WO2015113410A1

WO2015113410A1 - Data packet processing method and apparatus

Info

Publication number: WO2015113410A1
Application number: PCT/CN2014/089628
Authority: WO
Inventors: 肖文曙
Original assignee: 华为技术有限公司
Priority date: 2014-01-28
Filing date: 2014-10-28
Publication date: 2015-08-06
Also published as: CN104811382B; CN104811382A

Abstract

Embodiments of the present invention relate to a data packet processing method and apparatus. The method comprises: a source controller receiving a data packet sent by a source virtual machine and forwarded by a source virtual switch; the source controller identifying, according to an IP address comprised in the data packet, whether the IP address is stored in an address list; if the IP address is not stored in the address list, the source controller determining that a target virtual machine is not located in a source data center; the source controller determining a first forwarding rule used for forwarding the data packet to the target virtual machine; and the source controller separately sending the first forwarding rule to the source virtual switch and a source virtual proxy, so that the source virtual switch forwards the data packet to the source virtual proxy by using the first forwarding rule, and the source virtual proxy forwards the data packet to a target data center where the target virtual machine is located by using the first forwarding rule and a stored route forwarding table, the source controller, the source virtual switch, the source virtual machine and the source virtual proxy are located in the source data center.

Description

Data packet processing method and device

The present application claims priority to Chinese Patent Application No. 201410041372.9, entitled "Processing Method and Apparatus for Data Packets", filed on January 28, 2014, the entire contents of which is incorporated herein by reference. .

Technical field

The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for processing a data packet.

Background technique

In order to implement services such as disaster recovery and dynamic migration of virtual machines across data centers, currently, the SDN cluster control technology (Virtual Area Defined Network, SDN) and virtual extended LAN (with Wide Area Network (WAN)) Virtual Extensible LAN (VXLAN) technology combines to implement an overlay Layer 2 network between multiple data centers to provide customers with flexible scalability.

As shown in Figure 1-A, SDN cluster control technology and VXLAN technology combine to implement Layer 2 network interconnection between multiple data centers. Each data center has an SDN controller, an aggregation switch, an access switch, and multiple physical servers. The virtual switch and the virtual machine are loaded on each physical server, and the information stored by any one of the SDN controllers needs to be combined with other SDNs. The controller performs information sharing and synchronization, and each SDN controller can manage the transmission path of the data packet.

In FIG. 1, when the SDN controller grasps the global information, when the first virtual machine in the data center A communicates with the second virtual machine in the data center B, when viewed from the overlay network level, two virtual The machine is directly connected. The actual physical network that passes through is shown by the dotted line in the figure. The first virtual machine loaded on the first physical server transmits the data packet to the first virtual switch, and the first virtual switch transmits the data packet to the first connection. Into the switch, the first access switch will packet Transmitting to the first core switch, the first core switch transmits the data packet to the second core switch in the data center B through the routing network, the second core switch transmits the data packet to the second access switch, and the second access switch The data packet is transmitted to the corresponding second virtual switch, and is transmitted by the second virtual switch to the second virtual machine, and the second virtual machine performs subsequent processing on the data packet, thereby implementing Layer 2 network interconnection between the data centers. . In the foregoing communication process, when the virtual switch, the access switch, and the core switch transmit the data packet, the data packet is forwarded according to the forwarding rule stored by the forwarding device according to the VXLAN outer header information.

However, the solutions in the prior art also expose the following problems: 1) Since the information stored by each SDN controller needs to be shared and synchronized, sharing and synchronizing a large amount of information across the WAN will lead to an increase in network overhead, and an SDN controller is added. 2) The virtual machine communicates with each other, and there is a transmission path between the communication virtual machines. As shown in Figure 1-B, the virtual machines are full mesh networks, increasing the complexity of the network system. The SDN controller needs to manage the transmission path between each two communication virtual machines in real time, wastes the processing resources of the SDN controller, and reduces the processing efficiency of the SDN controller for the data packets.

Summary of the invention

Embodiments of the present invention provide a method and an apparatus for processing a data packet, which implement Layer 2 network interconnection and VM communication between multiple data centers.

In a first aspect, an embodiment of the present invention provides a method for processing a data packet, where the method includes:

The source controller receives a data packet sent by the source virtual machine and transmitted by the source virtual machine, where the data packet carries a target address of the data packet, where the target address includes a destination virtual machine that communicates with the source virtual machine. IP address;

Determining, according to an IP address of the target virtual machine, whether the IP address of the destination virtual machine is stored in an address list;

If the IP address of the destination virtual machine is not stored in the address list, the source control Determining that the destination virtual machine is not in the source data center;

The source controller determines a first forwarding rule for forwarding the data packet to the destination virtual machine;

Transmitting, by the source controller, the first forwarding rule to the source virtual switch and the source virtual proxy, respectively, to cause the source virtual switch to forward the data packet to the source by using the first forwarding rule a virtual agent, the source virtual agent forwarding the data packet to a destination data center where the destination virtual machine is located by using the information of the first forwarding rule and the stored routing forwarding table;

The source controller, the source virtual switch, the source virtual machine, and the source virtual agent are both in the source data center.

In a first possible implementation manner, the target address further includes a MAC address of the destination virtual machine;

If the destination virtual machine is not in the source data center, the source controller determines that the first forwarding rule for forwarding the data packet to the destination virtual machine specifically includes:

If the destination virtual machine is not in the source data center, and the destination virtual machine is in the same network segment as the source virtual machine, the source controller is configured according to the MAC address of the destination virtual machine and the destination The IP address of the virtual machine determines a first forwarding rule for forwarding the data packet to the destination virtual machine.

With reference to the first possible implementation of the first aspect, in a second possible implementation, before the source controller receives the data packet sent by the source virtual machine and forwarded by the source virtual machine, the source controller further includes:

The source controller receives an ARP request that is sent by the source virtual switch and is sent by the source virtual machine, where the ARP request is used to obtain a MAC address of the destination virtual machine, where the ARP request includes the destination virtual IP address of the machine;

Determining, according to the IP address of the destination virtual machine, the MAC address of the destination virtual machine that matches the IP address of the destination virtual machine in the address list;

If the source controller does not find the MAC address of the destination virtual machine, the source controller determines to forward the transmission path of the data packet;

Determining, according to the transmission path, a second forwarding rule for forwarding the ARP request to the destination virtual machine;

The source controller respectively sends a second forwarding rule to the source virtual switch and the source virtual proxy, so that the source virtual switch forwards the ARP request to the source by using the second forwarding rule a virtual proxy, the source virtual proxy forwards the ARP request to the destination data center by using the second forwarding rule and the stored routing forwarding table, and passes the received ARP response sent by the destination virtual machine The source virtual switch sends the source virtual machine, and the ARP response includes a MAC address of the destination virtual machine.

In a third possible implementation, if the destination virtual machine is not in the source data center, the source controller determines a first one for forwarding the data packet to the destination virtual machine. The forwarding rules specifically include:

If the destination virtual machine is not in the source data center, and the destination virtual machine and the source virtual machine are in different network segments, the source controller acquires the destination virtual network according to the IP address of the destination virtual machine. The MAC address of the gateway;

Determining, according to the MAC address of the destination virtual gateway and the IP address of the destination virtual machine, the transmission path of forwarding the data packet;

Based on the transmission path, the source controller determines a first forwarding rule for forwarding the data packet to the destination virtual machine.

In conjunction with the third possible implementation of the first aspect, in a fourth possible implementation, the target address further includes a MAC address of the source virtual gateway;

Before the source controller sends the first forwarding rule to the source virtual switch and the source virtual proxy, the method further includes:

The source controller carries the MAC address of the destination virtual gateway in the first forwarding rule, so that the source virtual switch uses the first forwarding rule to use the source gateway. The MAC address and the MAC address of the destination gateway are encapsulated in the data packet, and the encapsulated data packet is forwarded to the source virtual proxy.

In conjunction with the fourth possible implementation of the first aspect, in a fifth possible implementation, before the source controller receives the data packet sent by the source virtual machine and forwarded by the source virtual machine, the source controller further includes:

The source controller receives an ARP request sent by the source virtual switch, and the ARP request is used to obtain a MAC address of the source virtual gateway, where the ARP request includes the source virtual The IP address of the gateway;

Determining, according to the IP address of the source virtual gateway, whether the MAC address of the source virtual gateway that matches the IP address is stored in the address list;

If the source controller finds the MAC address of the source virtual gateway, the source controller sends an ARP response to the source virtual machine by using the source virtual switch, where the ARP response includes the source virtual gateway MAC address.

In a second aspect, an embodiment of the present invention provides a method for processing a data packet, where the method includes:

The destination controller receives the data packet sent by the source virtual agent forwarded by the destination virtual agent, where the data packet carries a target address of the data packet, where the target address includes an IP address of the destination virtual machine;

Determining, according to the IP address of the destination virtual machine, whether the IP address of the destination virtual machine is stored in the address list;

If the IP address of the destination virtual machine is stored in the address list, the destination controller determines that the destination virtual machine is in the destination data center;

Determining, by the destination controller, a first forwarding rule for forwarding the data packet to the destination virtual machine;

The destination controller sends a first forwarding rule to the destination virtual agent and the destination virtual switch, respectively, so that the destination virtual agent uses the first forwarding rule to use the data packet. Forwarding to the destination virtual switch, the destination virtual switch forwarding the data packet to the destination virtual machine by using the first forwarding rule;

The destination controller, the destination virtual proxy, and the destination virtual switch are in a destination data center, and the source virtual proxy is in a source data center.

If the destination virtual machine is in the destination data center, the destination controller determines that the first forwarding rule for forwarding the data packet to the destination virtual machine specifically includes:

If the destination virtual machine is in the destination data center, and the destination virtual machine is in the same network segment as the source virtual machine, the destination controller searches for a presence or absence according to the MAC address of the destination virtual machine. The destination virtual machine matches the connected virtual switch of the destination;

If the destination controller finds the destination virtual switch that is connected to the destination virtual machine, the destination controller determines, according to the MAC address of the destination virtual gateway and the IP address of the destination virtual machine. Forwarding the transmission path of the data packet;

And according to the transmission path, the destination controller determines a first forwarding rule for forwarding the data packet to the destination virtual machine.

With reference to the first possible implementation of the second aspect, in a second possible implementation manner, before the destination controller receives the data packet sent by the source virtual proxy that is forwarded by the destination virtual proxy, the method further includes:

Receiving, by the destination virtual agent, an ARP request sent by the source virtual agent, where the ARP request is used to obtain a MAC address of the destination virtual machine, where the ARP request includes the destination virtual machine IP address;

Determining, according to the IP address of the destination virtual machine, the destination virtual switch that is connected to the destination virtual machine;

If the destination controller finds the destination virtual switch that is connected to the destination virtual machine, the destination controller determines to forward the ARP request to the destination virtual The second forwarding rule of the aircraft;

Transmitting, by the destination controller, the second forwarding rule to the destination virtual proxy and the destination virtual switch, respectively, to enable the destination virtual proxy to forward the ARP request to the a destination virtual switch, the destination virtual switch forwarding the ARP request to the destination virtual machine by using the second forwarding rule, and receiving an ARP response sent by the destination virtual machine, and passing the destination virtual proxy Sending the ARP response to the source virtual agent, the ARP response including a MAC address of the destination virtual machine.

In a third possible implementation manner, if the destination virtual machine is in the destination data center, the destination controller determines a first forwarding for forwarding the data packet to the destination virtual machine. The rules specifically include:

If the destination virtual machine is in the destination data center, and the destination virtual machine and the source virtual machine are in different network segments, the destination controller acquires the destination virtual machine according to the IP address of the destination virtual machine. MAC address;

Determining, according to the MAC address of the destination virtual machine, the destination virtual switch that has a matching connection with the destination virtual machine;

If the destination controller finds the destination virtual switch that is matched with the destination virtual machine, the destination controller determines forwarding according to the destination virtual MAC address and the destination virtual machine IP address. The transmission path of the data packet;

In a third aspect, an embodiment of the present invention provides a processing apparatus for a data packet, where the apparatus includes:

a receiving unit, configured to receive, by the source virtual switch, a data packet sent by the source virtual machine, where the data packet carries a target address of the data packet, where the target address includes a destination virtuality that is in communication with the source virtual machine IP address of the machine;

An identifying unit, configured to identify the destination virtual machine according to an IP address of the destination virtual machine Whether the IP address is already stored in the address list;

a determining unit, configured to determine that the destination virtual machine is not in the source data center if an IP address of the destination virtual machine is not stored in the address list;

The determining unit is further configured to determine a first forwarding rule for forwarding the data packet to the destination virtual machine;

a sending unit, configured to separately send the first forwarding rule to the source virtual switch and the source virtual proxy, so that the source virtual switch forwards the data packet to the source by using the first forwarding rule a virtual proxy, the source virtual proxy forwarding the data packet to a destination data center where the destination virtual machine is located by using the first forwarding rule and the stored routing forwarding table;

The processing device of the data packet, the source virtual switch, the source virtual machine, and the source virtual agent are both in the source data center.

In a first possible implementation, the target address of the data packet received by the receiving unit further includes a MAC address of the destination virtual machine;

The determining unit is specifically configured to: if the destination virtual machine is not in the source data center, and the destination virtual machine is in the same network segment as the source virtual machine, according to the MAC address of the destination virtual machine and Determining, by the IP address of the destination virtual machine, a transmission path for forwarding the data packet;

Determining, according to the transmission path, a first forwarding rule for forwarding the data packet to the destination virtual machine.

