WO2014172869A1 - Method, device and system for communication in virtual local area network - Google Patents

Method, device and system for communication in virtual local area network Download PDF

Info

Publication number
WO2014172869A1
WO2014172869A1 PCT/CN2013/074705 CN2013074705W WO2014172869A1 WO 2014172869 A1 WO2014172869 A1 WO 2014172869A1 CN 2013074705 W CN2013074705 W CN 2013074705W WO 2014172869 A1 WO2014172869 A1 WO 2014172869A1
Authority
WO
WIPO (PCT)
Prior art keywords
host
local area
area network
virtual local
tcp
Prior art date
Application number
PCT/CN2013/074705
Other languages
French (fr)
Chinese (zh)
Inventor
王俊捷
林沐晖
卢广
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2013/074705 priority Critical patent/WO2014172869A1/en
Priority to CN201380000718.4A priority patent/CN103596649B/en
Publication of WO2014172869A1 publication Critical patent/WO2014172869A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Definitions

  • the embodiments of the present invention relate to the field of computers, and in particular, to a method, device, and system for communicating in a virtual local area network (VLAN).
  • VLAN virtual local area network
  • PCIE Periphera Component Interconnect Expres s
  • the PCIE bus is no longer just a data transmission bus between the host and peripheral devices, and is further extended to two hosts. Data communication bus between.
  • TCP Transmit Control Protocol
  • IP Internet Protocol
  • the industry has proposed that the TCP/IP protocol runs on the PCIE bus (TCP/IP over PCIE, IPoPCIE) network, that is, the TCP/IP protocol runs on the PCIE network.
  • the PCIE network here refers to the network between devices that use the PCIE bus for communication connection.
  • a PCIE virtual network interface card (VNIC) is virtualized on the host.
  • the PCIE vNIC provides a link layer interface for data transmission and reception on the TCP/IP stack. For upper-layer applications, there is no difference between the PCIE vNIC and the Ethernet network device. The application-down interface is also the TCP/IP stack. You don't care if the link layer is an Ethernet or PCIE link, you can transparently use the PCIE link for communication. .
  • IPoPCIE also faces serious problems: There is no security isolation function in PCIE hardware, and there are serious problems in network security: such as network viruses, network loops, network storms caused by hacker software, causing the entire network ⁇ People in different departments access information to each other, leading to information leakage and other issues.
  • Virtual LAN is proposed to solve the broadcast problem and security of Ethernet.
  • each VLAN contains a group of hosts with the same requirements. The broadcast and unicast traffic inside a VLAN will not be forwarded to other VLANs. Broadcast in the same VLAN only has members in the VLAN Can be received, and will not be transferred to other VLANs.
  • the communication in the VLAN is implemented in the following manner, and the application needs to transmit the data packet in the virtual local area network to the TCP/IP stack, and then through the PCIE vNIC to each host in the IPoPCIE network. Broadcast transmission or unicast transmission to the destination host of the unicast data packet, the receiving end receives the data packet, and filters through the VLAN module in the operating system kernel, thereby transmitting the data packet to the destination device in the virtual local area network. In fact, the data packet still arrives at each physical host, but the data is filtered only in the VLAN module of the receiving end. The real isolation effect is not achieved, and the network storm cannot be effectively avoided. As described above, in the prior art, the internal communication of the VLAN in the IPoPCIE system cannot be solved, and the data packet isolation between the hosts is not achieved, and the network storm cannot be avoided. Summary of the invention
  • the embodiments of the present invention provide a method, a device, and a system for communicating in a virtual local area network, which enable data transmission in a virtual local area network only between hosts in the same virtual local area network in the IPoPCIE network.
  • the security of VLANs in the IPoPCIE system ensures true isolation of data packets between hosts, ensuring security and effectively avoiding network storms.
  • an embodiment of the present invention provides a method for communicating in a virtual local area network, including: acquiring a TCP/IP data packet that needs to be sent in a virtual local area network;
  • the TCP/IP packet is sent to the destination host of the TCP/IP packet by a high speed peripheral component interconnect PCIe switch.
  • the corresponding relationship between the virtual local area network and the host is from a virtual local area network management server, and is established and maintained by the virtual local area network management server.
  • the corresponding relationship between the virtual local area network identifier and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host.
  • the node number of the host included in the virtual local area network is the first aspect of the first aspect of physical integration included in the virtual local area network
  • any host in the network managed by the virtual local area network management server acquires a command to modify the virtual local area network
  • the any host sends a modification notification to the virtual local area network management server, so that the virtual local area network management server is modified according to the
  • the notification updates the correspondence between the virtual local area network and the host, and sends the updated correspondence between the virtual local area network and the host to all hosts in the network managed by the host.
  • the destination host of the TCP/1 P data packet is all other hosts in the host included in the virtual local area network except the source host;
  • the address information indicates a unicast address
  • the host included in the virtual local area network includes the host corresponding to the unicast address
  • the destination host of the TCP/IP data packet is the unicast address. Corresponding host.
  • an embodiment of the present invention provides a host, including:
  • a virtual local area network determining module configured to obtain a TCP/1 P data packet to be sent in the virtual local area network, and find a correspondence between the virtual local area network and the host according to the virtual local area network identifier carried in the TCP/IP data packet, and obtain the virtual local area network
  • a transceiver module configured to interconnect the PCIE switch to send the TCP/IP data packet to the destination host of the TCP/IP data packet through a high-speed peripheral component.
  • the corresponding relationship between the virtual local area network identifier and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host.
  • the node number of the host included in the virtual local area network is a physical combination included in the virtual local area network, the second aspect or the second
  • the first or second possible implementation of the aspect in a third possible implementation manner, further includes:
  • the correspondence management module is configured to receive a correspondence between the virtual local area network and the host from the virtual local area network management server, where the correspondence between the virtual local area network and the host is established and maintained by the virtual local area network management server.
  • the corresponding relationship management module is further configured to acquire a command for modifying a virtual local area network, and send a modification notification to the virtual local area network management server. And updating the corresponding relationship between the local virtual office i or the network and the host according to the corresponding relationship between the virtual local area network and the host that is updated according to the modification notification returned by the virtual local area network management server.
  • the destination host of the TCP/1 P data packet is all other hosts in the host included in the virtual local area network except the host;
  • an embodiment of the present invention provides a host, including a processor and a memory, where the memory stores an execution instruction, and when the host is running, the processor communicates with the memory, the processor Executing the execution instruction causes the host to perform the method of any of the above first aspects.
  • an embodiment of the present invention provides a computer readable medium, comprising computer executed instructions, the computer executed instructions for causing a host to perform the method of any one of the foregoing first aspects.
  • an embodiment of the present invention provides a high-speed peripheral component interconnection system, including: at least two hosts, a PCIE switch, and a virtual local area network management server, according to any one of the foregoing second aspect or the third aspect, wherein Each of the at least two hosts is connected to the PCIE switch, and the virtual local area network management server is connected to the PICE switch.
  • the virtual local area network management server is configured to establish and maintain a correspondence between the virtual local area network and the host.
  • the virtual local area network management server is further configured to: after receiving the modification notification sent by any one of the at least two hosts, update the corresponding relationship between the virtual local area network and the host according to the modification notification, and update the corresponding relationship The corresponding relationship between the virtual local area network and the host is sent to each of the at least two hosts.
  • the method, device, and system for communicating in a virtual local area network determine that a host in a virtual local area network that needs to send a TCP/IP data packet is in the IPoPCIE system, and only passes the PCIE switch to the VLAN.
  • the destination host sends the data packet, which realizes the data transmission only between the hosts in the same virtual local area network, thus better solved the problem.
  • FIG. 1 is a schematic diagram of a PCIE system according to Embodiment 1 of the present invention.
  • FIG. 2 is a flowchart of a method for communicating in a virtual local area network according to Embodiment 2 of the present invention
  • FIG. 3 is a flow chart of a method for modifying a correspondence between a virtual local area network and a host according to an embodiment of the present invention
  • FIG. 4 is a structural diagram of a host according to Embodiment 3 of the present invention.
  • Figure 5 is a structural diagram of a host in Embodiment 4 of the present invention.
  • FIG. 1 is a schematic diagram of a high-speed peripheral component interconnection system according to Embodiment 1 of the present invention.
  • the system includes at least two hosts 10 (Hos t ), a PCIE switch 20 (PCIE Swi tch ), and a virtual local area network management.
  • the server 30; the PCIE switch 20 is connected to all the hosts 10 to implement data forwarding between the hosts 10.
  • the virtual local area network management server 30 is connected to the PCIE switch 20 and is used to manage the correspondence between each VLAN and the host in the maintenance system.
  • An operating system is running on each host 10, and at least one virtual machine (Vir tua l Machine, VM for short) can be run in a virtualized scenario.
  • the host 10 the specific structure, the function implementation, and the like are as described in the following Embodiment 2, Embodiment 3 or Embodiment 4, and details are not described herein again.
  • the host in the embodiment of the present invention may be an ordinary computer, a mobile terminal, a workstation or a server, a dedicated server, etc.
  • the virtual local area network management server may be an ordinary host in the system, or may be a dedicated host, and the present invention does not Specifically limited.
  • Embodiment 2 of the present invention provides a method for communicating in a virtual local area network, which may be implemented in the PCIE system of Embodiment 1 shown in FIG. 1, but the implementation structure is not limited to FIG. The structure of the system shown.
  • the method includes:
  • S20 obtains TCP/IP packets that need to be sent in the virtual local area network.
  • the host obtains TCP/IP packets that the upper layer application needs to send in the virtual local area network.
  • the PC IE vN IC driver module in the host operating system acquires a TCP/IP data packet
  • the PC I e vN IC driver module is an interface that connects the host operating system TCP/IP stack and the PCIE network link layer.
  • a host that acquires a TCP/IP packet that needs to be sent in a virtual local area network may also be referred to as a source host.
  • the upper layer application needs to add the data packet sent in the VLAN to the TCP/IP protocol stack, that is, the upper layer application invokes the kernel of the host operating system.
  • the interface between the state and the user mode, the data packet sent in the VLAN is added to the TCP/1 P protocol stack, and the virtual LAN module in the operating system of the host obtains the TCP/TCP that needs to be sent in the VLAN from the TCP/IP protocol stack.
  • the virtual local area network label is added to the TCP/IP data packet, where the virtual local area network label can be a virtual local area network identifier (VLAN ID), and the VLAN ID is the ID of the virtual local area network that the TCP/IP data packet needs to be sent.
  • VLAN ID virtual local area network identifier
  • An 8-bit virtual LAN label can be added to the TCP/IP packet header.
  • the virtual LAN label is not limited to the VLAN ID, as long as it can identify the VLAN information, such as the VLAN name.
  • the VLAN module in the host's operating system passes the TCP/IP packet with the virtual LAN label (here added the virtual LAN identifier) to the PCIE vNIC driver module in the host operating system, and the PCIE vNIC driver module slave VLAN module. Receive TCP/IP packets with virtual LAN labels added.
  • the host searches for the record corresponding to the virtual local area network identifier in the corresponding relationship between the virtual local area network and the host according to the obtained virtual local area network identifier of the TCP/IP data packet, and obtains the host included in the virtual local area network corresponding to the VLAN ID, and the host belongs to the virtual local area network.
  • the PCIE vNIC driver module in the host operating system searches for the correspondence between the virtual local area network and the host according to the virtual local area network identifier carried in the TCP/IP data packet, and obtains the host included in the virtual local area network corresponding to the VLAN ID.
  • the correspondence between the VLAN ID and the node number of the host included in the corresponding virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host.
  • the correspondence between the local area network and the host is referred to as the corresponding relationship.
  • the correspondence between the virtual local area network and the host may also record the correspondence between the identifier that can represent the virtual local area network other than the VLAN ID and the identifier that can represent the host other than the node number of the host, and the present invention No restrictions.
  • this correspondence can be in the form of a table, such as a correspondence table between a virtual local area network and a host.
  • the correspondence between the virtual local area network and the host comes from the virtual local area network management server, which is established by the virtual local area network management server and is updated and maintained according to changes of the host in the virtual local area network (for example, addition/deletion of the host).
  • Each host in the network locally stores a mapping relationship between the virtual local area network and the host, and is consistent with the correspondence between the virtual local area network and the host on the virtual local area network management server.
  • the virtual local area network management server may be a dedicated host in the network, or any host in the network may be used as a virtual local area network management server to manage the entire network (the network range managed by the virtual local area network management server) in the virtual local area network and the host.
  • Corresponding relationship establishing and maintaining the correspondence between the virtual local area network and the host.
  • the correspondence relationship may be periodically sent by the virtual local area network management server to each host in the network managed by the virtual local area network management server, or may be sent to each host when needed (for example, when the corresponding relationship changes), and of course, each host may actively manage to the virtual local area network.
  • the server obtains the correspondence between the virtual local area network and the host, and the present invention does not limit this.
  • the correspondence between the virtual local area network identifier and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host.
  • the VLAN ID shown in the table is 20 In the virtual local area network, including one host, the host node number is 1; in the virtual local area network with the VLAN ID 49 shown in the table, including 5 hosts, the host node number is 1, 3, 4, 5 , 7. Virtual LAN ID host node number
  • the update maintenance of the correspondence between the virtual local area network and the host may use the method shown in the flow chart of FIG. 3:
  • the S30 host obtains the command to modify the virtual LAN.
  • the command to modify the virtual local area network is executed through the management and maintenance interface. For example, when a host needs to be added to a VLAN or deleted from a VLAN, the user will execute the command of adding a VLAN or deleting a VLAN.
  • the host obtains the command of adding a VLAN or deleting a VLAN, and obtains the VLAN I D in the command.
  • the command of modifying the virtual local area network may be obtained by the PC I e vN IC driving module in the host operating system.
  • the command to modify the VLAN may be registered in the PCIe vNIC driver module, so that when the user performs adding or deleting the VLAN, When commanded, the PCIe vNIC driver module will get the command.
  • the host here can be any host in the network managed by the virtual LAN management server.
  • the host sends a modification notification to the virtual local area network management server.
  • the host sends a modification notification to the virtual local area network management server to update the correspondence between the virtual local area network and the host, and the modification notification carries the VLAN ID and/or the node number information of the host to be modified, and most of the hosts are added or deleted in the VLAN.
  • the LAN management server assigns a VLAN ID or deletes a VLAN
  • the host's modification notification can only carry the VLAN ID and does not carry the node number of the host.
  • the virtual LAN management server deletes the record of the virtual LAN corresponding to the VLAN ID and deletes all hosts. .
  • the node number information of the host carried in the modification message may be the node number information of the host that sends the modification notification, indicating that the host that sends the message is added or deleted in the virtual local area network corresponding to the VLAN ID, or may be other than the host that sends the message.
  • the node number information of other hosts indicates that other hosts corresponding to the node number information of the host to be carried are in the virtual local area network. Add or remove.
  • the information representing the VLAN and the host carried in the modification notification is corresponding to the information representing the VLAN and the host in the correspondence between the virtual local area network and the host.
  • the VLAN ID is used to represent the VLAN
  • the node of the host is used. The number represents the host and does not limit the scope of protection of the present invention.
  • the virtual local area network management server updates the correspondence between the virtual local area network and the host according to the modification notification.
  • the virtual local area network management server receives the modification notification.
  • the modification notification is to add the host to a VLAN
  • the VLAN ID already exists, add the node number of the host to the virtual local area network corresponding to the VLAN ID in the corresponding relationship between the virtual local area network and the host.
  • the VLAN ID does not exist or the modification notification does not include the VLAN ID, add a new record for the new record or the assigned new VLAN ID of the VLAN ID in the mapping between the virtual LAN and the host. Contains the node number of this host.
  • the virtual local area network management server searches for a record corresponding to the VLAN ID in the correspondence between the virtual local area network and the host, and sets the node number of the host from the VLAN ID.
  • the corresponding LAN is included in the host removed.
  • the virtual local area network management server sends the updated correspondence between the virtual local area network and the host to all hosts in the network it manages.
  • the virtual local area network management server may first return the updated relationship between the virtual local area network and the host to the host that sends the modification notification, and then send it to other hosts in the network, or simultaneously to all hosts in the network.
