WO2015192584A1 - Virtual routing system and method - Google Patents

Virtual routing system and method Download PDF

Info

Publication number
WO2015192584A1
WO2015192584A1 PCT/CN2014/090190 CN2014090190W WO2015192584A1 WO 2015192584 A1 WO2015192584 A1 WO 2015192584A1 CN 2014090190 W CN2014090190 W CN 2014090190W WO 2015192584 A1 WO2015192584 A1 WO 2015192584A1
Authority
WO
WIPO (PCT)
Prior art keywords
route
virtual
network
routing
source
Prior art date
Application number
PCT/CN2014/090190
Other languages
French (fr)
Chinese (zh)
Inventor
张玉军
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2015192584A1 publication Critical patent/WO2015192584A1/en

Links

Images

Definitions

  • the present invention relates to the field of communications, and in particular to a virtual routing system and method.
  • the virtualized network isolates the virtual machines in the private network of the tenant in a Virtual Local Area Network (VLAN)/Virtual Extensible LAN (VXLAN)/Generic Routing Encapsulation (referred to as Generic Routing Encapsulation).
  • VLAN Virtual Local Area Network
  • VXLAN Virtual Extensible LAN
  • GRE Generic Routing Encapsulation
  • GRE Generic Routing Encapsulation
  • the embodiment of the invention provides a virtual routing system and method to solve at least the problem of a single virtual routing bearer node in the related art.
  • a virtual routing system including: a primary routing, configured to provide a three-layer routing function for virtual machine communication of different virtual networks within a computing node of a data center virtualization platform, and provide a source address translation/destination address translation function to a data center network outside the computing node; a secondary route configured to provide a three-layer routing function for virtual machine communication to which different virtual networks belong to the computing node; a border gateway routing, Set to provide source address translation/destination address translation to the external network for the data center virtualization platform.
  • the primary route is located in the computing node; the secondary route is located in a network element device that can implement a route virtualization function; the border gateway route is located at a gateway function that provides the data center network to an external network. In the routing entity.
  • the secondary route supports a virtual route dynamic migration protocol VROOM.
  • the border gateway routing supports the Border Gateway Routing Protocol BGP or the Open Shortest Path First Protocol OSPF protocol.
  • the system also includes a network controller configured to create or delete the primary route, and/or to add or remove an interface of the virtual network for the primary route; and/or set to create, delete, or Migrating the border gateway route, and/or routing an interface for the border gateway to add or remove virtual networks.
  • a network controller configured to create or delete the primary route, and/or to add or remove an interface of the virtual network for the primary route; and/or set to create, delete, or Migrating the border gateway route, and/or routing an interface for the border gateway to add or remove virtual networks.
  • a virtual routing method which is applied to the virtual routing system, and includes: a source-level route receives a data packet sent by a source virtual machine to a target device, where the source level The route is a primary route corresponding to the source virtual machine; the source primary route forwards the data packet to the target device when the target device is in the node where the source primary route is located a virtual network; or the source-level route forwards the data packet to the secondary route if the target device is located in the data center virtualization platform but not in the node where the source-level routing is located; Or the source-level routing performs source address translation/destination address conversion to the internal network, and sends the data packet to the data center network outside the computing node. Giving the target device; or the source-level routing to the internal network if the target device is not in the data center network Source address translation/destination address translation and forwarding to the border gateway route.
  • the source-level route requests a forwarding policy from the network controller; the network controller requests the data center virtualization platform to acquire the location of the target device; and the network controller is configured according to the target device.
  • the location of the routing policy is delivered to the source-level routing, where the forwarding policy includes: when the target device is in the node where the source-level routing is located, the source-level routing The data packet is forwarded to the virtual network where the target device is located; or, in a case where the target device is located in the data center virtualization platform but is not in the node where the source-level routing is located, the source level Route forwarding the data packet to the secondary route; or, if the target device is located in a data center network outside the computing node, the source primary routing performs the data packet to the internal network Source address translation/destination address translation and sent to the target device; or, in the case where the target device is not in the data center network, the source level The routing performs source address translation/destination address translation on the internal network to the internal network, and forwards
  • the method further includes: the network controller assigning a unique global identifier to each of the virtual networks.
  • the network controller performs scheduling migration on the secondary route load balancing, and/or recovers the suspended secondary route.
  • the network controller Before the network controller performs the scheduled migration of the secondary routing load balancing, the network controller further determines, according to the collected metric, whether to perform scheduling migration on the secondary routing load balancing, where
  • the metric factor includes at least one of the following: hardware resource utilization, network bearer bandwidth, and power saving requirement of the secondary route.
  • the method further includes: the network controller providing the collected metric to the third party through the northbound interface; the network controller receiving the The third-party scheduling policy is described, and the secondary routing load balancing is scheduled to be migrated according to the scheduling policy.
  • the network controller Before the network controller recovers the hanged secondary route, the network controller further moves all the virtual routes that are responsible for running the secondary route hanged in the secondary routing cluster, and sequentially The hanged secondary route is cloned in other units of the secondary routing cluster.
  • the method further includes: the network controller assigning a unique global identifier to each of the virtual networks.
  • the method further includes: the secondary route forwarding the data packet to a target primary route corresponding to the target device, and by the target The primary route forwards the data packet to the virtual network where the target device is located.
  • the method further includes: the border gateway routing performing source address translation/destination address translation on the data packet to the external network, and forwarding to the External network.
  • a virtual routing system includes: a primary routing, configured to provide a three-layer routing function for virtual machine communication of different virtual networks within a computing node of the data center virtualization platform, and provide the computing to the computing The source address translation/destination address translation function of the data center network outside the node; the secondary route is set to provide a three-layer routing function for the virtual machine communication to which the different virtual networks belong to the computing node; the border gateway routing is set to be data
  • the central virtualization platform provides source address translation/destination address translation to the external network, which solves the problem of single routing of virtual routing bearers in related technologies, improves data center network performance and availability, and reduces virtual network communication to physical network bandwidth. The effect of consumption.
  • FIG. 1 is a structural block diagram of a virtual routing system according to an embodiment of the present invention.
  • FIG. 2 is a flowchart of a virtual routing method according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of a method for implementing virtual route of a data center network according to Embodiment 1 of the present invention
  • FIG. 4 is a schematic diagram of a virtual machine routing process between virtual nodes of a computing node according to a first embodiment of the present invention
  • FIG. 5 is a schematic diagram of a virtual machine routing process between virtual nodes of different computing nodes according to the first embodiment of the present invention
  • FIG. 6 is a schematic diagram of a process of address translation between a virtual machine and an external network communication network in a virtual network according to Embodiment 1 of the present invention.
  • the present embodiment implements a high-performance and high-availability implementation method for virtual routes of a cloud computing data center network in response to the defects of the current data center virtual routing, and effectively solves the single problem of the virtual routing bearer node, and the virtual network between the same computing node.
  • the communication problem realizes a distributed multi-level virtual routing implementation scheme, which can improve the performance and availability of the data center network and reduce the bandwidth consumption of the physical network between the virtual network communication.
  • FIG. 1 is a structural block diagram of a virtual routing system according to an embodiment of the present invention. As shown in FIG. 1 , the system includes a primary routing 12 and a secondary routing 14 . And border gateway routing 16, as detailed below:
  • the primary routing 12 is configured to provide a three-layer routing function for virtual machine communication of different virtual networks within the computing node of the data center virtualization platform, and provide source address translation/destination address to the data center network outside the computing node Conversion function
  • the secondary route 14 is configured to provide a three-layer routing function for virtual machine communication to which the different virtual networks belong to the computing nodes;
  • Border Gateway Route 16 set to provide source address translation/destination address translation to the external network for the data center virtualization platform.
  • the route is separated from the primary route, the secondary route, and the border gateway route in the virtual routing architecture, and the route inside the compute node is processed by the primary route, and the route between the compute nodes is routed by the secondary route.
  • the processing and routing with the external network are handled by the border gateway.
  • the three types of routing work cooperate to solve the problem of single routing of the virtual routing bearer in the related technology, and improve the performance and availability of the data center network and reduce the communication between the virtual networks. The effect of physical network bandwidth consumption.
  • the primary route may be located in the computing node; the secondary route is located in a network element device cluster that implements a route virtualization function; the border gateway route is located to provide the data center network to the external The gateway function of the network is in the routing entity cluster.
  • the secondary route can support Virtual Routers On the Move (VROOM), so that load migration can be implemented between the secondary routes, thereby completing load balancing and preventing a single node from hanging. Affect business implementation.
  • VROOM Virtual Routers On the Move
  • each of the virtual networks may have a unique global identity. This can facilitate the control layer device to manage and control the routing and forwarding of each virtual network.
  • the border gateway route may support a Border Gateway Protocol (BGP) or an Open Shortest Path First (OSPF) protocol.
  • BGP Border Gateway Protocol
  • OSPF Open Shortest Path First
  • the system may further include a network controller 18 configured to create or delete the primary routing, and/or to add or remove an interface of the virtual network for the primary routing; and/or, set to Creating, deleting, or migrating the border gateway route, and/or routing an interface for the border gateway to add or remove virtual networks.
  • a network controller 18 configured to create or delete the primary routing, and/or to add or remove an interface of the virtual network for the primary routing; and/or, set to Creating, deleting, or migrating the border gateway route, and/or routing an interface for the border gateway to add or remove virtual networks.
  • FIG. 2 is a flowchart of a virtual routing method according to an embodiment of the present invention. As shown in FIG. 2, the method includes The following steps:
  • Step S202 The source-level route receives the data packet sent by the source virtual machine to the target device, where the source-level route is a primary route corresponding to the source virtual machine.
  • Step S204 the source-level route forwards the data packet to the virtual network where the target device is located if the target device is in the node where the source-level route is located; or the source level Routing, when the target device is located in the data center virtualization platform but not in the node where the source-level routing is located, forwarding the data packet to the secondary route; or the source-level routing is in the Where the target device is located in a data center network outside the computing node, performing source address translation/destination address translation on the internal network to the data packet, and transmitting the data packet to the target device; or The source-level route performs source address translation/destination address conversion to the internal network and forwards the packet to the border gateway route if the target device is not in the data center network.
  • the single problem of the virtual routing bearer node in the related technology is solved, thereby improving the performance and availability of the data center network, and reducing the effect of the communication between the virtual networks on the bandwidth consumption of the physical network.
  • the step S204 may be implemented by using a forwarding policy of the network controller, where the source-level route requests a forwarding policy from the network controller, and the network controller requests the data center virtualization platform to acquire the target device.
  • the network controller sends the forwarding policy to the source-level route according to the location of the target device, where the forwarding policy includes: where the target device is routed at the source level In the case of a node, the source-level route forwards the data packet to a virtual network where the target device is located; or, when the target device is located in the data center virtualization platform but not at the source level In the case that the route is located in the node, the source first-level route forwards the data packet to the secondary route; or, in a case where the target device is located in a data center network outside the computing node, the source one Level routing performs source address translation/destination address translation of the data packet to the internal network and transmits to the target device; or, at the target If the source-level route is not in the data center network,
  • the data center virtualization platform is a virtual network
  • the data center network outside the computing node is a real network in the data center
  • the external network of the data center network is a real or virtual network outside the data center.
  • the method further includes: the network controller assigning a unique global identifier to each of the virtual networks.
  • the network controller may further perform scheduling migration on the secondary route load balancing, and/or The secondary route is restored.
  • VROOM virtual route dynamic migration protocol
  • the network controller may determine, according to the collected metric, whether to perform scheduling migration on the secondary routing load balancing.