In conjunction with the first possible implementation of the third aspect, in a second possible implementation, the receiving unit is further configured to receive an ARP request sent by the source virtual switch and sent by the source virtual machine The ARP request is used to obtain a MAC address of the destination virtual machine, where the ARP request includes an IP address of the destination virtual machine.

The device further includes: a first searching unit, configured to search, according to an IP address of the destination virtual machine, whether a MAC of the destination virtual machine that matches an IP address of the destination virtual machine is stored in the address list Address

The determining unit is further configured to: if the MAC address of the destination virtual machine is not found, determine a second forwarding rule for forwarding the ARP request to the destination virtual machine;

The sending unit is further configured to send a second forwarding rule to the source virtual switch and the source virtual proxy respectively, so that the source virtual switch forwards the ARP request to the second forwarding rule by using the second forwarding rule to The source virtual agent, the source virtual proxy forwards the ARP request to the destination data center by using the second forwarding rule and the stored routing forwarding table, and sends the received destination virtual machine The ARP response is sent to the source virtual machine by the source virtual switch, and the ARP response includes a MAC address of the destination virtual machine.

In a third possible implementation, the determining unit is specifically configured to: if the destination virtual machine is not in the source data center, and the destination virtual machine and the source virtual machine are in different network segments, Obtaining a MAC address of the destination virtual gateway according to the IP address of the destination virtual machine;

Determining, according to the MAC address of the destination virtual gateway and the IP address of the destination virtual machine, a transmission path for forwarding the data packet;

With reference to the third possible implementation manner of the third aspect, in a fourth possible implementation, the target address of the data packet received by the receiving unit further includes a MAC address of the source virtual gateway;

The device further includes: a processing unit, configured to carry a MAC address of the destination virtual gateway in the first forwarding rule, so that the source virtual switch uses the first forwarding rule to use the source The MAC address of the gateway and the MAC address of the destination gateway are encapsulated in the data packet, and the encapsulated data packet is forwarded to the source virtual proxy.

With reference to the fourth possible implementation of the third aspect, in a fifth possible implementation, the receiving unit is further configured to receive an ARP request that is sent by the source virtual switch and sent by the source virtual machine The ARP request is used to obtain a MAC address of the source virtual gateway, where the ARP request includes an IP address of the source virtual gateway;

The device further includes: a second searching unit, configured to use an IP address of the source virtual gateway Addressing, searching whether the MAC address of the source virtual gateway matching the IP address is stored in the address list;

The sending unit is further configured to: if the MAC address of the source virtual gateway is found, send an ARP response to the source virtual machine by using the source virtual switch, where the ARP response includes a MAC of the source virtual gateway. address.

In a fourth aspect, an embodiment of the present invention provides a processing apparatus for a data packet, where the apparatus includes:

a receiving unit, configured to receive a data packet sent by the source virtual agent and forwarded by the source virtual agent, where the data packet carries a target address of the data packet, where the target address includes an IP address of the destination virtual machine;

An identifying unit, configured to identify, according to an IP address of the destination virtual machine, whether an IP address of the destination virtual machine is stored in an address list;

a determining unit, configured to determine that the destination virtual machine is in the destination data center if an IP address of the destination virtual machine is stored in the address list;

The determining unit is further configured to: if the destination virtual machine is in the destination data center, determine a first forwarding rule for forwarding the data packet to the destination virtual machine;

a sending unit, configured to separately send a first forwarding rule to the destination virtual proxy and the destination virtual switch, so that the destination virtual proxy forwards the data packet to the destination virtual switch by using the first forwarding rule Deleting, by the destination virtual switch, the data packet to the destination virtual machine by using the first forwarding rule;

The processing device of the data packet, the destination virtual agent, and the destination virtual switch are in a destination data center, and the source virtual agent is in a source data center.

The determining unit is specifically configured to: if the destination virtual machine is in the destination data center, and the destination virtual machine and the source virtual machine are in the same network segment, according to the destination virtual machine MAC address, to find whether there is a destination virtual switch that is connected to the destination virtual machine;

Determining, by the MAC address of the destination virtual machine and the IP address of the destination virtual machine, a transmission path for forwarding the data packet, if the destination virtual switch is connected to the destination virtual machine;

With reference to the first possible implementation manner of the fourth aspect, in a second possible implementation manner, the receiving unit is further configured to receive an ARP request sent by the source virtual proxy that is forwarded by the destination virtual proxy, The ARP request is used to obtain a MAC address of the destination virtual machine, where the ARP request includes an IP address of the destination virtual machine;

The determining unit is further configured to: according to the IP address of the destination virtual machine, find whether there is a destination virtual switch that is matched and connected to the destination virtual machine;

Determining, by the destination virtual switch that is connected to the destination virtual machine, a second forwarding rule for forwarding the ARP request to the destination virtual machine;

The sending unit is further configured to send the second forwarding rule to the destination virtual proxy and the destination virtual switch, respectively, to enable the destination virtual proxy to forward the ARP request by using the second forwarding rule. To the destination virtual switch, the destination virtual switch forwards the ARP request to the destination virtual machine by using the second forwarding rule, and receives an ARP response sent by the destination virtual machine, and passes the The destination virtual agent sends the ARP response to the source virtual agent, the ARP response including a MAC address of the destination virtual machine.

In a third possible implementation, the determining unit is specifically configured to: if the destination virtual machine is in a destination data center, and the destination virtual machine and the source virtual machine are in different network segments, according to the The IP address of the destination virtual machine acquires the MAC address of the destination virtual machine.

Determining, according to the MAC address of the destination virtual machine, whether the destination virtual switch that is connected to the destination virtual machine exists;

Determining, by the MAC address of the destination virtual machine and the IP address of the destination virtual machine, a transmission path for forwarding the data packet, if the destination virtual switch is matched with the target virtual machine;

Therefore, by applying the data packet processing method and apparatus provided by the embodiment of the present invention, the source controller identifies whether the destination virtual machine is in the source data center according to the target address, and when the destination virtual machine is not in the source data center, the source controller determines a first forwarding rule for forwarding the data packet to the destination virtual machine, and sending the first forwarding rule to the source virtual switch and the source virtual proxy, so that the source virtual switch forwards the data packet to the source virtual using the first forwarding rule The proxy, the source virtual proxy forwards the data packet to the destination data center where the destination virtual machine is located by using the first forwarding rule and the stored routing forwarding table. The controller of each data center in the prior art solves the problem of sharing a large amount of information across the WAN, increasing the processing load of the controller, wasting the processing resources of the controller, and reducing the processing efficiency of the controller for the data packet, and realizing more problems. The interconnection of virtual networks between data centers reduces the processing load of the controller, saves the processing resources of the control, and improves the processing efficiency of the controller for the data packets.

DRAWINGS

FIG. 1-A is a schematic diagram of a transmission data packet provided by the prior art; FIG.

FIG. 1B is a schematic diagram of a transmission path between virtual machines provided by the prior art; FIG.

2 is a flowchart of a method for processing a data packet according to Embodiment 1 of the present invention;

3 is a flowchart of a method for processing a data packet according to Embodiment 2 of the present invention;

4 is a flowchart of a method for processing a data packet according to Embodiment 3 of the present invention;

FIG. 5 is a flowchart of a method for processing a data packet according to Embodiment 4 of the present invention;

FIG. 6 is a signaling diagram of a method for processing a data packet according to Embodiment 5 of the present invention;

FIG. 7 is a signaling diagram of obtaining a MAC address of a destination VM according to Embodiment 5 of the present invention;

8 is a signaling diagram of another method for processing a data packet according to Embodiment 6 of the present invention;

9 is a signaling diagram of obtaining a MAC address of a source gateway according to Embodiment 6 of the present invention;

FIG. 10 is a schematic diagram of a transmission path between virtual machines according to an embodiment of the present invention;

11 is a schematic structural diagram of a device for processing a data packet according to Embodiment 7 of the present invention;

12 is a schematic structural diagram of a device for processing a data packet according to Embodiment 8 of the present invention;

FIG. 13 is a schematic structural diagram of a device for processing a data packet according to Embodiment 9 of the present invention; FIG.

14 is a schematic structural diagram of a device for processing a data packet according to Embodiment 10 of the present invention;

15 is a schematic structural diagram of hardware of a data packet processing apparatus according to Embodiment 11 of the present invention;

16 is a schematic structural diagram of hardware of a data packet processing apparatus according to Embodiment 12 of the present invention;

17 is a schematic structural diagram of hardware of a data packet processing apparatus according to Embodiment 13 of the present invention;

FIG. 18 is a schematic structural diagram of hardware of a data packet processing apparatus according to Embodiment 14 of the present invention; FIG.

FIG. 19 is a schematic diagram of a processing system of a data packet according to Embodiment 15 of the present invention.

detailed description

The technical solutions in the embodiments of the present invention will be clearly and completely described in conjunction with the drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.

In order to facilitate the understanding of the present invention, the embodiments of the present invention are not limited to the embodiments of the present invention.

Embodiment 1

FIG. 2 is a flowchart of a method for processing a data packet according to Embodiment 1 of the present invention. FIG. 2 is a flowchart of a method for processing a data packet according to Embodiment 1 of the present invention. The source controller is specifically a source SDN controller, and the source controller is in a source data center. The source data center also includes a source virtual switch (vSwitch), a source Virtual machine (VM) and source virtual agent (vProxy). As shown in FIG. 2, the embodiment specifically includes the following steps:

Step 210: The source controller receives, by the source virtual switch, a data packet sent by the source virtual machine, where the data packet carries a target address of the data packet, where the target address includes a destination for communicating with the source virtual machine. The IP address of the virtual machine.

Specifically, the source controller receives a data packet sent by the source VM forwarded by the source VM, where the data packet carries a target address of the data packet, and the target address includes an IP address of a destination VM that communicates with the source VM.

The source controller receives the data packet sent by the source virtual machine and is sent by the source virtual switch, and specifically includes:

When the source vSwitch receives the data packet sent by the source VM, and the source vSwitch does not find the forwarding rule for forwarding the data packet in the forwarding list stored by the source vSwitch, the source controller receives the data packet sent by the source VM forwarded by the source vSwitch.

It can be understood that the source address is also included in the data packet, and the source address is an IP, a MAC address, and the like of the source VM.

Step 220: According to the IP address of the destination virtual machine, the source controller identifies whether an IP address of the destination virtual machine is stored in an address list.

Specifically, the source controller receives the data packet, and obtains the source address and the IP address of the destination VM from the data packet. Based on the source address and the IP address of the destination VM, the source controller determines that the source VM is ready to communicate interactively with the destination VM indicated by the IP address. The source controller identifies whether the destination VM is in the source data center according to the IP address of the destination VM.

According to the IP address of the destination VM, the source controller identifies whether the IP address of the destination VM is stored in its own address list, and the address list stores attribute information of a plurality of VMs managed in the source controller.

Step 230: If the IP address of the destination virtual machine is not stored in the address list, the source controller determines that the destination virtual machine is not in the source data center.

Specifically, since the IP address of the destination VM is not stored in the address list, the source controller determines that the destination VM is a VM that is not managed by the source controller itself.

Step 240: The source controller determines a first forwarding rule for forwarding the data packet to the destination virtual machine.

Specifically, according to the identification of step 220 and step 230, if the destination VM is not in the source data center, the source controller determines the destination data center where the destination virtual machine is located, and determines a first forwarding rule, where the first forwarding rule is used. Forward the packet to the destination VM.

Step 250: The source controller separately sends the first forwarding rule to the source virtual switch and the source virtual proxy, so that the source virtual switch forwards the data packet to the first forwarding rule to The source virtual agent forwards the data packet to a destination data center where the destination virtual machine is located by using the first forwarding rule and the stored routing forwarding table.

Specifically, after the source controller determines the first forwarding rule, the source controller sends the first forwarding rule to the source vSwitch and the source vProxy, where the first forwarding rule includes forwarding the forwarding item of the data packet (that is, the data packet is Encapsulating the processing rules and forwarding the transmission path of the data packet, so that the source vSwitch forwards the data packet to the source vProxy by using the forwarding item, and the source vProxy forwards the data packet to the destination virtual machine by using the forwarding item and the stored routing forwarding table. In the data center, the destination data center processes the data packets accordingly.

Further, the source controller sends the first forwarding rule to the source vSwitch and the source vProxy, and the source vSwitch obtains the forwarding item from the first forwarding rule, and uses the forwarding item to perform VXLAN encapsulation on the data packet (the encapsulation is outside the data packet). The VXLAN frame header is added, and the outer source and destination IP addresses, and the outer source and destination MAC addresses are filled in the frame header to obtain the first VXLAN packet, and the source vSwitch forwards the first VXLAN packet to the source vProxy. The source vProxy obtains the data packet from the first VXLAN packet, and uses the forwarding entry to perform the VXLAN encapsulation again. The encapsulation is to set the outer source IP address of the VXLAN frame header to the IP address of the source vProxy, and the outer destination IP address. Set the destination IP address of the vProxy) to get the second VXLAN message, the source vProxy will be the first The second VXLAN packet is forwarded to the destination vProxy, and the destination vProxy is in the destination data center.