  • the virtual local area network management server may also send only the corresponding relationship between the updated virtual local area network and the host to each host included in the virtual local area network in which the host operation is added/deleted.
  • Each host updates a correspondence between the locally saved virtual local area network and the host.
  • Each host receives the corresponding relationship between the updated virtual local area network and the host sent by the virtual local area network management server, and updates the corresponding relationship saved locally: the original saved correspondence relationship may be deleted, and the corresponding relationship sent by the virtual local area network management server may be copied, or according to The corresponding relationship sent by the virtual local area network management server updates the corresponding record with the change in the locally saved correspondence.
  • the method for updating the correspondence between the virtual local area network and the host is effectively ensured the accuracy and flexibility of the correspondence between the virtual local area network and the host on the virtual local area network management server, and the local correspondence of each host can also be ensured. It is consistent with the correspondence on the virtual LAN management server.
  • S203 Determine the TCP/IP data packet according to the address information in the TCP/IP data packet.
  • a destination host where the destination host is included in a host included in the virtual local area network. This step can be specifically performed by the PCIE vNIC driver module in the host operating system.
  • the destination host of the TCP/IP data packet is all other hosts except the host among all the hosts included in the virtual local area network obtained by the query correspondence.
  • the address information indicates a unicast address
  • the destination host of the TCP/IP data packet is The host corresponding to the unicast address; if the host included in the virtual local area network obtained by the query correspondence does not include the host corresponding to the unicast address, confirm that the TCP/IP data packet is an illegal data packet, and discard the The TCP/IP packet will not be sent.
  • This step is specifically performed by the PCIE vNIC driver module in the host operating system. Specifically, when the address information is a broadcast address, the PCIE vNIC driver module sends the TCP/IP data packet to all other hosts except the local machine through the PCIE switch; when the address information is a unicast address, If the destination host corresponding to the unicast address is one of the hosts included in the virtual local area network obtained by querying the correspondence, the TCP/IP data packet is sent to the destination host through the PCIE switch.
  • the other hosts in the virtual local area network receive the TCP/IP data packet, and the same data packet of the virtual local area network label (here, the virtual local area network identifier) is added to the TCP/IP stack through the network device interface, thereby transmitting the data packet to the corresponding upper layer application.
  • the data packet can be sent to the VL AN module in the host operating system through the network device interface for parsing, and then transmitted to the TCP/IP stack, and finally the data packet is delivered to the corresponding upper application. That is, the method described in the embodiment of the present invention can be applied to security isolation between physical machines, and each physical host is in the same PCIE network, and the users are divided into different VLANs according to service requirements. Only hosts in the same VLAN can communicate with each other.
  • the method in the embodiment of the present invention is also applicable to a security isolation service scenario between a virtual machine and a virtual machine and a physical machine.
  • the user divides the virtual machine and the physical machine into different VLANs, and the communication in the VLAN is only in the The physical machine and virtual machine in the VLAN are not sent to the virtual machine or physical machine outside the VLAN.
  • the correspondence between the virtual local area network and the host is also the correspondence between the virtual local area network and the physical host.
  • the physical host here is the physical host where the virtual machine is located, that is, the virtual record recorded in the correspondence between the virtual local area network and the host. Correspondence between the local area network identifier and the node number of the host included in the virtual local area network.
  • the node number of the host here may be the node number of the physical host included in the virtual local area network or the node of the physical host where the virtual machine included in the virtual local area network is located. number.
  • PCIE networks whether ID routing or address routing, are point-to-point communication transmission data.
  • IPoPCIE broadcast/multicast is actually point-to-point data transmission for all hosts in turn.
  • the data packet is sent only to the host belonging to the VLAN through the PCIE switch, so that only the hosts in the same virtual local area network are allowed to be performed.
  • the point-to-point data transmission in the virtual local area network can better solve the security problem of the VLAN of the IPoPCIE system, so as to effectively isolate the data packets between the hosts, ensure security, and avoid network storms.
  • the structure of a host 200 provided in Embodiment 3 of the present invention is as shown in FIG. 4, and includes:
  • the virtual local area network determining module 201 is configured to obtain a TCP/IP data packet that needs to be sent in the virtual local area network, and find a correspondence between the virtual local area network and the host according to the virtual local area network identifier carried in the TCP/IP data packet, and obtain the corresponding relationship between the virtual local area network and the host.
  • the host determines the destination host of the TCP/IP data packet according to the address information in the TCP/IP data packet, where the destination host is included in the host included in the virtual local area network;
  • the transceiver module 202 is configured to send to the destination host of the TCP/IP data packet through the PCIE switch.
  • the TCP/IP packet is configured to send to the destination host of the TCP/IP data packet through the PCIE switch.
  • the TCP/IP packet is configured to send to the destination host of the TCP/IP data packet through the PCIE switch.
  • the virtual local area network determining module 201 is configured to obtain a TCP/IP data packet that needs to be sent in the virtual local area network, and search for the virtual local area network according to the virtual local area network identifier carried by the TCP/IP data packet in the corresponding relationship between the virtual local area network and the host. Identifying the record in the table, obtaining a host included in the virtual local area network corresponding to the VLAN ID, and determining a destination host of the TCP/IP data packet according to the address information in the TCP/IP data packet, where the destination host is included The host included in the virtual LAN.
  • the correspondence between the virtual local area network and the host records the correspondence between the VL AN I D and the node number of the host included in the corresponding virtual local area network.
  • the transceiver module 202 is configured to send the TCP/IP data packet including the virtual local area network identifier to the destination host of the TCP/IP data packet through the PCIE switch.
  • the transceiver module is configured to send the TCP/IP data packet to the destination host of the TCP/IP data packet determined by the virtual local area network determining module 201 through the PCIE switch: when the address information is a broadcast address, pass the PCIE
  • the TCP/IP data is sent to the destination host through the PCIE switch. package.
  • the other hosts in the virtual local area network receive the TCP/IP data packet, and then pass the data packet to the VLAN module in the host operating system through the network device interface for parsing and input to the TCP/IP stack, thereby transmitting the data packet to the corresponding upper application. .
  • the host 200 in the embodiment of the present invention transmits a data packet to a host in the VLAN only through a PCIE switch by determining a host in a virtual local area network that needs to send a TCP/IP data packet, thereby implementing a host that is only allowed in the same virtual local area network.
  • the data transmission in the virtual local area network is performed, so that the data packets in the VLAN of the IPoPCIE system are effectively isolated between the hosts, and the network storm is avoided.
  • the corresponding relationship between the virtual local area network identifier of the virtual local area network and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host, and the specific content of the correspondence between the virtual local area network and the host is similar to the previous embodiment. I will not repeat them here.
  • the destination host of the TCP/IP data packet determined by the virtual local area network determining module 201 is the host included in the acquired virtual local area network. All other hosts except the host; when the address information of the TCP/IP packet indicates a unicast address, if the host included in the virtual local area network acquired by the virtual local area network determining module 201 includes the unicast address The host, the destination host of the TCP/IP data packet determined by the virtual local area network determining module 201 is the host corresponding to the unicast address.
  • the host 200 further includes: a correspondence management module 203, configured to receive a correspondence between the virtual local area network and the host from the virtual local area network management server, where the correspondence between the virtual local area network and the host is determined by the virtual local area network Management server setup and maintenance.
  • the correspondence between the virtual local area network and the host is established by the virtual local area network management server, and is updated and maintained according to the change (addition/delete) of the host in the virtual local area network.
  • the correspondence management module 203 is configured to receive a correspondence between the virtual local area network and the host that is received from the virtual local area network management server, and save the information locally. Further, the mapping between the locally saved virtual local area network and the host is consistent with the corresponding relationship on the virtual local area network management server.
  • the correspondence management module 203 is further configured to acquire a command for modifying the virtual local area network, send a modification notification to the virtual local area network management server, and according to the corresponding relationship between the virtual local area network and the host that is updated according to the tamper notification returned by the virtual local area network management server.
  • the local correspondence is updated.
  • the command to modify the virtual local area network is executed.
  • the host needs to be added to a VLAN or deleted from a VLAN
  • the user performs a command of adding a VLAN or deleting a VLAN.
  • the correspondence management module 203 obtains a command for the user to add a VLAN or delete a VLAN.
  • the command to modify the VLAN may be set in the corresponding relationship management module 203.
  • the correspondence management module 203 responds in time to obtain the command.
  • the corresponding relationship management module 203 sends a modification notice for updating the correspondence between the virtual local area network and the host to the virtual local area network management server, where the modification notification carries the VLAN ID to be modified and/or the node number information of the host, and most of them are added in the VLAN or If you delete a host, you need to carry the VLAN ID and the node number of the host. However, you can carry only one parameter for some applications. For example, when you create a new VLAN, the modification notification of the host can only carry the node number of the host.
  • the modification notice of the host can carry only the VLAN ID and does not carry the node number of the host.
  • the virtual LAN management server deletes the virtual LAN corresponding to the VLAN ID. Record, delete all hosts.
  • the node number information of the host carried in the modification message may be the node number information of the host that sends the modification notification, indicating that The host that sends the message is added or deleted in the virtual local area network corresponding to the VLAN ID, and may also be the node number information of the host other than the host that sends the message, indicating that the other host corresponding to the node number information of the carried host is in the virtual local area network. Add or remove.
  • the information representing the VL AN and the host carried in the modification notification is corresponding to the information representing the VLAN and the host in the correspondence between the virtual local area network and the host.
  • the VLAN ID is used to represent the VLAN
  • the host The node number represents the host and does not limit the scope of protection of the present invention.
  • the corresponding relationship management module 203 receives the correspondence between the virtual local area network and the host sent by the virtual local area network management server, and updates the corresponding relationship saved locally: the original saved correspondence relationship may be deleted, and the corresponding relationship sent by the virtual local area network management server may be copied, or According to the correspondence sent by the virtual local area network management server, the corresponding record with the change in the locally saved correspondence relationship is updated.
  • the correspondence between the virtual local area network and the host By updating the correspondence between the virtual local area network and the host, the accuracy of the correspondence between the virtual local area network and the host on the virtual local area network management server is effectively ensured, and the corresponding relationship between the hosts and the host can be maintained with the corresponding relationship on the virtual local area network management server. Consistent.
  • the virtual local area network in the embodiment of the present invention may include a physical host or a virtual machine.
  • the correspondence between the virtual local area network and the host is also the correspondence between the virtual local area network and the physical host.
  • the physical host here is the physical host where the virtual machine is located, that is, the virtual record recorded in the correspondence between the virtual local area network and the host.
  • the node number of the host here may be the node number of the physical host included in the virtual local area network or the node of the physical host where the virtual machine included in the virtual local area network is located. number.
  • the host 200 further includes: a virtual local area network module 204, configured to obtain, from the TCP/1P protocol stack, a TCP/IP data packet that needs to be sent in a VLAN, add a virtual local area network identifier, and send the Virtual local area network determination module 201.
  • the virtual local area network module 204 is specifically configured to obtain a TCP/IP data packet that needs to be sent in the virtual local area network of the upper layer application, and add the upper layer application running on the host 200 to the TCP/IP data packet, and the data packet needs to be in the virtual local area network.
  • the upper layer The application adds the data packet that needs to be sent in the VLAN to the TCP/IP protocol stack.
  • the virtual local area network module 204 obtains the TCP/IP data packet to be sent from the TCP/IP protocol stack, and adds the VLAN ID to the TCP/IP data packet.
  • the incoming virtual local area network determining module 201 receives the TCP/IP data packet to which the virtual local area network tag is added from the virtual local area network module 204.
  • the corresponding relationship management module 203 and the virtual local area network module 204 may exist at the same time, or the host 200 may include only the corresponding relationship management module 203 without the virtual local area network module 204, or Only the virtual local area network module 204 is included, and there is no correspondence management module 203.
  • PCIE networks whether ID routing or address routing, are point-to-point communication transmission data.
  • IPoPCIE broadcast/multicast is actually point-to-point data transmission for all hosts in turn.
  • the host provided in the embodiment of the present invention can only send the data packet to the host belonging to the VLAN through the PCIE switch by determining the destination host in the virtual local area network that needs to send the TCP/IP data packet, so that only the same virtual local area network can be allowed in the same virtual local area network.
  • the data transmission between the hosts in the virtual local area network can better solve the security problem of the VLAN of the IPoPC IE system, so as to effectively isolate the data packets between the hosts and avoid network storms.
  • each host may receive a large number of unnecessary broadcast packets and seriously affect the performance of the host.
  • the host 300 includes at least one processor 301, a memory 305, at least one network interface card 304, and at least one communication bus 302.
  • the host 300 optionally includes a user interface 303, including a display, a keyboard or a pointing device.
  • the memory 305 stores execution instructions.
  • the processor 301 communicates with the memory 305, and the processor 301 executes the execution instructions to cause the host 300 to execute the method described in Embodiment 1 of the present invention.
  • Embodiment 2 is similar and will not be described again here.
  • the operating system 306 includes various programs for implementing various basic services and processing hardware-based tasks.
  • the host 300 also includes a display interface card.
  • the embodiment of the present invention further provides a computer readable medium, which includes a computer-executed instruction, and the computer-executable instruction enables the host 300 to perform the method described in Embodiment 2 of the present invention, and the implementation principle and technical effect thereof are the same as the previous embodiment 2. Similar, it will not be described here.
  • the host determines the destination host included in the virtual local area network that needs to send the TCP/IP data packet by executing the instruction, and only uses the PCIE switch to belong to the VLAN.
  • the host sends data packets, which allows data transmission in the virtual local area network only between hosts in the same virtual local area network, thereby better solving the security problem of the VLAN of the IPoPCIE system, so that the data packets are effectively valid between the hosts. Isolation, avoiding network storms.
  • each host may receive a large number of unnecessary broadcast packets and seriously affect the performance of the host.
  • a virtual local area network management server 30 is configured to establish and maintain a correspondence between a virtual local area network and a host. And further, after receiving the modification notification sent by any one of the at least two hosts 10, updating the correspondence between the virtual local area network and the host according to the received modification notification, and updating the updated virtual local area network and the host The correspondence is sent to all hosts 10 in the system.
  • the data packet is sent only to the destination host belonging to the VLAN through the PCIE switch, so that only the same one is allowed.
  • the data transmission in the virtual local area network between the hosts in the virtual local area network can better solve the security problem of the VLAN of the IPoPCIE system, so as to effectively isolate the data packets between the hosts and avoid network storms.
  • Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another.
  • a storage medium may be any available media that can be accessed by a computer.
  • the computer readable medium can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage media or other magnetic storage device, or can be used to carry or store an instruction or data structure.
  • any connection may suitably be a computer readable medium.
  • the software is transmitted from a website, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave
  • coaxial cable , Fiber optic cables, twisted pair, DSL, or wireless technologies such as infrared, wireless, and microwaves are included in the fixing of the associated media.
  • a disk and a disc include a compact disc (CD), a laser disc, a disc, a digital versatile disc (DVD), a floppy disc, and a Blu-ray disc, wherein the disc is usually magnetically copied, and the disc is The laser is used to optically replicate the data. Combinations of the above should also be included within the scope of the computer readable media.