  • the metric factor may include, but is not limited to, at least one of the following: hardware resource utilization, network bearer bandwidth, and energy saving requirement of the secondary route.
  • the network controller may further provide the collected metrics to the third party through the northbound interface, and then perform scheduling migration on the secondary route load balancing according to the received third-party scheduling policy, where The third party interacts with the northbound interface of the system for other control systems participating in the system.
  • the network controller may: move the virtual route responsible for running the secondary route hanged in the secondary routing cluster And cloning the hanged secondary route in the other units of the secondary routing cluster.
  • the network controller may further assign a unique global identifier to each of the virtual networks before the source-level routing requests a forwarding policy from the network controller.
  • the secondary route may forward the data packet to a target primary route corresponding to the target device, and The target primary route forwards the data packet to the virtual network where the target device is located.
  • the border gateway route may perform source address translation/destination address translation on the data packet to the external network, and forward the packet to the Said external network.
  • the data center network construction of the data center network virtual route high performance and high availability implementation method includes: the data center network is constructed in a two-dimensional manner of a network control plane and a data forwarding plane, where the network control plane is There is a unique global logic controller; the data center network implements the network virtualization function, and the network controller assigns a unique global identifier to each virtual network; the three-layer routing function in the virtual network consists of multiple levels of distributed virtual routes to implement the data center.
  • High performance of network virtual routing; virtual routing logic entities can implement dynamic migration to achieve high availability of virtual routes in data center networks.
  • control plane controller allocates a global identifier to the virtualized network, and the virtual network can implement Layer 2 network isolation based on the manner of vlan/vxlan/gre.
  • the tenant needs to be assigned a network namespace to achieve complete isolation of the three- to seven-layer virtual network between tenants.
  • the multi-level distributed virtual route includes: a primary route, a secondary route, and a border gateway route.
  • the first-level routes are distributed in each computing node of the virtualization platform; the secondary routing and border gateway routing can provide high-performance network element device clusters that can perform related functions.
  • the secondary virtual route needs to support a virtual route migration protocol (VROOM), and the controller can dynamically adjust the data center virtual network, including virtual route load balancing scheduling migration and hanging node virtual route recovery.
  • VROOM virtual route migration protocol
  • the first-level route implements a three-layer routing function between different virtual networks in the computing node, and the first-level routing is configured according to the control plane controller to create a virtual deletion virtual route, and add and remove a virtual network interface for the virtual route.
  • the secondary routing implements a three-layer routing function of different virtual networks between computing nodes, and the secondary routing is carried by a group of network element devices capable of implementing routing virtualization, and each network element device in the cluster can be controlled according to The surface controller schedules the creation and deletion of virtual routes and adds and removes virtual network interfaces for virtual routes.
  • the border gateway route is a set of distributed routing entity clusters that provide gateway functions for the data center network to the external network, and each routing unit can run BGP/OSPF protocol to provide source address translation to the external network for the data center network. Destination address translation.
  • the primary source address translation/destination address conversion needs to be performed through the first-level route, and the virtual machine in the virtual machine virtual network and the external network of the data center exchange visits.
  • the secondary source address translation/destination address translation needs to be routed through the border gateway.
  • the secondary route needs to migrate the virtual route according to the load balancing controller of the control plane controller, and the controller can collect the measurement factors such as the hardware resource utilization rate, the network bearer bandwidth, and the energy saving requirement of the secondary route. Optimize the use of forwarding plane network element device resources.
  • the controller detects that a certain unit in the secondary routing cluster is hanged, all the virtual routes responsible for running are required to be migrated out, and the controller sequentially performs the above virtual according to the relevant scheduling policy.
  • the route clones the virtual route in other units in the cluster to ensure that the virtual network Layer 3 routing function is working properly. After the dead node is restored, it needs to be initialized before re-access, so that it can be scheduled as a new resource.
  • the controller may provide a northbound interface, provide the collected secondary routing metrics to the third party, and formulate a customized secondary virtual routing scheduling policy by the third party.
  • the preferred embodiment solves many problems existing in the virtual routing construction scheme of the cloud computing data center network, and proposes a high-performance and high-availability implementation method for the virtual routing of the data center network, which can effectively improve the performance and availability of the data center network.
  • FIG. 3 is a schematic diagram of a method for implementing virtual route of a data center network according to a first embodiment of the present invention.
  • the data center network is controlled by a network control plane.
  • the data forwarding plane is constructed in two dimensions.
  • the network control plane has a unique global logic controller (Controller); the data center network implements network virtualization function, and the network controller assigns a unique global identifier to each virtual network; in the virtual network
  • the Layer 3 routing function consists of multi-level distributed virtual routes to achieve high performance of virtual routes in the data center network.
  • the virtual routing logical entities can implement dynamic migration to achieve high availability of virtual routes in the data center network.
  • the CONTROLLER represents the network control plane controller
  • the FVR is the first-level virtual route
  • the SVR is the secondary virtual route
  • the VM is the virtual machine
  • the SR is the network element device (secondary route) that can implement the route virtualization function.
  • BGR CLUSTER is a distributed border gateway routing cluster
  • CN is a computing virtualization platform computing node.
  • the controller allocates a global identifier to each virtualized network in the network in the cloud computing data.
  • the virtualized network may be based on the vlan/vxlan/gre mode to completely isolate the Layer 2 network, and the controller needs to generate one for each virtual network.
  • the mapping between the virtual network identifier and the network isolation identifier When the data center provides network-as-a-service services, the tenant needs to be assigned a network name space to implement complete isolation of the tenant-to-seven-layer virtual network between tenants.
  • the controller needs to generate a mapping relationship between the tenant ID and the namespace for each tenant.
  • the multi-level distributed virtual routing provides related three-layer network services such as routing, source address translation, and destination address translation for the virtualized network.
  • the multi-level distributed virtual routes include: primary routing, secondary routing, and border gateway routing.
  • the first-level route is distributed in each computing node of the virtualization platform; the secondary route and the border gateway route are provided by the high-performance network element device cluster that can perform related functions.
  • the primary routing logical entity resides inside the computing node of the virtualization platform, and provides a three-layer routing function for virtual machine communication between different virtual networks within the computing node, so that virtual machine communication between different networks within the same computing node does not need to occupy the data center network.
  • Bandwidth when the destination virtual machine does not exist in the same computing node, the primary route forwards the data packet to the secondary routing process, which can effectively reduce the east-west flow data between the virtual machines and improve the performance of the virtual network three-layer communication.
  • the primary route accepts the control plane controller scheduling, implements the function of creating delete and update pseudo virtual routes, and adds and removes virtual network interfaces to virtual routes.
  • the virtual route created by the primary route can provide a source address translation/destination address translation service for the virtual machine in the computing node.
  • the secondary routing implements the three-layer routing communication function of the virtual machine to which the virtual network belongs between the computing nodes.
  • the secondary routing is carried by a group of network element devices that can implement the routing virtualization function.
  • Each network element device in the cluster can be controlled according to the control plane.
  • the controller schedules the creation of delete updates and migration virtual routes, as well as the addition and removal of virtual network interfaces to virtual routes.
  • a border gateway route is a set of distributed routing entity clusters that provide gateway functions for data center networks to external networks.
  • Each routing unit can run BGP/OSPF protocols and provide source address translation/destination addresses to the external network for the data center network. Conversion function.
  • the virtual machine in the virtual network needs to undergo multiple address translations when accessing the external network. If the virtual machine in the virtual network communicates with the device in the internal public network of the data center, it needs to implement a primary route through the primary routing. Address translation/destination address translation. If the virtual machine in the virtual machine virtual network communicates with the external network of the data center, the secondary source address translation/destination address translation needs to be performed through the border gateway.
  • VROOM Virtual Route Migration Protocol
  • the controller can collect the metrics such as the hardware resource utilization, the network bearer bandwidth, and the energy saving requirement of the secondary route, and calculate the global resource.
  • the controller migrates the virtual route according to the load balancing scheduling policy, and optimizes the use of the forwarding surface network element device resource.
  • the controller detects that a unit in the secondary routing cluster is hanged, all the virtual routes that it is responsible for are moved out.
  • the controller clones the virtual route in the other units in the cluster according to the related scheduling policy. In order to ensure the normal operation of the virtual network Layer 3 routing function. After the dead node is restored, it needs to be initialized before re-access, so that it can be scheduled as a new resource.
  • the controller may provide a northbound interface, and provide the collected secondary routing metric factor data to a third party, and the third party formulates a customized secondary virtual routing scheduling policy.
  • FIG. 4 is a schematic diagram of a virtual machine routing process between computing nodes and virtual networks according to the first embodiment of the present invention. As shown in FIG. 4, when the virtual machine first sends data to the target virtual machine, the following steps are included:
  • Step S402 the source virtual machine sends a data packet to the first virtual route FVR of the computing node
  • Step S404 the source FVR is unknown to the destination virtual machine location, and requests the network controller CONTROLLER to install the forwarding policy.
  • Step S410 the CONTROLLER sends the forwarding policy to the source FVR according to the location of the target virtual machine
  • Step S412 The target virtual machine is in the computing node, and the source FVR directly forwards the data packet to the destination virtual machine virtual network.
  • FIG. 5 is a schematic diagram of a virtual machine routing process between virtual nodes of different computing nodes according to the first embodiment of the present invention. As shown in FIG. 5, when the virtual machine first sends data to the target virtual machine, the following steps are included:
  • Step S502 the source virtual machine sends a data packet to the first virtual route FVR of the computing node
  • Step S504 the source FVR is unknown to the destination virtual machine location, and requests the network controller CONTROLLER to install the forwarding policy.
  • Step S510 the CONTROLLER sends the forwarding policy to the source FVR according to the location of the target virtual machine
  • Step S512 the target virtual machine does not exist in the computing node, repackage the data packet and forward it to the secondary virtual routing SVR according to the CONTROLLER installation policy;
  • Step S514 the secondary virtual route forwards the data to the destination gateway FVR;
  • step S5166 the destination FVR forwards the data packet to the destination host virtual network.
  • a border gateway route is a set of routing entity clusters that provide gateway functions for data center networks to external networks.
  • Each routing unit can run BGP/OSPF protocols and provide source address translation/destination address translation to the external network for the data center network. .
  • FIG. 6 is a virtual network and external network communication network address translation in the virtual network according to the first embodiment of the present invention.
  • Translation referred to as NAT
  • FIG. 6 if the virtual machine in the virtual network and the device in the internal public network of the data center need to access the primary address translation/destination address conversion through the primary route, if the virtual machine The virtual machine interacts with the external network of the data center in the virtual network, and needs to perform secondary source address translation/destination address translation through the border gateway.
  • VROOM Virtual Route Migration Protocol
  • the controller can collect the metrics such as the hardware resource utilization, the network bearer bandwidth, and the energy saving requirement of the secondary route, and calculate the global resource.
  • the controller migrates the virtual route according to the load balancing scheduling policy, and optimizes the use of the forwarding surface network element device resource.
  • the controller detects that a unit in the secondary routing cluster is hanged, all the virtual routes that it is responsible for are moved out.
  • the controller clones the virtual route in the other units in the cluster according to the related scheduling policy. In order to ensure the normal operation of the virtual network Layer 3 routing function. After the dead node is restored, it needs to be initialized before re-access, so that it can be scheduled as a new resource.
  • the controller may provide a northbound interface, and provide the collected secondary routing metric factor data to a third party, and the third party formulates a customized secondary virtual routing scheduling policy.
  • a storage medium in which the above software is stored, including but not limited to an optical disk, a floppy disk, a hard disk, an erasable memory, and the like.
  • modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • the virtual routing system and method provided by the embodiments of the present invention have the following beneficial effects: solving the single problem of the virtual routing bearer node in the related art, improving the performance and availability of the data center network, and reducing the virtual network.

