WO2015003295A1 - Communication method, device and system in virtual domain - Google Patents

Communication method, device and system in virtual domain Download PDF

Info

Publication number
WO2015003295A1
WO2015003295A1 PCT/CN2013/078986 CN2013078986W WO2015003295A1 WO 2015003295 A1 WO2015003295 A1 WO 2015003295A1 CN 2013078986 W CN2013078986 W CN 2013078986W WO 2015003295 A1 WO2015003295 A1 WO 2015003295A1
Authority
WO
WIPO (PCT)
Prior art keywords
pcie
virtual domain
domain identifier
endpoint device
pcie endpoint
Prior art date
Application number
PCT/CN2013/078986
Other languages
French (fr)
Chinese (zh)
Inventor
王工艺
常胜
李涛
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201380001344.8A priority Critical patent/CN103931144B/en
Priority to PCT/CN2013/078986 priority patent/WO2015003295A1/en
Publication of WO2015003295A1 publication Critical patent/WO2015003295A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/34Signalling channels for network management communication

Definitions

  • Embodiments of the present invention relate to the field of computers, and in particular, to a method, device, and system for communicating in a virtual domain (Virtual Domain, VD). Background technique
  • PCIE Peripheral Component Interconnect Express
  • IP Internet Protocol
  • PCIE network here refers to a network in which devices communicate with each other using the PCIE bus.
  • VNIC virtual network interface card
  • the PCIE vNIC provides a link layer interface for data transmission and reception on the TCP/IP stack. For upper-layer applications, there is no difference between the PCIE vNIC and the Ethernet network device. The application-down interface is also the TCP/IP stack. You don't care if the link layer is an Ethernet or PCIE link, you can transparently use the PCIE link for communication. .
  • IPoPCIE also faces serious problems: There is no security isolation function in PCIE hardware, and there are serious problems in network security: such as network viruses, network loops, network storms caused by hacker software, causing the entire network ⁇ People in different departments access information to each other, leading to information leakage and other issues. Summary of the invention
  • embodiments of the present invention provide a method, device, and system for communicating in a virtual domain. It can improve the security of communication in PCIE networks.
  • an embodiment of the present invention provides a method for communicating in a virtual domain, including: a high-speed peripheral component interconnecting a PCIE switch to receive a PCIE packet, where the PCIE packet carries a virtual i or an identifier;
  • the acquiring the target PCIE endpoint device corresponding to the virtual domain identifier specifically includes:
  • mapping between the virtual domain identifier and the port information is preset on the PC I E switch;
  • the obtaining the port information corresponding to the virtual domain identifier includes: searching the corresponding relationship between the virtual domain identifier and the port information according to the virtual domain identifier, and acquiring the port information corresponding to the virtual domain identifier.
  • the mapping between the virtual domain identifier and the port information is from a virtual domain management server, and is established by the virtual domain management server. And maintenance.
  • the acquiring the PCIE endpoint device corresponding to the virtual domain identifier specifically includes:
  • the mapping between the virtual domain identifier and the PCIE endpoint device information is performed, and the destination PCIE endpoint device corresponding to the virtual domain identifier is obtained.
  • the PCIE endpoint device information includes a node number of a PCIE endpoint device, and a node number of the PCIE endpoint device is the virtual domain The node number of the corresponding physical PCIE endpoint device or the node number of the physical PCIE endpoint device where the virtual machine corresponding to the virtual domain identifier is located.
  • an embodiment of the present invention provides a method for communicating in a virtual domain, including: a high-speed peripheral component interconnecting a PC IE endpoint device adds a virtual domain identifier to a PCIE packet; The PCIE packet is sent to the PCIE switch.
  • a message class is added to the PCIE message, and the virtual domain identifier is carried by the message class.
  • a routing manner is added to the PCIE packet, and the virtual domain identifier is carried by the routing manner.
  • an embodiment of the present invention provides a high-speed peripheral component interconnection PCIE switch, including:
  • a receiving unit configured to receive a PCIE packet, where the PCIE packet carries a virtual domain identifier
  • an acquiring unit configured to acquire a destination PCIE endpoint device corresponding to the virtual domain identifier
  • a sending unit configured to send to the destination PCIE endpoint The device sends the PCIE packet.
  • the acquiring unit is specifically configured to obtain port information corresponding to the virtual domain identifier, and determine the destination PCIE endpoint device according to the port information.
  • the method further includes a storage unit, where the storage unit is configured to save a correspondence between the virtual domain identifier and the port information;
  • the obtaining the port information corresponding to the virtual domain identifier includes: searching the corresponding relationship between the virtual domain identifier and the port information according to the virtual domain identifier, and acquiring the port information corresponding to the virtual domain identifier.
  • the acquiring unit is specifically configured to: search a corresponding relationship between the virtual domain identifier and the PCIE endpoint device information according to the virtual domain identifier, and obtain the corresponding corresponding to the virtual domain identifier. Purpose PCIE endpoint device.
  • the PCIE endpoint device information includes a node number of a PCIE endpoint device, and a node number of the PCIE endpoint device is the virtual domain Identify the node number or the virtual number of the corresponding physical PCIE endpoint device The domain ID identifies the node number of the physical PCIE endpoint device where the corresponding virtual machine resides.
  • an embodiment of the present invention provides a high-speed peripheral component interconnection PCIE endpoint device, including:
  • a processing unit configured to add a virtual domain identifier in the PCIE file
  • a sending unit configured to send the PCIE packet carrying the virtual domain identifier to the PCIE switch.
  • the processing unit is configured to add a message class to the PCIE packet, where the virtual domain identifier is carried by the message class.
  • the processing unit is specifically configured to add a routing manner to the PCIE packet, where the virtual domain identifier is carried by using the routing manner.
  • an embodiment of the present invention provides a controller, including:
  • processor a processor, a memory, a system bus, and a communication interface, wherein the processor, the memory, and the communication interface are connected by the system bus and complete communication with each other;
  • the communication interface is configured to communicate with a high speed peripheral component interconnect PCIE endpoint device
  • the memory is configured to store a computer execution instruction
  • the processor configured to execute the computer to execute an instruction, to perform the method of any of the first aspects.
  • an embodiment of the present invention provides a computer program product, comprising: a computer readable storage medium storing program code, the program code comprising instructions for performing the method of any of the first aspects.
  • the seventh aspect of the present invention provides a PCIE system, including the PCIE switch according to any one of the third aspects, and the PCIE endpoint device according to any one of the fourth aspects.
  • the PCIE switch receives the PCIE packet carrying the virtual domain identifier, and sends the PCIE endpoint device only to the destination PCIE endpoint device corresponding to the virtual domain identifier.
  • PCIE packets enable data transmission between PCIE endpoint devices in the same virtual domain, which improves communication security in PCIE networks.
  • FIG. 1 is a schematic diagram of a PCIE system according to Embodiment 1 of the present invention.
  • FIG. 2 is a schematic diagram of VD division in Embodiment 1 of the present invention.
  • FIG. 3 is a flowchart of a method for communicating in a virtual domain according to Embodiment 2 of the present invention.
  • Figure 4 is a schematic diagram of PCIE message extension
  • FIG. 5 is another schematic diagram of PCIE message extension
  • FIG. 6 is a schematic diagram of PCIE packet transmission according to an embodiment of the present invention.
  • FIG. 7 is a structural diagram of a PCIE endpoint device according to Embodiment 3 of the present invention.
  • FIG. 8 is a structural diagram of a PCIE switch according to Embodiment 4 of the present invention.
  • FIG. 9 is a schematic structural diagram of a controller according to an embodiment of the present invention.
  • the technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are a part of the embodiments of the present invention, but not all embodiments. . All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without making creative labor are within the scope of the present invention.
  • PCIE Periphera Component Interconnect Expres s
  • FIG. 1 is a system diagram of a Periphera Component Interconnect Expres s (PCIE) system according to Embodiment 1 of the present invention.
  • PCIE Swi tch Periphera Component Interconnect Expres s
  • the virtual domain management server 30 is connected to the PCIE switch 20 for managing the correspondence between the maintenance virtual domain identifier and the port information, or managing and maintaining the virtual domain identifier and the PCIE endpoint device letter. Correspondence relationship.
  • the virtual domain management server 30 in the embodiment of the present invention may be a general PCIE endpoint device in the system, or may be a dedicated PCIE endpoint device, which is not specifically limited in the present invention.
  • the PCIE endpoint device 10 in the embodiment of the present invention includes but is not limited to a Root Complex (RC), an Endpoint (EP), and a Host (HOST).
  • the root complex consists of a central processing unit (CPU).
  • the endpoint consists of an interface network card, serial card, memory card, or graphics card.
  • the host may be a general computer, a mobile terminal, a workstation or a server, a dedicated server, or the like.
  • the PCIE endpoint device 10 When the PCIE endpoint device 10 is a host, an operating system (OS) is running on each host, and at least one virtual machine (VM) can be run in a virtualized scenario.
  • OS operating system
  • VM virtual machine
  • VDs Virtual Domains
  • the virtual domain is proposed to understand the security of the network, similar to the Virtual Local Area Network (VLAN) in Ethernet.
  • VLAN Virtual Local Area Network
  • EP0, EP1, EP2, H0ST3, and HOST 4 form VDO
  • EP3, EP4, EP5, HOST0, HOST 1, and HOST 2 form VD1.
  • the embodiment of the present invention extends the PCIE protocol, and the broadcast and unicast data streams in the same VD are not forwarded to other VDs through the virtual domain identifier (VD ID), and only members in the same VD can receive it.
  • VD ID virtual domain identifier
  • Embodiment 2 of the present invention provides a method for communicating in a virtual domain, which may be implemented in the PCIE system shown in FIG. 1 and FIG. 2, but is not limited to FIG. 1 and FIG. The structure of the system shown.
  • the method includes:
  • the S20 PCIE endpoint device adds a virtual domain identifier to the high-speed peripheral component interconnect PCIE. Specifically, if the upper layer application running on the PCIE endpoint device has a data packet to be sent in the virtual domain (VD), the upper layer application needs to add the data packet sent in the VD to the TCP/IP protocol stack, that is, the upper layer application is called.
  • the kernel mode and user mode interface of the operating system will add TCP/IP packets sent in the VD to the TCP/IP stack.
  • the VLAN of the operating system in the PCIE endpoint device The module obtains the TCP/IP packet that needs to be sent in the VD from the TCP/IP protocol stack, and adds the VLAN ID to the TCP/IP packet.
  • the VLAN module of the operating system in the PCIE endpoint device passes the TCP/IP packet with the added VLAN ID to the PCIE vNIC driver module. Then the PCIE vNIC driver module of the operating system in the PCIE endpoint device obtains the TCP/IP data packet, and the PCIE vNIC driver module is the interface of the TCP/IP stack of the operating system and the link layer of the PCIE network.
  • the PCIE endpoint device that obtains the TCP/IP packet that needs to be sent in the VD may also be referred to as a source PCIE endpoint device.
  • the PCIE vNIC driver module encapsulates the TCP/IP packet into a PCIE message, extracts the VLAN ID of the TCP/IP, and then maps the VLAN ID to the VD ID of the PCIE.
  • the VD ID is the ID of the virtual domain that the TCP/IP packet needs to send.
  • the PCIE vNIC driver module maintains a table: the correspondence between the TCP/IP VLAN and the PCIE VD.
  • the TCP/IP protocol runs on the PCIE bus (TCP/IP over PCIE, referred to as IPoPCIE) as an example, but is not limited to IPoPCIE, and other protocols may also run on the PCIE bus.
  • PCIE PCIE bus
  • IPoPCIE IP over PCIE
  • the PCIE protocol needs to be extended to carry the VD ID.
  • a message class may be added to the PCIE message, for example, the message code may be added to carry the VD ID.
  • a routing manner may be added to the PCIE packet, and the VD ID is carried by the routing manner.
  • the VD field is 64 bits, which can support 64 VD IDs. Each bit represents 1 VD ID. Of course, it is not limited to this type of portability. It can also represent 1 VD ID by 2 or more bits.
  • An embodiment of the present invention can extend only the extended space of the PCIE, and does not modify the configuration space word used by the legacy device, for example, in order to be compatible with the legacy device.
  • the VD ID may be represented by a capability ID of the extended space. Accordingly, you can find out which devices support VD functionality by looking up the expansion space.
  • the PCIE endpoint device sends the PCIE packet carrying the virtual domain identifier to the PCIE switch.
  • the PCIE switch receives the PCIE message.