Abstract

An embodiment of the present invention discloses a method for communication in a virtual local area network. The method is characterized by comprising: obtaining a TCP/IP packet needing be sent in a virtual local area network; searching for a correspondence between the virtual local area network and a host according to a virtual local area network identification carried in the TCP/IP packet, and obtaining hosts comprised in the virtual local area network; determining a destination host of the TCP/IP packet according to address information in the TCP/IP packet, the destination host being comprised in the hosts comprised in the virtual local area network; and sending the TCP/IP packet to the destination host of the TCP/IP packet through a peripheral component interconnect express (PCIE) switch. In this way, it is achieved that point-to-point data transmission in a virtual local area network is only allowed between hosts in the virtual local area network, thereby solving the problem of the VLAN security of an IPoPCIE system. Embodiments of the present invention also disclose a host, a system and a storage medium for communication in a virtual local area network.

Description

一种在虚拟局域网中通信的方法、 设备和系统  Method, device and system for communicating in virtual local area network
技术领域 Technical field
本发明实施例涉及计算机领域, 尤其涉及在虚拟局域网 (Virtua l Loca l Area Network, 简称 VLAN ) 中通信的方法、 设备和系统。 背景技术  The embodiments of the present invention relate to the field of computers, and in particular, to a method, device, and system for communicating in a virtual local area network (VLAN). Background technique
随着高速夕卜围组件互连 ( Per iphera l Component Interconnect Expres s , 简称 PCIE )总线技术的发展, PCIE总线不再仅仅是主机和外围设备之间的数据 传输总线, 进一步拓展为两台主机之间的数据通信总线。 目前主机间主流的通 信方式是依赖传输控制协议 ( Transmi s s ion Control Protocol , 简称 TCP ) / 互联网络协议 ( Internet Protocol , 简称 IP ) 堆栈。 为了更好的兼容现有的 TCP/IP程序, 业界提出了 TCP/IP协议运行在 PCIE总线(TCP/IP over PCIE, 简称 IPoPCIE )网络这个 4既念,即 TCP/IP协议运行在 PCIE网络上,这里的 PCIE 网络是指设备之间釆用 PCIE 总线进行通信连接的网络。 在主机上虚拟出一个 PCIE虚拟网络接口卡 ( Virtua l Network Interface Card, 简称 vNIC ) , PCIE vNIC对 TCP/IP堆栈提供数据收发的链路层接口。对于上层应用程序, PCIE vNIC 和以太网的网络设备没有差别, 应用程序向下的接口还是 TCP/IP堆栈, 不用关 心链路层是以太网或 PCIE链路, 可以透明的使用 PCIE链路进行通信。  With the development of the Periphera Component Interconnect Expres s (PCIE) bus technology, the PCIE bus is no longer just a data transmission bus between the host and peripheral devices, and is further extended to two hosts. Data communication bus between. At present, the mainstream communication method between hosts is to rely on the Transmit Control Protocol (TCP) / Internet Protocol (IP) stack. In order to better compatible with existing TCP/IP programs, the industry has proposed that the TCP/IP protocol runs on the PCIE bus (TCP/IP over PCIE, IPoPCIE) network, that is, the TCP/IP protocol runs on the PCIE network. The PCIE network here refers to the network between devices that use the PCIE bus for communication connection. A PCIE virtual network interface card (VNIC) is virtualized on the host. The PCIE vNIC provides a link layer interface for data transmission and reception on the TCP/IP stack. For upper-layer applications, there is no difference between the PCIE vNIC and the Ethernet network device. The application-down interface is also the TCP/IP stack. You don't care if the link layer is an Ethernet or PCIE link, you can transparently use the PCIE link for communication. .
但 IPoPCIE在提高性能的同时, 也面临着严重的问题: PCIE硬件中并没有 安全隔离功能, 网络安全存在严重的问题: 如由于网络病毒, 网络环路, 黑客 软件引发的网络风暴导致整个网络瘫痪; 不同部门的人相互访问信息, 导致信 息机密泄露等问题。 虚拟局域网是为解决以太网的广播问题和安全性而提出的, 播域, 每一个 VLAN都包含一组有着相同需求的主机, 一个 VLAN内部的广播和 单播流量都不会转发到其他 VLAN中, 同一个 VLAN中的广播只有 VLAN中的成员 才能收到, 而不会传输到其他的 VLAN中去。 在 IPoPCIE网络中, 现有技术中釆 用如下的方式实现 VLAN中的通信, 将应用程序需要在虚拟局域网内传输的数据 包, 进行 TCP/IP堆栈后, 通过 PCIE vNIC向 IPoPCIE网络内的各主机进行广播 发送或者向单播数据包的目的主机进行单播发送, 接收端接收到数据包, 通过 操作系统内核中的 VLAN模块进行过滤, 从而将数据包发送到虚拟局域网内的目 的设备中。 实际上数据包还是到达了各物理主机, 只是在接收端的 VLAN模块中 才将数据进行过滤, 没有达到真正的隔离效果, 也不能有效避免网络风暴。 如上所述,现有技术中还不能艮好解决 IPoPCIE系统中的 VLAN的内部通信, 没有做到主机间的数据包隔离, 也不能避免网络风暴。 发明内容 However, while improving performance, IPoPCIE also faces serious problems: There is no security isolation function in PCIE hardware, and there are serious problems in network security: such as network viruses, network loops, network storms caused by hacker software, causing the entire network瘫痪People in different departments access information to each other, leading to information leakage and other issues. Virtual LAN is proposed to solve the broadcast problem and security of Ethernet. In the broadcast domain, each VLAN contains a group of hosts with the same requirements. The broadcast and unicast traffic inside a VLAN will not be forwarded to other VLANs. Broadcast in the same VLAN only has members in the VLAN Can be received, and will not be transferred to other VLANs. In the IPoPCIE network, in the prior art, the communication in the VLAN is implemented in the following manner, and the application needs to transmit the data packet in the virtual local area network to the TCP/IP stack, and then through the PCIE vNIC to each host in the IPoPCIE network. Broadcast transmission or unicast transmission to the destination host of the unicast data packet, the receiving end receives the data packet, and filters through the VLAN module in the operating system kernel, thereby transmitting the data packet to the destination device in the virtual local area network. In fact, the data packet still arrives at each physical host, but the data is filtered only in the VLAN module of the receiving end. The real isolation effect is not achieved, and the network storm cannot be effectively avoided. As described above, in the prior art, the internal communication of the VLAN in the IPoPCIE system cannot be solved, and the data packet isolation between the hosts is not achieved, and the network storm cannot be avoided. Summary of the invention
有鉴于此, 本发明实施例提供了一种在虚拟局域网中通信的方法、 设备和 系统, 实现了只允许在 IPoPCIE 网络中的同一个虚拟局域网中的主机间进行虚 拟局域网中的数据传输, 解决 IPoPCIE系统中 VLAN的安全性问题, 做到主机间 的数据包真正隔离, 保障安全性, 并有效避免网络风暴。  In view of this, the embodiments of the present invention provide a method, a device, and a system for communicating in a virtual local area network, which enable data transmission in a virtual local area network only between hosts in the same virtual local area network in the IPoPCIE network. The security of VLANs in the IPoPCIE system ensures true isolation of data packets between hosts, ensuring security and effectively avoiding network storms.
第一方面, 本发明实施例提供了一种在虚拟局域网中通信的方法, 包括: 获取需要在虚拟局域网中发送的 TCP/IP数据包;  In a first aspect, an embodiment of the present invention provides a method for communicating in a virtual local area network, including: acquiring a TCP/IP data packet that needs to be sent in a virtual local area network;
根据所述 TCP/IP 数据包携带的虚拟局域网标识查找虚拟局域网与主机的 对应关系, 获取所述虚拟局域网中包含的主机;  And searching for a correspondence between the virtual local area network and the host according to the virtual local area network identifier carried in the TCP/IP data packet, and acquiring a host included in the virtual local area network;
根据所述 TCP/ IP数据包中的地址信息, 确定所述 TCP/ IP数据包的目的 主机, 其中, 所述目的主机包含在所述虚拟局域网中包含的主机中;  Determining, by the address information in the TCP/IP data packet, a destination host of the TCP/IP data packet, where the destination host is included in a host included in the virtual local area network;
通过高速外围组件互连 PCIE交换机向所述 TCP/ IP数据包的目的主机发 送所述 TCP/ IP数据包。  The TCP/IP packet is sent to the destination host of the TCP/IP packet by a high speed peripheral component interconnect PCIe switch.
在第一方面的第一种可能的实现方式中:  In a first possible implementation of the first aspect:
所述虚拟局域网与主机的对应关系来自于虚拟局域网管理服务器, 并由 所述虚拟局域网管理服务器建立和维护。 结合第一方面或第一方面的第一种可能的实现方式, 在第二种可能的实 现方式中: The corresponding relationship between the virtual local area network and the host is from a virtual local area network management server, and is established and maintained by the virtual local area network management server. In combination with the first aspect or the first possible implementation of the first aspect, in a second possible implementation:
所述虚拟局域网与主机的对应关系中记录着所述虚拟局域网标识与所述 虚拟局域网中包含的主机的节点号的对应关系。  The corresponding relationship between the virtual local area network identifier and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host.
结合第一方面的第二种可能的实现方式,在第三种可能的实现方式中: 所述虚拟局域网中包含的主机的节点号为所述虚拟局域网中包含的物理 结合第一方面的第一至第三种可能的实现方式, 在第四种可能的实现方 式中:  With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner, the node number of the host included in the virtual local area network is the first aspect of the first aspect of physical integration included in the virtual local area network To the third possible implementation, in the fourth possible implementation:
当所述虚拟局域网管理服务器管理的网络中的任一主机获取修改虚拟局 域网的命令时, 所述任一主机发送修改通知给所述虚拟局域网管理服务器, 以便所述虚拟局域网管理服务器根据所述修改通知更新所述虚拟局域网与主 机的对应关系并将更新后的所述虚拟局域网与主机的对应关系发送给其管理 的网络中的所有主机。  When any host in the network managed by the virtual local area network management server acquires a command to modify the virtual local area network, the any host sends a modification notification to the virtual local area network management server, so that the virtual local area network management server is modified according to the The notification updates the correspondence between the virtual local area network and the host, and sends the updated correspondence between the virtual local area network and the host to all hosts in the network managed by the host.
结合第一方面或第一方面的第一至第四种可能的实现方式, 在第五种可 能的实现方式中:  In combination with the first aspect or the first to fourth possible implementations of the first aspect, in a fifth possible implementation:
如果 TCP/ IP数据包由源主机获取, 则:  If the TCP/IP packet is obtained by the source host, then:
当所述地址信息表示广播地址时,所述 TCP/ 1 P数据包的目的主机为获取 的所述虚拟局域网中包含的主机中除所述源主机以外的所有其他主机;  When the address information indicates a broadcast address, the destination host of the TCP/1 P data packet is all other hosts in the host included in the virtual local area network except the source host;
当所述地址信息表示单播地址时, 如果获取的所述虚拟局域网中包含的 主机中包括所述单播地址对应的主机,则所述 TCP/ IP数据包的目的主机为所 述单播地址对应的主机。  When the address information indicates a unicast address, if the host included in the virtual local area network includes the host corresponding to the unicast address, the destination host of the TCP/IP data packet is the unicast address. Corresponding host.
第二方面, 本发明实施例提供了一种主机, 包括:  In a second aspect, an embodiment of the present invention provides a host, including:
虚拟局域网确定模块 ,用于获取需要在虚拟局域网中发送的 TCP/ 1 P数据 包,根据所述 TCP/ IP数据包携带的虚拟局域网标识查找虚拟局域网与主机的 对应关系, 获取所述虚拟局域网中包含的主机,根据所述 TCP/ IP数据包中的 地址信息, 确定所述 TCP/ IP数据包的目的主机, 其中, 所述目的主机包含在 所述虚拟局域网中包含的主机中; a virtual local area network determining module, configured to obtain a TCP/1 P data packet to be sent in the virtual local area network, and find a correspondence between the virtual local area network and the host according to the virtual local area network identifier carried in the TCP/IP data packet, and obtain the virtual local area network The host included, according to the TCP/IP packet Address information, determining a destination host of the TCP/IP data packet, where the destination host is included in a host included in the virtual local area network;
收发模块, 用于通过高速外围组件互连 PCIE交换机向所述 TCP/ IP数据 包的目的主机发送所述 TCP/ IP数据包。  And a transceiver module, configured to interconnect the PCIE switch to send the TCP/IP data packet to the destination host of the TCP/IP data packet through a high-speed peripheral component.
在第二方面的第一种可能的实现方式中:  In a first possible implementation of the second aspect:
所述虚拟局域网与主机的对应关系中记录着所述虚拟局域网标识与所述 虚拟局域网中包含的主机的节点号的对应关系。  The corresponding relationship between the virtual local area network identifier and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host.
结合第二方面的第一种可能的实现方式,在第二种可能的实现方式中: 所述虚拟局域网中包含的主机的节点号为所述虚拟局域网中包含的物理 结合第二方面或第二方面的第一种或第二种可能的实现方式,在第三种 可能的实现方式中, 还包括:  With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner, the node number of the host included in the virtual local area network is a physical combination included in the virtual local area network, the second aspect or the second The first or second possible implementation of the aspect, in a third possible implementation manner, further includes:
对应关系管理模块, 用于接收来自于虚拟局域网管理服务器的所述虚拟 局域网与主机的对应关系, 所述虚拟局域网与主机的对应关系由所述虚拟局 域网管理服务器建立和维护。  The correspondence management module is configured to receive a correspondence between the virtual local area network and the host from the virtual local area network management server, where the correspondence between the virtual local area network and the host is established and maintained by the virtual local area network management server.
结合第二方面的第三种可能的实现方式,在第四种可能的实现方式中: 所述对应关系管理模块, 还用于获取修改虚拟局域网的命令, 发送修改 通知给所述虚拟局域网管理服务器,并根据所述虚拟局域网管理服务器返回的 根据所述修改通知更新的所述虚拟局域网与主机的对应关系更新本地的所述虚 拟局 i或网与主机的对应关系。  With reference to the third possible implementation manner of the second aspect, in a fourth possible implementation manner, the corresponding relationship management module is further configured to acquire a command for modifying a virtual local area network, and send a modification notification to the virtual local area network management server. And updating the corresponding relationship between the local virtual office i or the network and the host according to the corresponding relationship between the virtual local area network and the host that is updated according to the modification notification returned by the virtual local area network management server.
结合第二方面或第二方面的第一至第四种可能的实现方式,在第五种可 能的实现方式中:  In conjunction with the second aspect or the first to fourth possible implementations of the second aspect, in a fifth possible implementation:
当所述地址信息表示广播地址时,所述 TCP/ 1 P数据包的目的主机为获取 的所述虚拟局域网中包含的主机中除所述主机以外的所有其他主机;  When the address information indicates a broadcast address, the destination host of the TCP/1 P data packet is all other hosts in the host included in the virtual local area network except the host;
当所述地址信息表示单播地址时, 如果获取的所述虚拟局域网中包含的 主机中包括所述单播地址对应的主机,则所述 TCP/ IP数据包的目的主机为所 述单播地址对应的主机。 第三方面, 本发明实施例提供了一种主机, 包括处理器和存储器, 所述 存储器存储执行指令, 当所述主机运行时, 所述处理器与所述存储器之间通 信, 所述处理器执行所述执行指令使得所述主机执行上述第一方面中任一所 述的方法。 When the address information indicates a unicast address, if the host included in the virtual local area network includes the host corresponding to the unicast address, the destination host of the TCP/IP data packet is The host corresponding to the unicast address. In a third aspect, an embodiment of the present invention provides a host, including a processor and a memory, where the memory stores an execution instruction, and when the host is running, the processor communicates with the memory, the processor Executing the execution instruction causes the host to perform the method of any of the above first aspects.
第四方面, 本发明实施例提供了一种计算机可读介质, 包含计算机执行 指令,所述计算机执行指令用于使主机执行上述第一方面中任一所述的方法。  In a fourth aspect, an embodiment of the present invention provides a computer readable medium, comprising computer executed instructions, the computer executed instructions for causing a host to perform the method of any one of the foregoing first aspects.
第五方面, 本发明实施例提供了一种高速外围组件互连系统, 包括: 至 少两个如上述第二方面或第三方面中任一所述的主机, PCIE交换机和虚拟局 域网管理服务器, 其中, 所述至少两个主机中的每个主机与所述 PCIE交换机 相连, 所述虚拟局域网管理服务器与所述 PICE交换机相连。  According to a fifth aspect, an embodiment of the present invention provides a high-speed peripheral component interconnection system, including: at least two hosts, a PCIE switch, and a virtual local area network management server, according to any one of the foregoing second aspect or the third aspect, wherein Each of the at least two hosts is connected to the PCIE switch, and the virtual local area network management server is connected to the PICE switch.
所述虚拟局域网管理服务器, 用于对虚拟局域网与主机的对应关系进行 建立和维护。  The virtual local area network management server is configured to establish and maintain a correspondence between the virtual local area network and the host.
