WO2017032300A1 - Procédé de transmission de données, appareil de gestion de réseau virtuel et système de transmission de données - Google Patents

Procédé de transmission de données, appareil de gestion de réseau virtuel et système de transmission de données Download PDF

Info

Publication number
WO2017032300A1
WO2017032300A1 PCT/CN2016/096372 CN2016096372W WO2017032300A1 WO 2017032300 A1 WO2017032300 A1 WO 2017032300A1 CN 2016096372 W CN2016096372 W CN 2016096372W WO 2017032300 A1 WO2017032300 A1 WO 2017032300A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
gateway
address
subnet
router
Prior art date
Application number
PCT/CN2016/096372
Other languages
English (en)
Chinese (zh)
Inventor
段可博
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201610698151.8A external-priority patent/CN106487695B/zh
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2017032300A1 publication Critical patent/WO2017032300A1/fr

Links

Images

Definitions

  • the present invention relates to the field of communications, and in particular, to a data transmission method, a virtual network management device, and a data transmission system.
  • Data center communications include east-west communications and north-south communications.
  • the east-west communication refers to the internal communication of the data center
  • the north-south communication refers to the communication between the data center and the external network.
  • FIG. 1 is a schematic diagram of communication between virtual networks in a data center in the prior art, wherein the data center includes a computing node and a network node, and the computing node 1 includes a virtual machine (English name: Virtual Machine, English abbreviation: VM) 1 and The virtual machine 2, the computing node 2 includes a virtual machine 3, wherein the virtual machine 1 and the virtual machine 3 belong to the virtual network 1, and the virtual machine 2 belongs to the virtual network 2.
  • the virtual machine exchanges data through the virtual machine switch (English full name: Virtual Switch, English abbreviation: VS) in the compute node.
  • the virtual machine switch English full name: Virtual Switch, English abbreviation: VS
  • communication data is centrally forwarded through a router, that is, east-west communication traffic between the virtual network 1 and the virtual network 2 needs to be forwarded through a router on the network node 1, the virtual network 1 and
  • the communication traffic of the external users of the data center also needs to be forwarded between the routers on the network node 1 and the routers at the user edge (English name: Customer Edge: CE).
  • Floating network interconnection protocol English full name: Internet Protocol, English abbreviation: IP
  • Address mode North-South communication The virtual machine of the data center is used as the server side of the client-server communication mode, and the public network address (floating IP) is configured. External users access VMs in the data center through public network addresses.
  • Direct-connected network mode North-South communication The VM in the data center acts as a client or server, and configures a private network address. It communicates with external branches or remote users through a virtual private network (English name: Virtual Private Network, English abbreviation: VPN). .
  • VPN Virtual Private Network
  • Source address translation (English name: Source Network Address Translation, English abbreviation: SNAT) mode North-South communication: multiple VMs in the data center share a public IP address through SNAT, as a client to access the server on the external network.
  • SNAT Source Network Address Translation
  • the cloud computing platform in the prior art provides a distributed solution to the first north-south communication method described above, but the other two methods of north-south communication data are completely dependent on the existing centralized processing scheme for forwarding. Due to the processing capability of the router on the network node, when the direct-connected network mode has a large north-south communication traffic, or the SNAT mode has a large north-south communication traffic, the data forwarding efficiency is low and the communication delay is large.
  • Embodiments of the present invention provide a data transmission method, a virtual network management apparatus, and a data transmission system, which can provide a distributed solution for direct-to-network mode north-south communication, improve data forwarding efficiency, and reduce communication delay.
  • a data transmission method includes:
  • the network identification information includes subnet information of the virtual network
  • the subnet information is used to identify a subnet of the virtual network
  • the subnet of the virtual network includes a first sub network
  • router information where the router information is used to indicate a connection status between the router and a subnet of the virtual network, and a connection status between the router and the external network;
  • the network identification information is , Sending the router information and the virtual machine information to the computing node where the virtual machine is located, instructing the computing node to create a gateway, and configuring the gateway, where the gateway is used to send a VPN packet to the virtual private network. Forward.
  • the configuring the gateway includes:
  • the gateway Adding an uplink interface to the gateway, where the uplink interface is an interface of the external network, and is used for performing VPN packet forwarding with a user edge CE router;
  • the forwarding policy includes: a VPN packet received from the virtual machine, where a next hop address is an address of a downlink interface of the CE router; The VPN packet received by the downlink interface of the CE router. The destination address is the address of the virtual machine.