  • the PCIE packet carries a virtual domain identifier.
  • the PCIE switch acquires a destination PCIE endpoint device corresponding to the virtual domain identifier.
  • An implementation manner is: presetting a correspondence between a virtual domain identifier and a port (port) information on a PCIE switch, and searching for a corresponding relationship between the virtual domain identifier and the port information according to the virtual domain identifier, and acquiring the virtual domain identifier. Corresponding port information, and then determining the destination PCIE endpoint device according to the port information. Port information, used to distinguish endpoints, indicating which endpoints.
  • the destination PCIE endpoint device can be represented by MC.Receive.
  • VD ID Virtual Network Identification
  • MC_Receive is defined as defined in the PCIe Mul ticas t standard.
  • 4 ⁇ 3 ⁇ 4 ⁇ Port diagram 6 shows that ortO is connected to RC; portl is connected to endpointl, referred to as EP1; port2 is connected to EP2; port3 is connected to EP3.
  • the RC sends the PCIE packet carrying the VD ID to the PCIE switch through the portO of the PCIE switch, where the VD ID carried is 00000010b, that is, the VD ID. If 1, the destination PCIE endpoint device of this packet is EP1.
  • the RC sends the PCIE packet carrying the VD ID to the PCIE switch through the portO of the PCIE switch, where the VD ID is 00000100b, that is, the VD ID is 2.
  • the destination PCIE endpoint devices are EP1 and EP2.
  • the PCIE packet carrying the VD ID is sent to the PCIE switch through the port1 of the PCIE switch.
  • the VD ID is 00010000b, that is, the VD ID is 4.
  • the destination PCIE endpoint devices are EP2 and EP3.
  • the correspondence between the virtual domain identifier and the port information comes from the virtual domain management server, which is established by the virtual domain management server and is updated according to the change of the PCIE endpoint device in the virtual domain (for example, the addition/deletion of the PCIE endpoint device). of.
  • the mapping between the virtual domain identifier and the PCIE endpoint device information is preset on the PCIE switch, and the mapping between the virtual domain identifier and the PCIE endpoint device information is obtained according to the virtual domain identifier, and the virtual domain identifier is obtained.
  • Corresponding purpose PCIE endpoint device In general, this The correspondence can be in the form of a table.
  • the PCIE endpoint device information includes a node number of the PCIE endpoint device.
  • the correspondence between the virtual domain identifier and the PCIE endpoint device information comes from the virtual domain management server, which is established by the virtual domain management server and is changed according to the PCIE endpoint device in the virtual domain (for example, the addition/deletion of the PCIE endpoint device). Updated for maintenance.
  • the virtual domain management server can be a dedicated PCIE endpoint device in the network, or any PCIE endpoint device in the network can be used as the virtual domain management server to establish and maintain the correspondence between the virtual domain identifier and the PCIE endpoint device information.
  • the correspondence between the virtual domain identifier and the node number of the PCIE endpoint device included in the virtual domain is recorded in the correspondence between the virtual domain identifier and the PCIE endpoint device information.
  • Table 2 illustrates: The virtual domain with a VD ID of 20 shown in the table includes 2 PCIE endpoint devices with node numbers 1 and 5 respectively; the virtual domain with VD ID 49 shown in the table includes 5 PCIE endpoint device, node numbers are 2, 3, 4, 5, and 7, respectively.
  • the node numbers of the destination PCIE endpoint device are 3, 4, 5, and 7.
  • the PCIE switch sends the PCIE message to the destination PCIE endpoint device.
  • por t O is connected to RC; por t l is connected to endpo int l, referred to as EP1; por t2 is connected to EP2; por t 3 is connected to EP3.
  • each PCI Expres s switch there is a unique uplink port and several downlink ports, and each port of the switch has a virtual P2P bridge inside (PCI to PCI Br Idge ).
  • PCI to PCI Br Idge One or more PCIEs can be connected under each P2P bridge Endpoint device, such as EP or RC.
  • Each P2P bridge interacts through a virtual PCI bus (Virtual PCI Bus).
  • the RC passes through the portO of the PCIE switch, the RC carries the PCIE packet carrying the VD ID to the PCIE switch, where the VD ID is 00000010b, that is, the VD ID is 1, then the ⁇ text is finally routed to EP1 through portl.
  • the PCIE packet carrying the VD ID is sent to the PCIE switch, and the VD ID is 00000100b, that is, the VD ID is 2, and the packet is finally routed to the EP1 through the ortl. Route to EP2 via ort2.
  • the PCIE packet carrying the VD ID is sent to the PCIE switch, and the VD ID is 00010000b, that is, the VD ID is 4. Then the packet is finally routed to the EP2 through port 2. , routed to EP3 through port 3.
  • the MC.Receive in the virtual domain receives the PCIE packet, the VD ID carried in the packet is matched with the VD ID of the MC_Receive. If it belongs to a VD domain, it is received. If it is not a VD domain, it is discarded or Reported an error.
  • the MC_Receive may add the data packet with the same virtual domain identifier to the TCP/IP stack through the network device interface, so as to deliver the data packet to the corresponding upper layer application.
  • the virtual domain in the embodiment of the present invention may include a physical PCIE endpoint device or a virtual machine. That is, the method described in the embodiment of the present invention can be applied to security isolation between physical machines.
  • Each physical PCIE endpoint device is in the same PCIE network, and the user divides the PCIE endpoint devices into different VDs according to service requirements. Only PCIE endpoint devices in the same VD can communicate with each other. For example, when a PCIE endpoint device in a VD sends a broadcast packet, its transmission range limit is the PCIE endpoint device in the VD, and the message is not sent to PCIE endpoint device other than this VD.
  • the method in the embodiment of the present invention is also applicable to a security isolation service scenario between a virtual machine and a virtual machine and a physical machine.
  • the user divides the virtual machine and the physical machine into different VDs, and the communication in the VD is only in the The physical machine and the virtual machine in the VD are not sent to the virtual machine or physical machine outside the VD.
  • the virtual domain identifier is recorded in the correspondence relationship with the PCIE endpoint device information. It is also the correspondence between the virtual domain and the physical PCIE endpoint device.
  • the physical PCIE endpoint device here is the physical PCIE endpoint device where the virtual machine is located, that is, the virtual domain identifier recorded in the correspondence between the virtual domain identifier and the PCIE endpoint device information.
  • the node number of the PCIE endpoint device here may be the physical content contained in the virtual domain.
  • the node number of the endpoint device is the node number of the endpoint device.
  • the PCIE switch receives the PCIE packet carrying the virtual domain identifier, and sends the PCIE packet only to the destination PCIE endpoint device corresponding to the virtual domain identifier, so that only the PCIE in the same virtual domain is allowed.
  • Data transmission between endpoint devices can improve the security of communication in the PCIE network and avoid network storms.
  • the data transmission in the VD is realized based on the virtual domain identifier, and the implementation manner is more flexible and more efficient.
  • Embodiment 3 of the present invention is as shown in the figure of the PCIE endpoint device 10
  • the processing unit 101 is configured to add a virtual domain identifier to the PCIE certificate, and the sending unit 102 is configured to send the PCIE packet carrying the virtual domain identifier to the PCIE switch.
  • the processing unit 101 is configured to add a message class to the MME to carry the virtual domain identifier by using the message class.
  • a message class to the MME to carry the virtual domain identifier by using the message class.
  • the processing unit 101 is configured to add a routing manner to the PCIE, and carry the virtual domain identifier by using the routing manner.
  • a routing manner to the PCIE, and carry the virtual domain identifier by using the routing manner.
  • the high-speed peripheral component interconnection provided by the embodiment 4 of the present invention has the structure shown in FIG. 8 and includes:
  • the receiving unit 201 is configured to receive a PCIE packet, where the PCIE packet carries a virtual domain identifier.
  • the obtaining unit 202 is configured to acquire the destination PCIE endpoint device corresponding to the virtual domain identifier, and the sending unit 203 is configured to send the PCIE packet to the destination PC IE endpoint device.
  • the obtaining unit 202 is specifically configured to obtain port information corresponding to the virtual domain identifier, and determine the destination PCIE endpoint device according to the port information.
  • the PC IE switch 20 further includes a storage unit 204, configured to save a correspondence between the virtual domain identifier and the port information.
  • the obtaining, by the obtaining unit 202, the port information corresponding to the virtual domain identifier, the method includes: searching, according to the virtual domain identifier, a correspondence between the virtual domain identifier and the port information saved by the storage unit 204, and acquiring the virtual domain identifier corresponding to the virtual domain identifier Port information.
  • the obtaining unit 202 is specifically configured to: search the corresponding relationship between the virtual domain identifier and the PCIE endpoint device information according to the virtual domain identifier, and obtain the destination PCIE endpoint device corresponding to the virtual domain identifier. .
  • the PCIE endpoint device information includes a node number of the PCIE endpoint device, and the node number of the PCIE endpoint device is a node number of the physical PCIE endpoint device corresponding to the virtual domain identifier, and may refer to the method embodiment. description of.
  • a controller 300 includes: at least one processor 301, a memory 305, at least one communication interface 304, and at least one system bus 302.
  • the processor 301, the memory 305, and the communication interface 304 are connected by the system bus 302 and complete communication with each other;
  • a communication interface 304 is configured to communicate with the high speed peripheral component interconnect PCIE endpoint device.
  • the memory 305 stores computer execution instructions, such as a storage operating system 306.
  • a storage operating system 306 When the controller 300 is running, the processor 301 is in communication with the memory 305, and the processor 301 executes the computer to execute the instructions such that the controller 300 executes the embodiment described in the first embodiment of the present invention. The implementation principle and the technical effect of the method are similar to those of the previous embodiment 2, and are not described herein again.
  • the operating system 306 includes various programs for implementing various basic services and processing hardware-based tasks.
  • the controller 300 optionally includes a user interface 303 such as a display, keyboard or other pointing device.
  • the embodiment of the present invention further provides a computer readable medium, which includes a computer-executed instruction, and the computer-executable instruction enables the controller 300 to perform the method described in Embodiment 2 of the present invention.
  • a computer readable medium which includes a computer-executed instruction
  • the computer-executable instruction enables the controller 300 to perform the method described in Embodiment 2 of the present invention.
  • the implementation principle and technical effects thereof are compared with the previous embodiment. 2 is similar and will not be described here.
  • the embodiment of the present invention further provides a PCIE system, including a PCIE endpoint device as shown in FIG. 7 and a PCIE switch as shown in FIG. Reference is specifically made to the description of the previous embodiments.
  • the PCIE endpoint device sends the PCIE packet carrying the virtual domain identifier to the PCIE switch, so that the PCIE switch sends the PCIE packet only to the destination PCIE endpoint device corresponding to the virtual domain identifier, which is only allowed in the PCIE switch.
  • Data transmission between PCIE endpoint devices in the same virtual domain can improve the security of communication in the PCIE network and avoid network storms.
  • the data transmission in the VD is realized based on the virtual domain identifier, and the implementation manner is more flexible and more efficient.
  • Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another.
  • a storage medium may be any available media that can be accessed by a computer.
  • the computer readable medium can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage media or other magnetic storage device, or can be used to carry or store an instruction or data structure.
  • connection may suitably be a computer readable medium.
  • the software is transmitted from a website, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave
  • coaxial cable , fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, wireless, and microwaves are included in the fixing of the associated media.
  • the disc (Di sk ) and the disc (di sc ) include pressure Compact discs (CDs), laser discs, optical discs, digital versatile discs (DVDs), floppy discs, and Blu-ray discs, where discs are usually magnetically replicated, while discs use lasers to optically replicate data. Combinations of the above should also be included within the scope of the computer readable media.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed are a communication method, device and system in a virtual domain, which can improve the communication security in a peripheral component interconnect express (PCIE) network. The method comprises: a PCIE switch receiving a PCIE message, the PCIE message carrying a virtual domain identifier; acquiring a destination PCIE endpoint device corresponding to the virtual domain identifier; and sending the PCIE message to the destination PCIE endpoint device.

