identifier corresponding to the port identifier, where the default virtual number corresponding to the queue 1 is The pseudo-local area network identifier is 1 and the virtual local area network identifier in the text is the same as the default virtual local area network identifier corresponding to the queue 1 when the virtual local area network identifier is 1 in the text, and the virtual local area network label is deleted. The packet is sent to the physical server through the queue 1; when the virtual local area network identifier of the packet is 2, the virtual local area network identifier in the packet is different from the default virtual local area network identifier corresponding to the queue 1 The 4 files are discarded and are not sent to the physical server.
当所述队列 1 对应的缺省虚拟局域网标识为 1 , 虚拟局域网属性 为 t runk 端口, 允许通过的虚拟局域网标识列表包含 1、 2、 3 , 允许 通过的不携带虚拟局域网标签的报文的虚拟局域网标识列表为空时, 如图 11所示, 具体包括如下步骤: 述端口标识对应的缺省虚拟局域网标识相同。  When the default virtual local area network identifier corresponding to the queue 1 is 1, and the virtual local area network attribute is a t runk port, the allowed virtual local area network identifier list includes 1, 2, 3, and the virtual packets that are allowed to pass without carrying the virtual local area network label are virtual. When the local area network identifier list is empty, as shown in FIG. 11, the method includes the following steps: The default virtual local area network identifier corresponding to the port identifier is the same.
比较所述 4艮文中的虚拟局域网标识与所述队列 1 对应的缺省虚拟 局域网标识是否相同。  Comparing whether the virtual local area network identifier in the message is the same as the default virtual local area network identifier corresponding to the queue 1.
1102、 当所述虚拟局域网标识与所述端口标识对应的缺省虚拟局 为所述目标虚拟局域网标识。  1102. The default virtual office corresponding to the port identifier of the virtual local area network identifier is the target virtual local area network identifier.
当所述 4艮文中的虚拟局域网标识为 1 时, 所述虚拟局域网标识与 所述队列 1 对应的缺省虚拟局域网标识相同, 则所述物理网卡删除所 述报文中携带的虚拟局域网标签, 并通过队列 1 发送给所述物理服务 器。  When the virtual local area network identifier is the same as the default virtual local area network identifier corresponding to the queue 1 in the virtual local area network identifier, the physical network card deletes the virtual local area network label carried in the packet. And sent to the physical server through queue 1.
1103、 当所述虚拟局域网标识与所述端口标识对应的缺省虚拟局 是否在所述端口标识对应的允许通过的虚拟局域网标识列表中。  1103. When the virtual local area network identifier is associated with the port identifier, whether the default virtual office corresponding to the port identifier is in the allowed virtual local area network identifier list.
当所述 4艮文中的虚拟局域网标识为 2 时, 所述虚拟局域网标识与 所述队列 1 对应的缺省虚拟局域网标识不相同, 判断所述虚拟局域网 标识是否在所述队列 1对应的允许通过的虚拟局域网标识列表中。 1 1 04、 当所述虚拟局域网标识在所述列表中时, 所述物理网卡将 所述端口对应的缺省虚拟局域网标识确定为所述目标虚拟局域网标 识。 When the virtual local area network identifier is 2, the virtual local area network identifier and the default virtual local area network identifier corresponding to the queue 1 are different, and it is determined whether the virtual local area network identifier is allowed to pass in the queue 1 The list of virtual LAN IDs. 1 1 04. When the virtual local area network identifier is in the list, the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier.
当所述 4艮文中的虚拟局域网标识为 0 时, 所述虚拟局域网标识与 所述队列 1 对应的缺省虚拟局域网标识不相同, 但是判断所述虚拟局 域网标识在所述队列 1对应的允许通过的虚拟局域网标识列表中, 则 所述物理网卡将所述端口对应的缺省虚拟局域网标识确定为所述目标 虚拟局域网标识, 并保留所述报文中的虚拟局域网标签, 将所述报文 发送到所述目标虚拟局域网, 并将所述 4艮文通过所述目标虚拟局域网 发送给所述物理服务器。  When the virtual local area network identifier is 0, the virtual local area network identifier is different from the default virtual local area network identifier corresponding to the queue 1, but it is determined that the virtual local area network identifier is allowed to pass through the queue 1 In the virtual local area network identifier list, the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier, and retains the virtual local area network label in the packet, and sends the packet Go to the target virtual local area network, and send the message to the physical server through the target virtual local area network.
1 1 05、 当所述虚拟局域网标识不在所述列表中时, 丟弃所述报文。 当所述虚拟局域网标识不在所述队列 1对应的允许通过的虚拟局 域网标识列表中, 则将所述报文丟弃, 不发送给所述物理服务器。  1 1 05. When the virtual local area network identifier is not in the list, discard the message. When the virtual local area network identifier is not in the virtual local area network identifier list corresponding to the queue 1, the packet is discarded and not sent to the physical server.
当所述队列 1 对应的缺省虚拟局域网标识为 1 , 虚拟局域网属性 为 hybr i d端口, 允许通过的虚拟局域网标识列表包含 1、 2、 3 , 允许 通过的不携带虚拟局域网标签的报文的虚拟局域网标识列表为 1、 2 , 如图 1 2所示, 具体包括如下步骤: 述端口标识对应的允许通过的虚拟局域网标识列表中;  When the default virtual local area network identifier corresponding to the queue 1 is 1, and the virtual local area network attribute is a hybr id port, the allowed virtual local area network identifier list includes 1, 2, 3, and the allowed virtual packets of the virtual local area network label are not allowed to pass. The local area network identifier list is 1, 2, as shown in FIG. 12, and specifically includes the following steps: The virtual network local area identifier list corresponding to the port identifier is allowed to pass;
1 202、 当所述虚拟局域网标识在所述端口标识对应的允许通过的 虚拟局域网标识列表中时, 所述物理网卡将所述端口对应的缺省虚拟 局域网标识确定为所述目标虚拟局域网标识, 并对所述 4艮文进行后续 处理。  1 202. When the virtual local area network identifier is in the allowed virtual local area network identifier list corresponding to the port identifier, the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier. And the subsequent processing of the 4 艮 text.
1 203、 当所述虚拟局域网标识不在所述端口标识对应的允许通过 的虚拟局域网标识列表中时, 丟弃所述报文。  1 203. When the virtual local area network identifier is not in the virtual local area network identifier list corresponding to the port identifier, the packet is discarded.
当所述 4艮文中的虚拟局域网标识为 3 时, 所述虚拟局域网标识在 所述队列 1 对应的允许通过的虚拟局域网标识列表中, 则对所述 4艮文 通过队列 1进行后续处理; 当所述报文中的虚拟局域网标识为 0时, 所述虚拟局域网标识不在所述队列 1 对应的允许通过的虚拟局域网标 识列表中, 则丟弃所述报文。 When the virtual local area network identifier is 3, the virtual local area network identifier is in the virtual local area network identifier list corresponding to the queue 1 corresponding to the queue 1 After the virtual local area network identifier is 0, the virtual local area network identifier is not in the allowed virtual local area network identifier list corresponding to the queue 1, and the packet is discarded.
另外, 对于步骤 1 2 02中, 根据队列 1对应的允许通过的不携带虚 拟局域网标签的报文的虚拟局域网标识列表中的设置, 对所述报文进 行后续处理如下:  In addition, in step 1 2 02, according to the settings in the virtual local area network identifier list of the packets that do not carry the virtual local area network label that are allowed to pass through the queue 1, the subsequent processing of the message is as follows:
a、判断所述 4艮文中的虚拟局域网标识是否在所述端口标识对应的 允许通过的不携带虚拟局域网标签的报文的虚拟局域网标识列表中; b、 当所述虚拟局域网标识在所述端口标识对应的允许通过的不携 带虚拟局域网标签的报文的虚拟局域网标识列表中时, 删除所述报文 去;  a. determining whether the virtual local area network identifier in the four-dimensional text is in the virtual local area network identifier list of the packet that does not carry the virtual local area network label corresponding to the port identifier; b. when the virtual local area network identifier is in the port And deleting the packet when the corresponding virtual network identifier list of the packet that does not carry the virtual local area network label is allowed to pass;
c、 当所述虚拟局域网标识不在所述端口标识对应的允许通过的不 将携带所述
Figure imgf000024_0001
c. when the virtual local area network identifier is not allowed to pass through the port identifier, the
Figure imgf000024_0001
当所述 4艮文中的虚拟局域网标识为 2 时, 所述虚拟局域网标识在 所述队列 1 对应的允许通过的不携带虚拟局域网标签的报文的虚拟局 送给所述物理服务器; 当所述报文中的虚拟局域网标识为 3 时, 所述 虚拟局域网标识不在所述队列 1对应的允许通过的不携带虚拟局域网 标签的报文通过的虚拟局域网标识列表中, 则将携带所述虚拟局域网 标签的报文通过队列 1发送给所述物理服务器。  When the virtual local area network identifier is 2, the virtual local area network identifies the virtual office that is allowed to pass the packet that does not carry the virtual local area network label corresponding to the queue 1 and sends the virtual office to the physical server; When the virtual local area network identifier in the packet is 3, the virtual local area network identifier is not in the virtual local area network identifier list that passes the packet that does not carry the virtual local area network label corresponding to the queue 1 The message is sent to the physical server through queue 1.