It can be understood that, before the VXLAN encapsulation, the source vProxy obtains the IP address of the destination vProxy according to the stored routing forwarding table, and performs VXLAN encapsulation on the data packet again by using the obtained IP address of the destination vProxy. The source vProxy and the destination vProxy obtain the routing information and the IP address of the other party through the existing standard protocol, and store the obtained routing information and the IP address of the other party in the routing forwarding table.

As an example and not by way of limitation, the transmission path of the forwarding data packet is specifically: source VM-source vSwitch-source vProxy-destination vProxy.

In the embodiment of the present invention, the first forwarding rule includes a forwarding entry for forwarding a data packet, and a rule for causing the source switch and the source vProxy to perform VXLAN encapsulation/decapsulation on the data packet.

Therefore, by applying the data packet processing method provided by the embodiment of the present invention, the source controller identifies whether the destination virtual machine is in the source data center according to the target address, and when the destination virtual machine is not in the source data center, the source controller determines to use Forwarding the data packet to the first forwarding rule of the destination virtual machine, and sending the first forwarding rule to the source virtual switch and the source virtual proxy, so that the source virtual switch forwards the data packet to the source virtual proxy by using the first forwarding rule. The source virtual agent forwards the data packet to the destination data center where the destination virtual machine is located by using the first forwarding rule and the stored routing forwarding table. The controller of each data center in the prior art solves the problem of sharing a large amount of information across the WAN, increasing the processing load of the controller, wasting the processing resources of the controller, and reducing the processing efficiency of the controller for the data packet, and realizing more problems. The interconnection of virtual networks between data centers reduces the processing load of the controller, saves the processing resources of the control, and improves the processing efficiency of the controller for the data packets.

Embodiment 2

The following describes the processing method of the data packet provided by the second embodiment of the present invention by using FIG. 3 as an example. FIG. 3 is a flowchart of a method for processing a data packet according to Embodiment 2 of the present invention. In the embodiment of the present invention, a main body is a destination controller, and the destination controller is specifically a destination SDN controller, where the destination controller is in the destination data. Inside the center. The destination data center also includes a destination vSwitch, a destination VM, and a destination vProxy. As shown in FIG. 3, the embodiment specifically includes the following steps:

Step 310: The destination controller receives a data packet sent by the source virtual agent forwarded by the destination virtual agent, where the data packet carries a target address of the data packet, where the target address includes an IP address of the destination virtual machine.

Specifically, the destination controller receives the data packet sent by the source vProxy forwarded by the destination vProxy, where the data packet carries the target address of the data packet, and the target address includes the IP address of the destination VM. The source vProxy is in the source data center.

The destination controller receives the data packet sent by the source vProxy and is forwarded by the destination vProxy, and specifically includes:

When the destination vProxy receives the data packet sent by the source vProxy, and the destination vProxy does not find the forwarding rule for forwarding the data packet in the forwarding list stored by the destination, the destination controller receives the data packet sent by the source vProxy forwarded by the destination vProxy.

Step 320: According to the IP address of the destination virtual machine, the destination controller identifies whether the IP address of the destination virtual machine is stored in the address list.

Specifically, the destination controller receives the data packet, and obtains the source address and the IP address of the destination VM from the data packet. Based on the source address and the IP address of the destination VM, the destination controller determines that the source VM in the source data center is ready to communicate interactively with the destination VM indicated by the IP address. The destination controller identifies whether the destination VM is in the destination data center according to the IP address of the destination VM.

According to the IP address of the destination VM, the destination controller identifies whether the IP address of the destination VM is stored in its own address list, and the address list stores attribute information of a plurality of VMs managed in the destination controller.

Step 330: If the IP address of the destination virtual machine is stored in the address list, the destination controller determines that the destination virtual machine is in the destination data center.

Specifically, since the IP address of the destination VM is stored in the address list, the destination controller determines that the destination VM is a VM that belongs to the destination controller itself.

Step 340: If the destination virtual machine is in the destination data center, the destination controller determines a first forwarding rule for forwarding the data packet to the destination virtual machine.

Specifically, according to the identification of step 320, if the destination VM is in the destination data center, the destination controller determines a first forwarding rule, and the first forwarding rule is used to forward the data packet to the destination VM.

Step 350: The destination controller sends a first forwarding rule to the destination virtual proxy and the destination virtual switch, respectively, so that the destination virtual proxy forwards the data packet to the destination by using the first forwarding rule. a virtual switch, the destination virtual switch forwarding the data packet to the destination virtual machine by using the first forwarding rule.

Specifically, after the destination controller determines the first forwarding rule, the destination controller sends a first forwarding rule to the destination vProxy and the destination vSwitch, where the first forwarding rule includes forwarding the forwarding item of the data packet (that is, the data packet Encapsulation processing rule and forwarding path of the forwarding packet), so that the destination vProxy forwards the data packet to the destination vSwitch by using the forwarding item, and the destination vSwitch forwards the data packet to the destination VM by using the forwarding item, and the destination VM processes the data packet accordingly. Establish a communication link with the source VM.

Further, the destination controller sends the first forwarding rule to the destination vProxy and the destination vSwitch respectively, and the destination vProxy obtains the forwarding item from the first forwarding rule, and uses the forwarding item to perform VXLAN encapsulation on the data packet (the encapsulation is about to VXLAN frame header) The source IP address of the middle and outer layer is set to the IP address of the destination vProxy, and the destination IP address of the outer layer is set to the IP address of the destination vSwitch. The VXLAN packet is forwarded to the destination vSwitch. The destination vSwitch forwards the VXLAN packet to the destination VSwitch. Decapsulate, obtain a packet, and forward the packet to the destination VM using forwarding rules.

It can be understood that the destination vProxy obtains the IP address of the destination vSwitch from the forwarding entry according to the destination address carried in the data packet before the VXLAN encapsulation, and performs VXLAN encapsulation on the data packet again by using the obtained IP address of the destination vSwitch.

As an example and not by way of limitation, the transmission path of the forwarding data packet is specifically: source vProxy--destination vProxy--destination vSwitch--destination VM.

In the embodiment of the present invention, the first forwarding rule includes a forwarding entry for forwarding a data packet, and a rule for causing the destination vProxy and the destination switch to perform VXLAN encapsulation/decapsulation on the data packet.

Therefore, by applying the data packet processing method provided by the embodiment of the present invention, the destination controller receives the data packet sent by the destination virtual agent and the source virtual agent, and identifies whether the destination virtual machine is in the destination data center according to the target address, and the destination virtual machine. When in the destination data center, the destination controller determines a first forwarding rule for forwarding the data packet to the destination virtual machine, and sends a first forwarding rule to the destination virtual switch and the destination virtual agent, so that the destination virtual agent utilizes the first A forwarding rule forwards the data packet to the destination virtual switch, and the destination virtual switch forwards the data packet to the destination virtual machine by using the first forwarding rule. The controller of each data center in the prior art solves the problem of sharing a large amount of information across the WAN, increasing the processing load of the controller, wasting the processing resources of the controller, and reducing the processing efficiency of the controller for the data packet, and realizing more problems. The interconnection of virtual networks between data centers reduces the processing load of the controller, saves the processing resources of the control, and improves the processing efficiency of the controller for the data packets.

Embodiment 3

4 is a flowchart illustrating a method for processing a data packet according to Embodiment 3 of the present invention. FIG. 4 is a flowchart of a method for processing a data packet according to Embodiment 3 of the present invention. In the embodiment of the present invention, the implementation body is a source vProxy. The source vProxy is in the source data center. The source data center also includes a source controller, a source vSwitch, and a source VM. As shown in FIG. 4, the specific package of this embodiment Including the following steps:

Step 410: The source virtual agent receives a data packet sent by the source virtual switch, where the data packet carries a target address of the data packet.

Specifically, the source vProxy receives a data packet sent by the source vSwitch, where the data packet carries a target address of the data packet.

Further, the source vProxy receives the packet encapsulated by the source vSwitch through the VXLAN, and the VXLAN packet carries the data packet.

In the embodiment of the present invention, the cloud management system configures the vProxy of the data center for each data center, and the vProxy is configured to forward the data packets and the packets to be sent or to be sent according to the forwarding rule, where the vProxy can be loaded. In the physical server.

Step 420: The source virtual proxy receives a first forwarding rule sent by the source controller, where the first forwarding rule is used to forward the data packet to a destination virtual machine indicated by the target address.

Specifically, the source vProxy receives the first forwarding rule sent by the source controller, and stores the first forwarding rule, where the first forwarding rule is used to forward the data packet to the destination VM indicated by the target address.

Step 430: The source virtual proxy forwards the data packet to the destination virtual proxy by using the first forwarding rule and the stored routing forwarding table according to the target address of the data packet, so that the destination virtual proxy Forwarding the data packet to the destination virtual machine.

Specifically, the source vProxy obtains the source address and the target address from the data packet. The source controller determines that the source VM is ready to communicate interactively with the destination VM indicated by the target address. The source vProxy obtains the matching forwarding entry from the first forwarding rule according to the target address (that is, the encapsulation processing rule for the data packet and the transmission path of the forwarded data packet).

Based on the matched forwarding entry and the stored routing table information, the source vProxy forwards the data packet to the destination vProxy, so that the destination vProxy forwards the data packet to the destination VM, the destination vProxy The destination data center where the destination VM indicated by the destination address is located.

Further, the using the first forwarding rule and the routing table information, the source virtual proxy forwarding the data packet to the destination virtual proxy specifically includes:

The source vProxy obtains the IP address of the destination vProxy. According to the IP address of the destination vProxy, the source vProxy forwards the data packet to the destination vProxy by using the first forwarding rule, so that the destination vProxy forwards the data packet to the destination VM.

It can be understood that when the source vProxy forwards the data packet to the destination vProxy, the data packet may be VXLAN encapsulated, (the encapsulation is to set the outer source IP address in the VXLAN frame header to the IP address of the source vProxy, and the outer layer destination. The IP address is set to the destination vProxy IP address. The source vProxy forwards the encapsulated VXLAN packet to the destination vProxy, and the destination vProxy forwards the packet to the destination VM. The source vProxy and the destination vProxy obtain the routing information and the IP address of the other party through the existing standard protocol, and store the obtained routing information and the IP address of the other party in the routing forwarding table.

In the embodiment of the present invention, the first forwarding rule includes a rule for causing the source vProxy to perform VXLAN encapsulation/decapsulation on the data packet, in addition to forwarding the forwarding item of the data packet.

Therefore, by applying the data packet processing method provided by the embodiment of the present invention, the source virtual proxy receives the data packet sent by the source virtual switch, obtains a matching forwarding entry according to the target address, and uses the forwarding item and the stored routing table. The data packet is forwarded to the destination virtual agent to realize transmission across the WAN, and the transmission link between the virtual machines in different data centers is established, which solves the problem that the controllers of the data centers in the prior art synchronize the large amount of information across the WAN, and increase The controller handles the burden, wastes the processing resources of the controller, reduces the problem of the controller processing efficiency of the data packet, realizes the interconnection of the virtual network between the multiple data centers, reduces the processing load of the controller, and saves the processing resources of the control. , improve the efficiency of the controller processing of the data packet.

Embodiment 4

5 is a flowchart illustrating a method for processing a data packet according to Embodiment 4 of the present invention. FIG. 5 is a flowchart of a method for processing a data packet according to Embodiment 4 of the present invention. The destination vProxy is in the destination data center. The destination data center further includes a destination controller, a destination vSwitch, and a destination VM. As shown in FIG. 5, the embodiment specifically includes the following steps:

Step 510: The destination virtual agent receives a data packet sent by the source virtual agent, where the data packet carries a target address of the data packet.

Specifically, the destination vProxy receives the data packet sent by the source vProxy, where the data packet carries the target address of the data packet.

It can be understood that the data packet further carries a source address, where the source address is an IP address and a MAC address of the source VM. According to the source address and the target address, the destination vProxy determines that the source VM is ready to communicate with the destination VM indicated by the target address. .

The source vProxy may also perform VXLAN encapsulation on the data packet when sending the data packet to the destination vProxy. (The encapsulation is to set the outer source IP address of the VXLAN frame header to the source vProxy IP address, and the outer destination destination IP address setting. For the purpose of the vProxy IP address, the source vProxy sends the encapsulated VXLAN packet to the destination vProxy.

Step 520: When the destination virtual agent does not find a forwarding rule that matches the target address, the destination virtual agent sends the data packet to the destination controller.

Specifically, the destination vProxy searches for a forwarding rule in the stored forwarding list that matches the target address. When the destination vProxy does not find a forwarding rule that matches the target address, the destination vProxy sends a data packet to the destination controller.

Step 530: The destination virtual proxy receives a first forwarding rule sent by the destination controller, where the first forwarding rule is used to forward the data packet to the destination address indication virtual machine.

Specifically, the destination vProxy receives the first forwarding rule sent by the destination controller, where the first forwarding rule includes a forwarding item for forwarding the data packet (that is, a packet processing rule for the data packet and a transmission path for forwarding the data packet) . The first forwarding rule is used to forward the data packet to the destination VM indicated by the target address.

Step 540: The destination virtual proxy sends the data packet to the destination virtual machine by using a destination virtual switch by using the first forwarding rule.

Specifically, according to the first forwarding rule obtained in step 530, the destination vProxy sends a data packet to the destination VM through the destination vSwitch, and the destination VM performs corresponding processing on the data packet to establish a communication link with the source VM.