Abstract

Disclosed are a virtual routing system and method, the system comprises: level-1 routes configured to provide a layer-3 routing function for communication between virtual machines of different virtual networks within the calculation nodes of a data center virtual platform, and providing source address translation/destination address translation to the data center network external to the calculation nodes; level-2 routes configured to provide a layer-3 routing function for communication between virtual machines of different virtual networks between the calculation nodes; border gateway routes configured to provide source address translation/destination address translation to an external network for a data center virtual platform. The present invention solves the problem in the relevant art of a single carrier node for virtual routes, improving network performance and availability of the data center, and reducing the physical network bandwidth consumption by the communication between virtual networks.

Description

虚拟路由系统及方法Virtual routing system and method 技术领域Technical field
本发明涉及通信领域,具体而言,涉及一种虚拟路由系统及方法。The present invention relates to the field of communications, and in particular to a virtual routing system and method.
背景技术Background technique
提供基础设施即服务(Infrastructure as a Service,简称为IaaS)的云计算数据中心,为实现多租户隔离和虚拟机迁移等功能,需要实现网络虚拟化功能。虚拟化网络将租户私有网络下的虚拟机隔离在一个虚拟局域网(Virtual Local Area Network,简称为VLAN)/扩展虚拟局域网(Virtual Extensible LAN,简称为VXLAN)/通用路由协议封装(Generic Routing Encapsulation,简称为GRE)虚拟网络中。随着数据中心的发展,对网络的要求越来越高,要求数据中心网络高带宽、高效率、低时延,以及虚拟网络间通信,跨数据中心通信等需求。虚拟路由在数据中心网络通信中占据重要地位,但目前数据中心中虚拟路由的实现方案,在性能和高可用方面还存在诸多问题,如虚拟网络间东西流向问题,同一计算节点内部虚拟网络间通信仍要经过外部虚拟路由,虚拟路由承载节点单一,存在单点故障和性能瓶颈问题。A cloud computing data center that provides infrastructure as a service (IaaS), in order to implement functions such as multi-tenant isolation and virtual machine migration, requires network virtualization. The virtualized network isolates the virtual machines in the private network of the tenant in a Virtual Local Area Network (VLAN)/Virtual Extensible LAN (VXLAN)/Generic Routing Encapsulation (referred to as Generic Routing Encapsulation). For GRE) in a virtual network. With the development of data centers, the requirements for networks are getting higher and higher, requiring high bandwidth, high efficiency, low latency of data center networks, and communication between virtual networks and data center communication. Virtual routing plays an important role in data center network communication. However, the implementation of virtual routing in data centers still has many problems in performance and high availability, such as the east-west flow problem between virtual networks, and the internal virtual network communication between the same computing nodes. The external virtual routing still needs to be performed, and the virtual routing bearer node is single, and there are single point failures and performance bottlenecks.
针对相关技术中虚拟路由承载节点单一的问题,目前尚未提出有效的解决方案。In view of the single problem of the virtual routing bearer node in the related art, an effective solution has not been proposed yet.
发明内容Summary of the invention
本发明实施例提供了一种虚拟路由系统及方法,以至少解决相关技术中虚拟路由承载节点单一的问题。The embodiment of the invention provides a virtual routing system and method to solve at least the problem of a single virtual routing bearer node in the related art.
根据本发明的一个实施例,提供了一种虚拟路由系统,包括:一级路由,设置为为数据中心虚拟化平台的计算节点内部的不同虚拟网络的虚拟机通信提供三层路由功能,并提供到所述计算节点外部的数据中心网络的源地址转换/目的地址转换功能;二级路由,设置为为所述计算节点间不同虚拟网络所属的虚拟机通信提供三层路由功能;边界网关路由,设置为为数据中心虚拟化平台提供到外部网络的源地址转换/目的地址转换功能。According to an embodiment of the present invention, a virtual routing system is provided, including: a primary routing, configured to provide a three-layer routing function for virtual machine communication of different virtual networks within a computing node of a data center virtualization platform, and provide a source address translation/destination address translation function to a data center network outside the computing node; a secondary route configured to provide a three-layer routing function for virtual machine communication to which different virtual networks belong to the computing node; a border gateway routing, Set to provide source address translation/destination address translation to the external network for the data center virtualization platform.
所述一级路由位于所述计算节点中;所述二级路由位于可实现路由虚拟化功能的网元设备中;所述边界网关路由位于为所述数据中心网络提供到外部网络的网关功能的路由实体中。 The primary route is located in the computing node; the secondary route is located in a network element device that can implement a route virtualization function; the border gateway route is located at a gateway function that provides the data center network to an external network. In the routing entity.
所述二级路由支持虚拟路由动态迁移协议VROOM。The secondary route supports a virtual route dynamic migration protocol VROOM.
每个所述虚拟网络存在唯一的全局标识。There is a unique global identifier for each of the virtual networks.
所述边界网关路由支持边界网关路由协议BGP或者开放式最短路径优先协议OSPF协议。The border gateway routing supports the Border Gateway Routing Protocol BGP or the Open Shortest Path First Protocol OSPF protocol.
所述系统还包括:网络控制器,设置为创建或删除所述一级路由,和/或,为所述一级路由增加或移除虚拟网络的接口;和/或,设置为创建、删除或迁移所述边界网关路由,和/或,为所述边界网关路由增加或移除虚拟网络的接口。The system also includes a network controller configured to create or delete the primary route, and/or to add or remove an interface of the virtual network for the primary route; and/or set to create, delete, or Migrating the border gateway route, and/or routing an interface for the border gateway to add or remove virtual networks.
根据本发明的另一实施例,提供了一种虚拟路由方法,应用于上述虚拟路由系统中,包括:源一级路由接收到源虚拟机向目标设备发送的数据包,其中所述源一级路由为所述源虚拟机对应的一级路由;所述源一级路由在所述目标设备在所述源一级路由所在节点内的情况下,将所述数据包转发至所述目标设备所在虚拟网络;或者,所述源一级路由在所述目标设备位于所述数据中心虚拟化平台内但不在所述源一级路由所在节点内的情况下,转发所述数据包至二级路由;或者,所述源一级路由在所述目标设备位于所述计算节点外部的数据中心网络中的情况下,对所述数据包进行到所述内部网络的源地址转换/目的地址转换,并发送给所述目标设备;或者,所述源一级路由在所述目标设备不在所述数据中心网络中的情况下,对所述数据包进行到所述内部网络的源地址转换/目的地址转换,并转发至边界网关路由。According to another embodiment of the present invention, a virtual routing method is provided, which is applied to the virtual routing system, and includes: a source-level route receives a data packet sent by a source virtual machine to a target device, where the source level The route is a primary route corresponding to the source virtual machine; the source primary route forwards the data packet to the target device when the target device is in the node where the source primary route is located a virtual network; or the source-level route forwards the data packet to the secondary route if the target device is located in the data center virtualization platform but not in the node where the source-level routing is located; Or the source-level routing performs source address translation/destination address conversion to the internal network, and sends the data packet to the data center network outside the computing node. Giving the target device; or the source-level routing to the internal network if the target device is not in the data center network Source address translation/destination address translation and forwarding to the border gateway route.
本实施例中,所述源一级路由向网络控制器请求转发策略;所述网络控制器请求所述数据中心虚拟化平台获取所述目标设备的位置;所述网络控制器根据所述目标设备的位置向所述源一级路由下发所述转发策略,其中,所述转发策略包括:在所述目标设备在所述源一级路由所在节点内的情况下,所述源一级路由将所述数据包转发至所述目标设备所在虚拟网络;或者,在所述目标设备位于所述数据中心虚拟化平台内但不在所述源一级路由所在节点内的情况下,所述源一级路由转发所述数据包至二级路由;或者,在所述目标设备位于所述计算节点外部的数据中心网络中的情况下,所述源一级路由对所述数据包进行到所述内部网络的源地址转换/目的地址转换,并发送给所述目标设备;或者,在所述目标设备不在所述数据中心网络中的情况下,所述源一级路由对所述数据包进行到所述内部网络的源地址转换/目的地址转换,并转发至边界网关路由;所述源一级路由按照所述转发策略进行转发。In this embodiment, the source-level route requests a forwarding policy from the network controller; the network controller requests the data center virtualization platform to acquire the location of the target device; and the network controller is configured according to the target device. The location of the routing policy is delivered to the source-level routing, where the forwarding policy includes: when the target device is in the node where the source-level routing is located, the source-level routing The data packet is forwarded to the virtual network where the target device is located; or, in a case where the target device is located in the data center virtualization platform but is not in the node where the source-level routing is located, the source level Route forwarding the data packet to the secondary route; or, if the target device is located in a data center network outside the computing node, the source primary routing performs the data packet to the internal network Source address translation/destination address translation and sent to the target device; or, in the case where the target device is not in the data center network, the source level The routing performs source address translation/destination address translation on the internal network to the internal network, and forwards the packet to the border gateway route; the source primary route is forwarded according to the forwarding policy.
在所述源一级路由向网络控制器请求转发策略之前,还包括:所述网络控制器为每个所述虚拟网络分配唯一的全局标识。 Before the source-level routing requests the forwarding policy from the network controller, the method further includes: the network controller assigning a unique global identifier to each of the virtual networks.
在所述二级路由支持虚拟路由动态迁移协议VROOM的情况下,所述网络控制器对所述二级路由负载均衡进行调度迁移,和/或,对挂死的所述二级路由进行恢复。In the case that the secondary route supports the virtual route dynamic migration protocol VROOM, the network controller performs scheduling migration on the secondary route load balancing, and/or recovers the suspended secondary route.
在所述网络控制器对所述二级路由负载均衡进行调度迁移之前,还包括:所述网络控制器根据采集到的度量因子,确定是否对所述二级路由负载均衡进行调度迁移,其中,所述度量因子包括以下至少之一:所述二级路由的硬件资源利用率、网络承载带宽、节能需求。Before the network controller performs the scheduled migration of the secondary routing load balancing, the network controller further determines, according to the collected metric, whether to perform scheduling migration on the secondary routing load balancing, where The metric factor includes at least one of the following: hardware resource utilization, network bearer bandwidth, and power saving requirement of the secondary route.
在所述网络控制器对所述二级路由负载均衡进行调度迁移之前,还包括:所述网络控制器通过北向接口向第三方提供所采集到的所述度量因子;所述网络控制器接收所述第三方的调度策略,并根据所述调度策略对所述二级路由负载均衡进行调度迁移。Before the network controller performs the scheduled migration of the secondary route load balancing, the method further includes: the network controller providing the collected metric to the third party through the northbound interface; the network controller receiving the The third-party scheduling policy is described, and the secondary routing load balancing is scheduled to be migrated according to the scheduling policy.
在所述网络控制器对挂死的所述二级路由进行恢复之前,还包括:所述网络控制器将二级路由集群中挂死的二级路由负责运行的虚拟路由全部迁出,并依次在所述二级路由集群的其他单元中克隆所述挂死的二级路由。Before the network controller recovers the hanged secondary route, the network controller further moves all the virtual routes that are responsible for running the secondary route hanged in the secondary routing cluster, and sequentially The hanged secondary route is cloned in other units of the secondary routing cluster.
在所述源一级路由向网络控制器请求转发策略之前,还包括:所述网络控制器为每个所述虚拟网络分配唯一的全局标识。Before the source-level routing requests the forwarding policy from the network controller, the method further includes: the network controller assigning a unique global identifier to each of the virtual networks.
在所述源一级路由将所述数据包转发至二级路由之后,还包括:所述二级路由将所述数据包转发至所述目标设备对应的目标一级路由,并由所述目标一级路由将所述数据包转发至所述目标设备所在虚拟网络。After the source-level route forwards the data packet to the secondary route, the method further includes: the secondary route forwarding the data packet to a target primary route corresponding to the target device, and by the target The primary route forwards the data packet to the virtual network where the target device is located.
在所述源一级路由将所述数据包转发至边界网关路由之后,还包括:所述边界网关路由对所述数据包进行到外部网络的源地址转换/目的地址转换,并转发至所述外部网络。After the source-level routing forwards the data packet to the border gateway route, the method further includes: the border gateway routing performing source address translation/destination address translation on the data packet to the external network, and forwarding to the External network.