对于从上联口出物理网卡的报文处理, 即从上联口发送报文的处 理, 与上述图 9-图 1 2 所述的从下联口发送报文的处理方式类似, 此 处不再赘述。 在本发明实施例的第三中实现方式中,提供一种报文的处理方法 在网络虚拟化场景中, 通过物理网卡在直通模式下实现虚拟局域网划 分和报文处理, 所述直通模式就是获取到的报文不需要虚拟机管理器 进行中转, 直接由物理网卡进行转发的模式。 其中, 物理网卡的上联 口是物理网卡与外部设备连接的物理端口, 所述外部设备为交换机、 路由器、 另一个物理网卡或其他网络设备, 物理网卡的下联口是物理 网卡与物理服务器连接的队列, 即所述队列就是所述网络设备与所述 物理服务器进行交互的通道, 且每一个队列对应所述物理服务器上的 一个虚拟机。 将 4艮文进出物理网卡分为四个处理过程, 如图 3所示, 分别是①从上联口 (物理端口 ) 进物理网卡的报文处理, ②从下联口 (队列) 出物理网卡的报文处理, ③从下联口 (队列) 进物理网卡的 艮文处理, ④从上联口 (物理端口 ) 出物理网卡的 4艮文处理。 本实现 方式是报文③从下联口 (队列) 进物理网卡之后, 经过所述物理网卡 其他处理, ④从上联口 (物理端口 ) 出物理网卡的报文处理。 对于③ 从下联口 (队列) 进物理网卡的 ^艮文处理, 与图 4-图 8所示的①从上 联口 (物理端口 ) 进物理网卡的报文处理类似, 对于④从上联口 (物 理端口 )出物理网卡的报文处理, 与图 9-图 12所示的②从下联口 (队 列) 出物理网卡的 4艮文处理类似。 对于所有进物理网卡的 4艮文, 包括 从上联口 (物理端口 ) 进物理网卡和从下联口 (队列) 进物理网卡, 都可以看成从对端设备向所述物理网卡发来的 4艮文; 对于所有出物理 网卡的 4艮文, 包括从上联口 (物理端口 ) 出物理网卡和从下联口 (队 列) 出物理网卡, 都可以看成从物理网卡向对端设备发送 4艮文。 因此 本实现方式为从下联口接收报文, 然后从上联口发送报文的处理, 与 图 4-图 8和图 9-图 12所述的从上联口接收 ^艮文, 然后从下联口发送 报文的处理方式类似, 这里不再赘述。 The processing of the packet sent from the uplink interface to the physical NIC, that is, the processing of sending the packet from the uplink interface is similar to the processing of sending the packet from the lower interface as described in FIG. 9 to FIG. Narration. In the third implementation manner of the embodiment of the present invention, a packet processing method is provided In the network virtualization scenario, the virtual LAN segmentation and packet processing are implemented in the pass-through mode by the physical network card. The pass-through mode is a mode in which the obtained packet does not need to be transferred by the virtual machine manager and directly forwarded by the physical network card. . The physical network card is connected to the physical port of the physical network card, and the external device is a switch, a router, another physical network card or other network device. The physical network card is connected to the physical network card and the physical server. A queue, that is, the queue is a channel through which the network device interacts with the physical server, and each queue corresponds to a virtual machine on the physical server. The process of entering and leaving the physical network card into four physical processes is divided into four processes, as shown in Figure 3, which are 1 packet processing from the uplink port (physical port) into the physical network card, and 2 from the lower link port (queue) to the physical network card. Packet processing, 3 processing from the lower joint port (queue) into the physical network card, 4 from the upper joint port (physical port) to the physical network card. In this implementation manner, after the packet 3 enters the physical network card from the lower interface (queue), the packet processing is performed on the physical network card from the uplink port (physical port) after the physical network card performs other processing. For the processing of the physical network card from the lower joint port (queue), it is similar to the processing of the packet from the upper joint port (physical port) to the physical network card as shown in Figure 4-8. (Physical port) The packet processing of the physical NIC is similar to the processing of the physical NIC from the lower port (queue) shown in Figure 9-12. For all the physical network cards, including the physical network card from the uplink port (physical port) and the physical network card from the lower port (queue), it can be regarded as 4 from the peer device to the physical network card. For all the physical NICs, including the physical NIC from the uplink port (physical port) and the physical NIC from the downlink port (queue), it can be seen as sending 4 从 from the physical NIC to the peer device. Text. Therefore, the implementation manner is that the packet is received from the downlink interface, and then the packet is sent from the uplink port, and the packet is received from the uplink port as described in FIG. 4-8 and FIG. The processing of sending packets on the interface is similar, and is not mentioned here.
本发明实施例并不局限于物理网卡, 可以是任何能够实现虚拟局 域网划分和 4艮文处理的网络设备。 另外本发明实施例可以应用于 VEB ( V i r t ua l E therne t Br i dge , 虚拟以太网网桥) 和 VEPA ( V i r tua l Ethernet Port Aggregator, 虚拟以太网端口聚合器) 标准中, 例如, 当所述物理服务器上的虚拟机 1要与虚拟机 2进行通讯时, 虚拟机 1 先将报文发送给所述物理网卡, 由所述物理网卡将所述报文发送给虚 拟机 2, 即实现了 VEB功能; 对于 VEPA标准, 当所述物理网卡接收到 所述虚拟机 1发送的报文后, 所述物理网卡将所述报文发送到与所述 物理网卡连接的外部设备, 由外部设备处理后, 返回给所述物理网卡, 本发明实施例实现了在网络虚拟化场景下使用直通模式进行虚拟 局域网划分, 提高了网络管理的安全性, 也筒化了虚拟机用户的配置, 同时在物理网卡下实现虚拟局域网加速, 提高了网络性能。 实施例 2 The embodiment of the present invention is not limited to a physical network card, and may be any network device capable of realizing virtual local area network division and processing. In addition, the embodiments of the present invention can be applied to VEB (V i ua l E therne t Br i dge, virtual Ethernet bridge) and VEPA (V ir tua l In the standard, for example, when the virtual machine 1 on the physical server is to communicate with the virtual machine 2, the virtual machine 1 first sends a message to the physical network card, The physical network card sends the message to the virtual machine 2, that is, the VEB function is implemented; for the VEPA standard, after the physical network card receives the message sent by the virtual machine 1, the physical network card will The packet is sent to the external device connected to the physical network card, and is processed by the external device, and then returned to the physical network card. In the embodiment of the present invention, the virtual local area network is divided in the network virtualization scenario, and the network is improved. The security of management also encapsulates the configuration of virtual machine users, and at the same time realizes virtual LAN acceleration under the physical network card, improving network performance. Example 2
本发明实施例提供一种网络设备 13, 如图 13 所示, 包括获取单 元 131、 查找单元 132、 第一处理单元 133和发送单元 134。  The embodiment of the present invention provides a network device 13, as shown in FIG. 13, which includes an obtaining unit 131, a searching unit 132, a first processing unit 133, and a sending unit 134.
其中, 获取单元 131, 用于获取报文。  The obtaining unit 131 is configured to acquire a packet.
查找单元 132, 用于根据所述获取单元获取的所述报文的端口对 应的端口标识, 查找所述端口标识对应的配置信息, 所述配置信息包 括指定虚拟局域网标识, 所述指定虚拟局域网标识为所述端口允许通 过的虚拟局域网标识。  The searching unit 132 is configured to search for configuration information corresponding to the port identifier according to the port identifier corresponding to the port of the packet that is obtained by the acquiring unit, where the configuration information includes a specified virtual local area network identifier, and the specified virtual local area network identifier A virtual local area network identifier that is allowed to pass through for the port.
第一处理单元 133, 用于根据所述报文是否携带虚拟局域网标识, 从所述查找单元查找到的所述指定虚拟局域网标识中确定目标虚拟局 域网标识;  The first processing unit 133 is configured to determine, according to whether the packet carries a virtual local area network identifier, the target virtual local area network identifier from the specified virtual local area network identifier found by the searching unit;
发送单元 134, 用于将所述报文发送到所述处理单元确定的所述 目标虚拟局 i或网标识对应的目标虚拟局 i或网。  The sending unit 134 is configured to send the packet to the target virtual office i or the target virtual office i or the network corresponding to the network identifier determined by the processing unit.
当确定所述目标虚拟局域网标识之后, 将所述报文发送到所述目 标虚拟局域网标识对应的目标虚拟局域网, 由所述目标虚拟局域网将 所述报文进行转发。 本发明实施例提供的一种网络设备, 通过获取报文, 并根据获取 所述 4艮文的端口对应的端口标识, 查找所述端口标识对应的配置信息, 然后根据所述报文是否携带虚拟局域网标识, 从所述配置信息中的指 定虚拟局域网标识中确定目标虚拟局域网标识, 将所述 4艮文发送到所 述目标虚拟局域网标识对应的目标虚拟局域网。 本发明实施例解决了 现有技术中利用前后端模式进行虚拟局域网划分和报文处理时, 所有 报文都需要由虚拟机管理器中转, 网络性能不高的问题, 提高了安全 性和网络性能。 After the target virtual local area network identifier is determined, the packet is sent to the target virtual local area network corresponding to the target virtual local area network identifier, and the packet is forwarded by the target virtual local area network. The network device provided by the embodiment of the present invention obtains the configuration information corresponding to the port identifier according to the port identifier corresponding to the port that obtains the port, and then according to whether the packet carries the virtual The local area network identifier is determined, and the target virtual local area network identifier is determined from the specified virtual local area network identifier in the configuration information, and the information is sent to the target virtual local area network corresponding to the target virtual local area network identifier. The embodiment of the present invention solves the problem that all the packets need to be transferred by the virtual machine manager and the network performance is not high when the virtual local area network is divided and the packet processing is performed by using the front-end mode in the prior art, and the security and network performance are improved. .
其中, 通过网络设备中的端口获取报文, 所述端口为上联口或下 联口, 所述上联口为网络设备与外部设备连接的物理端口, 所述下联 口为所述网络设备与物理服务器连接的队列, 即所述队列就是所述网 络设备与所述物理服务器进行交互的通道, 且每一个队列对应所述物 理服务器上的一个虚拟机, 所述报文为通过所述上联口从所述外部设 备接收, 并通过所述下联口向所述物理服务器待发送的报文, 或者通 过所述下联口从所述物理服务器接收, 并通过所述上联口向所述外部 设备待发送的报文。  The port is obtained by using a port in the network device, and the port is an uplink port or a downlink port, where the uplink port is a physical port connected to the external device, and the downlink port is the network device and the physical port. a queue to which the server is connected, that is, the queue is a channel through which the network device interacts with the physical server, and each queue corresponds to a virtual machine on the physical server, and the packet passes through the uplink port. And receiving, by the external device, a packet to be sent to the physical server by using the downlink interface, or receiving the packet from the physical server through the downlink interface, and waiting for the external device through the uplink port The message sent.