Description

一种在虚拟域中通信的方法、 设备和系统  Method, device and system for communicating in virtual domain
技术领域 Technical field
本发明实施例涉及计算机领域, 尤其涉及在虚拟域 (Virtual Domain, 简 称 VD) 中通信的方法、 设备和系统。 背景技术  Embodiments of the present invention relate to the field of computers, and in particular, to a method, device, and system for communicating in a virtual domain (Virtual Domain, VD). Background technique
随着高速夕卜围组件互连 ( Peripheral Component Interconnect Express, 简称 PCIE)总线技术的发展, PCIE总线不再仅仅是主机和外围设备之间的数据 传输总线, 进一步拓展为两台主机之间的数据通信总线。 目前主机间主流的通 信方式是依赖传输控制协议 ( Transmission Control Protocol, 简称 TCP) / 互联网络协议( Internet Protocol, 简称 IP)堆栈。 为了更好的兼容现有基于 TCP/IP的应用程序, 业界提出了 TCP/IP协议运行在 PCIE总线(TCP/IP over PCIE, 简称 IPoPCIE)这个概念, 即 TCP/IP协议运行在 PCIE网络上, 这里的 PCIE网络是指设备之间釆用 PCIE总线进行通信连接的网络。在主机上虚拟出一 个 PCIE虚拟网络接口卡(Virtual Network Interface Card, 简称 vNIC) , PCIE vNIC对 TCP/IP堆栈提供数据收发的链路层接口。对于上层应用程序, PCIE vNIC 和以太网的网络设备没有差别, 应用程序向下的接口还是 TCP/IP堆栈, 不用关 心链路层是以太网或 PCIE链路, 可以透明的使用 PCIE链路进行通信。  With the development of the Peripheral Component Interconnect Express (PCIE) bus technology, the PCIE bus is no longer just a data transmission bus between the host and peripheral devices, and is further extended to data between the two hosts. Communication bus. Currently, the mainstream communication method between hosts is to rely on the Transmission Control Protocol (TCP) / Internet Protocol (IP) stack. In order to better compatible with existing TCP/IP-based applications, the industry has proposed the concept of TCP/IP running on PCIE bus (TCP/IP over PCIE, IPoPCIE), that is, TCP/IP protocol runs on PCIE network. The PCIE network here refers to a network in which devices communicate with each other using the PCIE bus. A PCIE virtual network interface card (VNIC) is virtualized on the host. The PCIE vNIC provides a link layer interface for data transmission and reception on the TCP/IP stack. For upper-layer applications, there is no difference between the PCIE vNIC and the Ethernet network device. The application-down interface is also the TCP/IP stack. You don't care if the link layer is an Ethernet or PCIE link, you can transparently use the PCIE link for communication. .
但 IPoPCIE在提高性能的同时, 也面临着严重的问题: PCIE硬件中并没有 安全隔离功能, 网络安全存在严重的问题: 如由于网络病毒, 网络环路, 黑客 软件引发的网络风暴导致整个网络瘫痪; 不同部门的人相互访问信息, 导致信 息机密泄露等问题。 发明内容  However, while improving performance, IPoPCIE also faces serious problems: There is no security isolation function in PCIE hardware, and there are serious problems in network security: such as network viruses, network loops, network storms caused by hacker software, causing the entire network瘫痪People in different departments access information to each other, leading to information leakage and other issues. Summary of the invention
有鉴于此, 本发明实施例提供了一种在虚拟域中通信的方法、 设备和系统, 能够提高 PCIE网络中通信的安全性。 In view of this, embodiments of the present invention provide a method, device, and system for communicating in a virtual domain. It can improve the security of communication in PCIE networks.
第一方面, 本发明实施例提供了一种在虚拟域中通信的方法, 包括: 高速外围组件互连 PCIE交换机接收 PCIE报文, 所述 PCIE报文携带了虚 拟 i或标识;  In a first aspect, an embodiment of the present invention provides a method for communicating in a virtual domain, including: a high-speed peripheral component interconnecting a PCIE switch to receive a PCIE packet, where the PCIE packet carries a virtual i or an identifier;
获取所述虚拟域标识对应的目的 PCIE端点设备;  Obtaining a destination PCIE endpoint device corresponding to the virtual domain identifier;
向所述目的 PCIE端点设备发送所述 PCIE报文。  Sending the PCIE message to the destination PCIE endpoint device.
在第一方面的第一种可能的实现方式中: 获取所述虚拟域标识对应的目 的 PCIE端点设备具体包括:  In a first possible implementation manner of the first aspect, the acquiring the target PCIE endpoint device corresponding to the virtual domain identifier specifically includes:
获取所述虚拟域标识对应的端口信息, 根据所述端口信息确定所述目的 PCIE端点设备。  Obtaining port information corresponding to the virtual domain identifier, and determining the destination PCIE endpoint device according to the port information.
结合第一方面的第一种可能的实现方式, 在第二种可能的实现方式中, 在所述 PC I E交换机上预置虚拟域标识与端口信息的对应关系;  With reference to the first possible implementation manner of the first aspect, in a second possible implementation, the mapping between the virtual domain identifier and the port information is preset on the PC I E switch;
获取所述虚拟域标识对应的端口信息具体包括: 根据所述虚拟域标识, 查找所述虚拟域标识与端口信息的对应关系, 获取所述虚拟域标识对应的端 口信息。  The obtaining the port information corresponding to the virtual domain identifier includes: searching the corresponding relationship between the virtual domain identifier and the port information according to the virtual domain identifier, and acquiring the port information corresponding to the virtual domain identifier.
结合第一方面的第二种可能的实现方式, 在第三种可能的实现方式中, 所述虚拟域标识与端口信息的对应关系来自于虚拟域管理服务器, 并由所述 虚拟域管理服务器建立和维护。  With reference to the second possible implementation manner of the first aspect, in a third possible implementation, the mapping between the virtual domain identifier and the port information is from a virtual domain management server, and is established by the virtual domain management server. And maintenance.
在第一方面的第四种可能的实现方式中: 获取所述虚拟域标识对应的目 的 PCIE端点设备具体包括: :  In a fourth possible implementation manner of the first aspect, the acquiring the PCIE endpoint device corresponding to the virtual domain identifier specifically includes:
根据所述虚拟域标识, 查找虚拟域标识与 PCIE 端点设备信息的对应关 系, 获取所述虚拟域标识对应的目的 PCIE端点设备。  According to the virtual domain identifier, the mapping between the virtual domain identifier and the PCIE endpoint device information is performed, and the destination PCIE endpoint device corresponding to the virtual domain identifier is obtained.
结合第一方面的第四种可能的实现方式, 在第五种可能的实现方式中, 所述 PCIE端点设备信息包括 PCIE端点设备的节点号,所述 PCIE端点设备的 节点号为所述虚拟域标识对应的物理的 PCIE 端点设备的节点号或所述虚拟 域标识对应的虚拟机所在的物理的 PCIE端点设备的节点号。 第二方面, 本发明实施例提供了一种在虚拟域中通信的方法, 包括: 高速外围组件互连 PC I E端点设备在 PCIE报文中增加虚拟域标识; 将携带了所述虚拟域标识的 PCIE报文发送给 PCIE交换机。 With reference to the fourth possible implementation of the first aspect, in a fifth possible implementation, the PCIE endpoint device information includes a node number of a PCIE endpoint device, and a node number of the PCIE endpoint device is the virtual domain The node number of the corresponding physical PCIE endpoint device or the node number of the physical PCIE endpoint device where the virtual machine corresponding to the virtual domain identifier is located. In a second aspect, an embodiment of the present invention provides a method for communicating in a virtual domain, including: a high-speed peripheral component interconnecting a PC IE endpoint device adds a virtual domain identifier to a PCIE packet; The PCIE packet is sent to the PCIE switch.
在第二方面的第一种可能的实现方式中,在所述 PCIE ^艮文中增加一种消 息类, 通过所述消息类来携带所述虚拟域标识。  In a first possible implementation manner of the second aspect, a message class is added to the PCIE message, and the virtual domain identifier is carried by the message class.
在第二方面的第二种可能的实现方式中,在所述 PCIE报文中增加一种路 由方式, 通过所述路由方式来携带所述虚拟域标识。  In a second possible implementation manner of the second aspect, a routing manner is added to the PCIE packet, and the virtual domain identifier is carried by the routing manner.
第三方面, 本发明实施例提供了一种高速外围组件互连 PCIE 交换机, 包 括:  In a third aspect, an embodiment of the present invention provides a high-speed peripheral component interconnection PCIE switch, including:
接收单元, 用于接收 PCIE报文, 所述 PCIE报文携带了虚拟域标识; 获取单元, 用于获取所述虚拟域标识对应的目的 PCIE端点设备; 发送单元, 用于向所述目的 PCIE端点设备发送所述 PCIE报文。  a receiving unit, configured to receive a PCIE packet, where the PCIE packet carries a virtual domain identifier, an acquiring unit, configured to acquire a destination PCIE endpoint device corresponding to the virtual domain identifier, and a sending unit, configured to send to the destination PCIE endpoint The device sends the PCIE packet.
在第三方面的第一种可能的实现方式中, 所述获取单元具体用于获取所 述虚拟域标识对应的端口信息,根据所述端口信息确定所述目的 PCIE端点设 备。  In a first possible implementation manner of the third aspect, the acquiring unit is specifically configured to obtain port information corresponding to the virtual domain identifier, and determine the destination PCIE endpoint device according to the port information.
结合第三方面的第一种可能的实现方式, 在第二种可能的实现方式中, 还包括存储单元,所述存储单元用于保存虚拟域标识与端口信息的对应关系; 所述获取单元用于获取所述虚拟域标识对应的端口信息具体包括: 根据所述虚拟域标识, 查找所述虚拟域标识与端口信息的对应关系, 获 取所述虚拟域标识对应的端口信息。  With reference to the first possible implementation manner of the third aspect, in a second possible implementation, the method further includes a storage unit, where the storage unit is configured to save a correspondence between the virtual domain identifier and the port information; The obtaining the port information corresponding to the virtual domain identifier includes: searching the corresponding relationship between the virtual domain identifier and the port information according to the virtual domain identifier, and acquiring the port information corresponding to the virtual domain identifier.
在第三方面的第三种可能的实现方式中, 所述获取单元具体用于: 根据 所述虚拟域标识, 查找虚拟域标识与 PCIE端点设备信息的对应关系, 获取所 述虚拟域标识对应的目的 PCIE端点设备。  In a third possible implementation manner of the third aspect, the acquiring unit is specifically configured to: search a corresponding relationship between the virtual domain identifier and the PCIE endpoint device information according to the virtual domain identifier, and obtain the corresponding corresponding to the virtual domain identifier. Purpose PCIE endpoint device.
结合第三方面的第三种可能的实现方式, 在第四种可能的实现方式中, 所述 PCIE端点设备信息包括 PCIE端点设备的节点号,所述 PCIE端点设备的 节点号为所述虚拟域标识对应的物理的 PCIE 端点设备的节点号或所述虚拟 域标识对应的虚拟机所在的物理的 PCIE端点设备的节点号。 With reference to the third possible implementation of the third aspect, in a fourth possible implementation, the PCIE endpoint device information includes a node number of a PCIE endpoint device, and a node number of the PCIE endpoint device is the virtual domain Identify the node number or the virtual number of the corresponding physical PCIE endpoint device The domain ID identifies the node number of the physical PCIE endpoint device where the corresponding virtual machine resides.
第四方面, 本发明实施例提供了一种高速外围组件互连 PCIE端点设备, 包括:  In a fourth aspect, an embodiment of the present invention provides a high-speed peripheral component interconnection PCIE endpoint device, including:
处理单元, 用于在 PCIE ^艮文中增加虚拟域标识;  a processing unit, configured to add a virtual domain identifier in the PCIE file;
发送单元, 用于将携带了所述虚拟域标识的 PCIE报文发送给 PCIE交换 机。  And a sending unit, configured to send the PCIE packet carrying the virtual domain identifier to the PCIE switch.
在第四方面的第一种可能的实现方式中, 所述处理单元具体用于在所述 PCIE报文中增加一种消息类, 通过所述消息类来携带所述虚拟域标识。  In a first possible implementation manner of the fourth aspect, the processing unit is configured to add a message class to the PCIE packet, where the virtual domain identifier is carried by the message class.
在第四方面的第二种可能的实现方式中, 所述处理单元具体用于在所述 PCIE报文中增加一种路由方式, 通过所述路由方式来携带所述虚拟域标识。  In a second possible implementation manner of the fourth aspect, the processing unit is specifically configured to add a routing manner to the PCIE packet, where the virtual domain identifier is carried by using the routing manner.
第五方面, 本发明实施例提供了一种控制器, 包括:  In a fifth aspect, an embodiment of the present invention provides a controller, including:
处理器、 存储器、 系统总线和通信接口, 所述处理器、 所述存储器和所 述通信接口之间通过所述系统总线连接并完成相互间的通信;  a processor, a memory, a system bus, and a communication interface, wherein the processor, the memory, and the communication interface are connected by the system bus and complete communication with each other;
所述通信接口, 用于与高速外围组件互连 PCIE端点设备通信;  The communication interface is configured to communicate with a high speed peripheral component interconnect PCIE endpoint device;
所述存储器, 用于存储计算机执行指令;  The memory is configured to store a computer execution instruction;
所述处理器, 用于运行所述计算机执行指令, 执行第一方面中任一所述 的方法。  The processor, configured to execute the computer to execute an instruction, to perform the method of any of the first aspects.
第六方面, 本发明实施例提供了一种计算机程序产品, 包括存储了程序 代码的计算机可读存储介质, 所述程序代码包括的指令用于执行第一方面中 任一所述的方法。  In a sixth aspect, an embodiment of the present invention provides a computer program product, comprising: a computer readable storage medium storing program code, the program code comprising instructions for performing the method of any of the first aspects.
第七方面, 本发明实施例提供了一种 PCIE系统, 包括第三方面任一所述的 PCIE交换机和第四方面任一所述的 PCIE端点设备。 通过上述方案, 本发明实施例提供的在虚拟域中通信的方法、 设备和系 统, PCIE交换机接收携带虚拟域标识的 PCIE报文, 仅向所述虚拟域标识对 应的目的 PCIE端点设备发送所述 PCIE报文, 实现了只允许在同一个虚拟域 中的 PCIE端点设备间进行数据传输,从而能够提高 PCIE网络中通信的安全 性, 避免了网络风 附图说明 为了更清楚地说明本发明实施例的技术方案, 下面将对实施例描述中所 需要使用的附图作简单地介绍, 显而易见地, 下面描述中的附图仅仅是本发 明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动的前 提下, 还可以根据这些附图获得其他的附图。 The seventh aspect of the present invention provides a PCIE system, including the PCIE switch according to any one of the third aspects, and the PCIE endpoint device according to any one of the fourth aspects. With the above solution, the method, device, and system for communicating in a virtual domain are provided by the embodiment of the present invention. The PCIE switch receives the PCIE packet carrying the virtual domain identifier, and sends the PCIE endpoint device only to the destination PCIE endpoint device corresponding to the virtual domain identifier. PCIE packets enable data transmission between PCIE endpoint devices in the same virtual domain, which improves communication security in PCIE networks. BRIEF DESCRIPTION OF THE DRAWINGS In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图 1为本发明实施例 1的 PCIE系统示意图;  1 is a schematic diagram of a PCIE system according to Embodiment 1 of the present invention;
图 2为本发明实施例 1中 VD划分的示意图;  2 is a schematic diagram of VD division in Embodiment 1 of the present invention;
图 3为本发明实施例 2提供的在虚拟域中通信的方法流程图;  3 is a flowchart of a method for communicating in a virtual domain according to Embodiment 2 of the present invention;
图 4为 PCIE报文扩展的一种示意图;  Figure 4 is a schematic diagram of PCIE message extension;
图 5为 PCIE报文扩展的又一种示意图;  Figure 5 is another schematic diagram of PCIE message extension;
图 6为本发明实施例提供的 PCIE报文传递示意图;  FIG. 6 is a schematic diagram of PCIE packet transmission according to an embodiment of the present invention;
图 7为本发明实施例 3提供的 PCIE端点设备的结构图;  7 is a structural diagram of a PCIE endpoint device according to Embodiment 3 of the present invention;
图 8为本发明实施例 4提供的 PCIE交换机的结构图。  FIG. 8 is a structural diagram of a PCIE switch according to Embodiment 4 of the present invention.
图 9为本发明实施例提供的控制器的结构示意图。 具体实施方式 下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进行 清楚、 完整地描述, 显然, 所描述的实施例是本发明一部分实施例, 而不是 全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有作出创 造性劳动前提下所获得的所有其他实施例, 都属于本发明保护的范围。  FIG. 9 is a schematic structural diagram of a controller according to an embodiment of the present invention. The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are a part of the embodiments of the present invention, but not all embodiments. . All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without making creative labor are within the scope of the present invention.
本发明实施例的系统架构  System architecture of an embodiment of the present invention
图 1为本发明实施例 1提供的高速外围组件互连(Per iphera l Component Interconnect Expres s , 简称 PCIE ) 系统图, 如图 1所示, 包括至少 2台 PCIE 端点设备 10、 一台 PCIE交换机 20 ( PCIE Swi tch ) 以及一台虚拟域管理服务器 30; PCIE交换机 20与所有 PCIE端点设备 10相连, 实现 PCIE端点设备 10之间 的数据转发。 虚拟域管理服务器 30与 PCIE交换机 20相连, 用于管理维护虚拟 域标识与端口信息的对应关系,或者管理维护虚拟域标识与 PCIE端点设备信 息的对应关系。 1 is a system diagram of a Periphera Component Interconnect Expres s (PCIE) system according to Embodiment 1 of the present invention. As shown in FIG. 1, at least two PCIE endpoint devices 10 and one PCIE switch 20 are included. (PCIE Swi tch) and a virtual domain management server 30; the PCIE switch 20 is connected to all PCIE endpoint devices 10 to implement data forwarding between the PCIE endpoint devices 10. The virtual domain management server 30 is connected to the PCIE switch 20 for managing the correspondence between the maintenance virtual domain identifier and the port information, or managing and maintaining the virtual domain identifier and the PCIE endpoint device letter. Correspondence relationship.
本发明实施例中的虚拟域管理服务器 30可以是系统中的一台普通 PCIE端 点设备, 也可以是一台专用 PCIE端点设备, 本发明不作具体限定。  The virtual domain management server 30 in the embodiment of the present invention may be a general PCIE endpoint device in the system, or may be a dedicated PCIE endpoint device, which is not specifically limited in the present invention.
本发明实施例中的 PCIE端点设备 10包括但不限于根复合体 (Root complex, 简称为 RC) 、 端点 (Endpoint, 简称为 EP) 、 主机(HOST) 。 根 复合体由中央处理器 ( central processing unit, 简称为 CPU) 组成。 端点 由接口网卡, 串口卡、 存储卡、 或显卡组成。 主机具体可以为普通的计算机、 移动终端、 工作站或服务器、 专用服务器等。  The PCIE endpoint device 10 in the embodiment of the present invention includes but is not limited to a Root Complex (RC), an Endpoint (EP), and a Host (HOST). The root complex consists of a central processing unit (CPU). The endpoint consists of an interface network card, serial card, memory card, or graphics card. The host may be a general computer, a mobile terminal, a workstation or a server, a dedicated server, or the like.
当 PCIE端点设备 10为主机时, 各主机上运行有操作系统( Operating System, 简称 OS) , 在虚拟化的场景下可以运行至少一个虚拟机( Virtual Machine, 简称 VM ) 。  When the PCIE endpoint device 10 is a host, an operating system (OS) is running on each host, and at least one virtual machine (VM) can be run in a virtualized scenario.
将同一物理网中的 PCIE端点设备划分出多个逻辑上分隔的网络, 这些分 隔的逻辑网络就称为虚拟域(Virtual Domain, 简称 VD) 。 虚拟域是为了解 决网络的安全性提出来的, 类似于以太网中的虚拟局域网 (Virtual Local Area Network, 简称 VLAN)。 以图 2为例说明, EP0、 EP1、 EP2、 H0ST3和 HOST 4组成了 VDO, EP3、 EP4、 EP5、 HOST0、 HOST 1和 HOST 2组成了 VD1,  The PCIE endpoint devices in the same physical network are divided into multiple logically separated networks. These separated logical networks are called Virtual Domains (VDs). The virtual domain is proposed to understand the security of the network, similar to the Virtual Local Area Network (VLAN) in Ethernet. Taking Figure 2 as an example, EP0, EP1, EP2, H0ST3, and HOST 4 form VDO, and EP3, EP4, EP5, HOST0, HOST 1, and HOST 2 form VD1.
本发明实施例对 PCIE协议进行扩展, 通过虚拟域标识 (VD ID)使同一 个 VD内部的广播和单播数据流不会转发到其他 VD中,只有同一个 VD中的成员 才能收到。 下面详细介绍。  The embodiment of the present invention extends the PCIE protocol, and the broadcast and unicast data streams in the same VD are not forwarded to other VDs through the virtual domain identifier (VD ID), and only members in the same VD can receive it. The details are described below.
虚拟域中通信的方法  Method of communication in virtual domain
如图 3所示, 本发明实施例 2提供了一种在虚拟域中通信的方法, 该方 法可以在图 1和图 2所示的 PCIE系统中实现,但并不限于图 1和图 2所示的 系统的结构。 所述方法包括:  As shown in FIG. 3, Embodiment 2 of the present invention provides a method for communicating in a virtual domain, which may be implemented in the PCIE system shown in FIG. 1 and FIG. 2, but is not limited to FIG. 1 and FIG. The structure of the system shown. The method includes:
S20 PCIE端点设备在高速外围组件互连 PCIE ^艮文中增加虚拟域标识。 具体的,若 PCIE端点设备上运行的上层应用有数据包需要在虚拟域(VD) 中进行发送, 上层应用将需要在 VD中发送的数据包添加到 TCP/IP协议栈, 即, 上层应用调用操作系统的内核态和用户态接口, 将需要在 VD中发送的 TCP/IP数据包添加到 TCP/IP协议栈。 则 PCIE端点设备中操作系统的 VLAN 模块从 TCP/IP协议栈中获取需要在 VD中发送的 TCP/IP数据包, 在 TCP/IP 数据包上添加 VLAN ID。 PCIE端点设备中操作系统的 VLAN模块将该添加了 VLAN ID的 TCP/IP数据包传入 PCIE vNIC驱动模块。 然后 PCIE端点设备中操 作系统的 PCIE vNIC驱动模块获取 TCP/IP数据包, PCIE vNIC驱动模块是操 作系统的 TCP/IP堆栈和 PCIE网络链路层的接口。 具体的, 为了描述方便, 获取该需要在 VD中发送的 TCP/IP数据包的 PCIE端点设备也可以称为源 PCIE 端点设备。 The S20 PCIE endpoint device adds a virtual domain identifier to the high-speed peripheral component interconnect PCIE. Specifically, if the upper layer application running on the PCIE endpoint device has a data packet to be sent in the virtual domain (VD), the upper layer application needs to add the data packet sent in the VD to the TCP/IP protocol stack, that is, the upper layer application is called. The kernel mode and user mode interface of the operating system will add TCP/IP packets sent in the VD to the TCP/IP stack. The VLAN of the operating system in the PCIE endpoint device The module obtains the TCP/IP packet that needs to be sent in the VD from the TCP/IP protocol stack, and adds the VLAN ID to the TCP/IP packet. The VLAN module of the operating system in the PCIE endpoint device passes the TCP/IP packet with the added VLAN ID to the PCIE vNIC driver module. Then the PCIE vNIC driver module of the operating system in the PCIE endpoint device obtains the TCP/IP data packet, and the PCIE vNIC driver module is the interface of the TCP/IP stack of the operating system and the link layer of the PCIE network. Specifically, for convenience of description, the PCIE endpoint device that obtains the TCP/IP packet that needs to be sent in the VD may also be referred to as a source PCIE endpoint device.
PCIE vNIC驱动模块将 TCP/IP数据包封装到 PCIE报文, 并提取 TCP/IP 的 VLAN ID, 然后将 VLAN ID映射为 PCIE的 VD ID。 该 VD ID是该 TCP/IP 数据包需要发送的虚拟域的 ID。  The PCIE vNIC driver module encapsulates the TCP/IP packet into a PCIE message, extracts the VLAN ID of the TCP/IP, and then maps the VLAN ID to the VD ID of the PCIE. The VD ID is the ID of the virtual domain that the TCP/IP packet needs to send.
优选地, PCIE vNIC驱动模块维护了一张表: TCP/IP的 VLAN与 PCIE的 VD的对应关系。  Preferably, the PCIE vNIC driver module maintains a table: the correspondence between the TCP/IP VLAN and the PCIE VD.
本发明实施例, 以 TCP/IP协议运行在 PCIE总线 (TCP/IP over PCIE, 简称 IPoPCIE) 为例说明, 但是并不局限于 IPoPCIE, 其他协议运行在 PCIE 总线上也可以。  In the embodiment of the present invention, the TCP/IP protocol runs on the PCIE bus (TCP/IP over PCIE, referred to as IPoPCIE) as an example, but is not limited to IPoPCIE, and other protocols may also run on the PCIE bus.
具体地, 需要对 PCIE协议进行扩展, 来携带所述 VD ID。  Specifically, the PCIE protocol needs to be extended to carry the VD ID.
一种方式, 参照图 4所示, 可以在 PCIE ^艮文中增加一种消息类, 比如可 以增加 Message Code, 来携带所述 VD ID。  In one mode, as shown in FIG. 4, a message class may be added to the PCIE message, for example, the message code may be added to carry the VD ID.
另一种方式, 参照图 5所示, 可以在 PCIE报文中增加一种路由方式, 通 过所述路由方式来携带所述 VD ID。 比如, 可以在 Type[2: 0]中增加。 附图 5 中 VD域为 64bit, 可支持 64个 VD ID, 每 1位表示 1个 VD ID, 当然并不限 于这种携带方式, 也可以通过 2位或者更多位表示 1个 VD ID。  Alternatively, as shown in FIG. 5, a routing manner may be added to the PCIE packet, and the VD ID is carried by the routing manner. For example, it can be added in Type[2: 0]. In Figure 5, the VD field is 64 bits, which can support 64 VD IDs. Each bit represents 1 VD ID. Of course, it is not limited to this type of portability. It can also represent 1 VD ID by 2 or more bits.
