WO2014172869A1 - Procédé, dispositif et système pour une communication dans un réseau local virtuel - Google Patents

Procédé, dispositif et système pour une communication dans un réseau local virtuel Download PDF

Info

Publication number
WO2014172869A1
WO2014172869A1 PCT/CN2013/074705 CN2013074705W WO2014172869A1 WO 2014172869 A1 WO2014172869 A1 WO 2014172869A1 CN 2013074705 W CN2013074705 W CN 2013074705W WO 2014172869 A1 WO2014172869 A1 WO 2014172869A1
Authority
WO
WIPO (PCT)
Prior art keywords
host
local area
area network
virtual local
tcp
Prior art date
Application number
PCT/CN2013/074705
Other languages
English (en)
Chinese (zh)
Inventor
王俊捷
林沐晖
卢广
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2013/074705 priority Critical patent/WO2014172869A1/fr
Priority to CN201380000718.4A priority patent/CN103596649B/zh
Publication of WO2014172869A1 publication Critical patent/WO2014172869A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Definitions

  • the embodiments of the present invention relate to the field of computers, and in particular, to a method, device, and system for communicating in a virtual local area network (VLAN).
  • VLAN virtual local area network
  • PCIE Periphera Component Interconnect Expres s
  • the PCIE bus is no longer just a data transmission bus between the host and peripheral devices, and is further extended to two hosts. Data communication bus between.
  • TCP Transmit Control Protocol
  • IP Internet Protocol
  • the industry has proposed that the TCP/IP protocol runs on the PCIE bus (TCP/IP over PCIE, IPoPCIE) network, that is, the TCP/IP protocol runs on the PCIE network.
  • the PCIE network here refers to the network between devices that use the PCIE bus for communication connection.
  • a PCIE virtual network interface card (VNIC) is virtualized on the host.
  • the PCIE vNIC provides a link layer interface for data transmission and reception on the TCP/IP stack. For upper-layer applications, there is no difference between the PCIE vNIC and the Ethernet network device. The application-down interface is also the TCP/IP stack. You don't care if the link layer is an Ethernet or PCIE link, you can transparently use the PCIE link for communication. .
  • IPoPCIE also faces serious problems: There is no security isolation function in PCIE hardware, and there are serious problems in network security: such as network viruses, network loops, network storms caused by hacker software, causing the entire network ⁇ People in different departments access information to each other, leading to information leakage and other issues.
  • Virtual LAN is proposed to solve the broadcast problem and security of Ethernet.
  • each VLAN contains a group of hosts with the same requirements. The broadcast and unicast traffic inside a VLAN will not be forwarded to other VLANs. Broadcast in the same VLAN only has members in the VLAN Can be received, and will not be transferred to other VLANs.
  • the communication in the VLAN is implemented in the following manner, and the application needs to transmit the data packet in the virtual local area network to the TCP/IP stack, and then through the PCIE vNIC to each host in the IPoPCIE network. Broadcast transmission or unicast transmission to the destination host of the unicast data packet, the receiving end receives the data packet, and filters through the VLAN module in the operating system kernel, thereby transmitting the data packet to the destination device in the virtual local area network. In fact, the data packet still arrives at each physical host, but the data is filtered only in the VLAN module of the receiving end. The real isolation effect is not achieved, and the network storm cannot be effectively avoided. As described above, in the prior art, the internal communication of the VLAN in the IPoPCIE system cannot be solved, and the data packet isolation between the hosts is not achieved, and the network storm cannot be avoided. Summary of the invention
  • the embodiments of the present invention provide a method, a device, and a system for communicating in a virtual local area network, which enable data transmission in a virtual local area network only between hosts in the same virtual local area network in the IPoPCIE network.
  • the security of VLANs in the IPoPCIE system ensures true isolation of data packets between hosts, ensuring security and effectively avoiding network storms.
  • an embodiment of the present invention provides a method for communicating in a virtual local area network, including: acquiring a TCP/IP data packet that needs to be sent in a virtual local area network;
  • the TCP/IP packet is sent to the destination host of the TCP/IP packet by a high speed peripheral component interconnect PCIe switch.
  • the corresponding relationship between the virtual local area network and the host is from a virtual local area network management server, and is established and maintained by the virtual local area network management server.
  • the corresponding relationship between the virtual local area network identifier and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host.
  • the node number of the host included in the virtual local area network is the first aspect of the first aspect of physical integration included in the virtual local area network
  • any host in the network managed by the virtual local area network management server acquires a command to modify the virtual local area network
  • the any host sends a modification notification to the virtual local area network management server, so that the virtual local area network management server is modified according to the
  • the notification updates the correspondence between the virtual local area network and the host, and sends the updated correspondence between the virtual local area network and the host to all hosts in the network managed by the host.
  • the destination host of the TCP/1 P data packet is all other hosts in the host included in the virtual local area network except the source host;
  • the address information indicates a unicast address
  • the host included in the virtual local area network includes the host corresponding to the unicast address
  • the destination host of the TCP/IP data packet is the unicast address. Corresponding host.
  • an embodiment of the present invention provides a host, including:
  • a virtual local area network determining module configured to obtain a TCP/1 P data packet to be sent in the virtual local area network, and find a correspondence between the virtual local area network and the host according to the virtual local area network identifier carried in the TCP/IP data packet, and obtain the virtual local area network