在第五方面的第一种可能的实现方式中,  In a first possible implementation of the fifth aspect,
所述虚拟局域网管理服务器, 还用于接收到所述至少两个主机中的任一 主机发送的修改通知后, 根据所述修改通知更新所述虚拟局域网与主机的对 应关系, 并将更新后的所述虚拟局域网与主机的对应关系发送给所述至少两 个主机中的每个主机。  The virtual local area network management server is further configured to: after receiving the modification notification sent by any one of the at least two hosts, update the corresponding relationship between the virtual local area network and the host according to the modification notification, and update the corresponding relationship The corresponding relationship between the virtual local area network and the host is sent to each of the at least two hosts.
通过上述方案, 本发明实施例提供的在虚拟局域网中通信的方法、 设备 和系统,通过在 IPoPCIE系统中确定需要发送 TCP/ IP数据包的虚拟局域网中 的主机, 仅通过 PCIE交换机向该 VLAN中的目的主机发送数据包, 实现了只 允许在同一个虚拟局域网中的主机间进行数据传输,从而较好地解决了  Through the foregoing solution, the method, device, and system for communicating in a virtual local area network according to an embodiment of the present invention determine that a host in a virtual local area network that needs to send a TCP/IP data packet is in the IPoPCIE system, and only passes the PCIE switch to the VLAN. The destination host sends the data packet, which realizes the data transmission only between the hosts in the same virtual local area network, thus better solved the problem.
IPoPCIE系统的 VLAN的安全性问题, 做到数据包在物理主机间的有效隔离, 避免网络风暴。 附图说明 为了更清楚地说明本发明实施例的技术方案, 下面将对实施例描述中所 需要使用的附图作简单地介绍, 显而易见地, 下面描述中的附图仅仅是本发 明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动的前 提下, 还可以根据这些附图获得其他的附图。 The security of the VLAN of the IPoPCIE system ensures effective isolation of data packets between physical hosts and avoids network storms. BRIEF DESCRIPTION OF THE DRAWINGS In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some implementations of the present invention. For example, for those skilled in the art, before the creative work is done Further drawings can also be obtained from these figures.
图 1为本发明实施例 1的 PCIE系统示意图;  1 is a schematic diagram of a PCIE system according to Embodiment 1 of the present invention;
图 2为本发明实施例 2的在虚拟局域网中通信的方法流程图;  2 is a flowchart of a method for communicating in a virtual local area network according to Embodiment 2 of the present invention;
图 3为本发明实施例中修改虚拟局域网与主机的对应关系的方法流程 图;  3 is a flow chart of a method for modifying a correspondence between a virtual local area network and a host according to an embodiment of the present invention;
图 4为本发明实施例 3的主机的结构图;  4 is a structural diagram of a host according to Embodiment 3 of the present invention;
图 5为本发明实施例 4的主机的结构图。  Figure 5 is a structural diagram of a host in Embodiment 4 of the present invention.
具体实施方式 下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进行 清楚、 完整地描述, 显然, 所描述的实施例是本发明一部分实施例, 而不是 全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有作出创 造性劳动前提下所获得的所有其他实施例, 都属于本发明保护的范围。 The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are a part of the embodiments of the present invention, but not all embodiments. . All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without making creative labor are within the scope of the present invention.
图 1为本发明实施例 1的高速外围组件互连系统图, 如图 1所示, 包括至 少 2台主机 10 ( Hos t ) 、 一台 PCIE交换机 20 ( PCIE Swi tch ) 以及一台虚拟局 域网管理服务器 30; PCIE交换机 20与所有主机 10相连, 实现主机 10之间的 数据转发。 虚拟局域网管理服务器 30与 PCIE交换机 20相连, 用于管理维护系 统中各个 VLAN与主机间的对应关系。  1 is a schematic diagram of a high-speed peripheral component interconnection system according to Embodiment 1 of the present invention. As shown in FIG. 1, the system includes at least two hosts 10 (Hos t ), a PCIE switch 20 (PCIE Swi tch ), and a virtual local area network management. The server 30; the PCIE switch 20 is connected to all the hosts 10 to implement data forwarding between the hosts 10. The virtual local area network management server 30 is connected to the PCIE switch 20 and is used to manage the correspondence between each VLAN and the host in the maintenance system.
各主机 10上运行有操作系统( Opera t ing Sys tem, 简称 OS ) , 在虚拟化的 场景下可以运行至少一个虚拟机(Vir tua l Machine, 简称 VM ) 。 主机 10 , 具 体的结构、 功能实现等如下面实施例 2、 实施例 3或实施例 4中的描述, 本 处不再赘述。 本发明实施例中的主机具体可以为普通的计算机、 移动终端、 工 作站或服务器、 专用服务器等, 虚拟局域网管理服务器可以是系统中的一台普 通主机, 也可以是一台专用主机, 本发明不作具体限定。  An operating system (Operating System) is running on each host 10, and at least one virtual machine (Vir tua l Machine, VM for short) can be run in a virtualized scenario. The host 10, the specific structure, the function implementation, and the like are as described in the following Embodiment 2, Embodiment 3 or Embodiment 4, and details are not described herein again. The host in the embodiment of the present invention may be an ordinary computer, a mobile terminal, a workstation or a server, a dedicated server, etc. The virtual local area network management server may be an ordinary host in the system, or may be a dedicated host, and the present invention does not Specifically limited.
如图 2所示, 本发明实施例 2提供了一种在虚拟局域网中通信的方法, 该方法可以在图 1所示的实施例 1的 PCIE系统中实现,但其实现结构不限于 图 1所示的系统的结构。 所述方法包括:  As shown in FIG. 2, Embodiment 2 of the present invention provides a method for communicating in a virtual local area network, which may be implemented in the PCIE system of Embodiment 1 shown in FIG. 1, but the implementation structure is not limited to FIG. The structure of the system shown. The method includes:
S20 获取需要在虚拟局域网中发送的 TCP/ IP数据包。  S20 obtains TCP/IP packets that need to be sent in the virtual local area network.
主机获取上层应用需要在虚拟局域网中进行发送的 TCP/IP数据包。 本步骤 具体是指主机操作系统中的 PC I E vN I C驱动模块获取 TCP/ IP数据包, PC I e vN I C 驱动模块是连接主机操作系统 TCP/ IP堆栈和 PCIE网络链路层的接口。 具体 的, 为了描述方便,获取该需要在虚拟局域网中发送的 TCP/ IP数据包的主机 也可以称为源主机。 The host obtains TCP/IP packets that the upper layer application needs to send in the virtual local area network. This step Specifically, the PC IE vN IC driver module in the host operating system acquires a TCP/IP data packet, and the PC I e vN IC driver module is an interface that connects the host operating system TCP/IP stack and the PCIE network link layer. Specifically, for convenience of description, a host that acquires a TCP/IP packet that needs to be sent in a virtual local area network may also be referred to as a source host.
具体的, 若主机上运行的上层应用有数据包需要在虚拟局域网中进行发 送, 上层应用将需要在 VLAN中发送的数据包添加到 TCP/ IP协议栈, 即, 上 层应用调用主机操作系统的内核态和用户态接口,将需要在 VLAN中发送的数 据包添加到 TCP/ 1 P协议栈,则主机的操作系统中的虚拟局域网模块从 TCP/ IP 协议栈中获取需要在 VLAN中发送的 TCP/ IP数据包,在 TCP/ IP数据包上添加 虚拟局域网标签, 这里的虚拟局域网标签可以为虚拟局域网标识(VLAN ID ) , 该 VLAN ID是该 TCP/ IP数据包需要发送的虚拟局域网的 ID, 具体可以在 TCP/ IP数据包包头添加一个 8位的虚拟局域网标签。 当然, 虚拟局域网标签 不仅仅限于 VLAN ID, 只要能够标识 VLAN 的信息都可以, 如 VLAN名称。 主 机的操作系统中的 VLAN模块将该添加了虚拟局域网标签(此处为添加了虚拟 局域网标识) 的 TCP/ IP数据包传入主机操作系统中的 PCIE vNIC驱动模块, PCIE vNIC驱动模块从 VLAN模块接收添加了虚拟局域网标签的 TCP/ IP数据包。  Specifically, if the upper layer application running on the host has a data packet to be sent in the virtual local area network, the upper layer application needs to add the data packet sent in the VLAN to the TCP/IP protocol stack, that is, the upper layer application invokes the kernel of the host operating system. The interface between the state and the user mode, the data packet sent in the VLAN is added to the TCP/1 P protocol stack, and the virtual LAN module in the operating system of the host obtains the TCP/TCP that needs to be sent in the VLAN from the TCP/IP protocol stack. IP data packet, the virtual local area network label is added to the TCP/IP data packet, where the virtual local area network label can be a virtual local area network identifier (VLAN ID), and the VLAN ID is the ID of the virtual local area network that the TCP/IP data packet needs to be sent. An 8-bit virtual LAN label can be added to the TCP/IP packet header. Of course, the virtual LAN label is not limited to the VLAN ID, as long as it can identify the VLAN information, such as the VLAN name. The VLAN module in the host's operating system passes the TCP/IP packet with the virtual LAN label (here added the virtual LAN identifier) to the PCIE vNIC driver module in the host operating system, and the PCIE vNIC driver module slave VLAN module. Receive TCP/IP packets with virtual LAN labels added.
S202、根据所述 TCP/ IP数据包携带的虚拟局域网标识查找虚拟局域网与 主机的对应关系, 获取所述虚拟局域网中包含的主机。  S202. Search for a correspondence between the virtual local area network and the host according to the virtual local area network identifier carried in the TCP/IP data packet, and obtain a host included in the virtual local area network.
主机根据获取的 TCP/ IP 数据包携带的虚拟局域网标识查找虚拟局域网与 主机的对应关系中该虚拟局域网标识对应的记录, 获取该 VLAN I D所对应的虚 拟局域网中包含的主机, 这些主机属于这个虚拟局域网。 具体的, 是由主机操 作系统中的 PCIE vNIC驱动模块根据 TCP/IP数据包携带的虚拟局域网标识查找 虚拟局域网与主机的对应关系, 获取该 VLAN ID所对应的虚拟局域网中包含的 主机。  The host searches for the record corresponding to the virtual local area network identifier in the corresponding relationship between the virtual local area network and the host according to the obtained virtual local area network identifier of the TCP/IP data packet, and obtains the host included in the virtual local area network corresponding to the VLAN ID, and the host belongs to the virtual local area network. Specifically, the PCIE vNIC driver module in the host operating system searches for the correspondence between the virtual local area network and the host according to the virtual local area network identifier carried in the TCP/IP data packet, and obtains the host included in the virtual local area network corresponding to the VLAN ID.
优选的, 本发明实施例中, 虚拟局域网与主机的对应关系中记录着 VLAN I D 与所对应的虚拟局域网中包括的主机的节点号的对应关系, 本文中有时将虚拟 局域网与主机的对应关系简称对应关系。 当然, 虚拟局域网与主机的对应关系 中也可以记录的是 VLAN ID以外的其他可以代表虚拟局域网的标识, 与主机的 节点号以外的其他可以代表主机的标识之间的对应关系, 本发明对此不做限制。 为说明方便, 本发明的实施例中均釆用在虚拟局域网与主机的对应关系中记录 的是 VLAN ID与主机的节点号间的对应关系进行描述, 并不对本发明的保护范 围造成限制。 一般的, 这个对应关系可以釆用表格形式, 如虚拟局域网与主机 的对应表。 Preferably, in the embodiment of the present invention, the correspondence between the VLAN ID and the node number of the host included in the corresponding virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host. The correspondence between the local area network and the host is referred to as the corresponding relationship. Certainly, the correspondence between the virtual local area network and the host may also record the correspondence between the identifier that can represent the virtual local area network other than the VLAN ID and the identifier that can represent the host other than the node number of the host, and the present invention No restrictions. For convenience of description, in the embodiment of the present invention, the correspondence between the VLAN ID and the node number of the host recorded in the correspondence between the virtual local area network and the host is described, and the scope of protection of the present invention is not limited. Generally, this correspondence can be in the form of a table, such as a correspondence table between a virtual local area network and a host.
优选的, 虚拟局域网与主机的对应关系来自于虚拟局域网管理服务器, 是 由虚拟局域网管理服务器建立并根据虚拟局域网中主机的变化(比如, 主机的 添加 /删除)进行更新维护的。 网络内的每个主机均在本地保存有一份虚拟局 域网与主机的对应关系, 并与虚拟局域网管理服务器上的虚拟局域网与主机的 对应关系保持一致。 虚拟局域网管理服务器可以是网络中一个专用主机, 也可 以由网络中的任意一个主机作为虚拟局域网管理服务器来负责管理整个网络 (由这台虚拟局域网管理服务器管理的网络范围) 中虚拟局域网与主机的对 应关系, 进行虚拟局域网与主机的对应关系的建立和维护。 对应关系可以由虚 拟局域网管理服务器向其所管理的网络中的各主机定期发送,也可在需要时 (如 对应关系有变化时) 向各主机发送, 当然也可以由各主机主动向虚拟局域网管 理服务器获取虚拟局域网与主机的对应关系, 本发明对此不作限制。 本发明实施例以所述虚拟局域网与主机的对应关系中记录着所述虚拟局 域网标识与所述虚拟局域网中包含的主机的节点号的对应关系, 举例说明: 表中所示的 VLAN ID为 20的虚拟局域网中, 包括 1个主机, 其主机的节点号为 1 ; 表中所示的 VLAN ID为 49的虚拟局域网中, 包括 5个主机, 其主机的节点 号为 1、 3、 4、 5、 7。 虚拟局域网标识 主机节点号 Preferably, the correspondence between the virtual local area network and the host comes from the virtual local area network management server, which is established by the virtual local area network management server and is updated and maintained according to changes of the host in the virtual local area network (for example, addition/deletion of the host). Each host in the network locally stores a mapping relationship between the virtual local area network and the host, and is consistent with the correspondence between the virtual local area network and the host on the virtual local area network management server. The virtual local area network management server may be a dedicated host in the network, or any host in the network may be used as a virtual local area network management server to manage the entire network (the network range managed by the virtual local area network management server) in the virtual local area network and the host. Corresponding relationship, establishing and maintaining the correspondence between the virtual local area network and the host. The correspondence relationship may be periodically sent by the virtual local area network management server to each host in the network managed by the virtual local area network management server, or may be sent to each host when needed (for example, when the corresponding relationship changes), and of course, each host may actively manage to the virtual local area network. The server obtains the correspondence between the virtual local area network and the host, and the present invention does not limit this. In the embodiment of the present invention, the correspondence between the virtual local area network identifier and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host. For example, the VLAN ID shown in the table is 20 In the virtual local area network, including one host, the host node number is 1; in the virtual local area network with the VLAN ID 49 shown in the table, including 5 hosts, the host node number is 1, 3, 4, 5 , 7. Virtual LAN ID host node number
20 1  20 1
49 2、 3、 4、 5、 7 虚拟局域网与主机的对应关系  49 2, 3, 4, 5, 7 Correspondence between virtual local area network and host
优选的, 虚拟局域网与主机的对应关系的更新维护, 可以釆用如图 3的流 程图所示的方法: Preferably, the update maintenance of the correspondence between the virtual local area network and the host may use the method shown in the flow chart of FIG. 3:
S30 主机获取修改虚拟局域网的命令。  The S30 host obtains the command to modify the virtual LAN.
当用户需要对虚拟局域网进行修改时, 会通过管理维护接口执行修改虚拟 局域网的命令。 例如, 需要将主机添加到一个 VLAN或从一个 VLAN中删除时, 用户会执行添加 VLAN或删除 VLAN的命令,主机获取用户添加 VLAN或删除 VLAN 的命令, 得到命令中的 VLAN I D。 具体可以由主机操作系统中的 PC I e vN I C驱动 模块获得修改虚拟局域网的命令, 例如, 可以在 PCIe vNIC驱动模块中注册为 响应修改 VLAN的命令,这样,当用户执行添加 VLAN或删除 VLAN的命令时, PCIe vNIC驱动模块就会获取到该命令。这里的主机可以是虚拟局域网管理服务器管 理的网络中的任一主机。  When the user needs to modify the virtual local area network, the command to modify the virtual local area network is executed through the management and maintenance interface. For example, when a host needs to be added to a VLAN or deleted from a VLAN, the user will execute the command of adding a VLAN or deleting a VLAN. The host obtains the command of adding a VLAN or deleting a VLAN, and obtains the VLAN I D in the command. Specifically, the command of modifying the virtual local area network may be obtained by the PC I e vN IC driving module in the host operating system. For example, the command to modify the VLAN may be registered in the PCIe vNIC driver module, so that when the user performs adding or deleting the VLAN, When commanded, the PCIe vNIC driver module will get the command. The host here can be any host in the network managed by the virtual LAN management server.
S 302、 主机发送修改通知给虚拟局域网管理服务器。  S 302. The host sends a modification notification to the virtual local area network management server.