PCIE ^艮文中其他字段的含义, 可以参照 PCIE协议的描述。  The meaning of other fields in the PCIE 艮 text can refer to the description of the PCIE protocol.
为了能够兼容早期的外围组件互连 ( Peripheral Component  In order to be compatible with early peripheral component interconnections ( Peripheral Component
Interconnect, PCI )设备, 比如为了能够兼容 legacy设备, 本发明实施例 可以只对 PCIE的扩展空间进行扩展, 不修改 legacy设备使用的配置空间字 段。 具体地, 可以通过扩展空间的 capability ID来表示所述 VD ID。 相应 地, 可以通过查找扩展空间找到哪些设备支持 VD功能。 An embodiment of the present invention can extend only the extended space of the PCIE, and does not modify the configuration space word used by the legacy device, for example, in order to be compatible with the legacy device. Paragraph. Specifically, the VD ID may be represented by a capability ID of the extended space. Accordingly, you can find out which devices support VD functionality by looking up the expansion space.
S202, PCIE端点设备将携带了所述虚拟域标识的 PCIE报文发送给 PCIE 交换机。  S202. The PCIE endpoint device sends the PCIE packet carrying the virtual domain identifier to the PCIE switch.
S203、 PCIE交换机接收所述 PCIE ^艮文。  S203. The PCIE switch receives the PCIE message.
该 PCIE报文携带了虚拟域标识。  The PCIE packet carries a virtual domain identifier.
S204、 PCIE交换机获取所述虚拟域标识对应的目的 PCIE端点设备。 一种实现方式, 在 PCIE交换机上预置虚拟域标识与端口 (port)信息的 对应关系, 根据所述虚拟域标识, 查找所述虚拟域标识与端口信息的对应关 系, 获取所述虚拟域标识对应的端口信息, 然后再根据所述端口信息确定所 述目的 PCIE端点设备。 端口信息, 用来对端点进行区分, 表示是哪个端点。  S204. The PCIE switch acquires a destination PCIE endpoint device corresponding to the virtual domain identifier. An implementation manner is: presetting a correspondence between a virtual domain identifier and a port (port) information on a PCIE switch, and searching for a corresponding relationship between the virtual domain identifier and the port information according to the virtual domain identifier, and acquiring the virtual domain identifier. Corresponding port information, and then determining the destination PCIE endpoint device according to the port information. Port information, used to distinguish endpoints, indicating which endpoints.
当是广播或组播(Multicast, 简称为 MC)报文时, 该目的 PCIE端点设 备可以通过 MC.Receive来表示。  When it is a broadcast or multicast (Multicast, MC for short) message, the destination PCIE endpoint device can be represented by MC.Receive.
举例说明 ^下:  For example ^ below:
4叚设 PCIe Switch中配置的 portO对应的 MC_Receive = 00011110b, 即 支持的 VD的 ID为 1, 2, 3, 4; portl对应的 MC_Receive = 00001110b, 即支 持的 VD的 ID为 1, 2, 3; port2对应的 MC_Receive = 00010100b, 即支持的 VD的 ID为 2, 4; port3对应的 MC_Receive = 00010000b, 即支持的 VD的 ID 为 4。 那么虚拟域标识与端口信息的对应关系, 如表 1所示:  4) MC_Receive = 00011110b corresponding to the portO configured in the PCIe Switch, that is, the ID of the supported VD is 1, 2, 3, 4; MC_Receive = 00001110b corresponding to portl, that is, the ID of the supported VD is 1, 2, 3; The MC_Receive = 00010100b corresponding to port2, that is, the ID of the supported VD is 2, 4; the MC_Receive = 00010000b corresponding to port3, that is, the ID of the supported VD is 4. Then the correspondence between the virtual domain identifier and the port information is as shown in Table 1:
表 1 虚拟网标识(VD ID) 端口信息 Table 1 Virtual Network Identification (VD ID) Port Information
0 NULL  0 NULL
1 0, 1  1 0, 1
2 0, 1, 2  2 0, 1, 2
3 0, 1  3 0, 1
4 0, 2, 3 其中, MC_Receive的定义与 PCIe Mul t icas t标准中的定义一样。  4 0, 2, 3 where MC_Receive is defined as defined in the PCIe Mul ticas t standard.
4叚 ¾口 ^口图 6 所示, ortO接 RC; portl接 endpointl,简称 EP1; port2 接 EP2; port3接 EP3。  4叚3⁄4口^Port diagram 6 shows that ortO is connected to RC; portl is connected to endpointl, referred to as EP1; port2 is connected to EP2; port3 is connected to EP3.
通过查找表 1, 如果作为发送方的 PCIE端点设备为 RC, RC通过 PCIE交 换机的 portO, 将携带了 VD ID的 PCIE报文, 发送给该 PCIE交换机, 其中 携带的 VD ID为 00000010b, 即 VD ID为 1, 则此报文的目的 PCIE端点设备 为 EP1。  By looking up Table 1, if the PCIE endpoint device that is the sender is the RC, the RC sends the PCIE packet carrying the VD ID to the PCIE switch through the portO of the PCIE switch, where the VD ID carried is 00000010b, that is, the VD ID. If 1, the destination PCIE endpoint device of this packet is EP1.
如果作为发送方的 PCIE端点设备为 RC, RC通过 PCIE交换机的 portO, 将携带了 VD ID的 PCIE报文, 发送给该 PCIE交换机, 其中携带的 VD ID为 00000100b, 即 VD ID为 2, 则此报文的目的 PCIE端点设备为 EP1和 EP2。  If the PCIE endpoint device that is the sender is the RC, the RC sends the PCIE packet carrying the VD ID to the PCIE switch through the portO of the PCIE switch, where the VD ID is 00000100b, that is, the VD ID is 2. The destination PCIE endpoint devices are EP1 and EP2.
如果作为发送方的 PCIE端点设备为 ΕΡΙ,ΕΡΙ通过 PCIE交换机的 portl, 将携带了 VD ID的 PCIE报文, 发送给该 PCIE交换机, 其中携带的 VD ID为 00010000b, 即 VD ID为 4, 则此报文的目的 PCIE端点设备为 EP2和 EP3。  If the PCIE endpoint device is the sender, the PCIE packet carrying the VD ID is sent to the PCIE switch through the port1 of the PCIE switch. The VD ID is 00010000b, that is, the VD ID is 4. The destination PCIE endpoint devices are EP2 and EP3.
优选的, 虚拟域标识与端口信息的对应关系来自于虚拟域管理服务器, 是由虚拟域管理服务器建立并根据虚拟域中 PCIE 端点设备的变化 (比如, PCIE端点设备的添加 /删除) 来更新维护的。  Preferably, the correspondence between the virtual domain identifier and the port information comes from the virtual domain management server, which is established by the virtual domain management server and is updated according to the change of the PCIE endpoint device in the virtual domain (for example, the addition/deletion of the PCIE endpoint device). of.
另一种实现方式, 在 PCIE交换机上预置虚拟域标识与 PCIE端点设备信 息的对应关系,根据所述虚拟域标识, 查找虚拟域标识与 PCIE端点设备信息 的对应关系, 获取所述虚拟域标识对应的目的 PCIE端点设备。 一般的, 这个 对应关系可以釆用表格形式。 In another implementation manner, the mapping between the virtual domain identifier and the PCIE endpoint device information is preset on the PCIE switch, and the mapping between the virtual domain identifier and the PCIE endpoint device information is obtained according to the virtual domain identifier, and the virtual domain identifier is obtained. Corresponding purpose PCIE endpoint device. In general, this The correspondence can be in the form of a table.
具体地, PCIE端点设备信息包括 PCIE端点设备的节点号。  Specifically, the PCIE endpoint device information includes a node number of the PCIE endpoint device.
优选的,虚拟域标识与 PCIE端点设备信息的对应关系来自于虚拟域管理 服务器, 是由虚拟域管理服务器建立并根据虚拟域中 PCIE 端点设备的变化 (比如, PCIE 端点设备的添加 /删除) 进行更新维护的。 虚拟域管理服务器 可以是网络中一个专用 PCIE端点设备, 也可以由网络中的任意一个 PCIE端 点设备作为虚拟域管理服务器,进行虚拟域标识与 PCIE端点设备信息的对应 关系的建立和维护。  Preferably, the correspondence between the virtual domain identifier and the PCIE endpoint device information comes from the virtual domain management server, which is established by the virtual domain management server and is changed according to the PCIE endpoint device in the virtual domain (for example, the addition/deletion of the PCIE endpoint device). Updated for maintenance. The virtual domain management server can be a dedicated PCIE endpoint device in the network, or any PCIE endpoint device in the network can be used as the virtual domain management server to establish and maintain the correspondence between the virtual domain identifier and the PCIE endpoint device information.
本发明实施例以所述虚拟域标识与 PCIE 端点设备信息的对应关系中记 录着所述虚拟域标识与所述虚拟域中包含的 PCIE 端点设备的节点号之间的 对应关系为例说明, 如表 2说明: 表中所示的 VD ID为 20的虚拟域中, 包括 2个 PCIE端点设备, 节点号分别为 1和 5 ; 表中所示的 VD ID为 49的虚拟域 中, 包括 5个 PCIE端点设备, 节点号分别为 2、 3、 4、 5、 7。  In the embodiment of the present invention, the correspondence between the virtual domain identifier and the node number of the PCIE endpoint device included in the virtual domain is recorded in the correspondence between the virtual domain identifier and the PCIE endpoint device information. Table 2 illustrates: The virtual domain with a VD ID of 20 shown in the table includes 2 PCIE endpoint devices with node numbers 1 and 5 respectively; the virtual domain with VD ID 49 shown in the table includes 5 PCIE endpoint device, node numbers are 2, 3, 4, 5, and 7, respectively.
表 2  Table 2
Figure imgf000011_0001
若节点号为 2的 PCIE端点设备发送的 PCIE报文, 则只可以在 VD ID为 49的 VD中广播, 因此目的 PCIE端点设备的节点号为 3 , 4 , 5和 7。
Figure imgf000011_0001
If a PCIE packet sent by a PCIE endpoint device with a node number of 2 is broadcasted in a VD with a VD ID of 49, the node numbers of the destination PCIE endpoint device are 3, 4, 5, and 7.
S205、 PCIE交换机向所述目的 PCIE端点设备发送所述 PCIE ^艮文。  S205. The PCIE switch sends the PCIE message to the destination PCIE endpoint device.
如图 6所示, por t O接 RC; por t l接 endpo int l,简称 EP1 ; por t2接 EP2; por t 3接 EP3。  As shown in Fig. 6, por t O is connected to RC; por t l is connected to endpo int l, referred to as EP1; por t2 is connected to EP2; por t 3 is connected to EP3.
需要说明的是, 现有技术中对于每个 PCI Expres s的交换机而言都有一 个唯一的上行端口和若干个下行端口, 交换机的每个端口在内部有一个虚拟 的 P2P桥 ( PCI to PCI Br idge ) 。 每个 P2P桥下面可以连接一个或多个 PCIE 端点设备,比如 EP或者 RC。各个 P2P桥之间通过虚拟 PCI总线( Virtual PCI Bus ) 交互。 It should be noted that in the prior art, for each PCI Expres s switch, there is a unique uplink port and several downlink ports, and each port of the switch has a virtual P2P bridge inside (PCI to PCI Br Idge ). One or more PCIEs can be connected under each P2P bridge Endpoint device, such as EP or RC. Each P2P bridge interacts through a virtual PCI bus (Virtual PCI Bus).
以表 1的实现方式为例,通过查找表 1,如果 RC通过 PCIE交换机的 portO, 将携带了 VD ID的 PCIE报文, 发送给该 PCIE交换机, 其中携带的 VD ID为 00000010b, 即 VD ID为 1, 则此 ^艮文最终通过 portl路由给 EP1。  Take the implementation of Table 1 as an example. If the RC passes through the portO of the PCIE switch, the RC carries the PCIE packet carrying the VD ID to the PCIE switch, where the VD ID is 00000010b, that is, the VD ID is 1, then the ^艮 text is finally routed to EP1 through portl.
如果 RC通过 PCIE交换机的 port 0, 将携带了 VD ID的 PCIE报文, 发送 给该 PCIE交换机, 其中携带的 VD ID为 00000100b, 即 VD ID为 2, 则此报 文最终通过 ortl路由给 EP1, 通过 ort2路由给 EP2。  If the RC passes the port 0 of the PCIE switch, the PCIE packet carrying the VD ID is sent to the PCIE switch, and the VD ID is 00000100b, that is, the VD ID is 2, and the packet is finally routed to the EP1 through the ortl. Route to EP2 via ort2.
如果 EP1通过 PCIE交换机的 portl, 将携带了 VD ID的 PCIE报文, 发 送给该 PCIE交换机, 其中携带的 VD ID为 00010000b, 即 VD ID为 4, 则此 才艮文最终通过 port 2路由给 EP2, 通过 port 3路由给 EP3。  If EP1 passes the port of the PCIE switch, the PCIE packet carrying the VD ID is sent to the PCIE switch, and the VD ID is 00010000b, that is, the VD ID is 4. Then the packet is finally routed to the EP2 through port 2. , routed to EP3 through port 3.
虚拟域内的 MC.Receive接收到 PCIE报文, 则将报文中携带的 VD ID, 艮 MC_Receive 自己的 VD ID进行匹配, 如果属于一个 VD域, 则接收, 如果 不是一个 VD域, 则丟弃或报错。  If the MC.Receive in the virtual domain receives the PCIE packet, the VD ID carried in the packet is matched with the VD ID of the MC_Receive. If it belongs to a VD domain, it is received. If it is not a VD domain, it is discarded or Reported an error.
具体地, MC_Receive可以将虚拟域标识相同的数据包通过网络设备接口 加入 TCP/IP堆栈, 从而将数据包传递给对应的上层应用。  Specifically, the MC_Receive may add the data packet with the same virtual domain identifier to the TCP/IP stack through the network device interface, so as to deliver the data packet to the corresponding upper layer application.