  • a transceiver module configured to interconnect the PCIE switch to send the TCP/IP data packet to the destination host of the TCP/IP data packet through a high-speed peripheral component.
  • the corresponding relationship between the virtual local area network identifier and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host.
  • the node number of the host included in the virtual local area network is a physical combination included in the virtual local area network, the second aspect or the second
  • the first or second possible implementation of the aspect in a third possible implementation manner, further includes:
  • the correspondence management module is configured to receive a correspondence between the virtual local area network and the host from the virtual local area network management server, where the correspondence between the virtual local area network and the host is established and maintained by the virtual local area network management server.
  • the corresponding relationship management module is further configured to acquire a command for modifying a virtual local area network, and send a modification notification to the virtual local area network management server. And updating the corresponding relationship between the local virtual office i or the network and the host according to the corresponding relationship between the virtual local area network and the host that is updated according to the modification notification returned by the virtual local area network management server.
  • the destination host of the TCP/1 P data packet is all other hosts in the host included in the virtual local area network except the host;
  • an embodiment of the present invention provides a host, including a processor and a memory, where the memory stores an execution instruction, and when the host is running, the processor communicates with the memory, the processor Executing the execution instruction causes the host to perform the method of any of the above first aspects.
  • an embodiment of the present invention provides a computer readable medium, comprising computer executed instructions, the computer executed instructions for causing a host to perform the method of any one of the foregoing first aspects.
  • an embodiment of the present invention provides a high-speed peripheral component interconnection system, including: at least two hosts, a PCIE switch, and a virtual local area network management server, according to any one of the foregoing second aspect or the third aspect, wherein Each of the at least two hosts is connected to the PCIE switch, and the virtual local area network management server is connected to the PICE switch.
  • the virtual local area network management server is configured to establish and maintain a correspondence between the virtual local area network and the host.
  • the virtual local area network management server is further configured to: after receiving the modification notification sent by any one of the at least two hosts, update the corresponding relationship between the virtual local area network and the host according to the modification notification, and update the corresponding relationship The corresponding relationship between the virtual local area network and the host is sent to each of the at least two hosts.
  • the method, device, and system for communicating in a virtual local area network determine that a host in a virtual local area network that needs to send a TCP/IP data packet is in the IPoPCIE system, and only passes the PCIE switch to the VLAN.
  • the destination host sends the data packet, which realizes the data transmission only between the hosts in the same virtual local area network, thus better solved the problem.
  • FIG. 1 is a schematic diagram of a PCIE system according to Embodiment 1 of the present invention.
  • FIG. 2 is a flowchart of a method for communicating in a virtual local area network according to Embodiment 2 of the present invention
  • FIG. 3 is a flow chart of a method for modifying a correspondence between a virtual local area network and a host according to an embodiment of the present invention
  • FIG. 4 is a structural diagram of a host according to Embodiment 3 of the present invention.
  • Figure 5 is a structural diagram of a host in Embodiment 4 of the present invention.
  • FIG. 1 is a schematic diagram of a high-speed peripheral component interconnection system according to Embodiment 1 of the present invention.
  • the system includes at least two hosts 10 (Hos t ), a PCIE switch 20 (PCIE Swi tch ), and a virtual local area network management.
  • the server 30; the PCIE switch 20 is connected to all the hosts 10 to implement data forwarding between the hosts 10.
  • the virtual local area network management server 30 is connected to the PCIE switch 20 and is used to manage the correspondence between each VLAN and the host in the maintenance system.
  • An operating system is running on each host 10, and at least one virtual machine (Vir tua l Machine, VM for short) can be run in a virtualized scenario.
  • the host 10 the specific structure, the function implementation, and the like are as described in the following Embodiment 2, Embodiment 3 or Embodiment 4, and details are not described herein again.
  • the host in the embodiment of the present invention may be an ordinary computer, a mobile terminal, a workstation or a server, a dedicated server, etc.
  • the virtual local area network management server may be an ordinary host in the system, or may be a dedicated host, and the present invention does not Specifically limited.
  • Embodiment 2 of the present invention provides a method for communicating in a virtual local area network, which may be implemented in the PCIE system of Embodiment 1 shown in FIG. 1, but the implementation structure is not limited to FIG. The structure of the system shown.
  • the method includes:
  • S20 obtains TCP/IP packets that need to be sent in the virtual local area network.
  • the host obtains TCP/IP packets that the upper layer application needs to send in the virtual local area network.
  • the PC IE vN IC driver module in the host operating system acquires a TCP/IP data packet
  • the PC I e vN IC driver module is an interface that connects the host operating system TCP/IP stack and the PCIE network link layer.
  • a host that acquires a TCP/IP packet that needs to be sent in a virtual local area network may also be referred to as a source host.