通过本发明实施例,采用一种虚拟路由系统包括:一级路由,设置为为数据中心虚拟化平台的计算节点内部的不同虚拟网络的虚拟机通信提供三层路由功能,并提供到所述计算节点外部的数据中心网络的源地址转换/目的地址转换功能;二级路由,设置为为所述计算节点间不同虚拟网络所属的虚拟机通信提供三层路由功能;边界网关路由,设置为为数据中心虚拟化平台提供到外部网络的源地址转换/目的地址转换功能,解决了相关技术中虚拟路由承载节点单一的问题,达到了提高数据中心网络性能和可用性,降低虚拟网络间通信对物理网络带宽消耗的效果。 With the embodiment of the present invention, a virtual routing system includes: a primary routing, configured to provide a three-layer routing function for virtual machine communication of different virtual networks within a computing node of the data center virtualization platform, and provide the computing to the computing The source address translation/destination address translation function of the data center network outside the node; the secondary route is set to provide a three-layer routing function for the virtual machine communication to which the different virtual networks belong to the computing node; the border gateway routing is set to be data The central virtualization platform provides source address translation/destination address translation to the external network, which solves the problem of single routing of virtual routing bearers in related technologies, improves data center network performance and availability, and reduces virtual network communication to physical network bandwidth. The effect of consumption.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是根据本发明实施例的一种虚拟路由系统的结构框图;1 is a structural block diagram of a virtual routing system according to an embodiment of the present invention;
图2是根据本发明实施例的一种虚拟路由方法的流程图;2 is a flowchart of a virtual routing method according to an embodiment of the present invention;
图3是根据本发明实施例一的一种数据中心网络虚拟路由实施方法的示意图;3 is a schematic diagram of a method for implementing virtual route of a data center network according to Embodiment 1 of the present invention;
图4是根据本发明实施例一的同计算节点虚拟网络间虚拟机路由过程的示意图;4 is a schematic diagram of a virtual machine routing process between virtual nodes of a computing node according to a first embodiment of the present invention;
图5是根据本发明实施例一的不同计算节点虚拟网络间虚拟机路由过程的示意图;5 is a schematic diagram of a virtual machine routing process between virtual nodes of different computing nodes according to the first embodiment of the present invention;
图6是根据本发明实施例一的虚拟网络中虚拟机与外部网络通信网络地址转换过程示意图。FIG. 6 is a schematic diagram of a process of address translation between a virtual machine and an external network communication network in a virtual network according to Embodiment 1 of the present invention.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
本实施例针对目前数据中心虚拟路由存在的诸多缺陷,实现了一种云计算数据中心网络虚拟路由高性能和高可用实施方法,有效解决了虚拟路由承载节点单一问题,同一计算节点内虚拟网络间通信问题,实现了一种分布式多级虚拟路由实施方案,可以提高数据中心网络性能和可用性,降低虚拟网络间通信对物理网络带宽消耗。The present embodiment implements a high-performance and high-availability implementation method for virtual routes of a cloud computing data center network in response to the defects of the current data center virtual routing, and effectively solves the single problem of the virtual routing bearer node, and the virtual network between the same computing node. The communication problem realizes a distributed multi-level virtual routing implementation scheme, which can improve the performance and availability of the data center network and reduce the bandwidth consumption of the physical network between the virtual network communication.
在本实施例中,提供了一种虚拟路由系统,图1是根据本发明实施例的一种虚拟路由系统的结构框图,如图1所示,该系统包括一级路由12、二级路由14和边界网关路由16,下面进行详细说明:In this embodiment, a virtual routing system is provided. FIG. 1 is a structural block diagram of a virtual routing system according to an embodiment of the present invention. As shown in FIG. 1 , the system includes a primary routing 12 and a secondary routing 14 . And border gateway routing 16, as detailed below:
一级路由12,设置为为数据中心虚拟化平台的计算节点内部的不同虚拟网络的虚拟机通信提供三层路由功能,并提供到所述计算节点外部的数据中心网络的源地址转换/目的地址转换功能; The primary routing 12 is configured to provide a three-layer routing function for virtual machine communication of different virtual networks within the computing node of the data center virtualization platform, and provide source address translation/destination address to the data center network outside the computing node Conversion function
二级路由14,设置为为所述计算节点间不同虚拟网络所属的虚拟机通信提供三层路由功能;The secondary route 14 is configured to provide a three-layer routing function for virtual machine communication to which the different virtual networks belong to the computing nodes;
边界网关路由16,设置为为数据中心虚拟化平台提供到外部网络的源地址转换/目的地址转换功能。Border Gateway Route 16, set to provide source address translation/destination address translation to the external network for the data center virtualization platform.
本实施例通过上述系统,在虚拟路由架构中将路由分出了一级路由、二级路由和边界网关路由,将计算节点内部的路由由一级路由处理,计算节点间的路由由二级路由处理,与外部网络的路由由边界网关路由处理,这三种路由分工合作,解决了针对相关技术中虚拟路由承载节点单一的问题,达到了提高数据中心网络性能和可用性,降低虚拟网络间通信对物理网络带宽消耗的效果。In this embodiment, the route is separated from the primary route, the secondary route, and the border gateway route in the virtual routing architecture, and the route inside the compute node is processed by the primary route, and the route between the compute nodes is routed by the secondary route. The processing and routing with the external network are handled by the border gateway. The three types of routing work cooperate to solve the problem of single routing of the virtual routing bearer in the related technology, and improve the performance and availability of the data center network and reduce the communication between the virtual networks. The effect of physical network bandwidth consumption.
优选地,所述一级路由可以位于所述计算节点中;所述二级路由位于可实现路由虚拟化功能的网元设备集群中;所述边界网关路由位于为所述数据中心网络提供到外部网络的网关功能的路由实体集群中。Preferably, the primary route may be located in the computing node; the secondary route is located in a network element device cluster that implements a route virtualization function; the border gateway route is located to provide the data center network to the external The gateway function of the network is in the routing entity cluster.
优选地,所述二级路由可以支持虚拟路由动态迁移协议(Virtual Routers On the Move,简称为VROOM),这样使得二级路由之间可以实现负载迁移,从而完成负载均衡以及防止单一节点挂死后影响业务实现。Preferably, the secondary route can support Virtual Routers On the Move (VROOM), so that load migration can be implemented between the secondary routes, thereby completing load balancing and preventing a single node from hanging. Affect business implementation.
优选地,每个所述虚拟网络可以存在唯一的全局标识。这样能够方便控制层设备对各个虚拟网络的路由转发进行管理控制。Preferably, each of the virtual networks may have a unique global identity. This can facilitate the control layer device to manage and control the routing and forwarding of each virtual network.
优选地,所述边界网关路由可以支持边界网关路由协议(Border Gateway Protocol,简称为BGP)或者开放式最短路径优先协议(Open Shortest Path First,简称为OSPF)协议。Preferably, the border gateway route may support a Border Gateway Protocol (BGP) or an Open Shortest Path First (OSPF) protocol.
优选地,该系统中还可以包括网络控制器18,设置为创建或删除所述一级路由,和/或,为所述一级路由增加或移除虚拟网络的接口;和/或,设置为创建、删除或迁移所述边界网关路由,和/或,为所述边界网关路由增加或移除虚拟网络的接口。Preferably, the system may further include a network controller 18 configured to create or delete the primary routing, and/or to add or remove an interface of the virtual network for the primary routing; and/or, set to Creating, deleting, or migrating the border gateway route, and/or routing an interface for the border gateway to add or remove virtual networks.
在本实施例中,还提供了一种虚拟路由方法,应用于上述虚拟路由系统中,图2是根据本发明实施例的一种虚拟路由方法的流程图,如图2所示,该方法包括以下步骤:In this embodiment, a virtual routing method is also provided, which is applied to the virtual routing system. FIG. 2 is a flowchart of a virtual routing method according to an embodiment of the present invention. As shown in FIG. 2, the method includes The following steps:
步骤S202,源一级路由接收到源虚拟机向目标设备发送的数据包,其中所述源一级路由为源虚拟机对应的一级路由; Step S202: The source-level route receives the data packet sent by the source virtual machine to the target device, where the source-level route is a primary route corresponding to the source virtual machine.
步骤S204,所述源一级路由在所述目标设备在所述源一级路由所在节点内的情况下,将所述数据包转发至所述目标设备所在虚拟网络;或者,所述源一级路由在所述目标设备位于所述数据中心虚拟化平台内但不在所述源一级路由所在节点内的情况下,转发所述数据包至二级路由;或者,所述源一级路由在所述目标设备位于所述计算节点外部的数据中心网络中的情况下,对所述数据包进行到所述内部网络的源地址转换/目的地址转换,并发送给所述目标设备;或者,所述源一级路由在所述目标设备不在所述数据中心网络中的情况下,对所述数据包进行到所述内部网络的源地址转换/目的地址转换,并转发至边界网关路由。Step S204, the source-level route forwards the data packet to the virtual network where the target device is located if the target device is in the node where the source-level route is located; or the source level Routing, when the target device is located in the data center virtualization platform but not in the node where the source-level routing is located, forwarding the data packet to the secondary route; or the source-level routing is in the Where the target device is located in a data center network outside the computing node, performing source address translation/destination address translation on the internal network to the data packet, and transmitting the data packet to the target device; or The source-level route performs source address translation/destination address conversion to the internal network and forwards the packet to the border gateway route if the target device is not in the data center network.
通过上述步骤,解决了针对相关技术中虚拟路由承载节点单一的问题,进而达到了提高数据中心网络性能和可用性,降低虚拟网络间通信对物理网络带宽消耗的效果。Through the above steps, the single problem of the virtual routing bearer node in the related technology is solved, thereby improving the performance and availability of the data center network, and reducing the effect of the communication between the virtual networks on the bandwidth consumption of the physical network.
优选地,步骤S204可以通过网络控制器的转发策略实现,具体为:所述源一级路由向网络控制器请求转发策略;所述网络控制器请求所述数据中心虚拟化平台获取所述目标设备的位置;所述网络控制器根据所述目标设备的位置向所述源一级路由下发所述转发策略,其中,所述转发策略包括:在所述目标设备在所述源一级路由所在节点内的情况下,所述源一级路由将所述数据包转发至所述目标设备所在虚拟网络;或者,在所述目标设备位于所述数据中心虚拟化平台内但不在所述源一级路由所在节点内的情况下,所述源一级路由转发所述数据包至二级路由;或者,在所述目标设备位于所述计算节点外部的数据中心网络中的情况下,所述源一级路由对所述数据包进行到所述内部网络的源地址转换/目的地址转换,并发送给所述目标设备;或者,在所述目标设备不在所述数据中心网络中的情况下,所述源一级路由对所述数据包进行到所述内部网络的源地址转换/目的地址转换,并转发至边界网关路由;所述源一级路由按照所述转发策略进行转发。Preferably, the step S204 may be implemented by using a forwarding policy of the network controller, where the source-level route requests a forwarding policy from the network controller, and the network controller requests the data center virtualization platform to acquire the target device. And the network controller sends the forwarding policy to the source-level route according to the location of the target device, where the forwarding policy includes: where the target device is routed at the source level In the case of a node, the source-level route forwards the data packet to a virtual network where the target device is located; or, when the target device is located in the data center virtualization platform but not at the source level In the case that the route is located in the node, the source first-level route forwards the data packet to the secondary route; or, in a case where the target device is located in a data center network outside the computing node, the source one Level routing performs source address translation/destination address translation of the data packet to the internal network and transmits to the target device; or, at the target If the source-level route is not in the data center network, the source-level route performs source address translation/destination address translation on the internal network to the internal network, and forwards the packet to the border gateway route; The route is forwarded according to the forwarding policy.
其中,上述数据中心虚拟化平台为虚拟网络,计算节点外部的数据中心网络为数据中心内的真实网络,数据中心网络的外部网络为数据中心以外的真实或者虚拟网络。The data center virtualization platform is a virtual network, and the data center network outside the computing node is a real network in the data center, and the external network of the data center network is a real or virtual network outside the data center.
优选地,在所述源一级路由向网络控制器请求转发策略之前,还包括:所述网络控制器为每个所述虚拟网络分配唯一的全局标识。Preferably, before the source-level routing requests the forwarding policy from the network controller, the method further includes: the network controller assigning a unique global identifier to each of the virtual networks.
优选地,在所述二级路由支持虚拟路由动态迁移协议(VROOM)的情况下,所述网络控制器还可以对所述二级路由负载均衡进行调度迁移,和/或,对挂死的所述二级路由进行恢复。Preferably, in a case that the secondary route supports a virtual route dynamic migration protocol (VROOM), the network controller may further perform scheduling migration on the secondary route load balancing, and/or The secondary route is restored.
优选地,所述网络控制器对所述二级路由负载均衡进行调度迁移之前,所述网络控制器可以根据采集到的度量因子,确定是否对所述二级路由负载均衡进行调度迁移, 其中,所述度量因子可以包括但不限于以下至少之一:所述二级路由的硬件资源利用率、网络承载带宽、节能需求。Preferably, before the network controller performs scheduling migration on the secondary route load balancing, the network controller may determine, according to the collected metric, whether to perform scheduling migration on the secondary routing load balancing. The metric factor may include, but is not limited to, at least one of the following: hardware resource utilization, network bearer bandwidth, and energy saving requirement of the secondary route.