本发明实施例中的虚拟域中既可以包括物理的 PCIE端点设备, 也可以包括 虚拟机。 即本发明实施例中所述的方法, 既可以适用于物理机间的安全隔离, 各物理的 PCIE端点设备都在同一个 PCIE网络里,用户按照业务需求将这些 PCIE 端点设备划分到不同的 VD中,只有在相同 VD中的 PCIE端点设备可以相互通信, 例如, 当一个 VD中的 PCIE端点设备发出广播包时, 其发送范围限制就是该 VD 中的 PCIE端点设备, 并不会把消息发送到该 VD以外的 PCIE端点设备。 同样, 本发明实施例中的方法也适用于虚拟机之间、 虚拟机和物理机之间的安全隔离 业务场景, 用户将虚拟机和物理机划分不同的 VD, VD内的通信仅会在该 VD中 的物理机和虚拟机之间进行, 不会发送到 VD外的虚拟机或物理机中。  The virtual domain in the embodiment of the present invention may include a physical PCIE endpoint device or a virtual machine. That is, the method described in the embodiment of the present invention can be applied to security isolation between physical machines. Each physical PCIE endpoint device is in the same PCIE network, and the user divides the PCIE endpoint devices into different VDs according to service requirements. Only PCIE endpoint devices in the same VD can communicate with each other. For example, when a PCIE endpoint device in a VD sends a broadcast packet, its transmission range limit is the PCIE endpoint device in the VD, and the message is not sent to PCIE endpoint device other than this VD. Similarly, the method in the embodiment of the present invention is also applicable to a security isolation service scenario between a virtual machine and a virtual machine and a physical machine. The user divides the virtual machine and the physical machine into different VDs, and the communication in the VD is only in the The physical machine and the virtual machine in the VD are not sent to the virtual machine or physical machine outside the VD.
当然, 对于虚拟机, 虚拟域标识与 PCIE端点设备信息的对应关系中记录的 也是虚拟域与物理的 PCIE端点设备的对应关系, 这里的物理的 PCIE端点设备 就是虚拟机所在的物理的 PCIE端点设备, 即虚拟域标识与 PCIE端点设备信息 的对应关系中记录的虚拟域标识与虚拟域中包含的 PCIE 端点设备的节点号 的对应关系, 这里的 PCIE 端点设备的节点号可以是虚拟域中包含的物理的 Of course, for the virtual machine, the virtual domain identifier is recorded in the correspondence relationship with the PCIE endpoint device information. It is also the correspondence between the virtual domain and the physical PCIE endpoint device. The physical PCIE endpoint device here is the physical PCIE endpoint device where the virtual machine is located, that is, the virtual domain identifier recorded in the correspondence between the virtual domain identifier and the PCIE endpoint device information. The correspondence between the node numbers of the PCIE endpoint devices included in the virtual domain. The node number of the PCIE endpoint device here may be the physical content contained in the virtual domain.
端点设备的节点号。 The node number of the endpoint device.
本发明实施例中, PCIE交换机接收携带虚拟域标识的 PCIE报文, 仅向 所述虚拟域标识对应的目的 PCIE端点设备发送所述 PCIE报文, 实现了只允 许在同一个虚拟域中的 PCIE 端点设备间进行数据传输,从而能够提高 PCIE 网络中通信的安全性, 避免了网络风暴。 而且, 基于虚拟域标识实现 VD中的 数据传输, 实现方式更灵活, 效率更高。 本发明实施例的装置  In the embodiment of the present invention, the PCIE switch receives the PCIE packet carrying the virtual domain identifier, and sends the PCIE packet only to the destination PCIE endpoint device corresponding to the virtual domain identifier, so that only the PCIE in the same virtual domain is allowed. Data transmission between endpoint devices can improve the security of communication in the PCIE network and avoid network storms. Moreover, the data transmission in the VD is realized based on the virtual domain identifier, and the implementation manner is more flexible and more efficient. Device of embodiment of the invention
本发明实施例 3提供的高速外围组件互连 PCIE端点设备 10的结构如图 The high-speed peripheral component interconnection provided by Embodiment 3 of the present invention is as shown in the figure of the PCIE endpoint device 10
7所示,包括: Figure 7, including:
处理单元 101 , 用于在 PCIE ^艮文中增加虚拟域标识; 发送单元 102 , 用于将携带了所述虚拟域标识的 PCIE报文发送给 PCIE 交换机。  The processing unit 101 is configured to add a virtual domain identifier to the PCIE certificate, and the sending unit 102 is configured to send the PCIE packet carrying the virtual domain identifier to the PCIE switch.
优选地, 处理单元 101用于在所述 ΡΠΕ · ^艮文中增加一种消息类, 通过所 述消息类来携带所述虚拟域标识。 具体可以参照图 2和图 4实施例的描述, 在此不再赘述。  Preferably, the processing unit 101 is configured to add a message class to the MME to carry the virtual domain identifier by using the message class. For details, refer to the description of the embodiment of FIG. 2 and FIG. 4, and details are not described herein again.
优选地, 处理单元 101用于在所述 PCIE ^艮文中增加一种路由方式, 通过 所述路由方式来携带所述虚拟域标识。 具体可以参照图 2和图 5实施例的描 述, 在此不再赘述。  Preferably, the processing unit 101 is configured to add a routing manner to the PCIE, and carry the virtual domain identifier by using the routing manner. For details, refer to the description of the embodiment of FIG. 2 and FIG. 5, and details are not described herein again.
本发明实施例 4提供的高速外围组件互连 PCIE交换机 20的结构如图 8 所示,包括:  The high-speed peripheral component interconnection provided by the embodiment 4 of the present invention has the structure shown in FIG. 8 and includes:
接收单元 201 , 用于接收 PCIE报文, 所述 PCIE报文携带了虚拟域标识; 获取单元 202 , 用于获取所述虚拟域标识对应的目的 PCIE端点设备; 发送单元 203 , 用于向所述目的 PC IE端点设备发送所述 PCIE报文。 在一种可选的实施方式中, 获取单元 202具体用于获取所述虚拟域标识 对应的端口信息, 根据所述端口信息确定所述目的 PCIE端点设备。 The receiving unit 201 is configured to receive a PCIE packet, where the PCIE packet carries a virtual domain identifier. The obtaining unit 202 is configured to acquire the destination PCIE endpoint device corresponding to the virtual domain identifier, and the sending unit 203 is configured to send the PCIE packet to the destination PC IE endpoint device. In an optional implementation manner, the obtaining unit 202 is specifically configured to obtain port information corresponding to the virtual domain identifier, and determine the destination PCIE endpoint device according to the port information.
可选地, PC IE交换机 20还包括存储单元 204 , 用于保存虚拟域标识与端 口信息的对应关系。  Optionally, the PC IE switch 20 further includes a storage unit 204, configured to save a correspondence between the virtual domain identifier and the port information.
获取单元 202用于获取所述虚拟域标识对应的端口信息具体包括: 根据所述虚拟域标识, 查找存储单元 204保存的所述虚拟域标识与端口 信息的对应关系, 获取所述虚拟域标识对应的端口信息。  The obtaining, by the obtaining unit 202, the port information corresponding to the virtual domain identifier, the method includes: searching, according to the virtual domain identifier, a correspondence between the virtual domain identifier and the port information saved by the storage unit 204, and acquiring the virtual domain identifier corresponding to the virtual domain identifier Port information.
在另一种可选的实施方式中, 获取单元 202具体用于: 根据所述虚拟域 标识, 查找虚拟域标识与 PCIE端点设备信息的对应关系, 获取所述虚拟域标 识对应的目的 PCIE端点设备。  In another optional implementation manner, the obtaining unit 202 is specifically configured to: search the corresponding relationship between the virtual domain identifier and the PCIE endpoint device information according to the virtual domain identifier, and obtain the destination PCIE endpoint device corresponding to the virtual domain identifier. .
优选地,所述 PCIE端点设备信息包括 PCIE端点设备的节点号,所述 PCIE 端点设备的节点号为所述虚拟域标识对应的物理的 PCIE 端点设备的节点号 具体的流程, 可以参照方法实施例的描述。  Preferably, the PCIE endpoint device information includes a node number of the PCIE endpoint device, and the node number of the PCIE endpoint device is a node number of the physical PCIE endpoint device corresponding to the virtual domain identifier, and may refer to the method embodiment. description of.
如图 9所示, 为本发明实施例提供的控制器 300 , 包括: 包括至少一个 处理器 301、 存储器 305、 至少一个通信接口 304 , 和至少一系统总线 302。  As shown in FIG. 9, a controller 300 according to an embodiment of the present invention includes: at least one processor 301, a memory 305, at least one communication interface 304, and at least one system bus 302.
处理器 301、存储器 305、和通信接口 304之间通过系统总线 302连接并 完成相互间的通信;  The processor 301, the memory 305, and the communication interface 304 are connected by the system bus 302 and complete communication with each other;
通信接口 304 , 用于与高速外围组件互连 PCIE端点设备通信。  A communication interface 304 is configured to communicate with the high speed peripheral component interconnect PCIE endpoint device.
存储器 305存储计算机执行指令, 比如存储操作系统 306 , 当控制器 300 运行时, 处理器 301与存储器 305通信, 处理器 301执行所述计算机执行指 令使得控制器 300执行本发明实施例 1所描述的方法, 其实现原理和技术效 果与前面实施例 2类似, 此处不再赘述。 操作系统 306 , 包含各种程序, 用 于实现各种基础业务以及处理基于硬件的任务。 该控制器 300可选的包含用户接口 303 , 比如显示器、 键盘或者其他点 击设备。 The memory 305 stores computer execution instructions, such as a storage operating system 306. When the controller 300 is running, the processor 301 is in communication with the memory 305, and the processor 301 executes the computer to execute the instructions such that the controller 300 executes the embodiment described in the first embodiment of the present invention. The implementation principle and the technical effect of the method are similar to those of the previous embodiment 2, and are not described herein again. The operating system 306 includes various programs for implementing various basic services and processing hardware-based tasks. The controller 300 optionally includes a user interface 303 such as a display, keyboard or other pointing device.
另外, 本发明实施例中还提供一种计算机可读介质, 包含计算机执行指 令, 计算机执行指令能够使控制器 300执行本发明实施例 2所描述的方法, 其实现原理和技术效果与前面实施例 2类似, 此处不再赘述。  In addition, the embodiment of the present invention further provides a computer readable medium, which includes a computer-executed instruction, and the computer-executable instruction enables the controller 300 to perform the method described in Embodiment 2 of the present invention. The implementation principle and technical effects thereof are compared with the previous embodiment. 2 is similar and will not be described here.
本发明实施例还提供一种 PCIE系统, 包括如图 7所示的 PCIE端点设备 和如图 8所示的 PCIE交换机。 具体参照前面实施例的描述。  The embodiment of the present invention further provides a PCIE system, including a PCIE endpoint device as shown in FIG. 7 and a PCIE switch as shown in FIG. Reference is specifically made to the description of the previous embodiments.
本发明实施例中, PCIE端点设备向 PCIE交换机发送携带虚拟域标识的 PCIE报文,使得 PCIE交换机仅向所述虚拟域标识对应的目的 PCIE端点设备 发送所述 PCIE报文, 实现了只允许在同一个虚拟域中的 PCIE端点设备间进 行数据传输,从而能够提高 PCIE网络中通信的安全性, 避免了网络风暴。 而 且, 基于虚拟域标识实现 VD中的数据传输, 实现方式更灵活, 效率更高。  In the embodiment of the present invention, the PCIE endpoint device sends the PCIE packet carrying the virtual domain identifier to the PCIE switch, so that the PCIE switch sends the PCIE packet only to the destination PCIE endpoint device corresponding to the virtual domain identifier, which is only allowed in the PCIE switch. Data transmission between PCIE endpoint devices in the same virtual domain can improve the security of communication in the PCIE network and avoid network storms. Moreover, the data transmission in the VD is realized based on the virtual domain identifier, and the implementation manner is more flexible and more efficient.