  • the upper layer application needs to add the data packet sent in the VLAN to the TCP/IP protocol stack, that is, the upper layer application invokes the kernel of the host operating system.
  • the interface between the state and the user mode, the data packet sent in the VLAN is added to the TCP/1 P protocol stack, and the virtual LAN module in the operating system of the host obtains the TCP/TCP that needs to be sent in the VLAN from the TCP/IP protocol stack.
  • the virtual local area network label is added to the TCP/IP data packet, where the virtual local area network label can be a virtual local area network identifier (VLAN ID), and the VLAN ID is the ID of the virtual local area network that the TCP/IP data packet needs to be sent.
  • VLAN ID virtual local area network identifier
  • An 8-bit virtual LAN label can be added to the TCP/IP packet header.
  • the virtual LAN label is not limited to the VLAN ID, as long as it can identify the VLAN information, such as the VLAN name.
  • the VLAN module in the host's operating system passes the TCP/IP packet with the virtual LAN label (here added the virtual LAN identifier) to the PCIE vNIC driver module in the host operating system, and the PCIE vNIC driver module slave VLAN module. Receive TCP/IP packets with virtual LAN labels added.
  • the host searches for the record corresponding to the virtual local area network identifier in the corresponding relationship between the virtual local area network and the host according to the obtained virtual local area network identifier of the TCP/IP data packet, and obtains the host included in the virtual local area network corresponding to the VLAN ID, and the host belongs to the virtual local area network.
  • the PCIE vNIC driver module in the host operating system searches for the correspondence between the virtual local area network and the host according to the virtual local area network identifier carried in the TCP/IP data packet, and obtains the host included in the virtual local area network corresponding to the VLAN ID.
  • the correspondence between the VLAN ID and the node number of the host included in the corresponding virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host.
  • the correspondence between the local area network and the host is referred to as the corresponding relationship.
  • the correspondence between the virtual local area network and the host may also record the correspondence between the identifier that can represent the virtual local area network other than the VLAN ID and the identifier that can represent the host other than the node number of the host, and the present invention No restrictions.
  • this correspondence can be in the form of a table, such as a correspondence table between a virtual local area network and a host.
  • the correspondence between the virtual local area network and the host comes from the virtual local area network management server, which is established by the virtual local area network management server and is updated and maintained according to changes of the host in the virtual local area network (for example, addition/deletion of the host).
  • Each host in the network locally stores a mapping relationship between the virtual local area network and the host, and is consistent with the correspondence between the virtual local area network and the host on the virtual local area network management server.
  • the virtual local area network management server may be a dedicated host in the network, or any host in the network may be used as a virtual local area network management server to manage the entire network (the network range managed by the virtual local area network management server) in the virtual local area network and the host.
  • Corresponding relationship establishing and maintaining the correspondence between the virtual local area network and the host.
  • the correspondence relationship may be periodically sent by the virtual local area network management server to each host in the network managed by the virtual local area network management server, or may be sent to each host when needed (for example, when the corresponding relationship changes), and of course, each host may actively manage to the virtual local area network.
  • the server obtains the correspondence between the virtual local area network and the host, and the present invention does not limit this.
  • the correspondence between the virtual local area network identifier and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host.
  • the VLAN ID shown in the table is 20 In the virtual local area network, including one host, the host node number is 1; in the virtual local area network with the VLAN ID 49 shown in the table, including 5 hosts, the host node number is 1, 3, 4, 5 , 7. Virtual LAN ID host node number
  • the update maintenance of the correspondence between the virtual local area network and the host may use the method shown in the flow chart of FIG. 3:
  • the S30 host obtains the command to modify the virtual LAN.
  • the command to modify the virtual local area network is executed through the management and maintenance interface. For example, when a host needs to be added to a VLAN or deleted from a VLAN, the user will execute the command of adding a VLAN or deleting a VLAN.
  • the host obtains the command of adding a VLAN or deleting a VLAN, and obtains the VLAN I D in the command.
  • the command of modifying the virtual local area network may be obtained by the PC I e vN IC driving module in the host operating system.
  • the command to modify the VLAN may be registered in the PCIe vNIC driver module, so that when the user performs adding or deleting the VLAN, When commanded, the PCIe vNIC driver module will get the command.
  • the host here can be any host in the network managed by the virtual LAN management server.
  • the host sends a modification notification to the virtual local area network management server.
  • the host sends a modification notification to the virtual local area network management server to update the correspondence between the virtual local area network and the host, and the modification notification carries the VLAN ID and/or the node number information of the host to be modified, and most of the hosts are added or deleted in the VLAN.
  • the LAN management server assigns a VLAN ID or deletes a VLAN
  • the host's modification notification can only carry the VLAN ID and does not carry the node number of the host.
  • the virtual LAN management server deletes the record of the virtual LAN corresponding to the VLAN ID and deletes all hosts. .