主机向虚拟局域网管理服务器发送更新虚拟局域网与主机的对应关系的修 改通知, 修改通知中会携带需要修改的 VLAN ID和 /或主机的节点号信息, 大多 数在 VLAN中添加或删除主机的情况, 需要同时携带 VLAN ID和主机的节点号信 息, 但对于有些应用场景可以仅携带一个参数, 例如, 新建一个 VLAN时, 主机 的修改通知中可以仅携带主机的节点号, 不携带 VLAN ID, 由虚拟局域网管理服 务器分配 VLAN ID, 或者删除一个 VLAN时, 主机的修改通知中可以仅携带 VLAN ID, 不携带主机的节点号, 虚拟局域网管理服务器将删除 VLAN ID所对应的虚 拟局域网的记录, 删除所有主机。 修改消息中携带的主机的节点号信息可以是 发送修改通知的主机自己的节点号信息, 表明将发送消息的主机在 VLAN ID对 应的虚拟局域网中添加或删除, 也可以是发送消息的主机以外的其他主机的节 点号信息, 表明将所携带的主机的节点号信息对应的其他主机在虚拟局域网中 添加或删除。 当然, 修改通知中携带的代表 VLAN和主机的信息, 是和虚拟局域 网与主机的对应关系中代表 VLAN和主机的信息是对应的, 为了说明方便, 这里 均釆用 VLAN ID代表 VLAN, 主机的节点号代表主机, 并不对本发明的保护范围 造成限制。 The host sends a modification notification to the virtual local area network management server to update the correspondence between the virtual local area network and the host, and the modification notification carries the VLAN ID and/or the node number information of the host to be modified, and most of the hosts are added or deleted in the VLAN. You need to carry the VLAN ID and the node number of the host at the same time. However, in some applications, you can carry only one parameter. For example, when you create a new VLAN, the modification notification of the host can only carry the node number of the host. When the LAN management server assigns a VLAN ID or deletes a VLAN, the host's modification notification can only carry the VLAN ID and does not carry the node number of the host. The virtual LAN management server deletes the record of the virtual LAN corresponding to the VLAN ID and deletes all hosts. . The node number information of the host carried in the modification message may be the node number information of the host that sends the modification notification, indicating that the host that sends the message is added or deleted in the virtual local area network corresponding to the VLAN ID, or may be other than the host that sends the message. The node number information of other hosts indicates that other hosts corresponding to the node number information of the host to be carried are in the virtual local area network. Add or remove. Of course, the information representing the VLAN and the host carried in the modification notification is corresponding to the information representing the VLAN and the host in the correspondence between the virtual local area network and the host. For convenience of explanation, the VLAN ID is used to represent the VLAN, and the node of the host is used. The number represents the host and does not limit the scope of protection of the present invention.
S303、 虚拟局域网管理服务器根据修改通知更新虚拟局域网与主机的对应 关系。  S303. The virtual local area network management server updates the correspondence between the virtual local area network and the host according to the modification notification.
虚拟局域网管理服务器接收到修改通知, 当修改通知为将主机添加到一个 VLAN时, 如果 VLAN ID已经存在, 则将主机的节点号添加到虚拟局域网与主机 的对应关系中该 VLAN ID对应的虚拟局域网包含的主机中, 如果该 VLAN ID不 存在或修改通知中未包含 VLAN ID时, 则在虚拟局域网与主机的对应关系中增 加一条针对该 VLAN ID的新记录或分配的新 VLAN ID的新纪录, 包含该主机的 节点号。 当虚拟局域网管理服务器接收到的修改通知为从一个 VLAN中删除该主 机时, 虚拟局域网管理服务器查找虚拟局域网与主机的对应关系中对应该 VLAN ID的记录, 把该主机的节点号从该 VLAN ID对应的局域网包含的主机中删除。  The virtual local area network management server receives the modification notification. When the modification notification is to add the host to a VLAN, if the VLAN ID already exists, add the node number of the host to the virtual local area network corresponding to the VLAN ID in the corresponding relationship between the virtual local area network and the host. If the VLAN ID does not exist or the modification notification does not include the VLAN ID, add a new record for the new record or the assigned new VLAN ID of the VLAN ID in the mapping between the virtual LAN and the host. Contains the node number of this host. When the modification notification received by the virtual local area network management server is to delete the host from a VLAN, the virtual local area network management server searches for a record corresponding to the VLAN ID in the correspondence between the virtual local area network and the host, and sets the node number of the host from the VLAN ID. The corresponding LAN is included in the host removed.
S304、 虚拟局域网管理服务器将更新后的虚拟局域网与主机的对应关系发 送给其管理的网络中的所有主机。 虚拟局域网管理服务器可以先将更新后的虚 拟局域网与主机的对应关系返回给发送修改通知的主机, 再发送给网络中的其 他主机, 也可以同时发送给网络内的所有主机。 当然, 虚拟局域网管理服务器 也可以仅将更新后的虚拟局域网与主机的对应关系发送给本次进行了增加 / 删除主机操作的虚拟局域网中包含的各主机。  S304. The virtual local area network management server sends the updated correspondence between the virtual local area network and the host to all hosts in the network it manages. The virtual local area network management server may first return the updated relationship between the virtual local area network and the host to the host that sends the modification notification, and then send it to other hosts in the network, or simultaneously to all hosts in the network. Of course, the virtual local area network management server may also send only the corresponding relationship between the updated virtual local area network and the host to each host included in the virtual local area network in which the host operation is added/deleted.
S 305、 各主机更新本地保存的虚拟局域网与主机的对应关系。  S 305. Each host updates a correspondence between the locally saved virtual local area network and the host.
各主机接收到虚拟局域网管理服务器发送的更新后的虚拟局域网与主机的 对应关系, 更新自己本地保存的对应关系: 可以将原先保存的对应关系删除, 拷贝虚拟局域网管理服务器发送的对应关系, 或者根据虚拟局域网管理服务器 发送的对应关系, 更新本地保存的对应关系中有变化的相应记录。  Each host receives the corresponding relationship between the updated virtual local area network and the host sent by the virtual local area network management server, and updates the corresponding relationship saved locally: the original saved correspondence relationship may be deleted, and the corresponding relationship sent by the virtual local area network management server may be copied, or according to The corresponding relationship sent by the virtual local area network management server updates the corresponding record with the change in the locally saved correspondence.
通过前面所述的更新虚拟局域网与主机的对应关系的方法, 有效地保障了 虚拟局域网管理服务器上的虚拟局域网与主机的对应关系的准确性和灵活性, 而且也能够使各主机本地的对应关系与虚拟局域网管理服务器上的对应关系保 持一致。  The method for updating the correspondence between the virtual local area network and the host is effectively ensured the accuracy and flexibility of the correspondence between the virtual local area network and the host on the virtual local area network management server, and the local correspondence of each host can also be ensured. It is consistent with the correspondence on the virtual LAN management server.
S203、 根据所述 TCP/ IP数据包中的地址信息, 确定所述 TCP/ IP数据包 的目的主机, 其中, 所述目的主机包含在所述虚拟局域网中包含的主机中。 该步骤具体可以由主机操作系统中的 PCIE vNIC驱动模块执行。 S203. Determine the TCP/IP data packet according to the address information in the TCP/IP data packet. a destination host, where the destination host is included in a host included in the virtual local area network. This step can be specifically performed by the PCIE vNIC driver module in the host operating system.
具体的, 当地址信息表示广播地址时, 该 TCP/ IP数据包的目的主机为查 询对应关系获得的该虚拟局域网中包含的所有主机中除本主机以外的所有其 他主机。  Specifically, when the address information indicates a broadcast address, the destination host of the TCP/IP data packet is all other hosts except the host among all the hosts included in the virtual local area network obtained by the query correspondence.
具体的, 当地址信息表示单播地址时, 如果查询对应关系获得的该虚拟 局域网中包含的主机中包括所述单播地址对应的主机,则所述 TCP/ IP数据包 的目的主机即为所述单播地址对应的主机; 如果查询对应关系获得的该虚拟 局域网中包含的主机中不包括所述单播地址对应的主机, 则确认所述 TCP/ IP 数据包为非法数据包, 丟弃所述 TCP/ IP数据包, 将不进行发送。  Specifically, when the address information indicates a unicast address, if the host included in the virtual local area network obtained by the query correspondence includes the host corresponding to the unicast address, the destination host of the TCP/IP data packet is The host corresponding to the unicast address; if the host included in the virtual local area network obtained by the query correspondence does not include the host corresponding to the unicast address, confirm that the TCP/IP data packet is an illegal data packet, and discard the The TCP/IP packet will not be sent.
S204、 通过 PCIE交换机向所述 TCP/ IP数据包的目的主机发送该 TCP/ IP 数据包。  S204. Send the TCP/IP data packet to the destination host of the TCP/IP data packet by using a PCIE switch.
该步骤具体由主机操作系统中的 PCIE vNIC驱动模块执行。 具体的, 当地 址信息为一个广播地址时, 则 PCIE vNIC驱动模块通过 PCIE交换机向虚拟局 域网中除本机以外的所有其他主机发送该 TCP/ IP数据包;当地址信息为一个 单播地址时, 如果该单播地址对应的目的主机为查询对应关系获得的该虚拟 局域网中包含的主机中的一个主机,则通过 PCIE交换机向该目的主机发送该 TCP/ IP数据包。  This step is specifically performed by the PCIE vNIC driver module in the host operating system. Specifically, when the address information is a broadcast address, the PCIE vNIC driver module sends the TCP/IP data packet to all other hosts except the local machine through the PCIE switch; when the address information is a unicast address, If the destination host corresponding to the unicast address is one of the hosts included in the virtual local area network obtained by querying the correspondence, the TCP/IP data packet is sent to the destination host through the PCIE switch.
虚拟局域网内的其他主机接收到 TCP/IP数据包, 将虚拟局域网标签 (这里 是虚拟局域网标识)相同的数据包通过网络设备接口加入 TCP/IP堆栈, 从而将 数据包传递给对应的上层应用, 具体的, 可以通过网络设备接口将数据包传入 主机操作系统中的 VL AN模块进行解析, 并传入 TCP/IP堆栈, 最终将数据包传 递给对应的上层应用程序。 即本发明实施例中所述的方法, 既可以适用于物理机间的安全隔离, 各物理主 机都在同一个 PCIE 网络里, 用户按照业务需求将这些主机划分到不同的 VLAN 中, 只有在相同 VLAN中的主机可以相互通信, 例如, 当一个 VLAN中的主机发 出广播包时,其发送范围限制就是该 VLAN中的主机,并不会把消息发送到该 VLAN 以外的主机。 同样, 本发明实施例中的方法也适用于虚拟机之间、 虚拟机和物 理机之间的安全隔离业务场景, 用户将虚拟机和物理机划分不同的 VLAN, VLAN 内的通信仅会在该 VLAN中的物理机和虚拟机之间进行, 不会发送到 VLAN外的 虚拟机或物理机中。 当然, 对于虚拟机, 虚拟局域网与主机的对应关系中记录 的也是虚拟局域网与物理主机的对应关系, 这里的物理主机就是虚拟机所在的 物理主机, 即虚拟局域网与主机的对应关系中记录的虚拟局域网标识与虚拟 局域网中包含的主机的节点号的对应关系, 这里的主机的节点号可以是虚拟 局域网中包含的物理主机的节点号也可能是虚拟局域网中包含的虚拟机所在 的物理主机的节点号。 The other hosts in the virtual local area network receive the TCP/IP data packet, and the same data packet of the virtual local area network label (here, the virtual local area network identifier) is added to the TCP/IP stack through the network device interface, thereby transmitting the data packet to the corresponding upper layer application. Specifically, the data packet can be sent to the VL AN module in the host operating system through the network device interface for parsing, and then transmitted to the TCP/IP stack, and finally the data packet is delivered to the corresponding upper application. That is, the method described in the embodiment of the present invention can be applied to security isolation between physical machines, and each physical host is in the same PCIE network, and the users are divided into different VLANs according to service requirements. Only hosts in the same VLAN can communicate with each other. For example, when a host in a VLAN sends a broadcast packet, its transmission range is limited to the host in the VLAN, and the message is not sent to hosts other than the VLAN. Similarly, the method in the embodiment of the present invention is also applicable to a security isolation service scenario between a virtual machine and a virtual machine and a physical machine. The user divides the virtual machine and the physical machine into different VLANs, and the communication in the VLAN is only in the The physical machine and virtual machine in the VLAN are not sent to the virtual machine or physical machine outside the VLAN. Of course, for a virtual machine, the correspondence between the virtual local area network and the host is also the correspondence between the virtual local area network and the physical host. The physical host here is the physical host where the virtual machine is located, that is, the virtual record recorded in the correspondence between the virtual local area network and the host. Correspondence between the local area network identifier and the node number of the host included in the virtual local area network. The node number of the host here may be the node number of the physical host included in the virtual local area network or the node of the physical host where the virtual machine included in the virtual local area network is located. number.
PCIE网络无论是 ID路由还是地址路由, 都是点到点通信传输数据, 例如, IPoPCIE的广播 /多播其实就是对所有主机依次进行点到点数据传输。 本发明实 施例通过确定需要发送 TCP/ IP数据包的虚拟局域网中的目的主机,仅通过 PCIE 交换机向属于该 VLAN中的主机发送数据包, 实现了只允许在同一个虚拟局域网 中的主机间进行虚拟局域网内的点到点数据传输,从而较好地解决了 IPoPCIE 系统的 VLAN的安全性问题, 做到数据包在主机间的有效隔离, 保障安全性, 并避免网络风暴。 而且, 避免了当 PCIE网络接入大量主机时, 每个主机可能会 接收大量的不必要的广播包而严重影响主机性能的问题。  PCIE networks, whether ID routing or address routing, are point-to-point communication transmission data. For example, IPoPCIE broadcast/multicast is actually point-to-point data transmission for all hosts in turn. In the embodiment of the present invention, by determining the destination host in the virtual local area network that needs to send the TCP/IP data packet, the data packet is sent only to the host belonging to the VLAN through the PCIE switch, so that only the hosts in the same virtual local area network are allowed to be performed. The point-to-point data transmission in the virtual local area network can better solve the security problem of the VLAN of the IPoPCIE system, so as to effectively isolate the data packets between the hosts, ensure security, and avoid network storms. Moreover, it avoids the problem that when a PCIE network accesses a large number of hosts, each host may receive a large number of unnecessary broadcast packets and seriously affect the performance of the host.
本发明实施例 3提供的一个主机 200的结构如图 4所示,包括:  The structure of a host 200 provided in Embodiment 3 of the present invention is as shown in FIG. 4, and includes:
虚拟局域网确定模块 201 , 用于获取需要在虚拟局域网中发送的 TCP/ IP 数据包 ,根据该 TCP/ IP数据包携带的虚拟局域网标识查找虚拟局域网与主机 的对应关系,获取该虚拟局域网中包含的主机,根据该 TCP/ IP数据包中的地 址信息, 确定该 TCP/ IP数据包的目的主机, 其中, 该目的主机包含在该虚拟 局域网中包含的主机中;  The virtual local area network determining module 201 is configured to obtain a TCP/IP data packet that needs to be sent in the virtual local area network, and find a correspondence between the virtual local area network and the host according to the virtual local area network identifier carried in the TCP/IP data packet, and obtain the corresponding relationship between the virtual local area network and the host. The host determines the destination host of the TCP/IP data packet according to the address information in the TCP/IP data packet, where the destination host is included in the host included in the virtual local area network;
收发模块 202 ,用于通过 PCIE交换机向该 TCP/ IP数据包的目的主机发送 该 TCP/ IP数据包。 The transceiver module 202 is configured to send to the destination host of the TCP/IP data packet through the PCIE switch. The TCP/IP packet.
具体的, 虚拟局域网确定模块 201 , 用于获取需要在虚拟局域网中发送的 TCP/ IP数据包 ,根据该 TCP/ IP数据包携带的虚拟局域网标识在虚拟局域网与 主机的对应关系中查找该虚拟局域网标识在该表中的记录, 获取该 VLAN ID所 对应的虚拟局域网中包含的主机, 根据该 TCP/ IP数据包中的地址信息, 确定 该 TCP/ IP数据包的目的主机,该目的主机包含在该虚拟局域网中包含的主机 中。 虚拟局域网与主机的对应关系中记录着 VL AN I D与所对应的虚拟局域网中 包括的主机的节点号的对应关系。  Specifically, the virtual local area network determining module 201 is configured to obtain a TCP/IP data packet that needs to be sent in the virtual local area network, and search for the virtual local area network according to the virtual local area network identifier carried by the TCP/IP data packet in the corresponding relationship between the virtual local area network and the host. Identifying the record in the table, obtaining a host included in the virtual local area network corresponding to the VLAN ID, and determining a destination host of the TCP/IP data packet according to the address information in the TCP/IP data packet, where the destination host is included The host included in the virtual LAN. The correspondence between the virtual local area network and the host records the correspondence between the VL AN I D and the node number of the host included in the corresponding virtual local area network.
具体的, 收发模块 202 , 用于将包括了虚拟局域网标识的 TCP/ IP数据包, 通过 PCIE交换机发送给该 TCP/ IP数据包的目的主机。 具体的, 收发模块用 于通过 PCIE交换机向虚拟局域网确定模块 201确定的该 TCP/ IP数据包的目的 主机发送该 TCP/ IP数据包: 当地址信息为一个广播地址时, 则通过 PCIE交  Specifically, the transceiver module 202 is configured to send the TCP/IP data packet including the virtual local area network identifier to the destination host of the TCP/IP data packet through the PCIE switch. Specifically, the transceiver module is configured to send the TCP/IP data packet to the destination host of the TCP/IP data packet determined by the virtual local area network determining module 201 through the PCIE switch: when the address information is a broadcast address, pass the PCIE