所述配置信息可以以列表的形式进行设置, 例如, 在所述列表中 包括端口标识, 以及所述端口标识对应的配置信息, 包括指定虚拟局 域网标识, 所述指定虚拟局域网标识包括缺省虚拟局域网标识, 以及 允许通过的虚拟局域网标识列表。  The configuration information may be configured in the form of a list, for example, including a port identifier in the list, and configuration information corresponding to the port identifier, including a specified virtual local area network identifier, where the specified virtual local area network identifier includes a default virtual local area network. Identification, and a list of virtual local area network IDs that are allowed to pass.
另外, 所述配置信息中还包括虚拟局域网属性, 根据 IEEE802. 1Q 标准中关于虚拟局域网帧的定义, 虚拟局域网属性分为三类: acce s s 端口、 t runk端口和 hybr i d端口, 则在所述配置信息中包括的所述虚 拟局域网属性为 acce s s 端口、 t runk端口或者 hybr i d端口中的任一 种。 其中, acce s s端口只能属于 1个虚拟局域网, 一般用于交换机与 终端用户之间的连接; t runk 端口可以属于多个虚拟局域网, 可以接 收和发送多个虚拟局域网的报文,一般用于交换机之间的连接; hybr i d 端口可以属于多个虚拟局域网, 可以接收和发送多个虚拟局域网的 艮 文, 一般用于交换机之间的连接, 也可以用于连接用户的计算机, 而 且 hybr i d 端口可以允许多个虚拟局域网的 4艮文发送时不携带虚拟局 域网标签。 In addition, the configuration information further includes a virtual local area network attribute. According to the definition of the virtual local area network frame in the IEEE802.1Q standard, the virtual local area network attributes are classified into three categories: an acce ss port, a t runk port, and a hybrid id port. The virtual local area network attribute included in the configuration information is any one of an acce ss port, a t runk port, or a hybrid id port. The acce ss port can only belong to one virtual local area network, and is generally used for the connection between the switch and the end user. The t runk port can belong to multiple virtual local area networks, and can receive and send multiple virtual local area network (LAN) packets, which are generally used for Connection between switches; hybr id A port can belong to multiple virtual local area networks, can receive and send multiple virtual local area network messages, generally used for connection between switches, and can also be used to connect users' computers, and the hybrid id port can allow multiple virtual local area networks. The virtual local area network label is not carried when the text is sent.
其中, 端口标识为预先为物理网卡的每个端口设置的标识, 缺省 虚拟局域网标识的范围为 0-4095 , 可以根据该范围设置所述端口对应 的缺省虚拟局域网标识, 例如, 所述物理网卡的物理端口有 4 个, 可 以依次对 4个物理端口设置对应的端口标识为 0、 1、 1、 3 , 缺省虚拟 局域网标识为 0、 1、 2、 3。  The port identifier is an identifier that is set for each port of the physical NIC in advance. The default virtual local area network identifier ranges from 0 to 4095. The default virtual local area network identifier corresponding to the port can be set according to the range, for example, the physical There are four physical ports on the NIC. You can set the corresponding port IDs to 0, 1, 1, and 3 for the four physical ports in sequence. The default virtual LAN IDs are 0, 1, 2, and 3.
在所述配置信息中, 虚拟局域网属性不同, 对应的允许通过的虚 拟局域网标识列表和允许通过的不携带虚拟局域网标签的报文的虚拟 局 i或网标识列表也不相同。 当虚拟局 i或网属性为 acce s s端口时, 对应 的允许通过的虚拟局域网标识列表和允许通过的不携带虚拟局域网标 签的报文的虚拟局域网标识列表均为空; 当虚拟局域网属性为 t runk 端口时, 对应的允许通过的虚拟局域网标识列表有效, 所述端口在接 收和发送报文时, 允许携带所述虚拟局域网标识列表中的虚拟局域网 标识报文通过, 而允许通过的不携带虚拟局域网标签的报文的虚拟局 域网标识列表为空; 当虚拟局域网属性为 hybr i d端口时, 对应的允许 通过的虚拟局域网标识列表和允许通过的不携带虚拟局域网标签的报 文的虚拟局域网标识列表均有效, 所述端口在接收和发送报文时, 允 许携带所述虚拟局域网标识列表中的虚拟局域网标识 4艮文通过, 而所 述端口在发送 4艮文时, 只有所述 4艮文中携带的虚拟局域网标识在所述 允许通过的虚拟局域网标识列表, 且不在所述允许通过的不携带虚拟 局域网标签的报文的虚拟局域网标识列表中时, 所述报文才能携带虚 拟局域网标签进行发送。 另外, 当所述虚拟局域网属性为 t runk端口 或者 hybr i d端口时,对应的允许通过的虚拟局域网标识列表中均包括 对应的缺省虚拟局域网标识。 一般情况下, 物理端口的虚拟局域网属性设置为 t runk端口或者 hybr i d 端口, 当然也可以是 acce s s 端口, 队列的虚拟局域网属性设 置为 acce s s端口, 当然也可以是 t runk端口或者 hybr i d端口, 在这 里不做限定。 In the configuration information, the virtual local area network attributes are different, and the corresponding virtual local area network identifier list that is allowed to pass and the virtual office i or network identification list that allows the passed packets that do not carry the virtual local area network label are also different. When the virtual office i or network attribute is an acce ss port, the corresponding allowed virtual local area network identifier list and the allowed virtual local area network identifier list of the packets that do not carry the virtual local area network label are empty; when the virtual local area network attribute is t runk In the case of a port, the corresponding virtual local area network identifier list is allowed to pass, and the port is allowed to carry the virtual local area network identification message in the virtual local area network identifier list when the port receives and sends the message, and the allowed non-carrying virtual local area network is allowed to pass. The virtual local area network identifier list of the packet is empty. When the virtual local area network attribute is a hybrid id port, the corresponding allowed virtual local area network identifier list and the allowed virtual local area network identifier list of the packets that do not carry the virtual local area network label are valid. When the port receives and sends a message, the port is allowed to carry the virtual local area network identifier in the virtual local area network identifier list, and the port only transmits the virtual data carried in the 4th text. The local area network identifier is in the allowed virtual local area network identifier When the list is not in the virtual local area network identifier list of the packet that does not carry the virtual local area network label, the packet can carry the virtual local area network label for sending. In addition, when the virtual local area network attribute is a t runk port or a hy id port, the corresponding allowed virtual local area network identifier list includes a corresponding default virtual local area network identifier. In general, the virtual LAN attribute of the physical port is set to t runk port or hybrid id port. Of course, it can also be acc ss port. The virtual LAN attribute of the queue is set to acce ss port. Of course, it can also be t runk port or hybrid id port. , there is no limit here.
可选的, 如图 14所示, 所述网络设备还包括接收单元 1 35 , 用于 从管理设备接收预先设置的与所述端口标识对应的配置信息。  Optionally, as shown in FIG. 14, the network device further includes a receiving unit 1 35, configured to receive, from the management device, preset configuration information corresponding to the port identifier.
所述端口标识对应的配置信息是通过在具有管理功能的管理设备 上预先设置的, 并发送给所述物理网卡, 其中可以发送一次并支持对 接收报文的处理方法, 也可以是在需要修改所述配置信息时, 将更新 后的所述配置信息发送给所述网络设备, 在这里不做限定具体是什么 时候所述网络设备接收所述配置信息。 例如, 通过虚拟机管理器配置 上下联口的配置信息, 并发送给所述物理网卡。 其中, 所述虚拟机管 理器与所述物理网卡连接, 用于对所述物理网卡进行设置和管理。  The configuration information corresponding to the port identifier is preset by the management device having the management function, and is sent to the physical network card, where the method can be sent once and supports the processing method of receiving the message, or can be modified. When the configuration information is sent, the updated configuration information is sent to the network device, and is not limited herein. Specifically, the network device receives the configuration information. For example, the configuration information of the upper and lower interfaces is configured by the virtual machine manager and sent to the physical network card. The virtual machine manager is connected to the physical network card, and configured to set and manage the physical network card.
可选的, 如图 15所示, 所述第一处理单元 1 33包括:  Optionally, as shown in FIG. 15, the first processing unit 1 33 includes:
第一判断模块 151 , 用于判断所述报文是否携带虚拟局域网标识; 第一处理模块 152 , 用于当所述第一判断模块判断所述报文没有 携带虚拟局域网标识时, 将所述端口对应的缺省虚拟局域网标识确定 为所述目标虚拟局域网标识, 所述缺省虚拟局域网标识在所述指定虚 拟局域网标识中;  The first determining module 151 is configured to determine whether the packet carries a virtual local area network identifier. The first processing module 152 is configured to: when the first determining module determines that the packet does not carry a virtual local area network identifier, the port is Corresponding default virtual local area network identifier is determined as the target virtual local area network identifier, and the default virtual local area network identifier is in the designated virtual local area network identifier;
对于获取的没有携带虚拟局域网标签的报文头包括目的地址 ( DMAC ) 、 源地址 (SMAC ) 、 报文类型 (E ther-Type ) , 且在报文类 型中没有携带 8100 的标识, 8100 标识表示所述报文携带虚拟局域网 标签。  The packet header that does not carry the virtual local area network label includes the destination address (DMAC), the source address (SMAC), and the packet type (E ther-Type), and the packet type does not carry the identifier of the 8100. The 8100 identifier indicates The message carries a virtual local area network label.
当获取的所述报文的报文头中包括携带 8100的报文类型时,表示 所述报文携带虚拟局域网标签, 则获取所述虚拟局域网标签中的虚拟 局 i或网标识。  When the packet header of the packet includes the packet type of the 8100, the packet carries the virtual local area network label, and the virtual office ID or the network identifier in the virtual local area network label is obtained.
第二判断模块 153 , 用于当所述第一判断模块判断所述报文携带 虚拟局域网标识时, 判断所述 4艮文中的虚拟局域网标识是否在所述指 定虚拟局域网标识中; The second determining module 153 is configured to: when the first determining module determines that the packet is carried When the virtual local area network identifier is used, it is determined whether the virtual local area network identifier in the four-dimensional text is in the specified virtual local area network identifier;