  • the node number information of the host carried in the modification message may be the node number information of the host that sends the modification notification, indicating that the host that sends the message is added or deleted in the virtual local area network corresponding to the VLAN ID, or may be other than the host that sends the message.
  • the node number information of other hosts indicates that other hosts corresponding to the node number information of the host to be carried are in the virtual local area network. Add or remove.
  • the information representing the VLAN and the host carried in the modification notification is corresponding to the information representing the VLAN and the host in the correspondence between the virtual local area network and the host.
  • the VLAN ID is used to represent the VLAN
  • the node of the host is used. The number represents the host and does not limit the scope of protection of the present invention.
  • the virtual local area network management server updates the correspondence between the virtual local area network and the host according to the modification notification.
  • the virtual local area network management server receives the modification notification.
  • the modification notification is to add the host to a VLAN
  • the VLAN ID already exists, add the node number of the host to the virtual local area network corresponding to the VLAN ID in the corresponding relationship between the virtual local area network and the host.
  • the VLAN ID does not exist or the modification notification does not include the VLAN ID, add a new record for the new record or the assigned new VLAN ID of the VLAN ID in the mapping between the virtual LAN and the host. Contains the node number of this host.
  • the virtual local area network management server searches for a record corresponding to the VLAN ID in the correspondence between the virtual local area network and the host, and sets the node number of the host from the VLAN ID.
  • the corresponding LAN is included in the host removed.
  • the virtual local area network management server sends the updated correspondence between the virtual local area network and the host to all hosts in the network it manages.
  • the virtual local area network management server may first return the updated relationship between the virtual local area network and the host to the host that sends the modification notification, and then send it to other hosts in the network, or simultaneously to all hosts in the network.
  • the virtual local area network management server may also send only the corresponding relationship between the updated virtual local area network and the host to each host included in the virtual local area network in which the host operation is added/deleted.
  • Each host updates a correspondence between the locally saved virtual local area network and the host.
  • Each host receives the corresponding relationship between the updated virtual local area network and the host sent by the virtual local area network management server, and updates the corresponding relationship saved locally: the original saved correspondence relationship may be deleted, and the corresponding relationship sent by the virtual local area network management server may be copied, or according to The corresponding relationship sent by the virtual local area network management server updates the corresponding record with the change in the locally saved correspondence.
  • the method for updating the correspondence between the virtual local area network and the host is effectively ensured the accuracy and flexibility of the correspondence between the virtual local area network and the host on the virtual local area network management server, and the local correspondence of each host can also be ensured. It is consistent with the correspondence on the virtual LAN management server.
  • S203 Determine the TCP/IP data packet according to the address information in the TCP/IP data packet.
  • a destination host where the destination host is included in a host included in the virtual local area network. This step can be specifically performed by the PCIE vNIC driver module in the host operating system.
  • the destination host of the TCP/IP data packet is all other hosts except the host among all the hosts included in the virtual local area network obtained by the query correspondence.
  • the address information indicates a unicast address
  • the destination host of the TCP/IP data packet is The host corresponding to the unicast address; if the host included in the virtual local area network obtained by the query correspondence does not include the host corresponding to the unicast address, confirm that the TCP/IP data packet is an illegal data packet, and discard the The TCP/IP packet will not be sent.
  • This step is specifically performed by the PCIE vNIC driver module in the host operating system. Specifically, when the address information is a broadcast address, the PCIE vNIC driver module sends the TCP/IP data packet to all other hosts except the local machine through the PCIE switch; when the address information is a unicast address, If the destination host corresponding to the unicast address is one of the hosts included in the virtual local area network obtained by querying the correspondence, the TCP/IP data packet is sent to the destination host through the PCIE switch.
  • the other hosts in the virtual local area network receive the TCP/IP data packet, and the same data packet of the virtual local area network label (here, the virtual local area network identifier) is added to the TCP/IP stack through the network device interface, thereby transmitting the data packet to the corresponding upper layer application.
  • the data packet can be sent to the VL AN module in the host operating system through the network device interface for parsing, and then transmitted to the TCP/IP stack, and finally the data packet is delivered to the corresponding upper application. That is, the method described in the embodiment of the present invention can be applied to security isolation between physical machines, and each physical host is in the same PCIE network, and the users are divided into different VLANs according to service requirements. Only hosts in the same VLAN can communicate with each other.
  • the method in the embodiment of the present invention is also applicable to a security isolation service scenario between a virtual machine and a virtual machine and a physical machine.