优选地,所述网络控制器还可以通过北向接口向第三方提供所采集到的所述度量因子,然后根据接收到的第三方的调度策略对二级路由负载均衡进行调度迁移,其中,所述第三方为参与接入本系统的其他控制系统,与本系统的北向接口交互。Preferably, the network controller may further provide the collected metrics to the third party through the northbound interface, and then perform scheduling migration on the secondary route load balancing according to the received third-party scheduling policy, where The third party interacts with the northbound interface of the system for other control systems participating in the system.
优选地,在所述网络控制器对挂死的所述二级路由进行恢复之前,还包括:所述网络控制器可以将二级路由集群中挂死的二级路由负责运行的虚拟路由全部迁出,并依次在所述二级路由集群的其他单元中克隆所述挂死的二级路由。Preferably, before the network controller recovers the suspended secondary route, the network controller may: move the virtual route responsible for running the secondary route hanged in the secondary routing cluster And cloning the hanged secondary route in the other units of the secondary routing cluster.
优选地,在所述源一级路由向网络控制器请求转发策略之前,所述网络控制器还可以为每个所述虚拟网络分配唯一的全局标识。Preferably, the network controller may further assign a unique global identifier to each of the virtual networks before the source-level routing requests a forwarding policy from the network controller.
优选地,在所述源一级路由将所述数据包转发至二级路由之后,所述二级路由可以将所述数据包转发至所述目标设备对应的目标一级路由,并由所述目标一级路由将所述数据包转发至所述目标设备所在虚拟网络。Preferably, after the source-level route forwards the data packet to the secondary route, the secondary route may forward the data packet to a target primary route corresponding to the target device, and The target primary route forwards the data packet to the virtual network where the target device is located.
优选地,在所述源一级路由将所述数据包转发至边界网关路由之后,所述边界网关路由可以对所述数据包进行到外部网络的源地址转换/目的地址转换,并转发至所述外部网络。Preferably, after the source-level routing forwards the data packet to the border gateway route, the border gateway route may perform source address translation/destination address translation on the data packet to the external network, and forward the packet to the Said external network.
下面结合优选实施例进行说明,以下优选实施例结合了上述实施例及其优选实施方式。The following description is made in conjunction with the preferred embodiments, and the following preferred embodiments incorporate the above-described embodiments and preferred embodiments thereof.
以下优选实施例中提供的一种数据中心网络虚拟路由高性能、高可用实施方法的数据中心网络构建包括:数据中心网络以网络控制面和数据转发面二维方式构建,所述网络控制平面中存在唯一全局逻辑控制器;数据中心网络实现网络虚拟化功能,网络控制器为每个虚拟网络分配唯一的全局标识;虚拟网络中三层路由功能由多级分布式虚拟路由组成,以实现数据中心网络虚拟路由的高性能;虚拟路由逻辑实体可以实现动态迁移功能,以实现数据中心网络虚拟路由的高可用性。The data center network construction of the data center network virtual route high performance and high availability implementation method provided in the following preferred embodiment includes: the data center network is constructed in a two-dimensional manner of a network control plane and a data forwarding plane, where the network control plane is There is a unique global logic controller; the data center network implements the network virtualization function, and the network controller assigns a unique global identifier to each virtual network; the three-layer routing function in the virtual network consists of multiple levels of distributed virtual routes to implement the data center. High performance of network virtual routing; virtual routing logic entities can implement dynamic migration to achieve high availability of virtual routes in data center networks.
优选地,控制面控制器为虚拟化网络分配全局标识,虚拟网络可以基于vlan/vxlan/gre等方式,实现二层网络隔离。当数据中心提供网络即服务业务时,需要为租户分配网络名字空间,实现租户间虚拟网络三到七层的完全隔离。 Preferably, the control plane controller allocates a global identifier to the virtualized network, and the virtual network can implement Layer 2 network isolation based on the manner of vlan/vxlan/gre. When the data center provides network-as-a-service services, the tenant needs to be assigned a network namespace to achieve complete isolation of the three- to seven-layer virtual network between tenants.
优选地,多级分布式虚拟路由包括:一级路由,二级路由和边界网关路由。其中一级路由分布在虚拟化平台的每一个计算节点中;二级路由和边界网关路由可完成相关功能的高性能网元设备集群提供。Preferably, the multi-level distributed virtual route includes: a primary route, a secondary route, and a border gateway route. The first-level routes are distributed in each computing node of the virtualization platform; the secondary routing and border gateway routing can provide high-performance network element device clusters that can perform related functions.
优选地,二级虚拟路由需要支持虚拟路由迁移协议(VROOM),所述控制器可以对数据中心虚拟网络做出动态调整,包括虚拟路由负载均衡调度迁移和挂死节点虚拟路由恢复。Preferably, the secondary virtual route needs to support a virtual route migration protocol (VROOM), and the controller can dynamically adjust the data center virtual network, including virtual route load balancing scheduling migration and hanging node virtual route recovery.
优选地,所述一级路由实现计算节点内不同虚拟网络间三层路由功能,一级路由根据控制面控制器调度,实现创建虚拟删除虚拟路由,为虚拟路由增加和移除虚拟网络接口,同时实现源地址转换/目的地址转换功能。Preferably, the first-level route implements a three-layer routing function between different virtual networks in the computing node, and the first-level routing is configured according to the control plane controller to create a virtual deletion virtual route, and add and remove a virtual network interface for the virtual route. Implement source address translation/destination address translation.
优选地,所述二级路由实现计算节点间不同虚拟网络三层路由功能,二级路由由一组可实现路由虚拟化功能的网元设备集群承载,集群中的每一个网元设备可以根据控制面控制器调度创建删除和迁移虚拟路由,以及为虚拟路由增加和移除虚拟网络接口。Preferably, the secondary routing implements a three-layer routing function of different virtual networks between computing nodes, and the secondary routing is carried by a group of network element devices capable of implementing routing virtualization, and each network element device in the cluster can be controlled according to The surface controller schedules the creation and deletion of virtual routes and adds and removes virtual network interfaces for virtual routes.
优选地,边界网关路由是一组为数据中心网络到外部网络提供网关功能的分布式路由实体集群,每个路由单元可运行BGP/OSPF协议,为数据中心网络提供到外网的源地址转换/目的地址转换功能。Preferably, the border gateway route is a set of distributed routing entity clusters that provide gateway functions for the data center network to the external network, and each routing unit can run BGP/OSPF protocol to provide source address translation to the external network for the data center network. Destination address translation.
优选地,若虚拟网络中的虚拟机与数据中心内部公网中设备互访需要经过一级路由实现一次源地址转换/目的地址转换,若虚拟机虚拟网络中虚拟机与数据中心外部网络互访,需要经过边界网关路由二次源地址转换/目的地址转换。Preferably, if the virtual machine in the virtual network communicates with the device in the public network of the data center, the primary source address translation/destination address conversion needs to be performed through the first-level route, and the virtual machine in the virtual machine virtual network and the external network of the data center exchange visits. The secondary source address translation/destination address translation needs to be routed through the border gateway.
优选地,为实现虚拟网络的高效率,二级路由需要根据控制面控制器负载均衡调度策略迁移虚拟路由,控制器可以采集二级路由的硬件资源利用率、网络承载带宽、节能需求等度量因子,最优化使用转发面网元设备资源。Preferably, in order to achieve high efficiency of the virtual network, the secondary route needs to migrate the virtual route according to the load balancing controller of the control plane controller, and the controller can collect the measurement factors such as the hardware resource utilization rate, the network bearer bandwidth, and the energy saving requirement of the secondary route. Optimize the use of forwarding plane network element device resources.
优选地,为实现虚拟网络的高可用性,当控制器监测到二级路由集群中某个单元出现挂死,需要将其负责运行的虚拟路由全部迁出,控制器按照相关调度策略依次为上述虚拟路由在集群中其他单元中克隆该虚拟路由,以保证与其相关虚拟网络三层路由功能正常运行。挂死节点恢复后,在重新接入前需要对其进行初始化,使其作为一个新资源接受控制器调度。Preferably, in order to achieve high availability of the virtual network, when the controller detects that a certain unit in the secondary routing cluster is hanged, all the virtual routes responsible for running are required to be migrated out, and the controller sequentially performs the above virtual according to the relevant scheduling policy. The route clones the virtual route in other units in the cluster to ensure that the virtual network Layer 3 routing function is working properly. After the dead node is restored, it needs to be initialized before re-access, so that it can be scheduled as a new resource.
优选地,所述控制器可以提供北向接口,向第三方提供所采集到的二级路由度量因子,由第三方制定定制化的二级虚拟路由调度策略。 Preferably, the controller may provide a northbound interface, provide the collected secondary routing metrics to the third party, and formulate a customized secondary virtual routing scheduling policy by the third party.
实施例一Embodiment 1
本优选实施例针对目前云计算数据中心网络虚拟路由构建方案存在的诸多问题,提出了一种数据中心网络虚拟路由高性能、高可用实施方法,可以有效提高数据中心网络的性能和可用性。The preferred embodiment solves many problems existing in the virtual routing construction scheme of the cloud computing data center network, and proposes a high-performance and high-availability implementation method for the virtual routing of the data center network, which can effectively improve the performance and availability of the data center network.
本优选实施例通过多级分布式虚拟路由的方式,图3是根据本发明实施例一的一种数据中心网络虚拟路由实施方法的示意图,如图3所示,数据中心网络以网络控制面和数据转发面二维方式构建,所述网络控制平面中存在唯一全局逻辑控制器(Controller);数据中心网络实现网络虚拟化功能,网络控制器为每个虚拟网络分配唯一的全局标识;虚拟网络中三层路由功能由多级分布式虚拟路由组成,以实现数据中心网络虚拟路由的高性能;虚拟路由逻辑实体可以实现动态迁移功能,以实现数据中心网络虚拟路由的高可用性。3 is a schematic diagram of a method for implementing virtual route of a data center network according to a first embodiment of the present invention. As shown in FIG. 3, the data center network is controlled by a network control plane. The data forwarding plane is constructed in two dimensions. The network control plane has a unique global logic controller (Controller); the data center network implements network virtualization function, and the network controller assigns a unique global identifier to each virtual network; in the virtual network The Layer 3 routing function consists of multi-level distributed virtual routes to achieve high performance of virtual routes in the data center network. The virtual routing logical entities can implement dynamic migration to achieve high availability of virtual routes in the data center network.
图3中,CONTROLLER表示网络控制面控制器,FVR为一级虚拟路由,SVR为二级虚拟路由,VM为虚拟机,SR为可实现路由虚拟化功能的网元设备(二级路由),BGR为边界网关路由,BGR CLUSTER为分布式边界网关路由集群,CN为计算虚拟化平台计算节点。In Figure 3, the CONTROLLER represents the network control plane controller, the FVR is the first-level virtual route, the SVR is the secondary virtual route, the VM is the virtual machine, and the SR is the network element device (secondary route) that can implement the route virtualization function. For border gateway routing, BGR CLUSTER is a distributed border gateway routing cluster, and CN is a computing virtualization platform computing node.
控制器为云计算数据中网络中的每一个虚拟化网络分配全局标识,虚拟化网络可以是基于vlan/vxlan/gre方式,实现二层网络间完全隔离,控制器需要对每个虚拟网络生成一个虚拟网络标识和网络隔离标识映射关系。当数据中心提供网络即服务业务时,需要为租户分配网络名字空间,实现租户间虚拟网络三到七层的完全隔离,控制器需要对每个租户生成一个租户标识和名字空间的映射关系。The controller allocates a global identifier to each virtualized network in the network in the cloud computing data. The virtualized network may be based on the vlan/vxlan/gre mode to completely isolate the Layer 2 network, and the controller needs to generate one for each virtual network. The mapping between the virtual network identifier and the network isolation identifier. When the data center provides network-as-a-service services, the tenant needs to be assigned a network name space to implement complete isolation of the tenant-to-seven-layer virtual network between tenants. The controller needs to generate a mapping relationship between the tenant ID and the namespace for each tenant.
多级分布式虚拟路由为虚拟化网络提供路由、源地址转换和目的地址转换等相关三层网络服务,多级分布式虚拟路由包括:一级路由,二级路由和边界网关路由。其中一级路由由分布在虚拟化平台的每一个计算节点中;二级路由和边界网关路由可完成相关功能的高性能网元设备集群提供。The multi-level distributed virtual routing provides related three-layer network services such as routing, source address translation, and destination address translation for the virtualized network. The multi-level distributed virtual routes include: primary routing, secondary routing, and border gateway routing. The first-level route is distributed in each computing node of the virtualization platform; the secondary route and the border gateway route are provided by the high-performance network element device cluster that can perform related functions.