址信息为一个单播地址时, 如果该单播地址对应的目的主机为查询对应关系 获得的该虚拟局域网中包含的主机中的一个主机,则通过 PCIE交换机向该目 的主机发送该 TCP/ IP数据包。虚拟局域网内的其他主机接收到 TCP/IP数据包, 将数据包通过网络设备接口传入主机操作系统中的 VLAN模块进行解析并传入 TCP/IP堆栈, 从而将数据包传递给对应的上层应用。 本发明实施例中的主机 200通过确定需要发送 TCP/IP数据包的虚拟局域 网中的主机, 仅通过 PCIE交换机向该 VLAN中的主机发送数据包, 实现了只允 许在同一个虚拟局域网中的主机间进行虚拟局域网内的数据传输,从而做到 IPoPCIE系统的 VLAN中的数据包在主机之间的有效隔离, 并避免网络风暴。 If the destination information is a unicast address, if the destination host corresponding to the unicast address is a host in the virtual local area network obtained by the query correspondence, the TCP/IP data is sent to the destination host through the PCIE switch. package. The other hosts in the virtual local area network receive the TCP/IP data packet, and then pass the data packet to the VLAN module in the host operating system through the network device interface for parsing and input to the TCP/IP stack, thereby transmitting the data packet to the corresponding upper application. . The host 200 in the embodiment of the present invention transmits a data packet to a host in the VLAN only through a PCIE switch by determining a host in a virtual local area network that needs to send a TCP/IP data packet, thereby implementing a host that is only allowed in the same virtual local area network. The data transmission in the virtual local area network is performed, so that the data packets in the VLAN of the IPoPCIE system are effectively isolated between the hosts, and the network storm is avoided.
优选的,虚拟局域网与主机的对应关系中记录着虚拟局域网的虚拟局域网 标识与该虚拟局域网中包括的主机的节点号的对应关系, 虚拟局域网与主机 的对应关系的具体内容与前面实施例类似, 本处不再赘述。  Preferably, the corresponding relationship between the virtual local area network identifier of the virtual local area network and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host, and the specific content of the correspondence between the virtual local area network and the host is similar to the previous embodiment. I will not repeat them here.
具体的, 当该 TCP/ IP数据包的地址信息表示广播地址时,虚拟局域网确定 模块 201确定的该 TCP/IP数据包的目的主机为获取的虚拟局域网中包含的主机 中除本主机以外的所有其他主机;当该 TCP/ IP数据包的地址信息表示单播地址 时, 如果虚拟局域网确定模块 201获取的该虚拟局域网中包含的主机中包括所 述单播地址对应的主机, 则虚拟局域网确定模块 201确定的该 TCP/ IP数据包的 目的主机为该单播地址对应的主机。 Specifically, when the address information of the TCP/IP data packet indicates a broadcast address, the destination host of the TCP/IP data packet determined by the virtual local area network determining module 201 is the host included in the acquired virtual local area network. All other hosts except the host; when the address information of the TCP/IP packet indicates a unicast address, if the host included in the virtual local area network acquired by the virtual local area network determining module 201 includes the unicast address The host, the destination host of the TCP/IP data packet determined by the virtual local area network determining module 201 is the host corresponding to the unicast address.
可选的, 如图 4所示, 主机 200中还包括: 对应关系管理模块 203 , 用于 接收来自于虚拟局域网管理服务器的虚拟局域网与主机的对应关系, 虚拟局 域网与主机的对应关系由虚拟局域网管理服务器建立和维护。 虚拟局域网与 主机的对应关系由虚拟局域网管理服务器建立, 并根据虚拟局域网中主机的变 化(增加 /删除) , 进行更新维护。 对应关系管理模块 203 , 用于接收在接收来 自于虚拟局域网管理服务器的虚拟局域网与主机的对应关系,并在本地保存。 进一步的, 还用于将本地保存的虚拟局域网与主机的对应关系与虚拟局域网管 理服务器上的对应关系保持一致。  Optionally, as shown in FIG. 4, the host 200 further includes: a correspondence management module 203, configured to receive a correspondence between the virtual local area network and the host from the virtual local area network management server, where the correspondence between the virtual local area network and the host is determined by the virtual local area network Management server setup and maintenance. The correspondence between the virtual local area network and the host is established by the virtual local area network management server, and is updated and maintained according to the change (addition/delete) of the host in the virtual local area network. The correspondence management module 203 is configured to receive a correspondence between the virtual local area network and the host that is received from the virtual local area network management server, and save the information locally. Further, the mapping between the locally saved virtual local area network and the host is consistent with the corresponding relationship on the virtual local area network management server.
进一步的, 对应关系管理模块 203 , 还用于获取修改虚拟局域网的命令, 发 送修改通知给虚拟局域网管理服务器, 并根据虚拟局域网管理服务器返回的根 据爹改通知更新的虚拟局域网与主机的对应关系对本地的对应关系进行更新。 具体的, 当用户需要对虚拟局域网进行修改时, 会执行修改虚拟局域网的命令, 例如, 当需要将主机添加到一个 VLAN或从一个 VLAN中删除时, 用户会执行添 加 VLAN或删除 VLAN的命令, 对应关系管理模块 203会获取用户添加 VLAN或删 除 VLAN的命令。 可以在对应关系管理模块 203中设置响应修改 VLAN的命令, 这样, 当用户执行修改 VLAN的命令时, 对应关系管理模块 203就会及时响应, 获取到该命令。 对应关系管理模块 203会向虚拟局域网管理服务器发送更新虚 拟局域网与主机的对应关系的修改通知, 修改通知中会携带需要修改的 VLAN ID 和 /或主机的节点号信息, 大多数在 VLAN中添加或删除主机的情况, 需要同时 携带 VLAN ID和主机的节点号信息, 但对于有些应用场景可以仅携带一个参数, 例如, 新建一个 VLAN时, 主机的修改通知中可以仅携带主机的节点号, 不携带 VLAN ID , 由虚拟局域网管理服务器分配 VLAN ID, 或者删除一个 VLAN时, 主机 的修改通知中可以仅携带 VLAN ID, 不携带主机的节点号, 虚拟局域网管理服务 器将删除 VLAN ID所对应的虚拟局域网的记录, 删除所有主机。 修改消息中携 带的主机的节点号信息可以是发送修改通知的主机自己的节点号信息, 表明将 发送消息的主机在 VLAN ID对应的虚拟局域网中添加或删除, 也可以是发送消 息的主机以外的其他主机的节点号信息, 表明将所携带的主机的节点号信息对 应的其他主机在虚拟局域网中添加或删除。 当然, 修改通知中携带的代表 VL AN 和主机的信息, 是和虚拟局域网与主机的对应关系中代表 VLAN和主机的信息是 对应的, 为了说明方便, 这里均釆用 VLAN ID代表 VLAN, 主机的节点号代表主 机, 并不对本发明的保护范围造成限制。 而虚拟局域网管理服务器接收到修改 通知, 会根据修改通知对虚拟局域网与主机的对应关系进行更新, 并将更新后 的虚拟局域网与主机的对应关系发送给给其管理的网络中的各主机。 具体更新 的方法与本发明实施例 2中相关内容相同, 此处不再赘述。 对应关系管理模块 203 , 接收到虚拟局域网管理服务器发送的虚拟局域网与主机的对应关系, 更新 自己本地保存的对应关系: 可以将原先保存的对应关系删除, 拷贝虚拟局域网 管理服务器发送的对应关系, 或者根据虚拟局域网管理服务器发送的对应关系, 更新本地保存的对应关系中有变化的相应记录。 通过更新虚拟局域网与主机的 对应关系, 有效地保障了虚拟局域网管理服务器上的虚拟局域网与主机的对应 关系的准确性, 而且各主机本地的对应关系也能够与虚拟局域网管理服务器上 的对应关系保持一致。 Further, the correspondence management module 203 is further configured to acquire a command for modifying the virtual local area network, send a modification notification to the virtual local area network management server, and according to the corresponding relationship between the virtual local area network and the host that is updated according to the tamper notification returned by the virtual local area network management server. The local correspondence is updated. Specifically, when the user needs to modify the virtual local area network, the command to modify the virtual local area network is executed. For example, when the host needs to be added to a VLAN or deleted from a VLAN, the user performs a command of adding a VLAN or deleting a VLAN. The correspondence management module 203 obtains a command for the user to add a VLAN or delete a VLAN. The command to modify the VLAN may be set in the corresponding relationship management module 203. When the user performs the command to modify the VLAN, the correspondence management module 203 responds in time to obtain the command. The corresponding relationship management module 203 sends a modification notice for updating the correspondence between the virtual local area network and the host to the virtual local area network management server, where the modification notification carries the VLAN ID to be modified and/or the node number information of the host, and most of them are added in the VLAN or If you delete a host, you need to carry the VLAN ID and the node number of the host. However, you can carry only one parameter for some applications. For example, when you create a new VLAN, the modification notification of the host can only carry the node number of the host. VLAN ID, when the VLAN ID is assigned by the virtual LAN management server, or when a VLAN is deleted, the modification notice of the host can carry only the VLAN ID and does not carry the node number of the host. The virtual LAN management server deletes the virtual LAN corresponding to the VLAN ID. Record, delete all hosts. The node number information of the host carried in the modification message may be the node number information of the host that sends the modification notification, indicating that The host that sends the message is added or deleted in the virtual local area network corresponding to the VLAN ID, and may also be the node number information of the host other than the host that sends the message, indicating that the other host corresponding to the node number information of the carried host is in the virtual local area network. Add or remove. Of course, the information representing the VL AN and the host carried in the modification notification is corresponding to the information representing the VLAN and the host in the correspondence between the virtual local area network and the host. For convenience of explanation, the VLAN ID is used to represent the VLAN, and the host The node number represents the host and does not limit the scope of protection of the present invention. When receiving the modification notification, the virtual local area network management server updates the correspondence between the virtual local area network and the host according to the modification notification, and sends the updated virtual local area network and the host corresponding relationship to each host in the network managed by the virtual local area network. The method for the specific update is the same as that of the embodiment 2 of the present invention, and details are not described herein again. The corresponding relationship management module 203 receives the correspondence between the virtual local area network and the host sent by the virtual local area network management server, and updates the corresponding relationship saved locally: the original saved correspondence relationship may be deleted, and the corresponding relationship sent by the virtual local area network management server may be copied, or According to the correspondence sent by the virtual local area network management server, the corresponding record with the change in the locally saved correspondence relationship is updated. By updating the correspondence between the virtual local area network and the host, the accuracy of the correspondence between the virtual local area network and the host on the virtual local area network management server is effectively ensured, and the corresponding relationship between the hosts and the host can be maintained with the corresponding relationship on the virtual local area network management server. Consistent.
与前面方法的实施例中一样, 本发明实施例中的虚拟局域网中既可以包括 物理主机也可以包括虚拟机。 当然, 对于虚拟机, 虚拟局域网与主机的对应关 系中记录的也是虚拟局域网与物理主机的对应关系, 这里的物理主机就是虚拟 机所在的物理主机, 即虚拟局域网与主机的对应关系中记录的虚拟局域网标 识与虚拟局域网中包含的主机的节点号的对应关系, 这里的主机的节点号可 以是虚拟局域网中包含的物理主机的节点号也可能是虚拟局域网中包含的虚 拟机所在的物理主机的节点号。  As in the embodiment of the foregoing method, the virtual local area network in the embodiment of the present invention may include a physical host or a virtual machine. Of course, for a virtual machine, the correspondence between the virtual local area network and the host is also the correspondence between the virtual local area network and the physical host. The physical host here is the physical host where the virtual machine is located, that is, the virtual record recorded in the correspondence between the virtual local area network and the host. Correspondence between the local area network identifier and the node number of the host included in the virtual local area network. The node number of the host here may be the node number of the physical host included in the virtual local area network or the node of the physical host where the virtual machine included in the virtual local area network is located. number.
可选的,如图 4所示,主机 200还包括:虚拟局域网模块 204 ,用于从 TCP / 1 P 协议栈中获取需要在 VLAN中发送的 TCP/ IP数据包, 添加虚拟局域网标识, 发给虚拟局域网确定模块 201。 优选的, 虚拟局域网模块 204 , 具体用于获取 上层应用需要在虚拟局域网内发送的 TCP/ IP数据包, 在 TCP/ IP数据包上添加 主机 200上运行的上层应用有数据包需要在虚拟局域网中进行发送时, 上层 应用将需要在 VLAN中发送的数据包添加到 TCP/ IP协议栈, 虚拟局域网模块 204从 TCP/ IP协议栈中获取需要发送的 TCP/ IP数据包,在 TCP/ IP数据包上 添加 VLAN ID , 传入虚拟局域网确定模块 201 , 虚拟局域网确定模块 201从虚 拟局域网模块 204接收添加了虚拟局域网标签的 TCP/ IP数据包。 Optionally, as shown in FIG. 4, the host 200 further includes: a virtual local area network module 204, configured to obtain, from the TCP/1P protocol stack, a TCP/IP data packet that needs to be sent in a VLAN, add a virtual local area network identifier, and send the Virtual local area network determination module 201. Preferably, the virtual local area network module 204 is specifically configured to obtain a TCP/IP data packet that needs to be sent in the virtual local area network of the upper layer application, and add the upper layer application running on the host 200 to the TCP/IP data packet, and the data packet needs to be in the virtual local area network. When sending, the upper layer The application adds the data packet that needs to be sent in the VLAN to the TCP/IP protocol stack. The virtual local area network module 204 obtains the TCP/IP data packet to be sent from the TCP/IP protocol stack, and adds the VLAN ID to the TCP/IP data packet. The incoming virtual local area network determining module 201 receives the TCP/IP data packet to which the virtual local area network tag is added from the virtual local area network module 204.
本发明实施例中如图 4所示的主机 200中,对应关系管理模块 203、虚拟局 域网模块 204可能同时存在,也可能主机 200中仅包括对应关系管理模块 203 , 而没有虚拟局域网模块 204 , 或仅包括虚拟局域网模块 204 , 而没有对应关系 管理模块 203。  In the embodiment of the present invention, in the host 200 shown in FIG. 4, the corresponding relationship management module 203 and the virtual local area network module 204 may exist at the same time, or the host 200 may include only the corresponding relationship management module 203 without the virtual local area network module 204, or Only the virtual local area network module 204 is included, and there is no correspondence management module 203.
PCIE网络无论是 ID路由还是地址路由,都是点到点通信传输数据, IPoPCIE 的广播 /多播其实是对所有主机依次进行点到点数据传输。本发明实施例中提供 的主机通过确定需要发送 TCP/ IP数据包的虚拟局域网中的目的主机, 仅通过 PCIE交换机向属于该 VLAN中的主机发送数据包, 实现了只允许在同一个虚拟 局域网中的主机间进行虚拟局域网内的数据传输,从而较好地解决了 IPoPC IE 系统的 VLAN的安全性问题 ,做到数据包在主机间的有效隔离,避免网络风暴。 而且, 避免了当 PCIE网络接入大量主机时, 每个主机可能会接收大量的不必要 的广播包而严重影响主机性能的问题。  PCIE networks, whether ID routing or address routing, are point-to-point communication transmission data. IPoPCIE broadcast/multicast is actually point-to-point data transmission for all hosts in turn. The host provided in the embodiment of the present invention can only send the data packet to the host belonging to the VLAN through the PCIE switch by determining the destination host in the virtual local area network that needs to send the TCP/IP data packet, so that only the same virtual local area network can be allowed in the same virtual local area network. The data transmission between the hosts in the virtual local area network can better solve the security problem of the VLAN of the IPoPC IE system, so as to effectively isolate the data packets between the hosts and avoid network storms. Moreover, when the PCIE network accesses a large number of hosts, each host may receive a large number of unnecessary broadcast packets and seriously affect the performance of the host.
图 5为本发明实施例 4的主机结构图, 如图所示, 主机 300包括至少一个 处理器 301、 存储器 305、 至少一个网络接口卡 304 , 和至少一通信总线 302。 该主机 300可选的包含用户接口 303 , 包括显示器, 键盘或者点击设备。 存 储器 305存储执行指令, 当主机 300运行时, 处理器 301与存储器 305之间 通信, 处理器 301执行执行指令使得主机 300执行本发明实施例 1所描述的 方法, 其实现原理和技术效果与前面实施例 2类似, 此处不再赘述。 操作系 统 306 , 包含各种程序, 用于实现各种基础业务以及处理基于硬件的任务。 该主机 300还包括显示接口卡。 另外, 本发明实施例中还提供一种计算机可 读介质, 包含计算机执行指令, 计算机执行指令能够使主机 300执行本发明 实施例 2所描述的方法, 其实现原理和技术效果与前面实施例 2类似, 此处 不再赘述。  5 is a diagram showing the structure of a host according to Embodiment 4 of the present invention. As shown, the host 300 includes at least one processor 301, a memory 305, at least one network interface card 304, and at least one communication bus 302. The host 300 optionally includes a user interface 303, including a display, a keyboard or a pointing device. The memory 305 stores execution instructions. When the host 300 is running, the processor 301 communicates with the memory 305, and the processor 301 executes the execution instructions to cause the host 300 to execute the method described in Embodiment 1 of the present invention. The implementation principle and technical effects are the same as the foregoing. Embodiment 2 is similar and will not be described again here. The operating system 306 includes various programs for implementing various basic services and processing hardware-based tasks. The host 300 also includes a display interface card. In addition, the embodiment of the present invention further provides a computer readable medium, which includes a computer-executed instruction, and the computer-executable instruction enables the host 300 to perform the method described in Embodiment 2 of the present invention, and the implementation principle and technical effect thereof are the same as the previous embodiment 2. Similar, it will not be described here.