  • the user divides the virtual machine and the physical machine into different VLANs, and the communication in the VLAN is only in the The physical machine and virtual machine in the VLAN are not sent to the virtual machine or physical machine outside the VLAN.
  • the correspondence between the virtual local area network and the host is also the correspondence between the virtual local area network and the physical host.
  • the physical host here is the physical host where the virtual machine is located, that is, the virtual record recorded in the correspondence between the virtual local area network and the host. Correspondence between the local area network identifier and the node number of the host included in the virtual local area network.
  • the node number of the host here may be the node number of the physical host included in the virtual local area network or the node of the physical host where the virtual machine included in the virtual local area network is located. number.
  • PCIE networks whether ID routing or address routing, are point-to-point communication transmission data.
  • IPoPCIE broadcast/multicast is actually point-to-point data transmission for all hosts in turn.
  • the data packet is sent only to the host belonging to the VLAN through the PCIE switch, so that only the hosts in the same virtual local area network are allowed to be performed.
  • the point-to-point data transmission in the virtual local area network can better solve the security problem of the VLAN of the IPoPCIE system, so as to effectively isolate the data packets between the hosts, ensure security, and avoid network storms.
  • the structure of a host 200 provided in Embodiment 3 of the present invention is as shown in FIG. 4, and includes:
  • the virtual local area network determining module 201 is configured to obtain a TCP/IP data packet that needs to be sent in the virtual local area network, and find a correspondence between the virtual local area network and the host according to the virtual local area network identifier carried in the TCP/IP data packet, and obtain the corresponding relationship between the virtual local area network and the host.
  • the host determines the destination host of the TCP/IP data packet according to the address information in the TCP/IP data packet, where the destination host is included in the host included in the virtual local area network;
  • the transceiver module 202 is configured to send to the destination host of the TCP/IP data packet through the PCIE switch.
  • the TCP/IP packet is configured to send to the destination host of the TCP/IP data packet through the PCIE switch.
  • the TCP/IP packet is configured to send to the destination host of the TCP/IP data packet through the PCIE switch.
  • the virtual local area network determining module 201 is configured to obtain a TCP/IP data packet that needs to be sent in the virtual local area network, and search for the virtual local area network according to the virtual local area network identifier carried by the TCP/IP data packet in the corresponding relationship between the virtual local area network and the host. Identifying the record in the table, obtaining a host included in the virtual local area network corresponding to the VLAN ID, and determining a destination host of the TCP/IP data packet according to the address information in the TCP/IP data packet, where the destination host is included The host included in the virtual LAN.
  • the correspondence between the virtual local area network and the host records the correspondence between the VL AN I D and the node number of the host included in the corresponding virtual local area network.
  • the transceiver module 202 is configured to send the TCP/IP data packet including the virtual local area network identifier to the destination host of the TCP/IP data packet through the PCIE switch.
  • the transceiver module is configured to send the TCP/IP data packet to the destination host of the TCP/IP data packet determined by the virtual local area network determining module 201 through the PCIE switch: when the address information is a broadcast address, pass the PCIE
  • the TCP/IP data is sent to the destination host through the PCIE switch. package.
  • the other hosts in the virtual local area network receive the TCP/IP data packet, and then pass the data packet to the VLAN module in the host operating system through the network device interface for parsing and input to the TCP/IP stack, thereby transmitting the data packet to the corresponding upper application. .
  • the host 200 in the embodiment of the present invention transmits a data packet to a host in the VLAN only through a PCIE switch by determining a host in a virtual local area network that needs to send a TCP/IP data packet, thereby implementing a host that is only allowed in the same virtual local area network.
  • the data transmission in the virtual local area network is performed, so that the data packets in the VLAN of the IPoPCIE system are effectively isolated between the hosts, and the network storm is avoided.
  • the corresponding relationship between the virtual local area network identifier of the virtual local area network and the node number of the host included in the virtual local area network is recorded in the corresponding relationship between the virtual local area network and the host, and the specific content of the correspondence between the virtual local area network and the host is similar to the previous embodiment. I will not repeat them here.
  • the destination host of the TCP/IP data packet determined by the virtual local area network determining module 201 is the host included in the acquired virtual local area network. All other hosts except the host; when the address information of the TCP/IP packet indicates a unicast address, if the host included in the virtual local area network acquired by the virtual local area network determining module 201 includes the unicast address The host, the destination host of the TCP/IP data packet determined by the virtual local area network determining module 201 is the host corresponding to the unicast address.
  • the host 200 further includes: a correspondence management module 203, configured to receive a correspondence between the virtual local area network and the host from the virtual local area network management server, where the correspondence between the virtual local area network and the host is determined by the virtual local area network Management server setup and maintenance.