一级路由逻辑实体驻留于虚拟化平台计算节点内部,为计算节点内部不同虚拟网络间的虚拟机通信提供三层路由功能,使同一计算节点内部不同网络间虚拟机通信不需要占用数据中心网络带宽,当通信的目的虚拟机不存在于同一计算节点时,一级路由将数据包转发至二级路由处理,这样可以有效降低虚拟机间东西流向数据,提高虚拟网络三层通信性能。一级路由接受控制面控制器调度,实现创建删除和更新拟虚拟路由功能,以及增加和移除虚拟网络接口至虚拟路由。同时一级路由所创建的虚拟路由可以为计算节点内虚拟机提供源地址转换/目的地址转换服务。 The primary routing logical entity resides inside the computing node of the virtualization platform, and provides a three-layer routing function for virtual machine communication between different virtual networks within the computing node, so that virtual machine communication between different networks within the same computing node does not need to occupy the data center network. Bandwidth, when the destination virtual machine does not exist in the same computing node, the primary route forwards the data packet to the secondary routing process, which can effectively reduce the east-west flow data between the virtual machines and improve the performance of the virtual network three-layer communication. The primary route accepts the control plane controller scheduling, implements the function of creating delete and update pseudo virtual routes, and adds and removes virtual network interfaces to virtual routes. At the same time, the virtual route created by the primary route can provide a source address translation/destination address translation service for the virtual machine in the computing node.
二级路由实现计算节点间不同虚拟网络所属虚拟机三层路由通信功能,二级路由由一组可实现路由虚拟化功能的网元设备集群承载,集群中的每一个网元设备可以根据控制面控制器调度创建删除更新和迁移虚拟路由,以及增加和移除虚拟网络接口至虚拟路由。The secondary routing implements the three-layer routing communication function of the virtual machine to which the virtual network belongs between the computing nodes. The secondary routing is carried by a group of network element devices that can implement the routing virtualization function. Each network element device in the cluster can be controlled according to the control plane. The controller schedules the creation of delete updates and migration virtual routes, as well as the addition and removal of virtual network interfaces to virtual routes.
边界网关路由是一组为数据中心网络到外部网络提供网关功能的分布式路由实体集群,每个路由单元可运行BGP/OSPF协议,同时为数据中心网络提供到外部网络的源地址转换/目的地址转换功能。A border gateway route is a set of distributed routing entity clusters that provide gateway functions for data center networks to external networks. Each routing unit can run BGP/OSPF protocols and provide source address translation/destination addresses to the external network for the data center network. Conversion function.
基于上述多级分布式虚拟路由,虚拟网络中的虚拟机访问外部网络需要经过多次地址转换,若虚拟网络中的虚拟机与数据中心内部公网中设备互访需要经过一级路由实现一次源地址转换/目的地址转换,若虚拟机虚拟网络中虚拟机与数据中心外部网络互访,需要经过边界网关路由二次源地址转换/目的地址转换。Based on the above-mentioned multi-level distributed virtual routing, the virtual machine in the virtual network needs to undergo multiple address translations when accessing the external network. If the virtual machine in the virtual network communicates with the device in the internal public network of the data center, it needs to implement a primary route through the primary routing. Address translation/destination address translation. If the virtual machine in the virtual machine virtual network communicates with the external network of the data center, the secondary source address translation/destination address translation needs to be performed through the border gateway.
为提高数据中心网络性能和可用性,二级虚拟路由需要支持虚拟路由迁移协议(VROOM),所述控制器可以对二级虚拟路由做出动态调整,包括虚拟路由负载均衡调度迁移和挂死节点虚拟路由恢复。To improve data center network performance and availability, the secondary virtual route needs to support the Virtual Route Migration Protocol (VROOM), which can dynamically adjust the secondary virtual route, including virtual route load balancing scheduling migration and hanging node virtual Route recovery.
所述控制器可以采集二级路由的硬件资源利用率、网络承载带宽、节能需求等度量因子,计算全局资源,控制器根据负载均衡调度策略迁移虚拟路由,最优化使用转发面网元设备资源。当控制器监测到二级路由集群中某个单元出现挂死,需要将其负责运行的虚拟路由全部迁出,控制器按照相关调度策略依次为上述虚拟路由在集群中其他单元中克隆该虚拟路由,以保证与其相关虚拟网络三层路由功能正常运行。挂死节点恢复后,在重新接入前需要对其进行初始化,使其作为一个新资源接受控制器调度。The controller can collect the metrics such as the hardware resource utilization, the network bearer bandwidth, and the energy saving requirement of the secondary route, and calculate the global resource. The controller migrates the virtual route according to the load balancing scheduling policy, and optimizes the use of the forwarding surface network element device resource. When the controller detects that a unit in the secondary routing cluster is hanged, all the virtual routes that it is responsible for are moved out. The controller clones the virtual route in the other units in the cluster according to the related scheduling policy. In order to ensure the normal operation of the virtual network Layer 3 routing function. After the dead node is restored, it needs to be initialized before re-access, so that it can be scheduled as a new resource.
所述控制器可以提供北向接口,向第三方提供所采集到的二级路由度量因子数据,由第三方制定定制化的二级虚拟路由调度策略。The controller may provide a northbound interface, and provide the collected secondary routing metric factor data to a third party, and the third party formulates a customized secondary virtual routing scheduling policy.
图4是根据本发明实施例一的同计算节点虚拟网络间虚拟机路由过程的示意图,如图4所示,虚拟机首次发送数据至目标虚拟机时,包括以下步骤:4 is a schematic diagram of a virtual machine routing process between computing nodes and virtual networks according to the first embodiment of the present invention. As shown in FIG. 4, when the virtual machine first sends data to the target virtual machine, the following steps are included:
步骤S402,源虚拟机发送数据包至本计算节点一级虚拟路由FVR;Step S402, the source virtual machine sends a data packet to the first virtual route FVR of the computing node;
步骤S404,源FVR未知目的虚拟机位置,请求网络控制器CONTROLLER安装转发策略;Step S404, the source FVR is unknown to the destination virtual machine location, and requests the network controller CONTROLLER to install the forwarding policy.
步骤S406-S408,CONTROLLER请求虚拟化平台Vplat获取目标虚拟机位置; Steps S406-S408, the CONTROLLER requests the virtualization platform Vplat to acquire the target virtual machine location;
步骤S410,CONTROLLER根据目标虚拟机位置下发转发策略给源FVR进行安装;Step S410, the CONTROLLER sends the forwarding policy to the source FVR according to the location of the target virtual machine;
步骤S412,目标虚拟机在计算节点内,则源FVR直接转发数据包至目的虚拟机虚拟网络。Step S412: The target virtual machine is in the computing node, and the source FVR directly forwards the data packet to the destination virtual machine virtual network.
图5是根据本发明实施例一的不同计算节点虚拟网络间虚拟机路由过程的示意图,如图5所示,虚拟机首次发送数据至目标虚拟机时,包括以下步骤:FIG. 5 is a schematic diagram of a virtual machine routing process between virtual nodes of different computing nodes according to the first embodiment of the present invention. As shown in FIG. 5, when the virtual machine first sends data to the target virtual machine, the following steps are included:
步骤S502,源虚拟机发送数据包至本计算节点一级虚拟路由FVR;Step S502, the source virtual machine sends a data packet to the first virtual route FVR of the computing node;
步骤S504,源FVR未知目的虚拟机位置,请求网络控制器CONTROLLER安装转发策略;Step S504, the source FVR is unknown to the destination virtual machine location, and requests the network controller CONTROLLER to install the forwarding policy.
步骤S506-S508,CONTROLLER请求虚拟化平台Vplat获取目标虚拟机位置;Steps S506-S508, the CONTROLLER requests the virtualization platform Vplat to acquire the target virtual machine location;
步骤S510,CONTROLLER根据目标虚拟机位置下发转发策略给源FVR进行安装;Step S510, the CONTROLLER sends the forwarding policy to the source FVR according to the location of the target virtual machine;
步骤S512,目标虚拟机不存在于本计算节点内,则重新封装数据包并按CONTROLLER安装策略转发至二级虚拟路由SVR;Step S512, the target virtual machine does not exist in the computing node, repackage the data packet and forward it to the secondary virtual routing SVR according to the CONTROLLER installation policy;
步骤S514,二级虚拟路由将数据转发至目的网关FVR;Step S514, the secondary virtual route forwards the data to the destination gateway FVR;
步骤S516,目的FVR将数据包转发至目的主机虚拟网络。In step S516, the destination FVR forwards the data packet to the destination host virtual network.
边界网关路由是一组为数据中心网络到外部网络提供网关功能的路由实体集群,每个路由单元可运行BGP/OSPF协议,同时为数据中心网络提供到外部网络的源地址转换/目的地址转换功能。A border gateway route is a set of routing entity clusters that provide gateway functions for data center networks to external networks. Each routing unit can run BGP/OSPF protocols and provide source address translation/destination address translation to the external network for the data center network. .
基于上述多级分布式虚拟路由,虚拟网络中的虚拟机访问外部网络需要经过多次地址转换,图6是根据本发明实施例一的虚拟网络中虚拟机与外部网络通信网络地址转换(Network Address Translation,简称为NAT)过程示意图,如图6所示,若虚拟网络中的虚拟机与数据中心内部公网中设备互访需要经过一级路由实现一次源地址转换/目的地址转换,若虚拟机虚拟网络中虚拟机与数据中心外部网络互访,需要经过边界网关路由二次源地址转换/目的地址转换。 Based on the above-mentioned multi-level distributed virtual routing, the virtual machine in the virtual network needs to undergo multiple address translations when accessing the external network. FIG. 6 is a virtual network and external network communication network address translation in the virtual network according to the first embodiment of the present invention. Translation, referred to as NAT) process diagram, as shown in Figure 6, if the virtual machine in the virtual network and the device in the internal public network of the data center need to access the primary address translation/destination address conversion through the primary route, if the virtual machine The virtual machine interacts with the external network of the data center in the virtual network, and needs to perform secondary source address translation/destination address translation through the border gateway.
为提高数据中心网络性能和可用性,二级虚拟路由需要支持虚拟路由迁移协议(VROOM),所述控制器可以对二级虚拟路由做出动态调整,包括虚拟路由负载均衡调度迁移和挂死节点虚拟路由恢复。To improve data center network performance and availability, the secondary virtual route needs to support the Virtual Route Migration Protocol (VROOM), which can dynamically adjust the secondary virtual route, including virtual route load balancing scheduling migration and hanging node virtual Route recovery.
所述控制器可以采集二级路由的硬件资源利用率、网络承载带宽、节能需求等度量因子,计算全局资源,控制器根据负载均衡调度策略迁移虚拟路由,最优化使用转发面网元设备资源。当控制器监测到二级路由集群中某个单元出现挂死,需要将其负责运行的虚拟路由全部迁出,控制器按照相关调度策略依次为上述虚拟路由在集群中其他单元中克隆该虚拟路由,以保证与其相关虚拟网络三层路由功能正常运行。挂死节点恢复后,在重新接入前需要对其进行初始化,使其作为一个新资源接受控制器调度。The controller can collect the metrics such as the hardware resource utilization, the network bearer bandwidth, and the energy saving requirement of the secondary route, and calculate the global resource. The controller migrates the virtual route according to the load balancing scheduling policy, and optimizes the use of the forwarding surface network element device resource. When the controller detects that a unit in the secondary routing cluster is hanged, all the virtual routes that it is responsible for are moved out. The controller clones the virtual route in the other units in the cluster according to the related scheduling policy. In order to ensure the normal operation of the virtual network Layer 3 routing function. After the dead node is restored, it needs to be initialized before re-access, so that it can be scheduled as a new resource.
所述控制器可以提供北向接口,向第三方提供所采集到的二级路由度量因子数据,由第三方制定定制化的二级虚拟路由调度策略。The controller may provide a northbound interface, and provide the collected secondary routing metric factor data to a third party, and the third party formulates a customized secondary virtual routing scheduling policy.
在另外一个实施例中,还提供了一种软件,该软件用于执行上述实施例及优选实施例中描述的技术方案。In another embodiment, software is also provided for performing the technical solutions described in the above embodiments and preferred embodiments.
在另外一个实施例中,还提供了一种存储介质,该存储介质中存储有上述软件,该存储介质包括但不限于光盘、软盘、硬盘、可擦写存储器等。In another embodiment, a storage medium is also provided, in which the above software is stored, including but not limited to an optical disk, a floppy disk, a hard disk, an erasable memory, and the like.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that the various modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性Industrial applicability
如上所述,本发明实施例提供的一种虚拟路由系统及方法,具有以下有益效果:解决了相关技术中虚拟路由承载节点单一的问题,达到了提高数据中心网络性能和可用性,降低虚拟网络间通信对物理网络带宽消耗的效果。 As described above, the virtual routing system and method provided by the embodiments of the present invention have the following beneficial effects: solving the single problem of the virtual routing bearer node in the related art, improving the performance and availability of the data center network, and reducing the virtual network. The effect of communication on the bandwidth consumption of the physical network.