第二处理模块 154, 用于当所述第二判断模块判断所述报文中的 虚拟局域网标识在所述指定虚拟局域网标识中时, 将所述端口对应的 缺省虚拟局域网标识确定为所述目标虚拟局域网标识。  The second processing module 154 is configured to: when the second determining module determines that the virtual local area network identifier in the packet is in the specified virtual local area network identifier, determine a default virtual local area network identifier corresponding to the port as the Target virtual local area network identifier.
可选的, 如图 16所示, 当所述报文为待接收的报文时, 所述网络 设备还包括:  Optionally, as shown in FIG. 16, when the packet is a packet to be received, the network device further includes:
第二处理单元 161, 用于通过所述目标虚拟局域网接收所述报文, 并将所述目标虚拟局域网标识写入所述没有携带虚拟局域网标识的报 文中。  The second processing unit 161 is configured to receive the packet by using the target virtual local area network, and write the target virtual local area network identifier into the packet that does not carry the virtual local area network identifier.
即将缺省虚拟局域网标识写入所述报文中, 此时报文头中包括目 的地址、 源地址, 携带 8100 的报文类型, 优先级 (PRI ) 、 规范标志 位 (CFI ) 、 虚拟局域网标识, 其中目的地址和源地址均为 6个字节, 携带 8100 的报文类型为 2个字节, 优先级为 3bit (比特) , 规范标 志位为 lbit, 虚拟局 i或网标识为 12bit, 将缺省虚拟局 i或网标识写在 12bit 的虚拟局域网标识中。 然后所述物理网卡对修改后的报文进行 其他现有技术中的后续处理。  The default virtual local area network identifier is written into the packet. The packet header includes the destination address, the source address, the packet type of the 8100, the priority (PRI), the specification flag (CFI), and the virtual local area network identifier. The destination address and the source address are both 6 bytes. The packet type carrying 8100 is 2 bytes, the priority is 3 bits (bits), the specification flag is lbit, and the virtual office i or network identifier is 12 bits. The provincial virtual office i or network identifier is written in the 12-bit virtual local area network identifier. The physical network card then performs subsequent processing in the prior art on the modified message.
可选的, 如图 17所示, 当所述报文为待发送的报文时, 所述网络 设备还包括:  Optionally, as shown in FIG. 17, when the packet is a packet to be sent, the network device further includes:
第三处理单元 171, 用于当所述 4艮文携带的虚拟局域网标识与所 述端口对应的缺省虚拟局域网标识相同时, 删除所述 4艮文携带的虚拟 上述实施例中的网络设备 13不局限于虚拟化场景下的物理网卡, 可以是任何能够实现虚拟局域网划分和报文处理的网络设备。 另外本 发明实施例可以应用于 VEB ( Virtual Ethernet Bridge, 虚拟以太网 网桥) 和 VEPA ( Virtual Ethernet Port Aggregator , 虚拟以太网端 口聚合器) 标准中, 例如, 当所述物理服务器上的虚拟机 1要与虚拟 机 2进行通讯时, 虚拟机 1先将报文发送给所述物理网卡, 由所述物 理网卡将所述报文发送给虚拟机 2 , 即实现了 VEB功能; 对于 VEPA标 准, 当所述物理网卡接收到所述虚拟机 1发送的报文后, 所述物理网 卡将所述报文发送到与所述物理网卡连接的外部设备, 由外部设备处 理后, 返回给所述物理网卡, 然后所述物理网卡将处理后的报文发送 给虚拟机 2。 The third processing unit 171 is configured to delete, when the virtual local area network identifier carried by the fourth file is the same as the default virtual local area network identifier corresponding to the port, delete the virtualized network device 13 in the foregoing embodiment. It is not limited to a physical NIC in a virtualization scenario, and may be any network device capable of realizing virtual LAN division and packet processing. In addition, the embodiment of the present invention can be applied to a VEB (Virtual Ethernet Bridge) and VEPA (Virtual Ethernet Port Aggregator) standard, for example, when the virtual machine 1 on the physical server To be virtual When the machine 2 performs communication, the virtual machine 1 first sends a message to the physical network card, and the physical network card sends the message to the virtual machine 2, that is, the VEB function is implemented; for the VEPA standard, when the physical After receiving the packet sent by the virtual machine 1, the physical network card sends the packet to an external device connected to the physical network card, and is processed by the external device, and then returned to the physical network card, and then The physical network card sends the processed packet to the virtual machine 2.
所述网络设备 1 3的操作过程, 参见上述对报文的处理过程。  For the operation process of the network device 13, refer to the process of processing the packet.
本发明实施例实现了在网络虚拟化场景下使用直通模式进行虚拟 局域网划分, 提高了网络管理的安全性, 也筒化了虚拟机用户的配置, 同时在物理网卡下实现虚拟局域网加速, 提高了网络性能。 实施例 3  The embodiment of the invention realizes the virtual local area network division by using the through mode in the network virtualization scenario, improves the security of the network management, and also configures the configuration of the virtual machine user, and realizes the virtual local area network acceleration under the physical network card, thereby improving Network performance. Example 3
本发明实施例提供一种网络设备 1 8 , 如图 1 8 所示, 包括存储器 1 8 1和处理器 1 8 2。  The embodiment of the present invention provides a network device 1 8 , as shown in FIG. 18 , including a memory 1 8 1 and a processor 1 8 2 .
其中, 存储器 1 8 1 , 用于存储指令、 获取的报文以及端口标识对 应的配置信息;  The memory 1 8 1 is configured to store the instruction, the obtained packet, and the configuration information corresponding to the port identifier;
处理器 1 82 , 用于执行存储器 18 1 中的指令, 具体执行:  The processor 1 82 is configured to execute the instruction in the memory 18 1 , and specifically:
获取报文;  Obtain a message;
^:艮据获取所述 4艮文的端口对应的端口标识, 查找所述端口标识对 应的配置信息, 所述配置信息包括指定虚拟局域网标识, 所述指定虚 拟局域网标识为所述端口允许通过的虚拟局域网标识; ^: Gen data acquisition corresponding to the 4-port port identifier Gen packets, searching the port identifier corresponding to the configuration information, the configuration information includes a specified virtual local area network identifier, the designated virtual local area network identifier is allowed to pass through the port Virtual local area network identifier;
根据所述报文是否携带虚拟局域网标识, 从所述指定虚拟局域网 标识中确定目标虚拟局域网标识;  Determining a target virtual local area network identifier from the specified virtual local area network identifier according to whether the packet carries a virtual local area network identifier;
将所述 4艮文发送到所述目标虚拟局域网标识对应的目标虚拟局域 网。  Sending the message to the target virtual local area network corresponding to the target virtual local area network identifier.
本发明实施例提供的一种网络设备, 通过获取报文, 并根据获取 所述 4艮文的端口对应的端口标识, 查找所述端口标识对应的配置信息, 然后根据所述报文是否携带虚拟局域网标识, 从所述配置信息中的指 定虚拟局域网标识中确定目标虚拟局域网标识, 将所述 4艮文发送到所 述目标虚拟局域网标识对应的目标虚拟局域网。 本发明实施例解决了 现有技术中利用前后端模式进行虚拟局域网划分和报文处理时, 所有 报文都需要由虚拟机管理器中转, 网络性能不高的问题, 提高了安全 性和网络性能。 The network device provided by the embodiment of the present invention obtains the configuration information corresponding to the port identifier by acquiring the packet and obtaining the port identifier corresponding to the port corresponding to the port. Then, according to whether the packet carries the virtual local area network identifier, the target virtual local area network identifier is determined from the specified virtual local area network identifier in the configuration information, and the message is sent to the target virtual local area network corresponding to the target virtual local area network identifier. The embodiment of the present invention solves the problem that all the packets need to be transferred by the virtual machine manager and the network performance is not high when the virtual local area network is divided and the packet processing is performed by using the front-end mode in the prior art, and the security and network performance are improved. .
通过网络设备中的端口获取报文, 如图 2所示, 为所述网络设备 与物理服务器和外部设备的连接关系, 其中, 所述端口为上联口或下 联口, 所述上联口为网络设备与外部设备连接的物理端口, 所述下联 口为所述网络设备与物理服务器连接的队列, 所述报文为通过所述上 联口从所述外部设备接收, 并通过所述下联口向所述物理服务器待发 送的报文, 或者通过所述下联口从所述物理服务器接收, 并通过所述 上联口向所述外部设备待发送的报文。  Obtaining a packet through a port in the network device, as shown in FIG. 2, the connection relationship between the network device and the physical server and the external device, where the port is an uplink port or a downlink port, and the uplink port is a physical port that is connected to the external device by the network device, the lower link is a queue that is connected to the physical device by the network device, and the packet is received from the external device through the uplink port, and passes through the lower interface A packet to be sent to the physical server, or a packet to be sent from the physical server through the uplink port and sent to the external device by the uplink port.
对于所有进网络设备的报文, 包括从上联口 (物理端口 ) 进网络 设备和从下联口 (队列) 进网络设备, 都可以看成从对端设备向所述 网络设备发来的报文;对于所有出网络设备的报文, 包括从上联口(物 理端口 ) 出网络设备和从下联口 (队列) 出网络设备, 都可以看成从 网络设备向对端设备发送 4艮文。  For all the packets entering the network device, including the network device from the uplink port (physical port) and the network device from the downlink port (queue), it can be regarded as the packet sent from the peer device to the network device. For all outgoing network devices, including the network device from the uplink port (physical port) and the network device from the downlink port (queue), it can be regarded as sending 4 messages from the network device to the peer device.
所述外部设备为交换机、 路由器或者另一个物理网卡。  The external device is a switch, a router, or another physical network card.