  • the correspondence between the virtual local area network and the host is established by the virtual local area network management server, and is updated and maintained according to the change (addition/delete) of the host in the virtual local area network.
  • the correspondence management module 203 is configured to receive a correspondence between the virtual local area network and the host that is received from the virtual local area network management server, and save the information locally. Further, the mapping between the locally saved virtual local area network and the host is consistent with the corresponding relationship on the virtual local area network management server.
  • the correspondence management module 203 is further configured to acquire a command for modifying the virtual local area network, send a modification notification to the virtual local area network management server, and according to the corresponding relationship between the virtual local area network and the host that is updated according to the tamper notification returned by the virtual local area network management server.
  • the local correspondence is updated.
  • the command to modify the virtual local area network is executed.
  • the host needs to be added to a VLAN or deleted from a VLAN
  • the user performs a command of adding a VLAN or deleting a VLAN.
  • the correspondence management module 203 obtains a command for the user to add a VLAN or delete a VLAN.
  • the command to modify the VLAN may be set in the corresponding relationship management module 203.
  • the correspondence management module 203 responds in time to obtain the command.
  • the corresponding relationship management module 203 sends a modification notice for updating the correspondence between the virtual local area network and the host to the virtual local area network management server, where the modification notification carries the VLAN ID to be modified and/or the node number information of the host, and most of them are added in the VLAN or If you delete a host, you need to carry the VLAN ID and the node number of the host. However, you can carry only one parameter for some applications. For example, when you create a new VLAN, the modification notification of the host can only carry the node number of the host.
  • the modification notice of the host can carry only the VLAN ID and does not carry the node number of the host.
  • the virtual LAN management server deletes the virtual LAN corresponding to the VLAN ID. Record, delete all hosts.
  • the node number information of the host carried in the modification message may be the node number information of the host that sends the modification notification, indicating that The host that sends the message is added or deleted in the virtual local area network corresponding to the VLAN ID, and may also be the node number information of the host other than the host that sends the message, indicating that the other host corresponding to the node number information of the carried host is in the virtual local area network. Add or remove.
  • the information representing the VL AN and the host carried in the modification notification is corresponding to the information representing the VLAN and the host in the correspondence between the virtual local area network and the host.
  • the VLAN ID is used to represent the VLAN
  • the host The node number represents the host and does not limit the scope of protection of the present invention.
  • the corresponding relationship management module 203 receives the correspondence between the virtual local area network and the host sent by the virtual local area network management server, and updates the corresponding relationship saved locally: the original saved correspondence relationship may be deleted, and the corresponding relationship sent by the virtual local area network management server may be copied, or According to the correspondence sent by the virtual local area network management server, the corresponding record with the change in the locally saved correspondence relationship is updated.
  • the correspondence between the virtual local area network and the host By updating the correspondence between the virtual local area network and the host, the accuracy of the correspondence between the virtual local area network and the host on the virtual local area network management server is effectively ensured, and the corresponding relationship between the hosts and the host can be maintained with the corresponding relationship on the virtual local area network management server. Consistent.
  • the virtual local area network in the embodiment of the present invention may include a physical host or a virtual machine.
  • the correspondence between the virtual local area network and the host is also the correspondence between the virtual local area network and the physical host.
  • the physical host here is the physical host where the virtual machine is located, that is, the virtual record recorded in the correspondence between the virtual local area network and the host.
  • the node number of the host here may be the node number of the physical host included in the virtual local area network or the node of the physical host where the virtual machine included in the virtual local area network is located. number.
  • the host 200 further includes: a virtual local area network module 204, configured to obtain, from the TCP/1P protocol stack, a TCP/IP data packet that needs to be sent in a VLAN, add a virtual local area network identifier, and send the Virtual local area network determination module 201.
  • the virtual local area network module 204 is specifically configured to obtain a TCP/IP data packet that needs to be sent in the virtual local area network of the upper layer application, and add the upper layer application running on the host 200 to the TCP/IP data packet, and the data packet needs to be in the virtual local area network.
  • the upper layer The application adds the data packet that needs to be sent in the VLAN to the TCP/IP protocol stack.
  • the virtual local area network module 204 obtains the TCP/IP data packet to be sent from the TCP/IP protocol stack, and adds the VLAN ID to the TCP/IP data packet.
  • the incoming virtual local area network determining module 201 receives the TCP/IP data packet to which the virtual local area network tag is added from the virtual local area network module 204.
  • the corresponding relationship management module 203 and the virtual local area network module 204 may exist at the same time, or the host 200 may include only the corresponding relationship management module 203 without the virtual local area network module 204, or Only the virtual local area network module 204 is included, and there is no correspondence management module 203.