本发明实施例中提供的主机, 通过执行指令确定需要发送 TCP/ IP数据包 的虚拟局域网中包括的目的主机, 仅通过 PCIE交换机向属于该 VLAN中的目的 主机发送数据包, 实现了只允许在同一个虚拟局域网中的主机间进行虚拟局域 网内的数据传输,从而较好地解决了 IPoPCIE系统的 VLAN的安全性问题, 做 到数据包在主机间的有效隔离, 避免网络风暴。 而且, 避免了当 PCIE网络接 入大量主机时, 每个主机可能会接收大量的不必要的广播包而严重影响主机性 能的问题。 The host provided in the embodiment of the present invention determines the destination host included in the virtual local area network that needs to send the TCP/IP data packet by executing the instruction, and only uses the PCIE switch to belong to the VLAN. The host sends data packets, which allows data transmission in the virtual local area network only between hosts in the same virtual local area network, thereby better solving the security problem of the VLAN of the IPoPCIE system, so that the data packets are effectively valid between the hosts. Isolation, avoiding network storms. Moreover, when the PCIE network accesses a large number of hosts, each host may receive a large number of unnecessary broadcast packets and seriously affect the performance of the host.
在如图 1所示的高速外围组件互连系统中, 虚拟局域网管理服务器 30 , 用于对虚拟局域网与主机的对应关系进行建立和维护。 并进一步的, 还用于 接收到至少两个主机 10中的任一主机发送的修改通知后,根据接收到的修改 通知更新虚拟局域网与主机的对应关系, 并将更新后的虚拟局域网与主机的 对应关系发送给系统中的所有主机 10。  In the high-speed peripheral component interconnection system shown in FIG. 1, a virtual local area network management server 30 is configured to establish and maintain a correspondence between a virtual local area network and a host. And further, after receiving the modification notification sent by any one of the at least two hosts 10, updating the correspondence between the virtual local area network and the host according to the received modification notification, and updating the updated virtual local area network and the host The correspondence is sent to all hosts 10 in the system.
本发明实施例中提供的 IPoPCIE系统, 通过确定需要发送 TCP/IP数据包 的虚拟局域网中包括的主机, 仅通过 PCIE交换机向属于该 VLAN中的目的主机 发送数据包, 实现了只允许在同一个虚拟局域网中的主机间进行虚拟局域网内 的数据传输,从而较好地解决了 IPoPCIE系统的 VLAN的安全性问题, 做到数 据包在主机间的有效隔离, 避免网络风暴。 而且, 避免了当 PCIE网络接入大 量主机时, 每个主机可能会接收大量的不必要的广播包而严重影响主机性能的 问题。  In the IPoPCIE system provided in the embodiment of the present invention, by determining the host included in the virtual local area network that needs to send the TCP/IP data packet, the data packet is sent only to the destination host belonging to the VLAN through the PCIE switch, so that only the same one is allowed. The data transmission in the virtual local area network between the hosts in the virtual local area network can better solve the security problem of the VLAN of the IPoPCIE system, so as to effectively isolate the data packets between the hosts and avoid network storms. Moreover, it avoids the problem that when a PCIE network accesses a large number of hosts, each host may receive a large number of unnecessary broadcast packets and seriously affect the performance of the host.
通过以上的实施方式的描述, 所属领域的技术人员可以清楚地了解到本 发明可以用硬件实现, 或固件实现, 或它们的组合方式来实现。 当使用软件 实现时, 可以将上述功能存储在计算机可读介质中或作为计算机可读介质上 的一个或多个指令或代码进行传输。 计算机可读介质包括计算机存储介质和 通信介质, 其中通信介质包括便于从一个地方向另一个地方传送计算机程序 的任何介质。 存储介质可以是计算机能够存取的任何可用介质。 以此为例但 不限于: 计算机可读介质可以包括 RAM、 ROM, EEPR0M、 CD-ROM或其他光盘存 储、 磁盘存储介质或者其他磁存储设备、 或者能够用于携带或存储具有指令 或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质。 此 夕卜。 任何连接可以适当的成为计算机可读介质。 例如, 如果软件是使用同轴 电缆、 光纤光缆、 双绞线、 数字用户线(DSL )或者诸如红外线、 无线电和微 波之类的无线技术从网站、 服务器或者其他远程源传输的, 那么同轴电缆、 光纤光缆、 双绞线、 DSL或者诸如红外线、 无线和微波之类的无线技术包括 在所属介质的定影中。 如本发明所使用的, 盘 (Disk) 和碟(disc) 包括压 缩光碟(CD) 、 激光碟、 光碟、 数字通用光碟(DVD) 、 软盘和蓝光光碟, 其 中盘通常磁性的复制数据, 而碟则用激光来光学的复制数据。 上面的组合也 应当包括在计算机可读介质的保护范围之内。 Through the description of the above embodiments, it will be apparent to those skilled in the art that the present invention can be implemented in hardware, firmware implementation, or a combination thereof. When implemented in software, the functions described above may be stored in or transmitted as one or more instructions or code on a computer readable medium. Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another. A storage medium may be any available media that can be accessed by a computer. By way of example and not limitation, the computer readable medium can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage media or other magnetic storage device, or can be used to carry or store an instruction or data structure. The desired program code and any other medium that can be accessed by the computer. This evening. Any connection may suitably be a computer readable medium. For example, if the software is transmitted from a website, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable , Fiber optic cables, twisted pair, DSL, or wireless technologies such as infrared, wireless, and microwaves are included in the fixing of the associated media. As used in the present invention, a disk and a disc include a compact disc (CD), a laser disc, a disc, a digital versatile disc (DVD), a floppy disc, and a Blu-ray disc, wherein the disc is usually magnetically copied, and the disc is The laser is used to optically replicate the data. Combinations of the above should also be included within the scope of the computer readable media.
总之, 以上所述仅为本发明技术方案的较佳实施例而已, 并非用于限定 本发明的保护范围。 凡在本发明的精神和原则之内, 所作的任何修改、 等同 替换、 改进等, 均应包含在本发明的保护范围之内。  In summary, the above description is only a preferred embodiment of the technical solution of the present invention, and is not intended to limit the scope of the present invention. Any modifications, equivalents, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 Rights request
1、 一种在虚拟局域网中通信的方法, 其特征在于, 包括:  A method for communicating in a virtual local area network, comprising:
获取需要在虚拟局域网中发送的 TCP/ IP数据包;  Obtain TCP/IP packets that need to be sent in the virtual LAN;
根据所述 TCP/ IP数据包携带的虚拟局域网标识查找虚拟局域网与主机 的对应关系, 获取所述虚拟局域网中包含的主机;  And searching for a correspondence between the virtual local area network and the host according to the virtual local area network identifier carried in the TCP/IP data packet, and acquiring a host included in the virtual local area network;
根据所述 TCP/ IP数据包中的地址信息,确定所述 TCP/ IP数据包的目的 主机, 其中, 所述目的主机包含在所述虚拟局域网中包含的主机中;  Determining, according to the address information in the TCP/IP data packet, a destination host of the TCP/IP data packet, where the destination host is included in a host included in the virtual local area network;
通过高速外围组件互连 PCIE交换机向所述 TCP/ IP数据包的目的主机发 送所述 TCP/ IP数据包。  The TCP/IP packet is sent to the destination host of the TCP/IP packet by a high speed peripheral component interconnect PCIe switch.
2、 根据权利要求 1所述的方法, 其特征在于:  2. The method of claim 1 wherein:
所述虚拟局域网与主机的对应关系来自于虚拟局域网管理服务器, 并由 所述虚拟局域网管理服务器建立和维护。  The corresponding relationship between the virtual local area network and the host is from a virtual local area network management server, and is established and maintained by the virtual local area network management server.
3、 根据权利要求 1或 2所述的方法, 其特征在于:  3. Method according to claim 1 or 2, characterized in that it:
所述虚拟局域网与主机的对应关系中记录着所述虚拟局域网标识与所 述虚拟局域网中包含的主机的节点号的对应关系。  The corresponding relationship between the virtual local area network identifier and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host.
4、 根据权利要求 3所述的方法, 其特征在于:  4. The method of claim 3, wherein:
所述虚拟局域网中包含的主机的节点号为所述虚拟局域网中包含的物 号。  The node number of the host included in the virtual local area network is an object number included in the virtual local area network.
5、 根据权利要求 2至 4任一所述的方法, 其特征在于:  5. A method according to any one of claims 2 to 4, characterized in that:
当所述虚拟局域网管理服务器管理的网络中的任一主机获取修改虚拟 局域网的命令时, 所述任一主机发送修改通知给所述虚拟局域网管理服务 器,以便所述虚拟局域网管理服务器根据所述修改通知更新所述虚拟局域网 与主机的对应关系并将更新后的所述虚拟局域网与主机的对应关系发送给 其管理的网络中的所有主机。  When any host in the network managed by the virtual local area network management server acquires a command to modify the virtual local area network, the any host sends a modification notification to the virtual local area network management server, so that the virtual local area network management server is modified according to the The notification updates the correspondence between the virtual local area network and the host, and sends the updated correspondence between the virtual local area network and the host to all hosts in the network managed by the host.
6、 根据权利要求 1至 5任一所述的方法, 其特征在于, 如果 TCP/ IP数 据包由源主机获取, 则: 6. Method according to any one of claims 1 to 5, characterized in that, if TCP/IP number According to the package obtained by the source host, then:
当所述地址信息表示广播地址时, 所述 TCP/ I P数据包的目的主机为获 取的所述虚拟局域网中包含的主机中除所述源主机以外的所有其他主机; 当所述地址信息表示单播地址时,如果获取的所述虚拟局域网中包含的 主机中包括所述单播地址对应的主机, 则所述 TCP/ IP数据包的目的主机为 所述单播地址对应的主机。  When the address information indicates a broadcast address, the destination host of the TCP/IP data packet is all other hosts in the host included in the virtual local area network except the source host; when the address information indicates a single When the address is broadcast, if the host included in the virtual local area network includes the host corresponding to the unicast address, the destination host of the TCP/IP data packet is the host corresponding to the unicast address.
7、 一种主机, 其特征在于, 包括:  7. A host, characterized in that:
虚拟局域网确定模块, 用于获取需要在虚拟局域网中发送的 TCP/ IP数 据包, 根据所述 TCP/ IP数据包携带的虚拟局域网标识查找虚拟局域网与主 机的对应关系, 获取所述虚拟局域网中包含的主机, 根据所述 TCP/ IP数据 包中的地址信息, 确定所述 TCP/ IP数据包的目的主机, 其中, 所述目的主 机包含在所述虚拟局域网中包含的主机中;  a virtual local area network determining module, configured to acquire a TCP/IP data packet that needs to be sent in a virtual local area network, and find a correspondence between the virtual local area network and the host according to the virtual local area network identifier carried in the TCP/IP data packet, and obtain the virtual local area network to include Determining, by the host, the destination host of the TCP/IP data packet according to the address information in the TCP/IP data packet, where the destination host is included in a host included in the virtual local area network;
收发模块, 用于通过高速外围组件互连 PCIE交换机向所述 TCP/ IP数据 包的目的主机发送所述 TCP/ IP数据包。  And a transceiver module, configured to interconnect the PCIE switch to send the TCP/IP data packet to the destination host of the TCP/IP data packet through a high-speed peripheral component.
8、 根据权利要求 7所述的主机, 其特征在于:  8. The host of claim 7 wherein:
所述虚拟局域网与主机的对应关系中记录着所述虚拟局域网标识与所 述虚拟局域网中包含的主机的节点号的对应关系。  The corresponding relationship between the virtual local area network identifier and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host.
9、 根据权利要求 8所述的主机, 其特征在于:  9. The host of claim 8 wherein:
所述虚拟局域网中包含的主机的节点号为所述虚拟局域网中包含的物 号。  The node number of the host included in the virtual local area network is an object number included in the virtual local area network.
10、 根据权利要求 7至 9任一所述的主机, 其特征在于, 还包括: 对应关系管理模块, 用于接收来自于虚拟局域网管理服务器的所述虚拟 局域网与主机的对应关系,所述虚拟局域网与主机的对应关系由所述虚拟局 域网管理服务器建立和维护。  The host according to any one of claims 7 to 9, further comprising: a correspondence management module, configured to receive a correspondence between the virtual local area network and the host from the virtual local area network management server, the virtual The correspondence between the local area network and the host is established and maintained by the virtual local area network management server.
11、 根据权利要求 10所述的主机, 其特征在于: 所述对应关系管理模块, 还用于获取修改虚拟局域网的命令, 发送修改 通知给所述虚拟局域网管理服务器, 并根据所述虚拟局域网管理服务器返回 的根据所述修改通知更新的所述虚拟局域网与主机的对应关系更新本地的所述 虚拟局域网与主机的对应关系。 11. The host of claim 10, wherein: The corresponding relationship management module is further configured to acquire a command for modifying a virtual local area network, send a modification notification to the virtual local area network management server, and update the virtual local area network according to the modification notification according to the virtual local area network management server The correspondence between the hosts updates the corresponding relationship between the local virtual local area network and the host.
12、 根据权利要求 7至 11任一所述的主机, 其特征在于:  12. The host according to any one of claims 7 to 11, characterized in that:
当所述地址信息表示广播地址时, 所述 TCP/ 1 P数据包的目的主机为获 取的所述虚拟局域网中包含的主机中除所述主机以外的所有其他主机; 当所述地址信息表示单播地址时,如果获取的所述虚拟局域网中包含的 主机中包括所述单播地址对应的主机, 则所述 TCP/ IP数据包的目的主机为 所述单播地址对应的主机。  When the address information indicates a broadcast address, the destination host of the TCP/PIP packet is all other hosts in the host included in the virtual local area network except the host; when the address information indicates a single When the address is broadcast, if the host included in the virtual local area network includes the host corresponding to the unicast address, the destination host of the TCP/IP data packet is the host corresponding to the unicast address.
13、 一种主机, 其特征在于, 包括处理器和存储器, 所述存储器存储执 行指令, 当所述主机运行时, 所述处理器与所述存储器之间通信, 所述处理 器执行所述执行指令使得所述主机执行权利要求 1至 6任一所述的方法。  13. A host, comprising: a processor and a memory, the memory storing execution instructions, when the host is running, the processor is in communication with the memory, the processor executing the execution The instructions cause the host to perform the method of any of claims 1 to 6.
14、 一种计算机可读介质, 包含计算机执行指令, 所述计算机执行指令 用于使主机执行权利要求 1至 6任一所述的方法。 A computer readable medium comprising computer executed instructions for causing a host to perform the method of any one of claims 1 to 6.
15、 一种高速外围组件互连系统, 包括: 至少两个如权利要求 7至 1 3 任一所述的主机, PC IE交换机和虚拟局域网管理服务器, 其中, 所述至少 两个主机中的每个主机与所述 PCIE交换机相连, 所述虚拟局域网管理服务 器与所述 PI CE交换机相连。  A high-speed peripheral component interconnection system, comprising: at least two hosts according to any one of claims 7 to 13, a PC IE switch, and a virtual local area network management server, wherein each of the at least two hosts The host is connected to the PCIE switch, and the virtual local area network management server is connected to the PI CE switch.
所述虚拟局域网管理服务器,用于对所述虚拟局域网与主机的对应关系 进行建立和维护。  The virtual local area network management server is configured to establish and maintain a correspondence between the virtual local area network and a host.
16、 根据权利要求 15所述的系统, 其特征在于,  16. The system of claim 15 wherein:
所述虚拟局域网管理服务器,还用于接收到所述至少两个主机中的任一 主机发送的修改通知后,根据所述修改通知更新所述虚拟局域网与主机的对 应关系,并将更新后的所述虚拟局域网与主机的对应关系发送给所述至少两 个主机中的每个主机。  The virtual local area network management server is further configured to: after receiving the modification notification sent by any one of the at least two hosts, update the correspondence between the virtual local area network and the host according to the modification notification, and update the corresponding relationship The corresponding relationship between the virtual local area network and the host is sent to each of the at least two hosts.
PCT/CN2013/074705 2013-04-25 2013-04-25 Method, device and system for communication in virtual local area network WO2014172869A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2013/074705 WO2014172869A1 (en) 2013-04-25 2013-04-25 Method, device and system for communication in virtual local area network
CN201380000718.4A CN103596649B (en) 2013-04-25 2013-04-25 A kind of method, apparatus and system communicated in VLAN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/074705 WO2014172869A1 (en) 2013-04-25 2013-04-25 Method, device and system for communication in virtual local area network