Further, the using the first forwarding rule, the destination virtual agent sending the data packet to the destination virtual machine by using the destination virtual switch includes:

According to the first forwarding rule, the destination vProxy obtains the matching forwarding entry from the first forwarding rule. According to the matching forwarding entry, the destination vProxy obtains the IP address of the destination vSwitch. According to the destination vSwitch IP address, the destination vProxy forwards the data packet to the destination. The vSwitch is configured to enable the destination vSwitch to send packets to the destination VM based on the destination address.

The destination vProxy may also perform VXLAN encapsulation on the data packet when the packet is sent to the destination vSwitch. The encapsulation is to set the outer source IP address of the VXLAN frame header to the destination vProxy IP address, and the outer destination IP address is set to The destination vProxy forwards the encapsulated VXLAN packet to the destination vSwitch. The destination vSwitch obtains the packet from the VXLAN packet. The destination vSwitch forwards the packet to the destination VM.

In the embodiment of the present invention, the first forwarding rule includes, in addition to the forwarding item of forwarding the data packet, a rule for causing the destination vProxy to perform VXLAN encapsulation/decapsulation on the data packet.

Therefore, by applying the data packet processing method provided by the embodiment of the present invention, the destination virtual proxy receives the data packet sent by the source virtual proxy, acquires the first forwarding rule sent by the destination controller according to the target address, and uses the first forwarding rule. Forward packets through the destination virtual switch To the purpose of the virtual machine, to achieve cross-WAN transmission, establish a transmission link between virtual machines in different data centers, and solve the problem that the controllers of each data center in the prior art synchronize a large amount of information across the WAN, increasing the processing load of the controller. The controller's processing resources are wasted, the controller's processing efficiency of the data packet is reduced, the virtual network interconnection between multiple data centers is realized, the controller processing load is reduced, the control processing resources are saved, and the control is improved. The efficiency of processing packets.

The foregoing multiple embodiments respectively explain the processing method of the data packet with different execution subjects. Through the description of the foregoing multiple embodiments, the controller of the data center no longer performs sharing and synchronization across the WAN information, thereby reducing network overhead. To reduce the processing burden of the control, each controller manages only the information and the transmission path inside the data center; the vProxy is added to the data center, so that the data packets entering and leaving the data center need to be forwarded through the vProxy, thereby reducing the complexity of the network system, and at the same time, The controller only maintains the transmission path of the virtual machine in the data center where it is located, saves the processing resources of the controller, improves the processing efficiency of the controller for the data packet, and realizes the interconnection of the virtual network between the multiple data centers.

Embodiment 5

The source and destination VMs in the foregoing embodiments are in the same network segment, but belong to different data centers. Alternatively, the source and destination VMs are in different network segments, and are also in different data centers.

In the embodiment of the present invention, the source and destination VMs belong to the same network segment, but belong to different data centers. The following describes the processing method of the data packet in combination with the source, the destination data center, and the controller, vSwitch, VM, and vProxy included in each data center. As shown in FIG. 6, FIG. 6 is a flowchart provided in Embodiment 5 of the present invention. A packet processing method for packet processing. This embodiment specifically includes the following steps:

Step 601: The source virtual machine sends a data packet to the source virtual switch, where the data packet carries a target address of the data packet.

Specifically, the source VM is configured to perform communication interaction with the destination VM that belongs to the same network segment, and the source VM sends a data packet to the source vSwitch, where the data packet carries a target address, where the target address specifically includes an IP address of the destination VM and a destination VM. MAC address.

It can be understood that the data packet also carries the IP address of the active VM and the MAC address of the source VM.

Step 602: The source virtual switch sends a data packet to the source controller.

Specifically, the source vSwitch parses the data packet, and obtains the MAC address of the destination VM from the data packet. The source vSwitch searches for the forwarding rule that matches the destination MAC address in the forwarding list stored by the source vSwitch. When the source vSwitch does not find the forwarding rule for forwarding packets, the source vSwitch sends a packet to the source controller.

Step 603: The source controller sends the first forwarding rule to the source virtual switch and the source virtual proxy respectively.

Specifically, the source controller receives the data packet, and obtains the source address, the IP address of the destination VM, and the MAC address of the destination VM from the data packet, and determines the source according to the source address, the IP address of the destination VM, and the destination MAC address. The VM is ready to communicate with the destination VM.

According to the IP address of the destination VM, the source controller identifies whether the IP address of the destination VM is stored in the address list; if the IP address of the destination VM is not stored in the address list, the source controller determines the purpose of the IP address indication of the destination VM. The VM is not in the source data center.

Further, the source controller further determines that the destination VM belongs to the same network segment as the source VM according to the IP address of the destination VM.

If the destination VM is not in the source data center, and the destination VM is in the same network segment as the source VM, the source controller determines the first to forward the data packet to the destination virtual machine according to the MAC address of the destination VM and the IP address of the destination VM. A forwarding rule.

In the embodiment of the present invention, since the data packet includes the MAC address of the destination VM, the source controller directly determines the transmission path of the forwarded data packet according to the MAC address of the destination VM and the IP address of the destination VM, and according to the transmission path, the source controller Determine the first forwarding rule.

In the embodiment of the present invention, the source controller determines to forward the data packet to the destination VM. The first forwarding rule enables the source vSwitch and the source vProxy to forward the data packet to the destination VM according to the first forwarding rule after receiving the data packet, thereby enabling the source VM to communicate with the destination VM.

It can be understood that, in addition to determining the first forwarding rule according to the MAC address of the destination VM and the IP address of the destination VM, the source controller further determines the first forwarding rule according to other information, where the other information specifically refers to the source and destination. VM port information and so on.

After the source controller determines the first forwarding rule, the source controller sends a first forwarding rule to the source vSwitch and the source vProxy, where the first forwarding rule includes forwarding a forwarding packet (that is, a packet processing rule for the data packet). And the forwarding path of the forwarded packet).

The source vSwitch receives the first forwarding rule, obtains the forwarding entry from the first forwarding rule, and uses the forwarding entry to determine the transmission path of the forwarded data packet. The source vSwitch uses the forwarding entry to encapsulate the data packet in VXLAN (that is, the VXLAN frame header is added outside the data packet, and the outer source and destination IP addresses, and the outer source and destination MAC addresses are filled in the frame header). The VXLAN message carries a data packet.

The frame header is filled with the IP address of the source VM, the MAC address of the source VM, the IP address of the destination VM, and the MAC address of the destination VM.

Step 604: The source virtual agent receives the data packet sent by the source virtual switch.

Step 605: The source virtual agent forwards the data packet to the destination virtual agent.

Specifically, the source vProxy obtains the source address and the target address from the data packet. The source vProxy determines that the source VM is ready to communicate interactively with the destination VM indicated by the target address. The source vProxy obtains the matching forwarding entry from the first forwarding rule according to the target address (that is, the encapsulation processing rule for the data packet and the transmission path of the forwarded data packet). The first forwarding rule is used to forward the data packet to the destination VM indicated by the target address.

Further, the source vProxy obtains the IP address of the destination vProxy by using the stored route forwarding table. According to the IP address of the destination vProxy, the source vProxy uses the first forwarding rule to forward the data packet to the destination vProxy, so that the destination vProxy will use the data packet. Forward to the destination VM.

Step 606: The destination virtual agent sends a data packet to the destination controller.

Specifically, the destination vProxy searches for a forwarding rule in the stored forwarding list that matches the MAC address of the destination VM. When there is no forwarding rule matching the MAC address of the destination VM in the forwarding list stored in the destination vProxy, the destination vProxy sends the data packet to the destination controller.

Step 607: The destination controller sends a second forwarding rule to the destination virtual agent and the destination virtual switch, respectively.

Specifically, the destination controller receives the data packet, and obtains the source address and the target address from the data packet. Based on the source address and the target address, the destination controller determines that the source VM in the source data center is ready to communicate interactively with the destination VM indicated by the target address. The destination controller identifies whether the destination VM indicated by the target address is in the destination data center.

According to the IP address of the destination VM, the destination controller identifies whether the IP address of the destination VM is stored in the address list; if the IP address of the destination VM is stored in the address list, the destination controller determines the destination VM indicated by the IP address of the destination VM. In the destination data center.

Further, the destination controller further determines that the destination VM belongs to the same network segment as the source VM according to the IP address of the destination VM.

If the destination VM is in the destination data center and the destination VM is on the same network segment as the source VM, the destination controller searches for the destination vSwitch that matches the destination VM according to the MAC address of the destination VM. If the destination controller finds the destination and destination The VM matches the destination vSwitch of the connection, and the destination controller determines the forwarding data according to the MAC address of the destination VM and the IP address of the destination VM. The transmission path of the packet, according to the transmission path, the destination controller determines the second forwarding rule.

In the embodiment of the present invention, the second forwarding rule for forwarding the data packet to the destination VM determined by the destination controller may enable the destination vSwitch and the destination vProxy to send data according to the second forwarding rule after receiving the data packet. The packet is forwarded to the destination VM, which in turn causes the source VM to communicate with the destination VM.

After the destination controller determines the second forwarding rule, the destination controller sends a second forwarding rule to the destination vProxy and the destination vSwitch, where the second forwarding rule includes forwarding the forwarding item of the data packet (that is, encapsulating the data packet. Rules and forwarding paths for forwarding packets). It can be understood that, in addition to determining the second forwarding rule according to the MAC address of the destination VM and the IP address of the destination VM, the destination controller further determines the second forwarding rule according to other information, where the other information specifically refers to the source and destination. VM port information and so on.

Step 608: The destination virtual agent sends a data packet to the destination virtual switch.

Specifically, the destination vProxy obtains the forwarding entry from the second forwarding rule, determines the transmission path of the forwarded data packet by using the forwarding item, and sends the data packet to the destination vSwitch.

Further, the destination vProxy uses the forwarding item to perform VXLAN encapsulation on the data packet (the encapsulation is to set the outer source IP address in the VXLAN frame header to the destination vProxy IP address, and the outer destination destination IP address as the destination vSwitch IP address). After the encapsulated VXLAN packet is received, the destination vProxy forwards the encapsulated VXLAN packet to the destination vSwitch.

It can be understood that the destination vProxy obtains the IP address of the destination vSwitch from the forwarding entry according to the destination address carried in the data packet, and performs VXLAN encapsulation on the data packet by using the obtained IP address of the destination vSwitch.

Step 609: The destination virtual switch sends a data packet to the destination virtual machine.

Specifically, the destination vSwitch obtains the forwarding item from the second forwarding rule, and uses the forwarding item to send the data packet to the destination VM, and the destination VM performs corresponding processing on the data packet to establish a communication link with the source VM.

Further, the destination vSwitch obtains the data packet from the VXLAN packet, and the destination vSwitch Forward the packet to the destination VM.

Optionally, the step of the step 601 of the embodiment of the present invention further includes the step of the source VM acquiring the MAC address of the destination VM. As shown in FIG. 7 , in the embodiment of the present invention, the MAC address of the destination VM is obtained by the source VM, thereby The source VM may initiate a step of communicating data packets with the destination VM for interactive communication. Specific steps are as follows:

Step 701: The source virtual machine sends an ARP request to the source virtual switch, where the ARP request includes an IP address of the destination VM.

Specifically, when the source VM is ready to communicate with the destination VM that belongs to the same network segment, the source VM sends an ARP request to the source vSwitch, where the ARP request is used to obtain the MAC address of the destination VM, where the ARP request includes the destination VM. IP address.

It can be understood that the ARP request further includes the IP address of the source VM.

Step 702: The source virtual switch sends the ARP request to the source controller.

Specifically, after receiving the ARP request, the source vSwitch obtains the IP address of the source VM and the IP address of the destination VM from the ARP, and determines that the source VM sends the ARP request to obtain the MAC address of the destination VM.

The source vSwitch searches for the MAC address of the destination VM in its own address list based on the IP address of the source gateway. If the MAC address of the destination VM is not found, the source vSwitch sends an ARP request to the source controller.

Step 703: The source controller sends a third forwarding rule to the source virtual switch and the source virtual proxy respectively.

Specifically, the source controller receives the ARP request sent by the source vSwitch. The source controller obtains the IP address of the source VM and the IP address of the destination VM from the ARP request, and determines that the source VM requests to acquire the MAC address of the destination VM.

According to the IP address of the destination VM, the source controller searches whether the MAC address matching the IP address of the destination VM is stored in the address list; if the source controller does not find the MAC address of the destination VM, the source controller determines where the destination VM is located. Destination data center.

The source controller identifies the destination data center to which the IP address of the destination VM belongs according to the IP address of the destination VM, and determines a transmission path for forwarding the ARP request according to the destination data center to which the destination VM belongs. According to the transmission path, the source controller determines the third forwarding. rule. The third forwarding rule includes a forwarding entry for forwarding an ARP request (that is, a packet processing rule for the ARP request and a transmission path for forwarding the ARP request).

In the embodiment of the present invention, the third forwarding rule that is used by the source controller to forward the ARP request to the destination VM enables the source vSwitch and the source vProxy to receive the ARP according to the third forwarding rule after receiving the ARP request. The request is forwarded to the destination VM, so that the destination VM feeds back the ARP response to the source VM. The ARP response includes the MAC address of the destination VM, and the source VM initiates the step of transmitting the data packet with the destination VM after acquiring the MAC address of the destination VM.