所述配置信息可以以列表的形式进行设置, 例如, 在所述列表中 包括端口标识, 以及所述端口标识对应的配置信息, 包括指定虚拟局 域网标识, 所述指定虚拟局域网标识包括缺省虚拟局域网标识, 以及 允许通过的虚拟局域网标识列表。  The configuration information may be configured in the form of a list, for example, including a port identifier in the list, and configuration information corresponding to the port identifier, including a specified virtual local area network identifier, where the specified virtual local area network identifier includes a default virtual local area network. Identification, and a list of virtual local area network IDs that are allowed to pass.
另外, 所述配置信息中还包括虚拟局域网属性, 根据 IEEE802. 1Q 标准中关于虚拟局域网帧的定义, 虚拟局域网属性分为三类: acce s s 端口、 t runk端口和 hybr i d端口, 则在所述配置信息中包括的所述虚 拟局域网属性为 acce s s 端口、 t runk端口或者 hybr i d端口中的任一 种。 其中, acce s s端口只能属于 1个虚拟局域网, 一般用于交换机与 终端用户之间的连接; t runk 端口可以属于多个虚拟局域网, 可以接 收和发送多个虚拟局域网的报文,一般用于交换机之间的连接; hybr i d 端口可以属于多个虚拟局域网, 可以接收和发送多个虚拟局域网的 艮 文, 一般用于交换机之间的连接, 也可以用于连接用户的计算机, 而 且 hybr i d 端口可以允许多个虚拟局域网的 4艮文发送时不携带虚拟局 域网标签。 In addition, the configuration information further includes a virtual local area network attribute. According to the definition of the virtual local area network frame in the IEEE802.1Q standard, the virtual local area network attributes are classified into three categories: an acce ss port, a t runk port, and a hybrid id port. The virtual local area network attribute included in the configuration information is any one of an acce ss port, a t runk port, or a hybrid id port. Kind. The acce ss port can only belong to one virtual local area network, and is generally used for the connection between the switch and the end user. The t runk port can belong to multiple virtual local area networks, and can receive and send multiple virtual local area network (LAN) packets, which are generally used for The connection between the switches; the hybr id port can belong to multiple virtual local area networks, can receive and send multiple virtual local area network messages, generally used for connection between switches, can also be used to connect users' computers, and hybrid id ports It is possible to allow multiple virtual local area networks to transmit without carrying a virtual local area network label.
当确定所述目标虚拟局域网标识之后, 将所述报文发送到所述目 标虚拟局域网标识对应的目标虚拟局域网, 由所述目标虚拟局域网将 所述报文进行转发。  After the target virtual local area network identifier is determined, the packet is sent to the target virtual local area network corresponding to the target virtual local area network identifier, and the packet is forwarded by the target virtual local area network.
其中, 端口标识为预先为物理网卡的每个端口设置的标识, 缺省 虚拟局域网标识的范围为 0-4095 , 可以根据该范围设置所述端口对应 的缺省虚拟局域网标识, 例如, 所述物理网卡的物理端口有 4 个, 可 以依次对 4个物理端口设置对应的端口标识为 0、 1、 1、 3 , 缺省虚拟 局域网标识为 0、 1、 2、 3。  The port identifier is an identifier that is set for each port of the physical NIC in advance. The default virtual local area network identifier ranges from 0 to 4095. The default virtual local area network identifier corresponding to the port can be set according to the range, for example, the physical There are four physical ports on the NIC. You can set the corresponding port IDs to 0, 1, 1, and 3 for the four physical ports in sequence. The default virtual LAN IDs are 0, 1, 2, and 3.
在所述配置信息中, 虚拟局域网属性不同, 对应的允许通过的虚 拟局域网标识列表和允许通过的不携带虚拟局域网标签的报文的虚拟 局 i或网标识列表也不相同。 当虚拟局 i或网属性为 acce s s端口时, 对应 的允许通过的虚拟局域网标识列表和允许通过的不携带虚拟局域网标 签的报文的虚拟局域网标识列表均为空; 当虚拟局域网属性为 t runk 端口时, 对应的允许通过的虚拟局域网标识列表有效, 所述端口在接 收和发送报文时, 允许携带所述虚拟局域网标识列表中的虚拟局域网 标识报文通过, 而允许通过的不携带虚拟局域网标签的报文的虚拟局 域网标识列表为空; 当虚拟局域网属性为 hybr i d端口时, 对应的允许 通过的虚拟局域网标识列表和允许通过的不携带虚拟局域网标签的报 文的虚拟局域网标识列表均有效, 所述端口在接收和发送报文时, 允 许携带所述虚拟局域网标识列表中的虚拟局域网标识 4艮文通过, 而所 述端口在发送 4艮文时, 只有所述 4艮文中携带的虚拟局域网标识在所述 允许通过的虚拟局域网标识列表, 且不在所述允许通过的不携带虚拟 局域网标签的报文的虚拟局域网标识列表中时, 所述报文才能携带虚 拟局域网标签进行发送。 另外, 当所述虚拟局域网属性为 t runk端口 或者 hybr i d端口时,对应的允许通过的虚拟局域网标识列表中均包括 对应的缺省虚拟局域网标识。 In the configuration information, the virtual local area network attributes are different, and the corresponding virtual local area network identifier list that is allowed to pass and the virtual office i or network identification list that allows the passed packets that do not carry the virtual local area network label are also different. When the virtual office i or network attribute is an acce ss port, the corresponding allowed virtual local area network identifier list and the allowed virtual local area network identifier list of the packets that do not carry the virtual local area network label are empty; when the virtual local area network attribute is t runk In the case of a port, the corresponding virtual local area network identifier list is allowed to pass, and the port is allowed to carry the virtual local area network identification message in the virtual local area network identifier list when the port receives and sends the message, and the allowed non-carrying virtual local area network is allowed to pass. The virtual local area network identifier list of the packet is empty. When the virtual local area network attribute is a hybrid id port, the corresponding allowed virtual local area network identifier list and the allowed virtual local area network identifier list of the packets that do not carry the virtual local area network label are valid. When the port receives and sends a message, the port is allowed to carry the virtual local area network identifier in the virtual local area network identifier list, and the When the port is configured to send a message, only the virtual local area network identifier carried in the message is in the allowed virtual local area network identifier list, and is not in the virtual local area network identifier of the packet that does not carry the virtual local area network label. In the list, the packet can carry the virtual local area network label for sending. In addition, when the virtual local area network attribute is a t runk port or a hy id port, the corresponding allowed virtual local area network identifier list includes a corresponding default virtual local area network identifier.
一般情况下, 物理端口的虚拟局域网属性设置为 t runk端口或者 hybr i d 端口, 当然也可以是 acce s s 端口, 队列的虚拟局域网属性设 置为 acce s s端口, 当然也可以是 t runk端口或者 hybr i d端口, 在这 里不做限定。  In general, the virtual LAN attribute of the physical port is set to t runk port or hybrid id port. Of course, it can also be acc ss port. The virtual LAN attribute of the queue is set to acce ss port. Of course, it can also be t runk port or hybrid id port. , there is no limit here.
可选的, 在所述获取报文之前, 所述处理器 182 , 还用于执行: 从管理设备接收预先设置的与所述端口标识对应的配置信息。 所述端口标识对应的配置信息是通过在具有管理功能的管理设备 上预先设置的, 并发送给所述物理网卡, 其中可以发送一次并支持对 接收报文的处理方法, 也可以是在需要修改所述配置信息时, 将更新 后的所述配置信息发送给所述网络设备, 在这里不做限定具体是什么 时候所述网络设备接收所述配置信息。 例如, 通过虚拟机管理器配置 上下联口的配置信息, 并发送给所述物理网卡。 其中, 所述虚拟机管 理器与所述物理网卡连接, 用于对所述物理网卡进行设置和管理。  Optionally, before the obtaining the packet, the processor 182 is further configured to: receive, from the management device, preset configuration information corresponding to the port identifier. The configuration information corresponding to the port identifier is preset by the management device having the management function, and is sent to the physical network card, where the method can be sent once and supports the processing method of receiving the message, or can be modified. When the configuration information is sent, the updated configuration information is sent to the network device, and is not limited herein. Specifically, the network device receives the configuration information. For example, the configuration information of the upper and lower interfaces is configured by the virtual machine manager and sent to the physical network card. The virtual machine manager is connected to the physical network card, and configured to set and manage the physical network card.
可选的, 所述处理器 182 , 还用于执行:  Optionally, the processor 182 is further configured to:
判断所述报文是否携带虚拟局域网标识;  Determining whether the packet carries a virtual local area network identifier;
当所述报文没有携带虚拟局域网标识时, 将所述端口对应的缺省 虚拟局域网标识确定为所述目标虚拟局域网标识, 所述缺省虚拟局域 网标识在所述指定虚拟局域网标识中。  When the packet does not carry the virtual local area network identifier, the default virtual local area network identifier corresponding to the port is determined as the target virtual local area network identifier, and the default virtual local area network identifier is in the specified virtual local area network identifier.
对于获取的没有携带虚拟局域网标签的报文头包括目的地址 ( DMAC ) 、 源地址 (SMAC ) 、 报文类型 (E ther-Type ) , 且在报文类 型中没有携带 8100 的标识, 8100 标识表示所述报文携带虚拟局域网 标签。 当获取的所述报文的报文头中包括携带 8100的报文类型时, 表 示所述报文携带虚拟局域网标签, 则获取所述虚拟局域网标签中的虚 拟局 i或网标识。 The packet header that does not carry the virtual local area network label includes the destination address (DMAC), the source address (SMAC), and the packet type (E ther-Type), and the packet type does not carry the identifier of the 8100. The 8100 identifier indicates The message carries a virtual local area network Label. When the packet header of the received packet includes the packet type of the 8100, the packet carries the virtual local area network label, and the virtual office i or the network identifier in the virtual local area network label is obtained.
当所述报文携带虚拟局域网标识时, 判断所述报文中的虚拟局域 网标识是否在所述指定虚拟局域网标识中;  When the packet carries the virtual local area network identifier, it is determined whether the virtual local area network identifier in the packet is in the specified virtual local area network identifier;