Claims (16)

  1. 一种虚拟路由系统,包括:A virtual routing system comprising:
    一级路由,设置为为数据中心虚拟化平台的计算节点内部的不同虚拟网络的虚拟机通信提供三层路由功能,并提供到所述计算节点外部的数据中心网络的源地址转换/目的地址转换功能;Level 1 routing, configured to provide Layer 3 routing functionality for virtual machine communication of different virtual networks within a compute node of a data center virtualization platform, and provide source address translation/destination address translation to a data center network external to the compute node Features;
    二级路由,设置为为所述计算节点间不同虚拟网络所属的虚拟机通信提供三层路由功能;The secondary route is configured to provide a three-layer routing function for virtual machine communication to which the different virtual networks belong to the computing node;
    边界网关路由,设置为为数据中心虚拟化平台提供到外部网络的源地址转换/目的地址转换功能。Border gateway routing, set to provide source address translation/destination address translation to the external network for the data center virtualization platform.
  2. 根据权利要求1所述的虚拟路由系统,其中,The virtual routing system according to claim 1, wherein
    所述一级路由位于所述计算节点中;The primary route is located in the computing node;
    所述二级路由位于可实现路由虚拟化功能的网元设备中;The secondary route is located in a network element device that implements a route virtualization function;
    所述边界网关路由位于为所述数据中心网络提供到外部网络的网关功能的路由实体中。The border gateway route is located in a routing entity that provides the data center network with a gateway function to the external network.
  3. 根据权利要求1所述的虚拟路由系统,其中,所述二级路由支持虚拟路由动态迁移协议VROOM。The virtual routing system of claim 1, wherein the secondary routing supports a virtual route dynamic migration protocol VROOM.
  4. 根据权利要求1所述的虚拟路由系统,其中,每个所述虚拟网络存在唯一的全局标识。The virtual routing system of claim 1 wherein each of said virtual networks has a unique global identity.
  5. 根据权利要求1所述的虚拟路由系统,其中,所述边界网关路由支持边界网关路由协议BGP或者开放式最短路径优先协议OSPF协议。The virtual routing system of claim 1, wherein the border gateway routing supports a Border Gateway Routing Protocol BGP or an Open Shortest Path First Protocol OSPF protocol.
  6. 根据权利要求1所述的虚拟路由系统,其中,所述系统还包括:The virtual routing system of claim 1 wherein the system further comprises:
    网络控制器,设置为创建或删除所述一级路由,和/或,为所述一级路由增加或移除虚拟网络的接口;和/或,设置为创建、删除或迁移所述边界网关路由,和/或,为所述边界网关路由增加或移除虚拟网络的接口。a network controller configured to create or delete the primary route, and/or to add or remove an interface of the virtual network for the primary route; and/or to set up, delete, or migrate the border gateway route And/or an interface for adding or removing virtual networks for the border gateway.
  7. 一种虚拟路由方法,应用于如权利要求1至6中任一项所述的虚拟路由系统中,包括: A virtual routing method, applied to the virtual routing system according to any one of claims 1 to 6, comprising:
    源一级路由接收到源虚拟机向目标设备发送的数据包,其中所述源一级路由为所述源虚拟机对应的一级路由;The source-level route receives the data packet sent by the source virtual machine to the target device, where the source-level route is a primary route corresponding to the source virtual machine;
    所述源一级路由在所述目标设备在所述源一级路由所在节点内的情况下,将所述数据包转发至所述目标设备所在虚拟网络;或者,The source-level route forwards the data packet to the virtual network where the target device is located if the target device is in the node where the source-level route is located; or
    所述源一级路由在所述目标设备位于所述数据中心虚拟化平台内但不在所述源一级路由所在节点内的情况下,转发所述数据包至二级路由;或者,The source-level route forwards the data packet to the secondary route if the target device is located in the data center virtualization platform but is not in the node where the source-level routing is located; or
    所述源一级路由在所述目标设备位于所述计算节点外部的数据中心网络中的情况下,对所述数据包进行到所述内部网络的源地址转换/目的地址转换,并发送给所述目标设备;或者,The source-level routing performs source address translation/destination address conversion to the internal network, and sends the data packet to the internal network in a data center network outside the computing node. Target device; or,
    所述源一级路由在所述目标设备不在所述数据中心网络中的情况下,对所述数据包进行到所述内部网络的源地址转换/目的地址转换,并转发至边界网关路由。The source-level route performs source address translation/destination address conversion to the internal network and forwards the packet to the border gateway route if the target device is not in the data center network.
  8. 根据权利要求7所述的方法,其中,The method of claim 7 wherein
    所述源一级路由向网络控制器请求转发策略;The source primary route requests a forwarding policy from the network controller;
    所述网络控制器请求所述数据中心虚拟化平台获取所述目标设备的位置;The network controller requests the data center virtualization platform to acquire a location of the target device;
    所述网络控制器根据所述目标设备的位置向所述源一级路由下发所述转发策略,其中,所述转发策略包括:在所述目标设备在所述源一级路由所在节点内的情况下,所述源一级路由将所述数据包转发至所述目标设备所在虚拟网络;或者,在所述目标设备位于所述数据中心虚拟化平台内但不在所述源一级路由所在节点内的情况下,所述源一级路由转发所述数据包至二级路由;或者,在所述目标设备位于所述计算节点外部的数据中心网络中的情况下,所述源一级路由对所述数据包进行到所述内部网络的源地址转换/目的地址转换,并发送给所述目标设备;或者,在所述目标设备不在所述数据中心网络中的情况下,所述源一级路由对所述数据包进行到所述内部网络的源地址转换/目的地址转换,并转发至边界网关路由;The network controller sends the forwarding policy to the source-level route according to the location of the target device, where the forwarding policy includes: in the node where the target device is located in the source-level routing In the case, the source-level route forwards the data packet to the virtual network where the target device is located; or the node where the target device is located in the data center virtualization platform but not at the source level The source-level route forwards the data packet to the secondary route; or, in the case that the target device is located in the data center network outside the computing node, the source-level routing pair Performing source address translation/destination address translation to the internal network and transmitting the data packet to the target device; or, if the target device is not in the data center network, the source level Routing, performing source address translation/destination address translation on the internal network to the data packet, and forwarding to the border gateway route;
    所述源一级路由按照所述转发策略进行转发。The source primary route is forwarded according to the forwarding policy.
  9. 根据权利要求8所述的方法,其中,在所述源一级路由向网络控制器请求转发策略之前,还包括:The method according to claim 8, wherein before the source-level routing requests the forwarding policy from the network controller, the method further includes:
    所述网络控制器为每个所述虚拟网络分配唯一的全局标识。The network controller assigns a unique global identity to each of the virtual networks.
  10. 根据权利要求8所述的方法,其中, The method of claim 8 wherein
    在所述二级路由支持虚拟路由动态迁移协议VROOM的情况下,所述网络控制器对所述二级路由负载均衡进行调度迁移,和/或,对挂死的所述二级路由进行恢复。In the case that the secondary route supports the virtual route dynamic migration protocol VROOM, the network controller performs scheduling migration on the secondary route load balancing, and/or recovers the suspended secondary route.
  11. 根据权利要求10所述的方法,其中,在所述网络控制器对所述二级路由负载均衡进行调度迁移之前,还包括:The method of claim 10, wherein before the network controller performs the scheduled migration of the secondary route load balancing, the method further includes:
    所述网络控制器根据采集到的度量因子,确定是否对所述二级路由负载均衡进行调度迁移,其中,所述度量因子包括以下至少之一:所述二级路由的硬件资源利用率、网络承载带宽、节能需求。The network controller determines, according to the collected metrics, whether to perform scheduling migration on the secondary routing load balancing, where the metric factor includes at least one of: hardware resource utilization of the secondary routing, network Carry bandwidth and energy saving requirements.
  12. 根据权利要求11所述的方法,其中,在所述网络控制器对所述二级路由负载均衡进行调度迁移之前,还包括:The method of claim 11, wherein before the network controller performs the scheduled migration of the secondary route load balancing, the method further includes:
    所述网络控制器通过北向接口向第三方提供所采集到的所述度量因子;The network controller provides the collected metrics to a third party through a northbound interface;
    所述网络控制器接收所述第三方的调度策略,并根据所述调度策略对所述二级路由负载均衡进行调度迁移。The network controller receives the scheduling policy of the third party, and performs scheduling migration on the secondary route load balancing according to the scheduling policy.
  13. 根据权利要求10所述的方法,其中,在所述网络控制器对挂死的所述二级路由进行恢复之前,还包括:The method of claim 10, wherein before the network controller recovers the suspended secondary route, the method further includes:
    所述网络控制器将二级路由集群中挂死的二级路由负责运行的虚拟路由全部迁出,并依次在所述二级路由集群的其他单元中克隆所述挂死的二级路由。The network controller migrates all the virtual routes that are responsible for running the secondary routes hanged in the secondary routing cluster, and sequentially clones the hanged secondary routes in other units of the secondary routing cluster.
  14. 根据权利要求8所述的方法,其中,在所述源一级路由向网络控制器请求转发策略之前,还包括:The method according to claim 8, wherein before the source-level routing requests the forwarding policy from the network controller, the method further includes:
    所述网络控制器为每个所述虚拟网络分配唯一的全局标识。The network controller assigns a unique global identity to each of the virtual networks.
  15. 根据权利要求7所述的方法,其中,在所述源一级路由将所述数据包转发至二级路由之后,还包括:The method of claim 7, wherein after the source-level routing forwards the data packet to the secondary route, the method further includes:
    所述二级路由将所述数据包转发至所述目标设备对应的目标一级路由,并由所述目标一级路由将所述数据包转发至所述目标设备所在虚拟网络。The secondary route forwards the data packet to a target primary route corresponding to the target device, and forwards the data packet to the virtual network where the target device is located by the target primary route.
  16. 根据权利要求7所述的方法,其中,在所述源一级路由将所述数据包转发至边界网关路由之后,还包括:The method of claim 7, wherein after the source-level routing forwards the data packet to the border gateway route, the method further includes:
    所述边界网关路由对所述数据包进行到外部网络的源地址转换/目的地址转换,并转发至所述外部网络。 The border gateway routes the source address translation/destination address translation of the data packet to the external network and forwards to the external network.
PCT/CN2014/090190 2014-06-18 2014-11-03 Virtual routing system and method WO2015192584A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410273228.8 2014-06-18
CN201410273228.8A CN105227454B (en) 2014-06-18 2014-06-18 Virtual flow-line system and method