After the source controller determines the third forwarding rule, the source controller sends a third forwarding rule to the source vSwitch and the source vProxy respectively. The source vSwitch and the source vProxy receive the third forwarding rule.

The source vSwitch receives the third forwarding rule, obtains the forwarding entry from the third forwarding rule, and uses the forwarding entry to determine the transmission path for forwarding the ARP request.

Further, the source vSwitch can also use the forwarding entry to perform VXLAN encapsulation on the ARP request (that is, add a VXLAN frame header to the ARP request, and fill the outer and source IP addresses and the outer source and destination MAC addresses in the frame header. After the message, the VXLAN message carries an ARP request.

The frame header is filled with the IP address of the source VM, the MAC address of the source VM, and the IP address of the destination VM, and the MAC address of the destination VM is not filled.

Step 704: The source virtual proxy receives the ARP request sent by the source virtual switch.

Step 705: The source virtual agent forwards the ARP request to the destination virtual agent.

Specifically, the source vProxy obtains the IP address of the source VM and the IP address of the destination VM from the ARP request, and determines that the source VM requests to acquire the MAC address of the destination VM. The source vProxy obtains the matching forwarding entry from the third forwarding rule according to the IP address of the destination VM (that is, the encapsulation processing rule for the ARP request and the transmission path for forwarding the ARP request).

Further, the source vProxy obtains the destination vProxy by using the stored routing forwarding table. IP geology, according to the IP address of the destination vProxy, the source vProxy forwards the ARP request to the destination vProxy by using the third forwarding rule, so that the destination vProxy forwards the ARP request to the destination VM.

It can be understood that the source vProxy can also perform VXLAN encapsulation on the ARP request when forwarding the ARP request to the destination vProxy. The encapsulation is to set the outer source IP address in the VXLAN frame header to the IP address of the source vProxy. The IP address is set to the destination vProxy IP address. The source vProxy forwards the encapsulated VXLAN packet to the destination vProxy, and the destination vProxy forwards the packet to the destination VM. The source vProxy and the destination vProxy obtain the routing information and the IP address of the other party through the existing standard protocol, and store the obtained routing information and the IP address of the other party in the routing forwarding table.

Step 706: The destination virtual agent sends an ARP request to the destination controller.

Specifically, the destination vProxy searches whether the stored forwarding list has a forwarding rule for forwarding the ARP request that matches the IP address of the destination VM. When the destination vProxy does not find the forwarding rule for forwarding the ARP request that matches the IP address of the destination VM, the destination vProxy sends an ARP request to the destination controller.

Step 707: The destination controller sends a fourth forwarding rule to the destination virtual proxy and the destination virtual switch, respectively.

Specifically, the destination controller receives the ARP request, obtains the IP address of the source VM and the IP address of the destination VM from the ARP request, and determines that the source VM requests to acquire the MAC address of the destination VM. According to the IP address of the destination VM, the destination controller identifies whether the IP address of the destination VM is stored in the address list; if the IP address of the destination VM is stored in the address list, the destination controller determines the destination VM indicated by the IP address of the destination VM. In the destination data center.

If the destination VM is in the destination data center, the destination controller searches for the destination vSwitch that matches the destination VM according to the IP address of the destination VM. If the destination controller finds the destination vSwitch that matches the destination VM, the destination controller The transmission path of the forwarded data packet is determined, and according to the transmission path, the destination controller determines the fourth forwarding rule.

In the embodiment of the present invention, the ARP request is forwarded to the destination by the destination controller. The fourth forwarding rule of the VM enables the destination vSwitch and the destination vProxy to forward the ARP request to the destination VM according to the fourth forwarding rule after receiving the ARP request, so that the destination VM feeds back the ARP response to the source VM. The response includes the MAC address of the destination VM, and the source VM initiates a step of transmitting a data packet with the destination VM after acquiring the MAC address of the destination VM.

After the destination controller determines the fourth forwarding rule, the destination controller sends a fourth forwarding rule to the destination vProxy and the destination vSwitch, where the fourth forwarding rule includes forwarding the forwarding of the ARP request (that is, the encapsulation processing of the ARP request). Rules and forwarding paths for forwarding ARP requests). The destination vProxy and destination vSwitch receive the fourth forwarding rule.

It should be noted that, in the embodiment of the present invention, the MAC address of the destination VM may be stored in the address list of the destination controller, but in order to ensure the accuracy of the MAC address of the VM for the purpose of reply, the destination controller determines that the destination VM is in the After the destination data center, the destination vSwitch that matches the destination VM is still found, and the fourth forwarding rule is determined, and the MAC address of the stored destination VM is not fed back.

Step 708: The destination virtual agent sends an ARP request to the destination virtual switch.

Specifically, the destination vProxy obtains the forwarding entry from the fourth forwarding rule, and uses the forwarding entry to determine the transmission path for forwarding the ARP request, and sends an ARP request to the destination vSwitch.

Further, the destination vProxy uses the forwarding entry to encapsulate the ARP request into the VXLAN (the encapsulation is to set the outer source IP address in the VXLAN frame header to the destination vProxy IP address, and the outer destination IP address as the destination vSwitch IP address). After the VXLAN packet is received, the destination vProxy forwards the encapsulated VXLAN packet to the destination vSwitch.

It can be understood that the destination vProxy obtains the IP address of the destination vSwitch from the forwarding entry before the VXLAN encapsulation, and performs VXLAN encapsulation on the data packet by using the obtained IP address of the destination vSwitch.

Step 709: The destination virtual switch sends an ARP request to the destination virtual machine.

Specifically, the destination vSwitch obtains the forwarding entry from the fourth forwarding rule, and uses the forwarding entry to send an ARP request to the destination VM, and the destination VM performs corresponding processing on the ARP request.

Further, the destination vSwitch obtains an ARP request from the VXLAN packet, and the destination vSwitch forwards the ARP request packet to the destination VM.

Step 710: The destination virtual machine performs corresponding processing on the ARP request, and sends an ARP response to the source virtual machine.

Specifically, the destination VM receives the ARP request, obtains the IP address of the source VM and the IP address of the destination VM from the ARP, and determines that the source VM sends the ARP request to obtain the MAC address of the destination VM.

The destination VM obtains its own MAC address and generates an ARP response, which includes the MAC address of the destination VM.

The destination VM sends an ARP response to the destination vSwitch. The destination vSwitch receives the ARP response and forwards the ARP response to the destination vProxy. The destination vProxy receives the ARP response and sends an ARP response to the source vProxy. The source vProxy receives the ARP response and sends an ARP response to the source vSwitch. The source vSwitch receives the ARP response and sends an ARP response to the source VM.

The source VM receives the ARP response, obtains the MAC address of the source gateway from it, and prepares to communicate with the destination VM.

Embodiment 6

In the embodiment of the present invention, the source and destination VMs are in different network segments and belong to different data centers. The following describes the processing method of the data packet in combination with the source, the destination data center, and the controller, vSwitch, VM, and vProxy included in each data center. As shown in FIG. 8, FIG. 8 is another embodiment provided by the sixth embodiment of the present invention. A signaling method for processing a data packet. This embodiment specifically includes the following steps:

Step 801: The source virtual machine sends a data packet to the source virtual switch, where the data packet carries a target address of the data packet.

Specifically, the source VM is configured to perform communication interaction with the destination VMs belonging to different network segments, and the source VM sends a data packet to the source vSwitch, where the data packet carries a target address, and the target address is specific. It includes the IP address of the destination VM and the MAC address of the source virtual gateway.

Step 802: The source virtual switch sends the data packet to a source controller.

Specifically, the source vSwitch parses the data packet, and obtains the IP address of the destination VM from the data packet. The source vSwitch searches for the forwarding rule that matches the destination IP address in the forwarding list stored by the source vSwitch. When the source vSwitch does not find the forwarding rule for forwarding packets, the source vSwitch sends a packet to the source controller.

Step 803: The source controller sends the first forwarding rule to the source virtual switch and the source virtual proxy respectively.

Specifically, the source controller receives the data packet, and obtains the source address, the IP address of the destination VM, and the MAC address of the source virtual gateway from the data packet, according to the source address, the IP address of the destination VM, and the MAC address of the source virtual gateway. The source controller determines that the source VM prepares the destination VM for interactive communication.

Further, the source controller further determines that the destination VM and the source VM belong to different network segments according to the IP address of the destination VM.

If the destination VM is not in the source data center, and the destination VM and the source VM are in different network segments, the source controller obtains the MAC address of the destination virtual gateway according to the IP address of the destination VM; according to the MAC address of the destination virtual gateway and the destination VM. The IP address, the source controller determines a transmission path of the forwarded data packet, and the source controller determines the first forwarding rule according to the transmission path.

In the embodiment of the present invention, the first forwarding rule that is used by the source controller to forward the data packet to the destination VM may enable the source vSwitch and the source vProxy to send data according to the first forwarding rule after receiving the data packet. The packet is forwarded to the destination VM, which in turn causes the source VM to communicate with the destination VM.

It can be understood that the first forwarding rule is in addition to the MAC address of the virtual gateway according to the destination and The source controller further determines the first forwarding rule according to the other information, and the other information specifically refers to the source and destination port information of the VM.

In the embodiment of the present invention, the source controller saves the IP address and MAC address information of the virtual gateway of all network segments of the virtual network, and the virtual gateway can be implemented by a software program loaded in the controller.

In the embodiment of the present invention, the source controller also carries the MAC address of the destination virtual gateway in the first forwarding rule, so that the source vSwitch receives the data packet, and the MAC address of the destination virtual gateway carried according to the first forwarding rule. And the IP address of the destination virtual machine encapsulates the data packet, and forwards the encapsulated data packet to the source vProxy.

The source vSwitch receives the first forwarding rule, obtains the forwarding entry from the first forwarding rule, and uses the forwarding entry to determine the transmission path of the forwarded data packet. The source vSwitch uses the forwarding entry to encapsulate the data packet in VXLAN (that is, adds a VXLAN frame header outside the data packet, and fills the outer and source IP addresses in the frame header with the outer source and destination MAC addresses, and sets the VXLAN frame header. The VXLAN packet carries the data packet. The VXLAN packet carries the packet. The VXLAN packet carries the packet. The VXLAN packet carries the packet.

The frame header is also filled with the IP address of the source VM, the MAC address of the source VM, and the IP address of the destination VM.

Step 804: The source virtual proxy receives the data packet sent by the source virtual switch.

Step 805: The source virtual agent forwards the data packet to a destination virtual agent.

Specifically, the source vProxy obtains the source address and the target address from the data packet. The source controller determines that the source VM is ready to communicate interactively with the destination VM indicated by the target address. The source vProxy obtains the matching forwarding entry from the first forwarding rule according to the target address (that is, the encapsulation processing rule for the data packet and the transmission path of the forwarded data packet). The first forwarding rule is used to forward the data packet to the destination The destination VM indicated by the address.

Step 806: The destination virtual agent sends the data packet to the destination controller.

Specifically, the destination vProxy searches for a forwarding rule in the stored forwarding list that matches the IP address of the destination VM. When there is no forwarding rule matching the IP address of the destination VM in the forwarding list stored in the destination vProxy, the destination vProxy sends the data packet to the destination controller.

Step 807: The destination controller sends a second forwarding rule to the destination virtual proxy and the destination virtual switch, respectively.

Further, the destination controller further determines that the destination VM and the source VM belong to different network segments according to the IP address of the destination VM.

If the destination VM is in the destination data center, and the destination VM and the source VM are in different network segments, the destination controller obtains the MAC address of the destination VM according to the IP address of the destination VM; and according to the MAC address of the destination VM, the destination controller searches for the existence of the VM. If the destination controller finds the destination vSwitch that is connected to the destination VM, the destination controller determines the forwarding data according to the MAC address of the destination virtual machine and the IP address of the destination virtual machine. The transmission path of the packet, according to the transmission path, the destination controller determines the second forwarding rule.

After the destination controller determines the second forwarding rule, the destination controller sends a second forwarding rule to the destination vProxy and the destination vSwitch, where the second forwarding rule includes forwarding the forwarding item of the data packet (that is, encapsulating the data packet. Rules and forwarding paths for forwarding packets).

It can be understood that, in addition to determining the second forwarding rule according to the MAC address of the destination VM and the IP address of the destination VM, the destination controller further determines the second forwarding rule according to other information, where the other information specifically refers to the source and destination. VM port information and so on.

Step 808: The destination virtual agent sends the data packet to the destination virtual switch.

Step 809: The destination virtual switch sends the data packet to the destination virtual machine.

Further, the destination vSwitch obtains the data packet from the VXLAN packet, and the destination vSwitch forwards the data packet to the destination VM.

Optionally, the step of obtaining the MAC address of the source virtual gateway is performed before the step 801 of the embodiment of the present invention. As shown in FIG. 9 , in the embodiment of the present invention, the MAC address of the source virtual gateway is obtained by using the source VM, thereby The source VM may initiate a step of communicating data packets with the destination VM for interactive communication. Specific steps are as follows:

Step 901: The source virtual machine sends an ARP request to the source virtual switch, where the ARP request includes an IP address of the source virtual gateway.

Specifically, when the source VM is ready to communicate with the destination VM that does not belong to the same network segment, the source VM sends an ARP request to the source vSwitch, where the ARP request is used to obtain the MAC address of the source virtual gateway, where the ARP request includes the source. The IP address of the virtual gateway.

Step 902: The source virtual switch sends the ARP request to the source controller.