当所述 4艮文中的虚拟局域网标识在所述指定虚拟局域网标识中 时, 将所述端口对应的缺省虚拟局域网标识确定为所述目标虚拟局域 网标识。  When the virtual local area network identifier in the specified virtual local area network identifier is in the specified virtual local area network identifier, the default virtual local area network identifier corresponding to the port is determined as the target virtual local area network identifier.
另外, 当所述报文中的虚拟局域网标识不在所述指定虚拟局域网 标识中时, 则丟弃所述 4艮文。  In addition, when the virtual local area network identifier in the packet is not in the specified virtual local area network identifier, the message is discarded.
可选的, 当所述报文为待接收的报文时, 所述处理器 182, 还用 于执行:  Optionally, when the packet is a packet to be received, the processor 182 is further configured to:
通过所述目标虚拟局域网接收所述报文, 并将所述目标虚拟局域 网标识写入所述没有携带虚拟局域网标识的报文中。  The packet is received by the target virtual local area network, and the target virtual local area network identifier is written into the packet that does not carry the virtual local area network identifier.
即将缺省虚拟局域网标识写入所述报文中, 此时报文头中包括目 的地址、 源地址, 携带 8100 的报文类型, 优先级 (PRI ) 、 规范标志 位 (CFI) 、 虚拟局域网标识, 其中目的地址和源地址均为 6个字节, 携带 8100 的报文类型为 2个字节, 优先级为 3bit (比特) , 规范标 志位为 lbit, 虚拟局 i或网标识为 12bit, 将缺省虚拟局 i或网标识写在 12bit 的虚拟局域网标识中。 然后所述物理网卡对修改后的报文进行 其他现有技术中的后续处理。  The default virtual local area network identifier is written into the packet. The packet header includes the destination address, the source address, the packet type of the 8100, the priority (PRI), the specification flag (CFI), and the virtual local area network identifier. The destination address and the source address are both 6 bytes. The packet type carrying 8100 is 2 bytes, the priority is 3 bits (bits), the specification flag is lbit, and the virtual office i or network identifier is 12 bits. The provincial virtual office i or network identifier is written in the 12-bit virtual local area network identifier. The physical network card then performs subsequent processing in the prior art on the modified message.
可选的, 当所述报文为待发送的报文时, 所述处理器 182, 还用 于执行:  Optionally, when the packet is a packet to be sent, the processor 182 is further configured to:
当所述报文携带的虚拟局域网标识与所述端口对应的缺省虚拟局 域网标识相同时, 删除所述 4艮文携带的虚拟局域网标签, 所述虚拟局 另外, 所述端口属性为 trunk端口时, 所述处理器还用于执行: 当所述虚拟局域网标识与所述端口标识对应的缺省虚拟局域网标 所述端口标识对应的允许通过的虚拟局域网标识列表中; When the virtual local area network identifier carried by the packet is the same as the default virtual local area network identifier corresponding to the port, the virtual local area network label carried in the fourth file is deleted, and the virtual office additionally uses the port attribute as a trunk port. The processor is further configured to execute: When the virtual local area network identifier is in the virtual local area network identifier list corresponding to the port identifier of the default virtual local area network corresponding to the port identifier;
当所述虚拟局域网标识在所述列表中时, 所述物理网卡将所述端 口对应的缺省虚拟局域网标识确定为所述目标虚拟局域网标识。  When the virtual local area network identifier is in the list, the physical network card determines the default virtual local area network identifier corresponding to the port as the target virtual local area network identifier.
当所述虚拟局域网标识不在所述列表中时, 丟弃所述报文。  When the virtual local area network identifier is not in the list, the message is discarded.
而当所述端口属性为 hybrid端口,且所述虚拟局域网标识在所述 端口标识对应的允许通过的虚拟局域网标识列表中时, 根据允许通过 述处理器还会执行:  When the port attribute is a hybrid port, and the virtual local area network identifier is in the list of allowed virtual network identifiers corresponding to the port identifier, the processor is further executed according to the permission:
判断所述 4艮文中的虚拟局域网标识是否在所述端口标识对应的允 许通过的不携带虚拟局域网标签的报文的虚拟局域网标识列表中; 当所述虚拟局域网标识在所述端口标识对应的允许通过的不携带 虚拟局域网标签的报文的虚拟局域网标识列表中时, 删除所述报文中 当所述虚拟局域网标识不在所述端口标识对应的允许通过的不携 带虚拟局域网标签的报文的虚拟局域网标识列表中时, 将携带所述虚 上述实施例中的网络设备 18 并不局限于虚拟化场景下的物理网 明实施例可以应用于 VEB ( Virtual Ethernet Bridge, 虚拟以太网网 桥) 和 VEPA ( Virtual Ethernet Port Aggregator , 虚拟以太网端口 聚合器) 标准中, 例如, 当所述物理服务器上的虚拟机 1要与虚拟机 2 进行通讯时, 虚拟机 1 先将报文发送给所述物理网卡, 由所述物理 网卡将所述报文发送给虚拟机 2, 即实现了 VEB功能;对于 VEPA标准, 当所述物理网卡接收到所述虚拟机 1 发送的报文后, 所述物理网卡将 所述报文发送到与所述物理网卡连接的外部设备, 由外部设备处理后, 机 2。 Determining whether the virtual local area network identifier in the four-dimensional text is in the virtual local area network identifier list of the packet that does not carry the virtual local area network label corresponding to the port identifier; when the virtual local area network identifier is corresponding to the port identifier When the virtual local area network identifier list of the packet that does not carry the virtual local area network label is passed, the virtual medium area network identifier that is not in the port identifier is allowed to be virtualized. In the case of the local area network identification list, the network device 18 in the above embodiment is not limited to the physical network in the virtualization scenario. The embodiment can be applied to VEB (Virtual Ethernet Bridge) and VEPA. (Virtual Ethernet Port Aggregator) In the standard, for example, when the virtual machine 1 on the physical server is to communicate with the virtual machine 2, the virtual machine 1 first sends a message to the physical network card. Sending, by the physical network card, the packet to the virtual machine 2, that is, implementing the VEB function; For the VEPA standard, after the physical network card receives the packet sent by the virtual machine 1, the physical network card sends the packet to an external device connected to the physical network card, and is processed by the external device. Machine 2.
所述网络设备 1 8的操作过程, 参见上述报文的处理过程。  For the operation process of the network device 18, refer to the processing procedure of the foregoing packet.
本发明实施例实现了在网络虚拟化场景下使用直通模式进行虚拟 局域网划分, 提高了网络管理的安全性, 也筒化了虚拟机用户的配置, 同时在物理网卡下实现虚拟局域网加速, 提高了网络性能。  The embodiment of the invention realizes the virtual local area network division by using the through mode in the network virtualization scenario, improves the security of the network management, and also configures the configuration of the virtual machine user, and realizes the virtual local area network acceleration under the physical network card, thereby improving Network performance.
所属领域的技术人员可以清楚地了解到, 为描述的方便和筒洁, 仅以上述各功能模块的划分进行举例说明, 实际应用中, 可以根据需 要而将上述功能分配由不同的功能模块完成, 即将装置的内部结构划 分成不同的功能模块, 以完成以上描述的全部或者部分功能。 上述描 述的系统, 装置和单元的具体工作过程, 可以参考前述方法实施例中 的对应过程, 在此不再赘述。  It can be clearly understood by those skilled in the art that for the convenience and cleanness of the description, only the division of each functional module described above is exemplified. In practical applications, the above function assignment can be completed by different functional modules as needed. The internal structure of the device is divided into different functional modules to perform all or part of the functions described above. For the specific working process of the system, the device and the unit described above, reference may be made to the corresponding process in the foregoing method embodiment, and details are not described herein again.
在本申请所提供的几个实施例中, 应该理解到, 所揭露的系统, 装置和方法, 可以通过其它的方式实现。 例如, 以上所描述的装置实 施例仅仅是示意性的, 例如, 所述模块或单元的划分, 仅仅为一种逻 辑功能划分, 实际实现时可以有另外的划分方式, 例如多个单元或组 件可以结合或者可以集成到另一个系统, 或一些特征可以忽略, 或不 执行。 另一点, 所显示或讨论的相互之间的耦合或直接耦合或通信连 接可以是通过一些接口, 装置或单元的间接耦合或通信连接, 可以是 电性, 机械或其它的形式。 的, 作为单元显示的部件可以是或者也可以不是物理单元, 即可以位 于一个地方, 或者也可以分布到多个网络单元上。 可以根据实际的需 要选择其中的部分或者全部单元来实现本实施例方案的目的。  In the several embodiments provided by the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be used. Combined or can be integrated into another system, or some features can be ignored, or not executed. In addition, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical, mechanical or otherwise. The components displayed as the unit may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. The purpose of the embodiment of the present embodiment can be achieved by selecting some or all of the units according to actual needs.
另外, 在本发明各个实施例中的各功能单元可以集成在一个处理 单元中, 也可以是各个单元单独物理存在, 也可以两个或两个以上单 元集成在一个单元中。 上述集成的单元既可以采用硬件的形式实现, 也可以采用软件功能单元的形式实现。 In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware. It can also be implemented in the form of a software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产 品销售或使用时, 可以存储在一个计算机可读取存储介质中。 基于这 样的理解, 本发明的技术方案本质上或者说对现有技术做出贡献的部 分或者该技术方案的全部或部分可以以软件产品的形式体现出来, 该 计算机软件产品存储在一个存储介质中, 包括若干指令用以使得一台 计算机设备 (可以是个人计算机, 服务器, 或者网络设备等) 或处理 器 (pr oce s s or ) 执行本发明各个实施例所述方法的全部或部分步骤。 而前述的存储介质包括: U盘、移动硬盘、只读存储器( ROM , Read-On l y Memory ) 、 随机存取存储器 (RAM , Random Acce s s Memory ) 、 磁碟或 者光盘等各种可以存储程序代码的介质。  The integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may contribute to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium. The instructions include a plurality of instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (pr o ss or ) to perform all or part of the steps of the methods of the various embodiments of the present invention. The foregoing storage medium includes: a USB flash drive, a mobile hard disk, a read-only memory (ROM, Read-Only Memory), a random access memory (RAM, Random Acce ss Memory), a magnetic disk or an optical disk, and the like, which can store program codes. Medium.
以上所述, 仅为本发明的具体实施方式, 但本发明的保护范围并 不局限于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范 围内, 可轻易想到变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范围应以所述权利要求的保护范围为准。  The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the appended claims.