Publications (1)

Publication Number Publication Date
WO2015192584A1 true WO2015192584A1 (en) 2015-12-23

Family

ID=54934807

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/090190 WO2015192584A1 (en) 2014-06-18 2014-11-03 Virtual routing system and method

Country Status (2)

Country Link
CN (1) CN105227454B (en)
WO (1) WO2015192584A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112003750A (en) * 2020-08-24 2020-11-27 浪潮云信息技术股份公司 Data center host Overlay network access control method
CN114827015A (en) * 2022-04-29 2022-07-29 深圳爱捷云科技有限公司 Data forwarding method and virtualization cloud network architecture
CN115208813A (en) * 2022-09-14 2022-10-18 腾讯科技(深圳)有限公司 Method, device, equipment and storage medium for migrating border gateway protocol
CN115514692A (en) * 2022-09-20 2022-12-23 深信服科技股份有限公司 Network interaction method, system, storage medium and terminal in resource pool
CN115801782A (en) * 2023-01-29 2023-03-14 中国人民解放军61660部队 Cross-regional data center cloud resource scheduling system and method

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10187290B2 (en) * 2016-03-24 2019-01-22 Juniper Networks, Inc. Method, system, and apparatus for preventing tromboning in inter-subnet traffic within data center architectures
US10608928B2 (en) 2016-08-05 2020-03-31 Huawei Technologies Co., Ltd. Service-based traffic forwarding in virtual networks
CN107733670B (en) * 2016-08-11 2020-05-12 新华三技术有限公司 Forwarding strategy configuration method and device
CN107171953B (en) * 2017-05-22 2020-04-28 浙江工商大学 Virtual router implementation method
CN107612923B (en) * 2017-10-09 2020-05-01 中国银联股份有限公司 Service access method and device based on network policy group
US20200028758A1 (en) * 2018-07-17 2020-01-23 Cisco Technology, Inc. Multi-cloud connectivity using srv6 and bgp
CN111884937B (en) * 2020-07-23 2022-06-24 江苏安超云软件有限公司 Device and method for realizing high-speed network in cloud computing system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102077508A (en) * 2009-03-18 2011-05-25 松下电器产业株式会社 Multicast communication method and apparatus for receiving and forwarding data via a network among a plurality of nodes
CN102137001A (en) * 2010-11-29 2011-07-27 华为技术有限公司 Routing information exchange method, equipment and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7889738B2 (en) * 2005-12-21 2011-02-15 Solace Systems Inc. Shared application inter-working with virtual private networks
US8639793B2 (en) * 2010-10-29 2014-01-28 Cisco Technology, Inc. Disaster recovery and automatic relocation of cloud services
WO2014000292A1 (en) * 2012-06-30 2014-01-03 华为技术有限公司 Migration method, serving control gateway and system for virtual machine across data centres

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102077508A (en) * 2009-03-18 2011-05-25 松下电器产业株式会社 Multicast communication method and apparatus for receiving and forwarding data via a network among a plurality of nodes
CN102137001A (en) * 2010-11-29 2011-07-27 华为技术有限公司 Routing information exchange method, equipment and system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112003750A (en) * 2020-08-24 2020-11-27 浪潮云信息技术股份公司 Data center host Overlay network access control method
CN112003750B (en) * 2020-08-24 2023-11-21 浪潮云信息技术股份公司 Data center host computer Overlay network access control method
CN114827015A (en) * 2022-04-29 2022-07-29 深圳爱捷云科技有限公司 Data forwarding method and virtualization cloud network architecture
CN114827015B (en) * 2022-04-29 2024-04-02 深圳爱捷云科技有限公司 Data forwarding method and virtualized cloud network architecture
CN115208813A (en) * 2022-09-14 2022-10-18 腾讯科技(深圳)有限公司 Method, device, equipment and storage medium for migrating border gateway protocol
CN115208813B (en) * 2022-09-14 2022-11-25 腾讯科技(深圳)有限公司 Method, device, equipment and storage medium for migrating border gateway protocol
CN115514692A (en) * 2022-09-20 2022-12-23 深信服科技股份有限公司 Network interaction method, system, storage medium and terminal in resource pool
CN115801782A (en) * 2023-01-29 2023-03-14 中国人民解放军61660部队 Cross-regional data center cloud resource scheduling system and method
CN115801782B (en) * 2023-01-29 2023-05-16 中国人民解放军61660部队 Cross-regional data center cloud resource scheduling system and method

Also Published As

Publication number Publication date
CN105227454A (en) 2016-01-06
CN105227454B (en) 2019-02-26

Similar Documents

Publication Publication Date Title
WO2015192584A1 (en) Virtual routing system and method
EP4052124B1 (en) Cloud computing in communications service provider networks
CN115004661B (en) Mobility of cloud computing instances hosted within a communication service provider network
US10389620B2 (en) System and apparatus of a software-service-defined-network (SSDN)
EP4049139B1 (en) Latency-based placement of cloud compute instances within communications service provider networks
US10887276B1 (en) DNS-based endpoint discovery of resources in cloud edge locations embedded in telecommunications networks
US8667171B2 (en) Virtual data center allocation with bandwidth guarantees
JP5976942B2 (en) System and method for providing policy-based data center network automation
US11095534B1 (en) API-based endpoint discovery of resources in cloud edge locations embedded in telecommunications networks
CN103607430A (en) Network processing method and system, and network control center
WO2017032300A1 (en) Data transmission method, virtual network management apparatus, and data transmission system
CN104780088A (en) Service message transmission method and equipment
US9894144B2 (en) Application level mirroring in distributed overlay virtual networks
WO2018045992A1 (en) Address management method and apparatus
CN109104313B (en) SFC dynamic deployment method with flow awareness and energy perception
JP2023519656A (en) Dynamic cellular connectivity between hypervisors and virtual machines
US11374820B2 (en) Centralized controller-based dynamic network bandwidth allocation and management
US11743325B1 (en) Centralized load balancing of resources in cloud edge locations embedded in telecommunications networks
WO2023088924A1 (en) Prioritizing data replication packets in cloud environment
US11252034B1 (en) Generating candidate links and candidate paths before selecting links for an optimized optical network plan
Xu et al. An energy-aware method for multi-domain service function chaining
CN110058970B (en) Double-virtual-machine quasi-synchronous evacuation method under disaster risk model
US20220326995A1 (en) Tenant fairness in a multi-tenant environment
US20240160496A1 (en) Address management in gpu super cluster
US20240152396A1 (en) Supercluster network of graphical processing units (gpus)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14895318

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14895318

Country of ref document: EP

Kind code of ref document: A1