Specifically, after receiving the ARP request, the source vSwitch obtains the IP address of the source gateway from the ARP, and determines that the source VM sends the ARP request to obtain the MAC address of the source virtual gateway.

The source vSwitch searches for the MAC address of the source virtual gateway in its own address list based on the IP address of the source virtual gateway. If the MAC address of the source virtual gateway is not found, the source vSwitch sends an ARP request to the source controller.

Step 903: The source controller sends an ARP response to the source virtual switch.

Specifically, the source controller receives the ARP request sent by the source vSwitch. The source controller obtains the IP address of the source VM and the IP address of the source virtual gateway from the ARP request, and determines that the source VM requests to obtain the MAC address of the source virtual gateway.

According to the IP address of the source virtual gateway, the source controller looks up whether the source list is stored and sourced. The IP address of the virtual gateway matches the MAC address of the source virtual gateway. If the source controller finds the MAC address of the source virtual gateway, the source controller generates an ARP response, where the ARP response includes the MAC address of the source virtual gateway.

The source controller sends an ARP response to the source vSwitch.

Step 904: The source virtual switch sends an ARP response to the source virtual machine.

Specifically, the source vSwitch receives the ARP response sent by the source controller. The source vSwitch sends an ARP response to the source VM. The source VM receives the ARP response, obtains the MAC address of the source virtual gateway, and prepares to communicate with the destination VM.

Through the foregoing description of the multiple embodiments, when communication interaction between two virtual machines in different data centers is performed, the virtual agents in the respective data centers perform forwarding, as shown in FIG. 10, in FIG. 10, each virtual machine The transmission paths are forwarded by the virtual agent, which reduces the complexity of the network system. At the same time, the controller only manages the transmission path of the virtual machine in the data center where it is located, saves the processing resources of the controller, and improves the controller's data packet. Processing efficiency.

Example 7

Correspondingly, the embodiment of the present invention further provides a processing device for a data packet, which has an implementation structure as shown in FIG. 11 for implementing processing of data packets in the first embodiment, the fifth embodiment, and the sixth embodiment of the present invention. method. The device is in the source data center. The source data center further includes a source vSwitch, a source VM, and a source vProxy. The apparatus includes the following units: a receiving unit 1110, an identifying unit 1120, a determining unit 1130, and a transmitting unit 1140.

The receiving unit 1110 is configured to receive, by the source virtual switch, a data packet sent by the source virtual machine, where the data packet carries a target address of the data packet, where the target address includes a destination for communicating with the source virtual machine. The IP address of the virtual machine;

The identifying unit 1120 is configured to identify the target virtual object according to the IP address of the destination virtual machine. Whether the IP address of the machine is already stored in the address list;

a determining unit 1130, configured to: if the IP address of the destination virtual machine is not stored in the address list, the source controller determines that the destination virtual machine is not in the source data center;

The determining unit 1130 is further configured to determine a first forwarding rule for forwarding the data packet to the destination virtual machine;

The sending unit 1140 is configured to separately send the first forwarding rule to the source virtual switch and the source virtual proxy, so that the source virtual switch forwards the data packet to the using the first forwarding rule. a source virtual agent, the source virtual agent forwarding the data packet to a destination data center where the destination virtual machine is located by using the first forwarding rule and the stored routing forwarding table;

The target address of the data packet received by the receiving unit 1110 further includes a MAC address of the destination virtual machine;

The determining unit 1130 is specifically configured to: if the destination virtual machine is not in the source data center, and the destination virtual machine is in the same network segment as the source virtual machine, according to the MAC address of the destination virtual machine And determining, by the IP address of the destination virtual machine, a transmission path for forwarding the data packet;

The receiving unit 1110 is further configured to receive an ARP request that is sent by the source virtual switch and is sent by the source virtual machine, where the ARP request is used to obtain a MAC address of the destination virtual machine, where the ARP request includes The IP address of the destination virtual machine;

The device further includes: a first searching unit 1150, configured to search, according to an IP address of the destination virtual machine, whether the destination virtual machine that matches an IP address of the destination virtual machine is stored in the address list MAC address;

The determining unit 1130 is further configured to: if the MAC address of the destination virtual machine is not found, determine a second forwarding rule for forwarding the ARP request to the destination virtual machine;

The sending unit 1140 is further configured to send a second forwarding rule to the source virtual switch and the source virtual proxy, respectively, to enable the source virtual switch to forward the ARP request by using the second forwarding rule. To the source virtual agent, the source virtual agent forwards the ARP request to the destination data center by using the second forwarding rule and the stored routing forwarding table, and sends the received destination virtual machine The ARP response is sent to the source virtual machine by the source virtual switch, and the ARP response includes a MAC address of the destination virtual machine.

The determining unit 1130 is specifically configured to: if the destination virtual machine is not in the source data center, and the destination virtual machine and the source virtual machine are in different network segments, according to the IP address of the destination virtual machine , obtaining the MAC address of the destination virtual gateway;

The target address of the data packet received by the receiving unit 1110 further includes a MAC address of the source virtual gateway;

The device further includes: a processing unit 1160, configured to carry a MAC address of the destination virtual gateway in the first forwarding rule, so that the source virtual switch uses the first forwarding rule to The MAC address of the source gateway and the MAC address of the destination gateway are encapsulated in the data packet, and the encapsulated data packet is forwarded to the source virtual proxy.

The receiving unit 1110 is further configured to receive an ARP request that is sent by the source virtual switch and is sent by the source virtual machine, where the ARP request is used to obtain a MAC address of the source virtual gateway, where the ARP request includes The IP address of the source virtual gateway;

The device further includes: a second searching unit 1170, configured to search, according to an IP address of the source virtual gateway, whether the source virtual network that matches the IP address is stored in the address list Off MAC address;

The sending unit 1140 is further configured to: if the MAC address of the source virtual gateway is found, send an ARP response to the source virtual machine by using the source virtual switch, where the ARP response includes the source virtual gateway. MAC address.

Therefore, by applying the processing device of the data packet provided by the embodiment of the present invention, the device identifies whether the destination virtual machine is in the source data center according to the target address, and when the destination virtual machine is not in the source data center, the device determines Forwarding the data packet to the first forwarding rule of the destination virtual machine, and sending the first forwarding rule to the source virtual switch and the source virtual proxy, so that the source virtual switch forwards the data packet to the source virtual proxy by using the first forwarding rule The source virtual agent forwards the data packet to the destination data center where the destination virtual machine is located by using the first forwarding rule and the stored routing forwarding table. The controller of each data center in the prior art solves the problem of sharing a large amount of information across the WAN, increasing the processing load of the controller, wasting the processing resources of the controller, and reducing the processing efficiency of the controller for the data packet, and realizing more problems. The interconnection of virtual networks between data centers reduces the processing load of the controller, saves the processing resources of the control, and improves the processing efficiency of the controller for the data packets.

Example eight

Correspondingly, the embodiment of the present invention further provides a data packet processing apparatus, and an implementation structure thereof is shown in FIG. 12, which is used to implement processing of data packets in the foregoing second embodiment, the fifth embodiment, and the sixth embodiment of the present invention. method. The device is in the destination data center. The destination data center further includes a destination vSwitch, a source VM, and a source vProxy. The apparatus includes the following units: a receiving unit 1210, an identifying unit 1220, a determining unit 1230, and a transmitting unit 1240.

The receiving unit 1210 is configured to receive, by the destination virtual proxy, a data packet sent by the source virtual proxy, where the data packet carries a target address of the data packet, where the target address includes an IP address of the destination virtual machine.

The identifying unit 1220 is configured to identify, according to the IP address of the destination virtual machine, whether an IP address of the destination virtual machine is stored in the address list.

The determining unit 1230 is configured to: if the IP address of the destination virtual machine is stored in the address list, determine that the destination virtual machine is in the destination data center;

The determining unit 1230 is further configured to: determine a first forwarding rule for forwarding the data packet to the destination virtual machine;

The sending unit 1240 is configured to send a first forwarding rule to the destination virtual proxy and the destination virtual switch, respectively, so that the destination virtual proxy forwards the data packet to the destination virtual exchange by using the first forwarding rule. The destination virtual switch forwards the data packet to the destination virtual machine by using the first forwarding rule;

The target address of the data packet received by the receiving unit 1210 further includes a MAC address of the destination virtual machine;

The determining unit 1230 is specifically configured to: if the destination virtual machine is in the destination data center, and the destination virtual machine is in the same network segment as the source virtual machine, according to the MAC address of the destination virtual machine, Determining whether there is the destination virtual switch that is connected to the destination virtual machine;

The receiving unit 1210 is further configured to receive an ARP request that is sent by the source virtual proxy and is sent by the source virtual proxy, where the ARP request is used to obtain a MAC address of the destination virtual machine, where the ARP request includes Describe the IP address of the destination virtual machine;

The determining unit 1230 is further configured to: according to the IP address of the destination virtual machine, find whether there is a destination virtual switch that is matched and connected to the destination virtual machine;

The sending unit 1240 is further configured to separately send the second forwarding rule to the destination virtual proxy and the destination virtual switch, so that the destination virtual proxy uses the second forwarding rule to send the ARP request. Forwarding to the destination virtual switch, the destination virtual switch forwards the ARP request to the destination virtual machine by using the second forwarding rule, and receives an ARP response sent by the destination virtual machine, and passes the The virtual agent sends the ARP response to the source virtual agent, where the ARP response includes a MAC address of the destination virtual machine.

The determining unit 1230 is specifically configured to: if the destination virtual machine is in the destination data center, and the destination virtual machine and the source virtual machine are in different network segments, obtain the location according to the IP address of the destination virtual machine. Describe the MAC address of the destination virtual machine;

Therefore, by applying the processing device of the data packet provided by the embodiment of the present invention, the device receives the data packet sent by the destination virtual agent and the source virtual agent, and identifies whether the destination virtual machine is in the destination data center according to the target address, and is the destination virtual machine. When in the destination data center, the device determines a first forwarding rule for forwarding the data packet to the destination virtual machine, and sends a first forwarding rule to the destination virtual switch and the destination virtual agent, so that the destination virtual agent utilizes the A forwarding rule forwards the data packet to the destination virtual switch, and the destination virtual switch forwards the data packet to the destination virtual machine by using the first forwarding rule. The controller of each data center in the prior art solves the problem of synchronizing a large amount of information across the WAN, increasing the processing load of the controller, and wasting the controller. Processing resources reduces the problem of controller processing efficiency of data packets, realizes interconnection of virtual networks among multiple data centers, reduces controller processing burden, saves control processing resources, and improves controllers' data packets. Processing efficiency.

Example nine

Correspondingly, the embodiment of the present invention further provides a processing device for processing a data packet, and the implementation structure thereof is as shown in FIG. 13 for implementing the processing of the data packet in the foregoing third embodiment, the fifth embodiment, and the sixth embodiment of the present invention. method. The device is in the source data center. The source data center also includes a source vSwitch, a source VM, and a source controller. The apparatus includes the following units: a receiving unit 1310 and a transmitting unit 1320.

The receiving unit 1310 is configured to receive a data packet sent by the source virtual switch, where the data packet carries a target address of the data packet;

The receiving unit 1310 is further configured to receive a first forwarding rule sent by the source controller, where the first forwarding rule is used to forward the data packet to a destination virtual machine indicated by the target address;

The sending unit 1320 is configured to forward the data packet to the destination virtual proxy by using the first forwarding rule and the stored routing forwarding table according to the target address of the data packet, so that the destination virtual proxy Transmitting the data packet to the destination virtual machine;

The processing device of the data packet, the source virtual switch, and the source controller are both in the source data center, and the destination virtual agent and the destination virtual machine are in the destination data center.

When the target address of the data packet received by the receiving unit includes the MAC address of the destination virtual machine, the receiving unit 1310 is further configured to:

Receiving a second forwarding rule sent by the source controller, where the second forwarding rule is used to forward an ARP request;

Receiving an ARP request sent by the source virtual switch, where the ARP request is used to obtain a MAC address of the destination virtual machine, where the ARP request includes an IP address of the destination virtual machine;

The sending unit 1320 is further configured to use the location according to the IP address of the destination virtual machine. The second forwarding rule and the routing forwarding table forward the ARP request to the destination virtual proxy, so that the destination virtual proxy forwards the ARP request to the destination virtual machine;

The receiving unit 1310 is further configured to receive an ARP response sent by the destination virtual machine that is forwarded by the destination virtual agent, where the ARP response includes a MAC address of the destination virtual machine.

The sending unit 1320 is further configured to send the ARP response to the source virtual machine by using the source virtual switch.

The source virtual machine is in the source data center.

The sending unit 1320 is specifically configured to acquire an IP address of the destination virtual proxy by using the routing forwarding table.

Deriving, by the first forwarding rule, the data packet to the destination virtual proxy according to the IP address of the destination virtual proxy, so that the destination virtual proxy forwards the data packet to the destination virtual machine .

Dedicating the ARP request to the destination virtual proxy by using the second forwarding rule according to the IP address of the destination virtual proxy, so that the destination virtual proxy forwards the ARP request to the destination virtual machine .