Claims

权利 要 求 Rights request
1、 一种报文的处理方法, 其特征在于, 包括: 1. A message processing method, characterized by including:
获取报文; Get messages;
^:艮据获取所述 4艮文的端口对应的端口标识, 查找所述端口标识对 应的配置信息, 所述配置信息包括指定虚拟局域网标识, 所述指定虚 拟局域网标识为所述端口允许通过的虚拟局域网标识; ^ : According to obtaining the port identifier corresponding to the port of the file, searching for the configuration information corresponding to the port identifier, the configuration information includes a designated virtual LAN identifier, and the designated virtual LAN identifier is the port that is allowed to pass through. VLAN ID;
根据所述报文是否携带虚拟局域网标识, 从所述指定虚拟局域网 标识中确定目标虚拟局域网标识; According to whether the message carries a virtual LAN identifier, determine the target virtual LAN identifier from the specified virtual LAN identifier;
将所述 4艮文发送到所述目标虚拟局域网标识对应的目标虚拟局域 网。 The message is sent to the target virtual local area network corresponding to the target virtual local area network identification.
2、 根据权利要求 1所述的方法, 其特征在于, 在所述获取报文之 前, 所述方法还包括: 2. The method according to claim 1, characterized in that, before obtaining the message, the method further includes:
从管理设备接收预先设置的与所述端口标识对应的配置信息。 Receive preset configuration information corresponding to the port identifier from the management device.
3、 根据权利要求 1所述的方法, 其特征在于, 所述端口为网络设 备的上联口或下联口, 所述网络设备安装在物理服务器上, 且所述物 理服务器通过所述网络设备与外部设备连接, 所述上联口为所述网络 设备与所述外部设备连接的物理端口, 所述下联口为所述网络设备与 所述物理服务器连接的队列, 其中所述外部设备为交换机、 路由器或 者另一个物理网卡。 3. The method according to claim 1, characterized in that, the port is an uplink port or a downlink port of a network device, the network device is installed on a physical server, and the physical server communicates with the network device through the network device. External device connection, the uplink port is a physical port connecting the network device and the external device, the downlink port is a queue connecting the network device and the physical server, wherein the external device is a switch, Router or another physical network card.
4、 根据权利要求 3所述的方法, 其特征在于, 所述网络设备为虚 拟化场景下的物理网卡, 所述物理网卡与所述物理服务器上的虚拟机 连接。 4. The method according to claim 3, wherein the network device is a physical network card in a virtualization scenario, and the physical network card is connected to a virtual machine on the physical server.
5、 根据权利要求 1 -4任一项所述的方法, 其特征在于, 所述根据 所述报文是否携带虚拟局域网标识, 从所述指定虚拟局域网标识中确 定目标虚拟局域网标识包括: 判断所述报文是否携带虚拟局域网标识; 5. The method according to any one of claims 1 to 4, characterized in that, according to whether the message carries a virtual LAN identifier, determining the target virtual LAN identifier from the specified virtual LAN identifier includes: Determine whether the message carries a virtual LAN identifier;
当所述报文没有携带虚拟局域网标识时, 将所述端口对应的缺省 虚拟局域网标识确定为所述目标虚拟局域网标识, 所述缺省虚拟局域 网标识在所述指定虚拟局域网标识中; When the message does not carry a virtual LAN identifier, determine the default virtual LAN identifier corresponding to the port as the target virtual LAN identifier, and the default virtual LAN identifier is in the specified virtual LAN identifier;
当所述报文携带虚拟局域网标识时, 判断所述报文中的虚拟局域 网标识是否在所述指定虚拟局域网标识中; When the message carries a virtual LAN identifier, determine whether the virtual LAN identifier in the message is among the specified virtual LAN identifiers;
当所述 4艮文中的虚拟局域网标识在所述指定虚拟局域网标识中 时, 将所述端口对应的缺省虚拟局域网标识确定为所述目标虚拟局域 网标识。 When the virtual LAN identifier in the text is in the specified virtual LAN identifier, the default virtual LAN identifier corresponding to the port is determined as the target virtual LAN identifier.
6、 根据权利要求 5所述的方法, 其特征在于, 当所述报文为待接 收的 4艮文时, 所述将所述 4艮文发送到所述目标虚拟局域网标识对应的 目标虚拟局域网之后, 所述方法还包括: 6. The method according to claim 5, characterized in that, when the message is a message to be received, the message is sent to the target virtual LAN corresponding to the target virtual LAN identifier. Afterwards, the method further includes:
通过所述目标虚拟局域网接收所述报文, 并将所述目标虚拟局域 网标识写入所述没有携带虚拟局域网标识的报文中。 The message is received through the target virtual local area network, and the target virtual local area network identifier is written into the message that does not carry the virtual local area network identifier.
7、 根据权利要求 5所述的方法, 其特征在于, 当所述报文为待发 送的 4艮文时, 所述将所述 4艮文发送到所述目标虚拟局域网标识对应的 目标虚拟局域网之前, 所述方法还包括: 7. The method according to claim 5, wherein when the message is a message to be sent, the message is sent to the target virtual LAN corresponding to the target virtual LAN identifier. Previously, the method also included:
当所述报文携带的虚拟局域网标识与所述端口对应的缺省虚拟局 域网标识相同时, 删除所述 4艮文携带的虚拟局域网标签, 所述虚拟局 When the virtual LAN identifier carried in the message is the same as the default virtual LAN identifier corresponding to the port, the virtual LAN label carried in the message is deleted, and the virtual LAN label is
8、 一种网络设备, 其特征在于, 包括: 8. A network device, characterized by including:
获取单元, 用于获取报文; Acquisition unit, used to obtain messages;
查找单元, 用于根据所述获取单元获取的所述报文的端口对应的 端口标识, 查找所述端口标识对应的配置信息, 所述配置信息包括指 定虚拟局域网标识, 所述指定虚拟局域网标识为所述端口允许通过的 虚拟局域网标识; 第一处理单元, 用于根据所述报文是否携带虚拟局域网标识, 从 所述查找单元查找到的所述指定虚拟局域网标识中确定目标虚拟局域 网标识; A search unit configured to search for configuration information corresponding to the port identifier according to the port identifier corresponding to the port of the message obtained by the acquisition unit, where the configuration information includes a designated virtual LAN identifier, and the designated virtual LAN identifier is The identification of the virtual LAN allowed to pass through the port; The first processing unit is configured to determine the target virtual LAN identifier from the designated virtual LAN identifier found by the search unit according to whether the message carries a virtual LAN identifier;
发送单元, 用于将所述报文发送到所述处理单元确定的所述目标 虚拟局 i或网标识对应的目标虚拟局 i或网。 A sending unit, configured to send the message to the target virtual office i or network corresponding to the target virtual office i or network identification determined by the processing unit.
9、 根据权利要求 8所述的网络设备, 其特征在于, 所述网络设备 还包括: 9. The network device according to claim 8, characterized in that, the network device further includes:
接收单元, 用于从管理设备接收预先设置的与所述端口标识对应 的配置信息。 A receiving unit, configured to receive preset configuration information corresponding to the port identification from the management device.
10、 根据权利要求 8 所述的网络设备, 其特征在于, 所述网络设 备的端口为上联口或下联口, 所述网络设备安装在物理服务器上, 且 所述物理服务器通过所述网络设备与外部设备连接, 所述上联口为所 述网络设备与所述外部设备连接的物理端口, 所述下联口为所述网络 设备与所述物理服务器连接的队列, 其中所述外部设备为交换机、 路 由器或者另一个物理网卡。 10. The network device according to claim 8, wherein the port of the network device is an uplink port or a downlink port, the network device is installed on a physical server, and the physical server passes through the network device Connected to external devices, the uplink port is a physical port connecting the network device to the external device, the downlink port is a queue connecting the network device to the physical server, where the external device is a switch , router, or another physical network card.
11、 根据权利要求 10所述的网络设备, 其特征在于, 所述网络设 备为虚拟化场景下的物理网卡。 11. The network device according to claim 10, characterized in that the network device is a physical network card in a virtualization scenario.
12、 根据权利要求 8-11任一项所述的网络设备, 其特征在于, 所 述第一处理单元包括: 12. The network device according to any one of claims 8-11, characterized in that the first processing unit includes:
第一判断模块, 用于判断所述报文是否携带虚拟局域网标识; 第一处理模块, 用于当所述第一判断模块判断所述报文没有携带 虚拟局域网标识时, 将所述端口对应的缺省虚拟局域网标识确定为所 述目标虚拟局域网标识, 所述缺省虚拟局域网标识在所述指定虚拟局 域网标识中; The first judgment module is used to judge whether the message carries the virtual LAN identifier; the first processing module is used to change the port corresponding to the port when the first judgment module judges that the message does not carry the virtual LAN identifier. The default virtual local area network identifier is determined to be the target virtual local area network identifier, and the default virtual local area network identifier is in the specified virtual local area network identifier;
第二判断模块, 用于当所述第一判断模块判断所述报文携带虚拟 局域网标识时, 判断所述报文中的虚拟局域网标识是否在所述指定虚 拟局域网标识中; 第二处理模块, 用于当所述第二判断模块判断所述报文中的虚拟 局域网标识在所述指定虚拟局域网标识中时, 将所述端口对应的缺省 虚拟局域网标识确定为所述目标虚拟局域网标识。 A second determination module, configured to determine whether the virtual LAN identifier in the message is among the designated virtual LAN identifiers when the first determination module determines that the message carries a virtual LAN identifier; The second processing module is configured to determine the default virtual LAN identifier corresponding to the port as the target when the second judgment module determines that the virtual LAN identifier in the message is among the specified virtual LAN identifiers. VLAN ID.
1 3、 根据权利要求 1 2所述的网络设备, 其特征在于, 当所述报文 为待接收的报文时, 所述网络设备还包括: 13. The network device according to claim 12, characterized in that, when the message is a message to be received, the network device further includes:
第二处理单元, 用于通过所述目标虚拟局域网接收所述报文, 并 将所述目标虚拟局域网标识写入所述没有携带虚拟局域网标识的报文 中。 The second processing unit is configured to receive the message through the target virtual LAN, and write the target virtual LAN identifier into the message that does not carry the virtual LAN identifier.
14、 根据权利要求 1 2所述的网络设备, 其特征在于, 当所述报文 为待发送的报文时, 所述网络设备还包括: 14. The network device according to claim 12, characterized in that when the message is a message to be sent, the network device further includes:
第三处理单元, 用于当所述报文携带的虚拟局域网标识与所述端 口对应的缺省虚拟局域网标识相同时, 删除所述 4艮文携带的虚拟局域 A third processing unit configured to delete the virtual LAN identifier carried in the message when the virtual LAN identifier carried in the message is the same as the default virtual LAN identifier corresponding to the port.
PCT/CN2013/079571 2012-12-20 2013-07-18 Message processing method and device WO2014094420A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210556852.X 2012-12-20
CN201210556852.XA CN103051529B (en) 2012-12-20 2012-12-20 A kind of processing method of message and device