  • PCIE networks whether ID routing or address routing, are point-to-point communication transmission data.
  • IPoPCIE broadcast/multicast is actually point-to-point data transmission for all hosts in turn.
  • the host provided in the embodiment of the present invention can only send the data packet to the host belonging to the VLAN through the PCIE switch by determining the destination host in the virtual local area network that needs to send the TCP/IP data packet, so that only the same virtual local area network can be allowed in the same virtual local area network.
  • the data transmission between the hosts in the virtual local area network can better solve the security problem of the VLAN of the IPoPC IE system, so as to effectively isolate the data packets between the hosts and avoid network storms.
  • each host may receive a large number of unnecessary broadcast packets and seriously affect the performance of the host.
  • the host 300 includes at least one processor 301, a memory 305, at least one network interface card 304, and at least one communication bus 302.
  • the host 300 optionally includes a user interface 303, including a display, a keyboard or a pointing device.
  • the memory 305 stores execution instructions.
  • the processor 301 communicates with the memory 305, and the processor 301 executes the execution instructions to cause the host 300 to execute the method described in Embodiment 1 of the present invention.
  • Embodiment 2 is similar and will not be described again here.
  • the operating system 306 includes various programs for implementing various basic services and processing hardware-based tasks.
  • the host 300 also includes a display interface card.
  • the embodiment of the present invention further provides a computer readable medium, which includes a computer-executed instruction, and the computer-executable instruction enables the host 300 to perform the method described in Embodiment 2 of the present invention, and the implementation principle and technical effect thereof are the same as the previous embodiment 2. Similar, it will not be described here.
  • the host determines the destination host included in the virtual local area network that needs to send the TCP/IP data packet by executing the instruction, and only uses the PCIE switch to belong to the VLAN.
  • the host sends data packets, which allows data transmission in the virtual local area network only between hosts in the same virtual local area network, thereby better solving the security problem of the VLAN of the IPoPCIE system, so that the data packets are effectively valid between the hosts. Isolation, avoiding network storms.
  • each host may receive a large number of unnecessary broadcast packets and seriously affect the performance of the host.
  • a virtual local area network management server 30 is configured to establish and maintain a correspondence between a virtual local area network and a host. And further, after receiving the modification notification sent by any one of the at least two hosts 10, updating the correspondence between the virtual local area network and the host according to the received modification notification, and updating the updated virtual local area network and the host The correspondence is sent to all hosts 10 in the system.
  • the data packet is sent only to the destination host belonging to the VLAN through the PCIE switch, so that only the same one is allowed.
  • the data transmission in the virtual local area network between the hosts in the virtual local area network can better solve the security problem of the VLAN of the IPoPCIE system, so as to effectively isolate the data packets between the hosts and avoid network storms.
  • Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another.
  • a storage medium may be any available media that can be accessed by a computer.
  • the computer readable medium can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage media or other magnetic storage device, or can be used to carry or store an instruction or data structure.
  • any connection may suitably be a computer readable medium.
  • the software is transmitted from a website, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave
  • coaxial cable , Fiber optic cables, twisted pair, DSL, or wireless technologies such as infrared, wireless, and microwaves are included in the fixing of the associated media.
  • a disk and a disc include a compact disc (CD), a laser disc, a disc, a digital versatile disc (DVD), a floppy disc, and a Blu-ray disc, wherein the disc is usually magnetically copied, and the disc is The laser is used to optically replicate the data. Combinations of the above should also be included within the scope of the computer readable media.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Un mode de réalisation de la présente invention porte sur un procédé pour une communication dans un réseau local virtuel. Le procédé est caractérisé par le fait qu'il comprend : l'obtention d'un paquet TCP/IP qui a besoin d'être envoyé dans un réseau local virtuel ; la recherche d'une correspondance entre le réseau local virtuel et un hôte selon une identification de réseau local virtuel transportée dans le paquet TCP/IP, et l'obtention d'hôtes compris dans le réseau local virtuel ; la détermination d'un hôte de destination du paquet TCP/IP selon des informations d'adresse dans le paquet TCP/IP, l'hôte de destination étant compris dans les hôtes compris dans le réseau local virtuel ; et l'envoi du paquet TCP/IP à l'hôte de destination du paquet TCP/IP à travers un commutateur express d'interconnexion de composants périphériques (PCIE). De cette façon, il est obtenu qu'une transmission de données point à point dans un réseau local virtuel est seulement autorisée entre des hôtes dans le réseau local, résolvant ainsi le problème de la sécurité VLAN d'un système IPoPCIE. Des modes de réalisation de la présente invention portent également sur un hôte, un système et un support de stockage pour une communication dans un réseau local virtuel.
PCT/CN2013/074705 2013-04-25 2013-04-25 Procédé, dispositif et système pour une communication dans un réseau local virtuel WO2014172869A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2013/074705 WO2014172869A1 (fr) 2013-04-25 2013-04-25 Procédé, dispositif et système pour une communication dans un réseau local virtuel
CN201380000718.4A CN103596649B (zh) 2013-04-25 2013-04-25 一种在虚拟局域网中通信的方法、设备和系统