通过以上的实施方式的描述, 所属领域的技术人员可以清楚地了解到本 发明可以用硬件实现, 或固件实现, 或它们的组合方式来实现。 当使用软件 实现时, 可以将上述功能存储在计算机可读介质中或作为计算机可读介质上 的一个或多个指令或代码进行传输。 计算机可读介质包括计算机存储介质和 通信介质, 其中通信介质包括便于从一个地方向另一个地方传送计算机程序 的任何介质。 存储介质可以是计算机能够存取的任何可用介质。 以此为例但 不限于: 计算机可读介质可以包括 RAM、 ROM, EEPR0M、 CD-ROM或其他光盘存 储、 磁盘存储介质或者其他磁存储设备、 或者能够用于携带或存储具有指令 或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质。 此 夕卜。 任何连接可以适当的成为计算机可读介质。 例如, 如果软件是使用同轴 电缆、 光纤光缆、 双绞线、 数字用户线(DSL )或者诸如红外线、 无线电和微 波之类的无线技术从网站、 服务器或者其他远程源传输的, 那么同轴电缆、 光纤光缆、 双绞线、 DSL 或者诸如红外线、 无线和微波之类的无线技术包括 在所属介质的定影中。 如本发明所使用的, 盘 (Di sk ) 和碟(di sc ) 包括压 缩光碟(CD ) 、 激光碟、 光碟、 数字通用光碟(DVD ) 、 软盘和蓝光光碟, 其 中盘通常磁性的复制数据, 而碟则用激光来光学的复制数据。 上面的组合也 应当包括在计算机可读介质的保护范围之内。 Through the description of the above embodiments, it will be apparent to those skilled in the art that the present invention can be implemented in hardware, firmware implementation, or a combination thereof. When implemented in software, the functions described above may be stored in or transmitted as one or more instructions or code on a computer readable medium. Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another. A storage medium may be any available media that can be accessed by a computer. By way of example and not limitation, the computer readable medium can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage media or other magnetic storage device, or can be used to carry or store an instruction or data structure. The desired program code and any other medium that can be accessed by the computer. This evening. Any connection may suitably be a computer readable medium. For example, if the software is transmitted from a website, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable , fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, wireless, and microwaves are included in the fixing of the associated media. As used in the present invention, the disc (Di sk ) and the disc (di sc ) include pressure Compact discs (CDs), laser discs, optical discs, digital versatile discs (DVDs), floppy discs, and Blu-ray discs, where discs are usually magnetically replicated, while discs use lasers to optically replicate data. Combinations of the above should also be included within the scope of the computer readable media.
总之, 以上所述仅为本发明技术方案的较佳实施例而已, 并非用于限定 本发明的保护范围。 凡在本发明的精神和原则之内, 所作的任何修改、 等同 替换、 改进等, 均应包含在本发明的保护范围之内。  In summary, the above description is only a preferred embodiment of the technical solution of the present invention, and is not intended to limit the scope of the present invention. Any modifications, equivalents, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 Rights request
1、 一种在虚拟域中通信的方法, 其特征在于, 包括: 1. A method of communicating in a virtual domain, characterized by including:
高速外围组件互连 PCIE交换机接收 PCIE报文,所述 PCIE报文携带了虚 拟 i或标识; The high-speed peripheral component interconnection PCIE switch receives the PCIE message, and the PCIE message carries the virtual i or identifier;
获取所述虚拟域标识对应的目的 PCIE端点设备; Obtain the destination PCIE endpoint device corresponding to the virtual domain identifier;
向所述目的 PCIE端点设备发送所述 PCIE报文。 Send the PCIE message to the destination PCIE endpoint device.
2、 根据权利要求 1 所述的方法, 其特征在于, 获取所述虚拟域标识对 应的目的 PCIE端点设备具体包括: 2. The method according to claim 1, wherein obtaining the destination PCIE endpoint device corresponding to the virtual domain identifier specifically includes:
获取所述虚拟域标识对应的端口信息,根据所述端口信息确定所述目的 PCIE端点设备。 Obtain the port information corresponding to the virtual domain identifier, and determine the destination PCIE endpoint device according to the port information.
3、 根据权利要求 2所述的方法, 其特征在于, 在所述 PCIE交换机上预 置虚拟域标识与端口信息的对应关系; 3. The method according to claim 2, characterized in that the corresponding relationship between the virtual domain identifier and the port information is preset on the PCIE switch;
获取所述虚拟域标识对应的端口信息具体包括: 根据所述虚拟域标识, 查找所述虚拟域标识与端口信息的对应关系,获取所述虚拟域标识对应的端 口信息。 Obtaining the port information corresponding to the virtual domain identifier specifically includes: searching for the corresponding relationship between the virtual domain identifier and the port information according to the virtual domain identifier, and obtaining the port information corresponding to the virtual domain identifier.
4、 根据权利要求 3 所述的方法, 其特征在于, 所述虚拟域标识与端口 信息的对应关系来自于虚拟域管理服务器,并由所述虚拟域管理服务器建立 和维护。 4. The method according to claim 3, characterized in that the corresponding relationship between the virtual domain identifier and the port information comes from the virtual domain management server, and is established and maintained by the virtual domain management server.
5、 根据权利要求 1 所述的方法, 其特征在于, 获取所述虚拟域标识对 应的目的 PCIE端点设备具体包括: : 5. The method according to claim 1, wherein obtaining the destination PCIE endpoint device corresponding to the virtual domain identifier specifically includes:
根据所述虚拟域标识, 查找虚拟域标识与 PCIE端点设备信息的对应关 系, 获取所述虚拟域标识对应的目的 PCIE端点设备。 According to the virtual domain identifier, the corresponding relationship between the virtual domain identifier and the PCIE endpoint device information is searched, and the destination PCIE endpoint device corresponding to the virtual domain identifier is obtained.
6、 根据权利要求 5所述的方法, 其特征在于, 所述 PCIE端点设备信息 包括 PCIE端点设备的节点号,所述 PCIE端点设备的节点号为所述虚拟域标 识对应的物理的 PCIE端点设备的节点号或所述虚拟域标识对应的虚拟机所 在的物理的 PCIE端点设备的节点号。 6. The method of claim 5, wherein the PCIE endpoint device information includes a node number of the PCIE endpoint device, and the node number of the PCIE endpoint device is the physical PCIE endpoint device corresponding to the virtual domain identifier. The node number or the node number of the physical PCIE endpoint device where the virtual machine is located corresponding to the virtual domain identifier.
7、 一种在虚拟域中通信的方法, 其特征在于, 包括: 7. A method of communicating in a virtual domain, characterized by including:
高速外围组件互连 PC I E端点设备在 PCIE报文中增加虚拟域标识; 将携带了所述虚拟域标识的 PCIE报文发送给 PCIE交换机。 High-speed peripheral component interconnection PC IE endpoint device adds a virtual domain identifier to the PCIE message; sends the PCIE message carrying the virtual domain identifier to the PCIE switch.
8、 根据权利要求 7所述的方法, 其特征在于, 在所述 PCIE报文中增加 一种消息类, 通过所述消息类来携带所述虚拟域标识。 8. The method according to claim 7, characterized in that a message class is added to the PCIE message, and the virtual domain identifier is carried through the message class.
9、 根据权利要求 7所述的方法, 其特征在于, 在所述 PCIE报文中增加 一种路由方式, 通过所述路由方式来携带所述虚拟域标识。 9. The method according to claim 7, characterized in that a routing mode is added to the PCIE message to carry the virtual domain identifier through the routing mode.
10、 一种高速外围组件互连 PCIE交换机, 其特征在于, 包括: 接收单元, 用于接收 PCIE报文, 所述 PCIE报文携带了虚拟域标识; 获取单元, 用于获取所述虚拟域标识对应的目的 PCIE端点设备; 发送单元, 用于向所述目的 PCIE端点设备发送所述 PCIE报文。 10. A high-speed peripheral component interconnection PCIE switch, characterized in that it includes: a receiving unit, used to receive PCIE messages, where the PCIE messages carry a virtual domain identifier; an acquisition unit, used to obtain the virtual domain identifier The corresponding destination PCIE endpoint device; a sending unit, configured to send the PCIE message to the destination PCIE endpoint device.
11、 根据权利要求 10所述的交换机, 其特征在于, 所述获取单元具体 用于获取所述虚拟域标识对应的端口信息,根据所述端口信息确定所述目的 PCIE端点设备。 11. The switch according to claim 10, wherein the obtaining unit is specifically configured to obtain the port information corresponding to the virtual domain identifier, and determine the destination PCIE endpoint device according to the port information.
12、 根据权利要求 11 所述的交换机, 其特征在于, 还包括存储单元, 所述存储单元用于保存虚拟域标识与端口信息的对应关系; 12. The switch according to claim 11, further comprising a storage unit, the storage unit being used to save the corresponding relationship between the virtual domain identifier and the port information;
所述获取单元用于获取所述虚拟域标识对应的端口信息具体包括: 根据所述虚拟域标识, 查找所述虚拟域标识与端口信息的对应关系, 获 取所述虚拟域标识对应的端口信息。 The acquisition unit is configured to obtain the port information corresponding to the virtual domain identifier, which specifically includes: searching the corresponding relationship between the virtual domain identifier and the port information according to the virtual domain identifier, and obtaining the port information corresponding to the virtual domain identifier.
13、 根据权利要求 10所述的交换机, 其特征在于, 所述获取单元具体 用于: 根据所述虚拟域标识, 查找虚拟域标识与 PCIE端点设备信息的对应 关系, 获取所述虚拟域标识对应的目的 PCIE端点设备。 13. The switch according to claim 10, wherein the obtaining unit is specifically configured to: according to the virtual domain identification, find the correspondence between the virtual domain identification and the PCIE endpoint device information, and obtain the correspondence between the virtual domain identification and the PCIE endpoint device information. The destination PCIE endpoint device.
14、 根据权利要求 13所述的交换机, 其特征在于, 所述 PCIE端点设备 信息包括 PCIE端点设备的节点号,所述 PCIE端点设备的节点号为所述虚拟 域标识对应的物理的 PCIE端点设备的节点号或所述虚拟域标识对应的虚拟 机所在的物理的 PCIE端点设备的节点号。 14. The switch according to claim 13, wherein the PCIE endpoint device information includes a node number of the PCIE endpoint device, and the node number of the PCIE endpoint device is the physical PCIE endpoint device corresponding to the virtual domain identifier. The node number or the node number of the physical PCIE endpoint device where the virtual machine is located corresponding to the virtual domain identifier.
15、 一种高速外围组件互连 PCIE端点设备, 其特征在于, 包括: 处理单元, 用于在 PCIE ^艮文中增加虚拟域标识; 15. A high-speed peripheral component interconnection PCIE endpoint device, characterized by including: a processing unit for adding a virtual domain identifier to the PCIE context;
发送单元, 用于将携带了所述虚拟域标识的 PCIE报文发送给 PCIE交换 机。 A sending unit, configured to send the PCIE message carrying the virtual domain identifier to the PCIE switch.
16、 根据权利要求 15 所述的设备, 其特征在于, 所述处理单元具体用 于在所述 PCIE报文中增加一种消息类, 通过所述消息类来携带所述虚拟域 标识。 16. The device according to claim 15, wherein the processing unit is specifically configured to add a message class to the PCIE message, and carry the virtual domain identifier through the message class.
17、 根据权利要求 15 所述的设备, 其特征在于, 所述处理单元具体用 于在所述 PCIE报文中增加一种路由方式, 通过所述路由方式来携带所述虚 拟域标识。 17. The device according to claim 15, wherein the processing unit is specifically configured to add a routing mode to the PCIE message, and carry the virtual domain identifier through the routing mode.
18、 一种控制器, 其特征在于, 包括: 18. A controller, characterized in that it includes:
处理器、 存储器、 系统总线和通信接口, 所述处理器、 所述存储器和所 述通信接口之间通过所述系统总线连接并完成相互间的通信; A processor, a memory, a system bus and a communication interface. The processor, the memory and the communication interface are connected through the system bus and communicate with each other;
所述通信接口, 用于与高速外围组件互连 PCIE端点设备通信; The communication interface is used to communicate with PCIE endpoint devices interconnected with high-speed peripheral components;
所述存储器, 用于存储计算机执行指令; The memory is used to store computer execution instructions;
所述处理器, 用于运行所述计算机执行指令, 执行如权利要求 1-6所述 的方法。 The processor is used to run the computer execution instructions to perform the method described in claims 1-6.
19、一种计算机程序产品,包括存储了程序代码的计算机可读存储介质, 所述程序代码包括的指令用于执行如权利要求 1-6任一所述的方法。 19. A computer program product, comprising a computer-readable storage medium storing program code, the program code including instructions for executing the method according to any one of claims 1-6.
20、一种高速外围组件互连 PCIE系统,包括如权利要求 10-14所述的 PCIE 交换机和如权利要求 15-17所述的 PCIE端点设备。 20. A high-speed peripheral component interconnection PCIE system, including a PCIE switch as claimed in claims 10-14 and a PCIE endpoint device as claimed in claims 15-17.
PCT/CN2013/078986 2013-07-08 2013-07-08 Communication method, device and system in virtual domain WO2015003295A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201380001344.8A CN103931144B (en) 2013-07-08 2013-07-08 A kind of method, apparatus and system communicated in virtual Domain
PCT/CN2013/078986 WO2015003295A1 (en) 2013-07-08 2013-07-08 Communication method, device and system in virtual domain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/078986 WO2015003295A1 (en) 2013-07-08 2013-07-08 Communication method, device and system in virtual domain