Publications (1)

Publication Number Publication Date
WO2014094420A1 true WO2014094420A1 (en) 2014-06-26

Family

ID=48064034

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/079571 WO2014094420A1 (en) 2012-12-20 2013-07-18 Message processing method and device

Country Status (2)

Country Link
CN (1) CN103051529B (en)
WO (1) WO2014094420A1 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103051529B (en) * 2012-12-20 2016-03-30 华为技术有限公司 A kind of processing method of message and device
CN104683428B (en) 2013-11-26 2019-02-19 华为技术有限公司 Network service processing method and device
CN105227499B (en) * 2014-07-03 2019-01-18 新华三技术有限公司 Virtual edge port aggregator control method and VEPA controller
CN106712988B (en) * 2015-08-25 2019-11-12 新华三技术有限公司 A kind of virtual network management method and device
CN107278362B (en) * 2016-11-09 2019-04-05 华为技术有限公司 The method of Message processing, host and system in cloud computing system
CN112217746A (en) 2016-11-09 2021-01-12 华为技术有限公司 Method, host and system for processing message in cloud computing system
CN107483538B (en) * 2017-07-06 2021-01-01 聚好看科技股份有限公司 Method and device for processing access request packet on node of micro-service cluster
CN109462535A (en) * 2018-10-23 2019-03-12 新华三技术有限公司合肥分公司 A kind of message processing method and device
CN113285877A (en) * 2020-02-20 2021-08-20 华为技术有限公司 Message forwarding control method and related device
CN114268519A (en) * 2021-12-27 2022-04-01 成都康特软件科技开发有限公司 Network communication system, data transmission method, and readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119276A (en) * 2007-08-22 2008-02-06 杭州华三通信技术有限公司 Method and apparatus for implementing VLAN downlink user isolation
US20100232412A1 (en) * 1999-05-13 2010-09-16 Broadcom Corporation Mobile virtual lan
CN101917298A (en) * 2010-09-02 2010-12-15 杭州华三通信技术有限公司 VLAN-based loop monitoring method and equipment
CN103051529A (en) * 2012-12-20 2013-04-17 华为技术有限公司 Method and device for processing messages

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8670450B2 (en) * 2011-05-13 2014-03-11 International Business Machines Corporation Efficient software-based private VLAN solution for distributed virtual switches

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100232412A1 (en) * 1999-05-13 2010-09-16 Broadcom Corporation Mobile virtual lan
CN101119276A (en) * 2007-08-22 2008-02-06 杭州华三通信技术有限公司 Method and apparatus for implementing VLAN downlink user isolation
CN101917298A (en) * 2010-09-02 2010-12-15 杭州华三通信技术有限公司 VLAN-based loop monitoring method and equipment
CN103051529A (en) * 2012-12-20 2013-04-17 华为技术有限公司 Method and device for processing messages

Also Published As

Publication number Publication date
CN103051529B (en) 2016-03-30
CN103051529A (en) 2013-04-17

Similar Documents

Publication Publication Date Title
WO2014094420A1 (en) Message processing method and device
US11463279B2 (en) Method and apparatus for implementing a flexible virtual local area network
US9729578B2 (en) Method and system for implementing a network policy using a VXLAN network identifier
US9544248B2 (en) Overlay network capable of supporting storage area network (SAN) traffic
US9565033B2 (en) Multicast processing method, apparatus and system
US8670450B2 (en) Efficient software-based private VLAN solution for distributed virtual switches
US8660124B2 (en) Distributed overlay network data traffic management by a virtual server
US10686733B2 (en) System and method for virtual machine address association
US9106508B2 (en) Providing services to virtual overlay network traffic
WO2018028606A1 (en) Forwarding policy configuration
US20150271067A1 (en) Packet forwarding method and apparatus, and data center network
US20140230044A1 (en) Method and Related Apparatus for Authenticating Access of Virtual Private Cloud
US20130315242A1 (en) Network Communication Method and Device
US10129162B1 (en) Systems and methods for defining storage
WO2015149253A1 (en) Data center system and virtual network management method of data center
WO2017198163A1 (en) Access control
WO2014134919A1 (en) Method for communication control among servers in same lessee and network device
WO2014079005A1 (en) Mac address mandatory forwarding device and method
US10877822B1 (en) Zero-copy packet transmission between virtualized computing instances
WO2015149343A1 (en) In-network message processing method, in-network message forwarding equipment and in-network message processing system
WO2020019958A1 (en) Vxlan message encapsulation method, device and system, and strategy execution method, device and system
WO2018171722A1 (en) Mac address synchronization
CN108462683A (en) authentication method and device
WO2016074478A1 (en) Method and device for identifying service chain path, and service chain
WO2015188706A1 (en) Data frame processing method, device and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13866106

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13866106

Country of ref document: EP

Kind code of ref document: A1