Therefore, by applying the processing device of the data packet provided by the embodiment of the present invention, the device receives the data packet sent by the source virtual switch, obtains a matching forwarding item according to the target address, and uses the forwarding item and the stored routing forwarding table. Forwarding the data packet to the destination virtual agent, realizing the transmission across the WAN, establishing a transmission link between the virtual machines of different data centers, and solving the problem that the controllers of the data centers in the prior art share a large amount of information across the WAN. Increasing the processing load of the controller, wasting the processing resources of the controller, reducing the problem of the processing efficiency of the controller for the data packet, realizing the interconnection of the virtual network between the multiple data centers, reducing the processing load of the controller, and saving the control Resources improve the efficiency of the controller's processing of data packets.

Example ten

Correspondingly, the embodiment of the present invention further provides a processing device for a data packet, which has an implementation structure as shown in FIG. 14 for implementing processing of data packets in the foregoing fourth embodiment, the fifth embodiment, and the sixth embodiment of the present invention. method. The device is in the destination data center. The destination data center further includes a destination vSwitch, a destination VM, and a destination controller. The apparatus includes the following units: a receiving unit 1410 and a transmitting unit 1420.

The receiving unit 1410 is configured to receive a data packet sent by the source virtual agent, where the data packet carries a target address of the data packet;

The sending unit 1420 is configured to: when the forwarding rule matching the target address is not found, send the data packet to the destination controller;

The receiving unit 1410 is further configured to receive a first forwarding rule sent by the destination controller, where the first forwarding rule is used to forward the data packet to a destination virtual machine indicated by the target address;

The sending unit 1420 is further configured to: send, by using the first forwarding rule, the data packet to the destination virtual machine by using a destination virtual switch;

The source virtual agent is in the source data center, and the destination controller, the destination virtual switch, the processing device of the data packet, and the destination virtual machine are both in the destination data center.

When the target address of the data packet includes the MAC address of the destination virtual machine, the receiving unit 1410 is further configured to receive an ARP request sent by the source virtual proxy, where the ARP request is used to obtain the destination virtual MAC address of the machine, the ARP request includes an IP address of the destination virtual machine;

The sending unit 1420 is further configured to: when the forwarding rule matching the IP address of the destination virtual machine is not found, send the ARP request to the destination controller;

The receiving unit 1410 is further configured to receive a second forwarding rule sent by the destination controller, where the second forwarding rule is used to forward the ARP request to the destination indicated by an IP address of the destination virtual machine. virtual machine;

The sending unit 1420 is further configured to: send, by using the second forwarding rule, the ARP request to the destination virtual machine by using a destination virtual switch;

The receiving unit 1410 is further configured to receive an ARP response sent by the destination virtual machine that is forwarded by the destination virtual switch, where the ARP response includes a MAC address of the destination virtual machine.

The sending unit 1420 is further configured to send the ARP response to the source virtual proxy.

The sending unit 1420 is specifically configured to acquire an IP address of the destination virtual switch by using the first/second forwarding rule.

And forwarding, according to the IP address of the destination virtual switch, the data packet/the ARP request to the destination virtual switch, so that the destination virtual switch sends the target virtual switch to the destination virtual machine according to the target address. The data packet/the ARP request.

Therefore, by applying the processing device of the data packet provided by the embodiment of the present invention, the device receives the data packet sent by the source virtual proxy, acquires the first forwarding rule sent by the destination controller according to the target address, and uses the first forwarding rule. The destination virtual switch forwards the data packet to the destination virtual machine, realizes the transmission across the WAN, and establishes the transmission link between the virtual machines in different data centers, thereby solving the problem that the controllers of the data centers in the prior art cross a large amount of information. WAN sharing synchronization increases the processing load of the controller, wastes the processing resources of the controller, reduces the problem of the processing efficiency of the controller for the data packet, realizes the interconnection of the virtual network between the multiple data centers, and reduces the processing load of the controller. The control processing resources are saved, and the processing efficiency of the data packet by the controller is improved.

Embodiment 11

In addition, the processing device of the data packet provided by the seventh embodiment of the present invention may be implemented as follows to implement the method for processing a data packet in the foregoing embodiment of the present invention, where the device is in a source data center, and the source data is The center also includes the source vSwitch, the source VM, and the source vProxy. As shown in FIG. 15, the processing device of the data packet includes a network interface 1510, a processor 1520, and a memory 1530. System bus 1540 is used to connect network interface 1510, processor 1520, and memory 1530.

The network interface 1510 is configured to perform interactive communication with the source vSwitch and the source vProxy.

The memory 1530 can be a persistent storage, such as a hard drive and flash memory, and the memory 1530 is for storing applications, the application including instructions for enabling the processor 1520 to access and execute the following instructions:

Receiving, by the source virtual switch, a data packet sent by the source virtual machine, where the data packet carries a target address of the data packet, where the target address includes an IP address of a destination virtual machine that communicates with the source virtual machine;

If the IP address of the destination virtual machine is not stored in the address list, the source controller determines that the destination virtual machine is not in the source data center;

Determining a first forwarding rule for forwarding the data packet to the destination virtual machine;

Transmitting the first forwarding rule to the source virtual switch and the source virtual proxy, respectively, to cause the source virtual switch to forward the data packet to the source virtual proxy by using the first forwarding rule, The source virtual agent forwards the data packet to the destination data center where the destination virtual machine is located by using the first forwarding rule and the stored routing forwarding table.

Specifically, the processing device of the data packet further performs the processing method of the data packet according to the first embodiment, the fifth embodiment, and the sixth embodiment according to the instruction, and details are not described herein.

Example twelve

In addition, the processing apparatus for the data packet provided by the eighth embodiment of the present invention may be implemented as follows to implement the method for processing a data packet in the foregoing embodiment of the present invention, where the device is in a destination data center, and the destination data is The center also includes the destination vSwitch, destination VM, and destination vProxy. As shown in FIG. 16, the processing device of the data packet includes a network interface 1610, a processor 1620, and a memory 1630. System bus 1640 is used to connect network interface 1610, processor 1620, and memory 1630.

The network interface 1610 is configured to perform interactive communication with the destination vSwitch and the destination vProxy.

The memory 1630 may be a permanent memory such as a hard disk drive and a flash memory, and the memory 1630 Used to store an application, the application including instructions that can be used to cause the processor 1620 to access and execute the following instructions:

Receiving, by the destination virtual agent, a data packet sent by the source virtual agent, where the data packet carries a target address of the data packet, where the target address includes an IP address of the destination virtual machine;

Sending, to the destination virtual proxy and the destination virtual switch, a first forwarding rule, respectively, to enable the destination virtual proxy to forward the data packet to the destination virtual switch by using the first forwarding rule, where the destination virtual The switch forwards the data packet to the destination virtual machine using the first forwarding rule.

Specifically, the processing device of the data packet further performs the processing method of the data packet described in the foregoing Embodiment 2, the fifth embodiment, and the sixth embodiment according to the instruction, and details are not repeatedly described herein.

Example thirteen

In addition, the processing device of the data packet provided by the ninth embodiment of the present invention may be implemented as follows to implement the method for processing a data packet in the foregoing embodiment of the present invention, where the device is in a source data center, and the source data is The center also includes the source vSwitch, the source VM, and the source controller. As shown in FIG. 17, the processing device of the data packet includes a network interface 1710, a processor 1720, and a memory 1730. System bus 1740 is used to connect network interface 1710, processor 1720, and memory 1730.

The network interface 1710 is used for interactive communication with the source vSwitch, the source controller, and the destination data center.

Memory 1730 can be a persistent storage, such as a hard drive and flash memory, and memory 1730 is used to store applications, which can be used to enable processor 1720 to access and execute, for example. The following instructions:

Receiving a data packet sent by the source virtual switch, where the data packet carries a target address of the data packet;

The source virtual proxy receives a first forwarding rule sent by the source controller, where the first forwarding rule is used to forward the data packet to a destination virtual machine indicated by the target address;

Determining, by the source virtual agent, the data packet to the destination virtual agent using the first forwarding rule and the stored routing forwarding table according to the target address of the data packet, so that the destination virtual agent will The packet is forwarded to the destination virtual machine.

Specifically, the processing device of the data packet further performs the processing method of the data packet according to the foregoing embodiment 3, the fifth embodiment, and the sixth embodiment according to the instruction, and details are not repeatedly described herein.

Embodiment 14

In addition, the processing device of the data packet provided by the tenth embodiment of the present invention may be implemented as follows to implement the method for processing a data packet in the foregoing embodiment of the present invention, where the device is in a destination data center, and the destination data is The center also includes the source vSwitch, the source VM, and the destination controller. As shown in FIG. 18, the processing device of the data packet includes a network interface 1810, a processor 1820, and a memory 1830. System bus 1840 is used to connect network interface 1810, processor 1820, and memory 1830.

The network interface 1810 is used for interactive communication with the destination vSwitch, the destination controller, and the destination data center.

The memory 1830 can be a persistent storage, such as a hard drive and flash memory, and the memory 1830 is for storing applications, the application including instructions that can be used to cause the processor 1820 to access and execute the following instructions:

The destination virtual agent receives the data packet sent by the source virtual agent, where the data packet carries the target address of the data packet;

When the destination virtual agent does not find a forwarding rule that matches the target address, the destination virtual agent sends the data packet to the destination controller;

The destination virtual agent receives a first forwarding rule sent by the destination controller, where the first forwarding rule is used to forward the data packet to a destination virtual machine indicated by the target address;

Using the first forwarding rule, the destination virtual agent sends the data packet to the destination virtual machine through a destination virtual switch.

Example fifteen

Correspondingly, the fifteenth embodiment of the present invention further provides a processing system for a data packet. As shown in FIG. 19, the system includes a first data center and a second data center, where the first data center includes the seventh embodiment of the present invention. And the processing device for the data packet provided by the embodiment 9 of the present invention, the second data center includes the processing device of the data packet provided by the embodiment 8 of the present invention and the tenth embodiment of the present invention;

Or the processing of the data packet provided by the embodiment 11 of the present invention and the thirteenth embodiment of the present invention. The second data center includes the twelfth embodiment of the present invention and the thirteenth embodiment of the present invention. The processing device of the data packet.

Further, the system further includes: an access switch;

Further, the system further includes: a core switch.

The foregoing various embodiments have described the working process of each device included in the data center in detail, and will not be repeated herein.

It should be noted that, in the actual networking, a communication tunnel may be established between the access switch accessed by the virtual agent in the first data center and the access switch accessed by the virtual agent in the second data center, so that the virtual agents are The communication, the data packets between the VMs, and the packets are forwarded through the communication tunnel, and the data packets and packets are not forwarded through the core switch, router, or WAN, thereby saving the transmission path. The communication tunnel is specifically a Multi-Protocol Label Switching (Virtual Private Network, MPLS VPN).

A person skilled in the art should further appreciate that it is described in connection with the embodiments disclosed herein. The unit and algorithm steps of the various examples can be implemented in electronic hardware, computer software, or a combination of both. In order to clearly illustrate the interchangeability of hardware and software, various features have been generally described in terms of function in the above description. Example composition and steps. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.

The steps of a method or algorithm described in connection with the embodiments disclosed herein can be implemented in hardware, a software module executed by a processor, or a combination of both. The software module can be placed in random access memory (RAM), memory, read only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or technical field. Any other form of storage medium known.

The specific embodiments of the present invention have been described in detail with reference to the preferred embodiments of the present invention. All modifications, equivalent substitutions, improvements, etc., made within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims

A method for processing a data packet, the method comprising:

The source controller receives a data packet sent by the source virtual machine and transmitted by the source virtual machine, where the data packet carries a target address of the data packet, where the target address includes a destination virtual machine that communicates with the source virtual machine. IP address;

Determining, according to the IP address of the destination virtual machine, whether the IP address of the destination virtual machine is stored in the address list;

If the IP address of the destination virtual machine is not stored in the address list, the source controller determines that the destination virtual machine is not in the source data center;

The source controller determines a first forwarding rule for forwarding the data packet to the destination virtual machine;

Transmitting, by the source controller, the first forwarding rule to the source virtual switch and the source virtual proxy, respectively, to cause the source virtual switch to forward the data packet to the source by using the first forwarding rule a virtual proxy, the source virtual proxy forwarding the data packet to a destination data center where the destination virtual machine is located by using the first forwarding rule and the stored routing forwarding table;

The source controller, the source virtual switch, the source virtual machine, and the source virtual agent are both in the source data center.
The method for processing a data packet according to claim 1, wherein the target address further comprises a MAC address of the destination virtual machine;

The determining, by the source controller, the first forwarding rule for forwarding the data packet to the destination virtual machine includes:

If the destination virtual machine is not in the source data center, and the destination virtual machine is in the same network segment as the source virtual machine, the source controller is configured according to the MAC address of the destination virtual machine and the destination The IP address of the virtual machine, determining a transmission path for forwarding the data packet;

Based on the transmission path, the source controller determines a first forwarding rule for forwarding the data packet to the destination virtual machine.
The method for processing a data packet according to claim 2, wherein before the source controller receives the data packet sent by the source virtual machine and forwarded by the source virtual switch, the method further includes:

The source controller receives an ARP request that is sent by the source virtual switch and is sent by the source virtual machine, where the ARP request is used to obtain a MAC address of the destination virtual machine, where the ARP request includes the destination virtual IP address of the machine;

Determining, according to the IP address of the destination virtual machine, the MAC address of the destination virtual machine that matches the IP address of the destination virtual machine in the address list;

If the source controller does not find the MAC address of the destination virtual machine, the source controller determines a second forwarding rule for forwarding the ARP request to the destination virtual machine;