Publications (1)

Publication Number Publication Date
WO2014172869A1 true WO2014172869A1 (en) 2014-10-30

Family

ID=50086359

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/074705 WO2014172869A1 (en) 2013-04-25 2013-04-25 Method, device and system for communication in virtual local area network

Country Status (2)

Country Link
CN (1) CN103596649B (en)
WO (1) WO2014172869A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101401874B1 (en) * 2010-02-22 2014-05-29 닛본 덴끼 가부시끼가이샤 Communication control system, switching node, communication control method and communication control program
CN106789099B (en) * 2016-11-16 2020-09-29 深圳市捷视飞通科技股份有限公司 PCIE-based high-speed network isolation method and terminal
CN106850816A (en) * 2017-02-16 2017-06-13 安阳师范学院 A kind of remote network control system based on VLAN

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007074343A2 (en) * 2005-12-28 2007-07-05 Level 5 Networks Incorporated Processing received data
CN101035052A (en) * 2007-04-25 2007-09-12 中兴通讯股份有限公司 Port separation method based on the virtual LAN
CN101827366A (en) * 2010-03-24 2010-09-08 北京星网锐捷网络技术有限公司 Method, unit and device for isolating wireless network user

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9256560B2 (en) * 2009-07-29 2016-02-09 Solarflare Communications, Inc. Controller integration
CN103444138B (en) * 2011-03-23 2016-03-30 日本电气株式会社 communication control system, switching node and communication control method
CN202535384U (en) * 2012-03-12 2012-11-14 杭州海莱电子科技有限公司 Network equipment expansion connection and virtual machine interconnection optimization system based on PCIe bus

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007074343A2 (en) * 2005-12-28 2007-07-05 Level 5 Networks Incorporated Processing received data
CN101035052A (en) * 2007-04-25 2007-09-12 中兴通讯股份有限公司 Port separation method based on the virtual LAN
CN101827366A (en) * 2010-03-24 2010-09-08 北京星网锐捷网络技术有限公司 Method, unit and device for isolating wireless network user

Also Published As

Publication number Publication date
CN103596649B (en) 2015-07-29
CN103596649A (en) 2014-02-19

Similar Documents

Publication Publication Date Title
CN112398817B (en) Data sending method and device
US8423639B2 (en) Switching API
US7206864B2 (en) Network protocol processing device
US8321908B2 (en) Apparatus and method for applying network policy at a network device
US11240152B2 (en) Exposing a subset of hosts on an overlay network to components external to the overlay network without exposing another subset of hosts on the overlay network
CN106452857B (en) Method for generating configuration information and network control unit
CN103795602B (en) Network strategy configuration method and device of virtual network
US20150271067A1 (en) Packet forwarding method and apparatus, and data center network
US20120291024A1 (en) Virtual Managed Network
WO2014089799A1 (en) Method and apparatus for determining virtual machine drifting
JP2016540448A (en) Virtual extended LAN communication method, apparatus, and system
WO2014079005A1 (en) Mac address mandatory forwarding device and method
WO2012109868A1 (en) Network policy configuration method, management device and network management centre device
CN103931144B (en) A kind of method, apparatus and system communicated in virtual Domain
CN107547349A (en) A kind of method and device of virtual machine (vm) migration
JP2019523608A (en) Packet monitoring
KR20150094238A (en) VIRTUAL EXTENSIBLE LOCAL AREA NETWORK(VxLAN) SYSTEM OF AUTOMATICALLY CONFIGURING MULTICASTING TUNNEL FOR SEGMENT OF THE VIRTUAL EXTENSIBLE LOCAL AREA NETWORK ACCORDING TO LIFE CYCLE OF AN END-SYSTEM AND OPERATING METHOD THEREOF
JP2014011674A (en) Storage system management program and storage system management device
CN104734930B (en) Method and device for realizing access of Virtual Local Area Network (VLAN) to Variable Frequency (VF) network and Fiber Channel Frequency (FCF)
WO2014172869A1 (en) Method, device and system for communication in virtual local area network
JP6079348B2 (en) Switch device, switch device control method, and network system
US20140310377A1 (en) Information processing method and information processing apparatus
CN105657078B (en) A kind of data transmission method, device and multitiered network manager
WO2015024373A1 (en) Virtual machine communication method and device
JP2011141635A (en) Communication method of data of virtual server using iner-host communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13883243

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13883243

Country of ref document: EP

Kind code of ref document: A1