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/074705 WO2014172869A1 (fr) 2013-04-25 2013-04-25 Procédé, dispositif et système pour une communication dans un réseau local virtuel

Publications (1)

Publication Number Publication Date
WO2014172869A1 true WO2014172869A1 (fr) 2014-10-30

Family

ID=50086359

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/074705 WO2014172869A1 (fr) 2013-04-25 2013-04-25 Procédé, dispositif et système pour une communication dans un réseau local virtuel

Country Status (2)

Country Link
CN (1) CN103596649B (fr)
WO (1) WO2014172869A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102771093B (zh) * 2010-02-22 2014-12-10 日本电气株式会社 通信控制系统、切换节点、通信控制方法
CN106789099B (zh) * 2016-11-16 2020-09-29 深圳市捷视飞通科技股份有限公司 基于pcie的高速隔离网络方法及终端
CN106850816A (zh) * 2017-02-16 2017-06-13 安阳师范学院 一种基于虚拟局域网的远程网络控制系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007074343A2 (fr) * 2005-12-28 2007-07-05 Level 5 Networks Incorporated Traitement des donnees reçues
CN101035052A (zh) * 2007-04-25 2007-09-12 中兴通讯股份有限公司 一种基于虚拟局域网的端口隔离方法
CN101827366A (zh) * 2010-03-24 2010-09-08 北京星网锐捷网络技术有限公司 无线网络用户隔离方法、单元及设备

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9256560B2 (en) * 2009-07-29 2016-02-09 Solarflare Communications, Inc. Controller integration
CN103444138B (zh) * 2011-03-23 2016-03-30 日本电气株式会社 通信控制系统、交换节点以及通信控制方法
CN202535384U (zh) * 2012-03-12 2012-11-14 杭州海莱电子科技有限公司 基于PCIe总线的网络设备扩展连接和虚拟机互连优化系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007074343A2 (fr) * 2005-12-28 2007-07-05 Level 5 Networks Incorporated Traitement des donnees reçues
CN101035052A (zh) * 2007-04-25 2007-09-12 中兴通讯股份有限公司 一种基于虚拟局域网的端口隔离方法
CN101827366A (zh) * 2010-03-24 2010-09-08 北京星网锐捷网络技术有限公司 无线网络用户隔离方法、单元及设备

Also Published As

Publication number Publication date
CN103596649B (zh) 2015-07-29
CN103596649A (zh) 2014-02-19

Similar Documents

Publication Publication Date Title
CN112398817B (zh) 数据发送的方法及设备
US8423639B2 (en) Switching API
US7206864B2 (en) Network protocol processing device
US8321908B2 (en) Apparatus and method for applying network policy at a network device
US11240152B2 (en) Exposing a subset of hosts on an overlay network to components external to the overlay network without exposing another subset of hosts on the overlay network
CN103795602B (zh) 虚拟网络的网络策略配置方法及装置
US20150271067A1 (en) Packet forwarding method and apparatus, and data center network
US20120291024A1 (en) Virtual Managed Network
WO2014089799A1 (fr) Procédé et appareil pour déterminer une dérive d'une machine virtuelle
JP2016540448A (ja) 仮想拡張lanの通信方法、装置、及びシステム
WO2014079005A1 (fr) Dispositif et procédé de réacheminement obligatoire d'adresse mac
WO2012109868A1 (fr) Procédé de configuration de politique de réseau, dispositif de gestion et centre de gestion de réseau
CN103931144B (zh) 一种在虚拟域中通信的方法、设备和系统
CN107547349A (zh) 一种虚拟机迁移的方法及装置
JP2019523608A (ja) パケット監視
KR20150094238A (ko) 종단 시스템의 라이프 사이클에 따라 가상 확장 랜의 세그먼트를 위한 멀티캐스팅 터널을 자동적으로 구성하는 가상 확장 랜 네트워크 시스템 및 그 동작 방법
JP2014011674A (ja) ストレージシステム管理プログラム及びストレージシステム管理装置
CN105657078B (zh) 一种数据传输方法、装置及多层网络管理器
CN104734930B (zh) Vlan接入vf网络的实现方法及装置、fcf
WO2014172869A1 (fr) Procédé, dispositif et système pour une communication dans un réseau local virtuel
JP6079348B2 (ja) スイッチ装置、スイッチ装置の制御方法、及びネットワークシステム
US20140310377A1 (en) Information processing method and information processing apparatus
WO2015024373A1 (fr) Procédé et dispositif de communication de machine virtuelle
US12003417B2 (en) Communication method and apparatus
JP2011141635A (ja) ホスト間通信を使用した仮想サーバのデータの通信方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13883243

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13883243

Country of ref document: EP

Kind code of ref document: A1