The source controller respectively sends a second forwarding rule to the source virtual switch and the source virtual proxy, so that the source virtual switch forwards the ARP request to the source by using the second forwarding rule a virtual proxy, the source virtual proxy forwards the ARP request to the destination data center by using the second forwarding rule and the stored routing forwarding table, and passes the received ARP response sent by the destination virtual machine The source virtual switch sends the source virtual machine, and the ARP response includes a MAC address of the destination virtual machine.
The method for processing a data packet according to claim 1, wherein the determining, by the source controller, the first forwarding rule for forwarding the data packet to the destination virtual machine comprises:

If the destination virtual machine is not in the source data center, and the destination virtual machine and the source virtual machine are in different network segments, the source controller acquires the destination virtual network according to the IP address of the destination virtual machine. The MAC address of the gateway;

Determining, according to the MAC address of the destination virtual gateway and the IP address of the destination virtual machine, the transmission path of forwarding the data packet;

Based on the transmission path, the source controller determines a first forwarding rule for forwarding the data packet to the destination virtual machine.
A method of processing a data packet according to claim 4, wherein said target The address further includes a MAC address of the source virtual gateway, and the source controller further includes: before the sending, by the source controller, the first forwarding rule to the source virtual switch and the source virtual proxy:

The source controller carries the MAC address of the destination virtual gateway in the first forwarding rule, so that the source virtual switch uses the first forwarding rule to set the MAC address of the source gateway and the The MAC address of the destination gateway is encapsulated in the data packet, and the encapsulated data packet is forwarded to the source virtual proxy.
The method for processing a data packet according to claim 5, wherein before the source controller receives the data packet sent by the source virtual machine and forwarded by the source virtual switch, the method further includes:

The source controller receives an ARP request sent by the source virtual switch, and the ARP request is used to obtain a MAC address of the source virtual gateway, where the ARP request includes the source virtual The IP address of the gateway;

Determining, according to the IP address of the source virtual gateway, whether the MAC address of the source virtual gateway that matches the IP address is stored in the address list;

If the source controller finds the MAC address of the source virtual gateway, the source controller sends an ARP response to the source virtual machine by using the source virtual switch, where the ARP response includes the source virtual gateway MAC address.
A method for processing a data packet, the method comprising:

The destination controller receives the data packet sent by the source virtual agent forwarded by the destination virtual agent, where the data packet carries a target address of the data packet, where the target address includes an IP address of the destination virtual machine;

Determining, according to the IP address of the destination virtual machine, whether the IP address of the destination virtual machine is stored in the address list;

If the IP address of the destination virtual machine is stored in the address list, the destination controller determines that the destination virtual machine is in the destination data center;

Determining, by the destination controller, a first forwarding rule for forwarding the data packet to the destination virtual machine;

Transmitting, by the destination controller, a first forwarding rule to the destination virtual proxy and the destination virtual switch, respectively, to enable the destination virtual proxy to forward the data packet to the destination virtual switch by using the first forwarding rule Deleting, by the destination virtual switch, the data packet to the destination virtual machine by using the first forwarding rule;

The destination controller, the destination virtual proxy, and the destination virtual switch are in a destination data center, and the source virtual proxy is in a source data center.
The method for processing a data packet according to claim 7, wherein the target address further comprises a MAC address of the destination virtual machine;

The determining, by the destination controller, the first forwarding rule that is used to forward the data packet to the destination virtual machine includes:

If the destination virtual machine is in the destination data center, and the destination virtual machine is in the same network segment as the source virtual machine, the destination controller searches for a presence or absence according to the MAC address of the destination virtual machine. The destination virtual machine matches the connected virtual switch of the destination;

If the destination controller finds the destination virtual switch that is connected to the destination virtual machine, the destination controller determines, according to the MAC address of the destination virtual gateway and the IP address of the destination virtual machine. Forwarding the transmission path of the data packet;

And according to the transmission path, the destination controller determines a first forwarding rule for forwarding the data packet to the destination virtual machine.
The method for processing a data packet according to claim 8, wherein before the destination controller receives the data packet sent by the source virtual proxy forwarded by the destination virtual proxy, the method further includes:

Receiving, by the destination virtual agent, an ARP request sent by the source virtual agent, where the ARP request is used to obtain a MAC address of the destination virtual machine, where the ARP request includes the destination virtual machine IP address;

Determining, according to the IP address of the destination virtual machine, the destination virtual switch that is connected to the destination virtual machine;

If the destination controller finds the target virtual connection that is matched with the destination virtual machine Referring to the switch, the destination controller determines a second forwarding rule for forwarding the ARP request to the destination virtual machine;

Transmitting, by the destination controller, the second forwarding rule to the destination virtual proxy and the destination virtual switch, respectively, to enable the destination virtual proxy to forward the ARP request to the a destination virtual switch, the destination virtual switch forwarding the ARP request to the destination virtual machine by using the second forwarding rule, and receiving an ARP response sent by the destination virtual machine, and passing the destination virtual proxy Sending the ARP response to the source virtual agent, the ARP response including a MAC address of the destination virtual machine.
The method for processing a data packet according to claim 7, wherein the determining, by the destination controller, the first forwarding rule for forwarding the data packet to the destination virtual machine comprises:

If the destination virtual machine is in the destination data center, and the destination virtual machine and the source virtual machine are in different network segments, the destination controller acquires the destination virtual machine according to the IP address of the destination virtual machine. MAC address;

Determining, according to the MAC address of the destination virtual machine, the destination virtual switch that has a matching connection with the destination virtual machine;

If the destination controller finds the destination virtual switch that is matched with the destination virtual machine, the destination controller determines forwarding according to the destination virtual MAC address and the destination virtual machine IP address. The transmission path of the data packet;

And according to the transmission path, the destination controller determines a first forwarding rule for forwarding the data packet to the destination virtual machine.
A processing device for a data packet, characterized in that the device comprises:

a receiving unit, configured to receive, by the source virtual switch, a data packet sent by the source virtual machine, where the data packet carries a target address of the data packet, where the target address includes a destination virtuality that is in communication with the source virtual machine IP address of the machine;

An identifying unit, configured to identify the destination virtual machine according to an IP address of the destination virtual machine Whether the IP address is already stored in the address list;

a determining unit, configured to determine that the destination virtual machine is not in the source data center if an IP address of the destination virtual machine is not stored in the address list;

The determining unit is further configured to determine a first forwarding rule for forwarding the data packet to the destination virtual machine;

a sending unit, configured to separately send the first forwarding rule to the source virtual switch and the source virtual proxy, so that the source virtual switch forwards the data packet to the source by using the first forwarding rule a virtual proxy, the source virtual proxy forwarding the data packet to a destination data center where the destination virtual machine is located by using the first forwarding rule and the stored routing forwarding table;

The processing device of the data packet, the source virtual switch, the source virtual machine, and the source virtual agent are both in the source data center.
The processing device for a data packet according to claim 11, wherein the target address of the data packet received by the receiving unit further comprises a MAC address of the destination virtual machine;

The determining unit is specifically configured to: if the destination virtual machine is not in the source data center, and the destination virtual machine is in the same network segment as the source virtual machine, according to the MAC address of the destination virtual machine and Determining, by the IP address of the destination virtual machine, a transmission path for forwarding the data packet;

Determining, according to the transmission path, a first forwarding rule for forwarding the data packet to the destination virtual machine.
The apparatus for processing a data packet according to claim 12, wherein the receiving unit is further configured to receive an ARP request sent by the source virtual machine and forwarded by the source virtual switch, where the ARP request is used by the source virtual switch. Obtaining a MAC address of the destination virtual machine, where the ARP request includes an IP address of the destination virtual machine;

The device further includes: a first searching unit, configured to search, according to an IP address of the destination virtual machine, whether a MAC of the destination virtual machine that matches an IP address of the destination virtual machine is stored in the address list Address

The determining unit is further configured to: if the MAC address of the destination virtual machine is not found, determine a second forwarding rule for forwarding the ARP request to the destination virtual machine;

The sending unit is further configured to send a second forwarding rule to the source virtual switch and the source virtual proxy respectively, so that the source virtual switch forwards the ARP request to the second forwarding rule by using the second forwarding rule to The source virtual agent, the source virtual proxy forwards the ARP request to the destination data center by using the second forwarding rule and the stored routing forwarding table, and sends the received destination virtual machine The ARP response is sent to the source virtual machine by the source virtual switch, and the ARP response includes a MAC address of the destination virtual machine.
The processing device of the data packet according to claim 11, wherein the determining unit is specifically configured to: if the destination virtual machine is not in the source data center, and the destination virtual machine is virtual with the source The machine is in different network segments, and the MAC address of the destination virtual gateway is obtained according to the IP address of the destination virtual machine.

Determining, according to the MAC address of the destination virtual gateway and the IP address of the destination virtual machine, a transmission path for forwarding the data packet;

Determining, according to the transmission path, a first forwarding rule for forwarding the data packet to the destination virtual machine.
The processing device for a data packet according to claim 14, wherein the target address of the data packet received by the receiving unit further comprises a MAC address of the source virtual gateway;

The device further includes: a processing unit, configured to carry a MAC address of the destination virtual gateway in the first forwarding rule, so that the source virtual switch uses the first forwarding rule to use the source The MAC address of the gateway and the MAC address of the destination gateway are encapsulated in the data packet, and the encapsulated data packet is forwarded to the source virtual proxy.
The apparatus for processing a data packet according to claim 15, wherein the receiving unit is further configured to receive an ARP request sent by the source virtual machine and forwarded by the source virtual switch, where the ARP request is used by the source virtual switch. Obtaining a MAC address of the source virtual gateway, where the ARP request includes an IP address of the source virtual gateway;

The device further includes: a second searching unit, configured to search, according to an IP address of the source virtual gateway, whether a MAC address of the source virtual gateway that matches the IP address is stored in the address list;

The sending unit is further configured to: if the MAC address of the source virtual gateway is found, send an ARP response to the source virtual machine by using the source virtual switch, where the ARP response includes a MAC of the source virtual gateway. address.
A processing device for a data packet, characterized in that the device comprises:

a receiving unit, configured to receive a data packet sent by the source virtual agent and forwarded by the source virtual agent, where the data packet carries a target address of the data packet, where the target address includes an IP address of the destination virtual machine;

An identifying unit, configured to identify, according to an IP address of the destination virtual machine, whether an IP address of the destination virtual machine is stored in an address list;

a determining unit, configured to determine that the destination virtual machine is in the destination data center if an IP address of the destination virtual machine is stored in the address list;

The determining unit is further configured to: if the destination virtual machine is in the destination data center, determine a first forwarding rule for forwarding the data packet to the destination virtual machine;

a sending unit, configured to separately send a first forwarding rule to the destination virtual proxy and the destination virtual switch, so that the destination virtual proxy forwards the data packet to the destination virtual switch by using the first forwarding rule Deleting, by the destination virtual switch, the data packet to the destination virtual machine by using the first forwarding rule;

The processing device of the data packet, the destination virtual agent, and the destination virtual switch are in a destination data center, and the source virtual agent is in a source data center.
The processing device for a data packet according to claim 17, wherein the destination address of the data packet received by the receiving unit further comprises a MAC address of the destination virtual machine;

The determining unit is specifically configured to: if the destination virtual machine is in the destination data center, and the destination virtual machine and the source virtual machine are in the same network segment, according to the destination virtual machine MAC address, to find whether there is a destination virtual switch that is connected to the destination virtual machine;

Determining, by the MAC address of the destination virtual machine and the IP address of the destination virtual machine, a transmission path for forwarding the data packet, if the destination virtual switch is connected to the destination virtual machine;

Determining, according to the transmission path, a first forwarding rule for forwarding the data packet to the destination virtual machine.
The processing device for a data packet according to claim 18, wherein the receiving unit is further configured to receive an ARP request sent by the source virtual agent forwarded by the destination virtual agent, where the ARP request is used for Obtaining a MAC address of the destination virtual machine, where the ARP request includes an IP address of the destination virtual machine;

The determining unit is further configured to: according to the IP address of the destination virtual machine, find whether there is a destination virtual switch that is matched and connected to the destination virtual machine;

Determining, by the destination virtual switch that is connected to the destination virtual machine, a second forwarding rule for forwarding the ARP request to the destination virtual machine;

The sending unit is further configured to send the second forwarding rule to the destination virtual proxy and the destination virtual switch, respectively, to enable the destination virtual proxy to forward the ARP request by using the second forwarding rule. To the destination virtual switch, the destination virtual switch forwards the ARP request to the destination virtual machine by using the second forwarding rule, and receives an ARP response sent by the destination virtual machine, and passes the The destination virtual agent sends the ARP response to the source virtual agent, the ARP response including a MAC address of the destination virtual machine.
The processing device for a data packet according to claim 17, wherein the determining unit is specifically configured to: if the destination virtual machine is in a destination data center, and the destination virtual machine is different from the source virtual machine The network segment obtains the MAC address of the destination virtual machine according to the IP address of the destination virtual machine.

Determining whether there is a virtual machine with the destination virtual machine according to the MAC address of the destination virtual machine The destination virtual switch to be connected;

Determining, by the MAC address of the destination virtual machine and the IP address of the destination virtual machine, a transmission path for forwarding the data packet, if the destination virtual switch is matched with the target virtual machine;

Determining, according to the transmission path, a first forwarding rule for forwarding the data packet to the destination virtual machine.