Publications (1)

Publication Number Publication Date
WO2015003295A1 true WO2015003295A1 (en) 2015-01-15

Family

ID=51147973

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/078986 WO2015003295A1 (en) 2013-07-08 2013-07-08 Communication method, device and system in virtual domain

Country Status (2)

Country Link
CN (1) CN103931144B (en)
WO (1) WO2015003295A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105450430B (en) * 2014-07-17 2019-02-26 华为技术有限公司 A kind of information transferring method and device
US9626300B2 (en) * 2015-07-27 2017-04-18 Google Inc. Address caching in switches
CN106933753B (en) * 2015-12-31 2020-04-21 华为技术有限公司 Control method and device of intelligent interface card
CN107770072B (en) * 2016-08-18 2021-01-08 阿里巴巴集团控股有限公司 Method and equipment for sending and receiving message
US11321267B2 (en) * 2016-09-30 2022-05-03 Hewlett-Packard Development Company, L.P. Safe peripheral device communications
CN107566238B (en) * 2017-08-30 2020-03-27 成都安恒信息技术有限公司 Method for automatically identifying vlan frame and non-vlan frame through user-state configuration physical interface
CN113114569B (en) * 2020-01-10 2023-06-02 北京京东尚科信息技术有限公司 Method and device for unloading data stream
CN112835837B (en) * 2021-02-04 2023-06-23 北京百度网讯科技有限公司 Method for establishing data connection, related device and computer program product
CN115277287A (en) * 2022-06-17 2022-11-01 重庆长安汽车股份有限公司 Configurable CAN message acquisition method and system based on Ethernet

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101883158A (en) * 2010-06-28 2010-11-10 中兴通讯股份有限公司 Method and client for acquiring VLAN (Virtual Local Area Network) IDs (Identifiers) and network protocol addresses
CN102694717A (en) * 2011-03-23 2012-09-26 成都市华为赛门铁克科技有限公司 Method, device and system for transmitting messages on PCIE bus
CN102870381A (en) * 2012-06-29 2013-01-09 华为技术有限公司 PCIE switching system, apparatus and switching method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101883158A (en) * 2010-06-28 2010-11-10 中兴通讯股份有限公司 Method and client for acquiring VLAN (Virtual Local Area Network) IDs (Identifiers) and network protocol addresses
CN102694717A (en) * 2011-03-23 2012-09-26 成都市华为赛门铁克科技有限公司 Method, device and system for transmitting messages on PCIE bus
CN102870381A (en) * 2012-06-29 2013-01-09 华为技术有限公司 PCIE switching system, apparatus and switching method

Also Published As

Publication number Publication date
CN103931144B (en) 2015-11-25
CN103931144A (en) 2014-07-16

Similar Documents

Publication Publication Date Title
WO2015003295A1 (en) Communication method, device and system in virtual domain
US7996569B2 (en) Method and system for zero copy in a virtualized network environment
US9413554B2 (en) Virtual network overlays
WO2018086014A1 (en) Packet processing method in cloud computing system, host, and system
CN105612719B (en) Advanced network virtualization using metadata in encapsulation headers
US8830870B2 (en) Network adapter hardware state migration discovery in a stateful environment
US7970913B2 (en) Virtualizing sockets to enable the migration of a system environment
JP6087922B2 (en) Communication control method and gateway
CN112398817B (en) Data sending method and device
US20130086298A1 (en) Live Logical Partition Migration with Stateful Offload Connections Using Context Extraction and Insertion
US20120291024A1 (en) Virtual Managed Network
US11431624B2 (en) Communication method and network interface card
US10057162B1 (en) Extending Virtual Routing and Forwarding at edge of VRF-aware network
WO2014079005A1 (en) Mac address mandatory forwarding device and method
WO2020083016A1 (en) Data transmission method and device
US10616105B1 (en) Extending virtual routing and forwarding using source identifiers
CN106331206B (en) Domain name management method and device
JP2016522627A (en) Packet processing method and apparatus
KR101657026B1 (en) A virtual private lan service based edge router
WO2014089799A1 (en) Method and apparatus for determining virtual machine drifting
JP2014011674A (en) Storage system management program and storage system management device
US9479438B2 (en) Link aggregation based on virtual interfaces of VLANs
CN105446797A (en) Virtual machine access service method
US20140310377A1 (en) Information processing method and information processing apparatus
US12003417B2 (en) Communication method and apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13889172

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13889172

Country of ref document: EP

Kind code of ref document: A1