  • the method further includes:
  • routing information issuing module is configured to advertise the routing information of the virtual machine to the CE router by using the routing information issuing module, so that the CE router maintains an updated CE routing table, where the content recorded in the CE routing table includes The VPN packet received by the external network, and the next hop address is the address of the uplink interface of the gateway.
  • the creating a routing information publishing module includes:
  • routing information publisher instance creating a routing information publisher instance, configuring a separate address space for the routing information publisher instance, and connecting the routing information publisher instance to a routing agent, where the routing information publisher instance is used to dynamically
  • the corresponding router instance on the CE router sends routing information of the virtual machine.
  • the routing information that is sent by the routing information issuing module to the CE router to dynamically advertise the routing information of the virtual machine includes:
  • the routing information issuing module issues the updated routing information of the virtual machine to the CE router.
  • the method further includes:
  • the gateway is revoked.
  • a virtual network management apparatus includes:
  • a virtual network management module configured to acquire network identifier information of the virtual network, where the network identifier information includes subnet information of the virtual network, where the subnet information is used to identify a subnet of the virtual network, and the virtual network
  • the subnet includes the first subnet
  • a network node management module configured to acquire router information, where the router information is used to indicate a connection status between the router and a subnet of the virtual network, and a connection status between the router and the external network;
  • a computing node management module configured to acquire virtual machine information, where the virtual machine information is used to indicate a subnet to which the virtual machine is connected;
  • the computing node management module determines that the subnet to which the virtual machine is connected is the first subnet, and the first subnet is connected to the router, and the router is connected to the external network, Sending the network identification information, the router information, and the virtual machine information to a computing node where the virtual machine is located, to instruct the computing node to create a gateway, and configuring the gateway, where the gateway is used to Forward the virtual private network VPN packets.
  • the computing node management module is specifically configured to:
  • the gateway Adding an uplink interface to the gateway, where the uplink interface is an interface of the external network, and is used for performing VPN packet forwarding with a user edge CE router;
  • the forwarding policy includes: a VPN packet received from the virtual machine, where a next hop address is an address of a downlink interface of the CE router; The VPN packet received by the downlink interface of the CE router.
  • the destination address is the virtual address. The address of the machine.
  • the network node management module is further configured to create a routing information publishing module, and send the module to the CE by using the routing information
  • the router advertises the routing information of the virtual machine, so that the CE router maintains the updated CE routing table, and the content recorded in the CE routing table includes the VPN packet received from the external network, and the next hop address is the The address of the gateway upstream interface.
  • the network node management module is specifically configured to create a routing information publisher instance, and configure the routing information publisher instance independently.
  • An address space is provided, and the routing information publisher instance is connected to the routing agent, and the routing information publisher instance is configured to send routing information of the virtual machine to a corresponding router instance on the CE router by using a dynamic routing protocol.
  • the network node management module is specifically configured to: after the virtual machine is created, migrated, or revoked, pass the routing information.
  • the publishing module issues updated routing information of the virtual machine to the CE router.
  • the network node management module is further configured to obtain updated router information
  • the computing node management module is further configured to: when the connection between the first subnet and the router is disconnected, or the connection between the router and the external network, according to the updated router information When disconnected, the gateway is revoked;
  • the computing node management module is further configured to obtain updated virtual machine information from the computing node;
  • the computing node management module is further configured to: when the connection between the virtual machine and the first subnet is disconnected, cancel the gateway according to the updated virtual machine information.
  • a third aspect is a data transmission system, comprising: a cloud resource manager, a virtual network management device, a network node, and a computing node;
  • the cloud resource manager is configured to create a virtual network, and send network identification information of the virtual network to the virtual network management device, where the network identification information includes subnet information of the virtual network, the sub The network information is used to identify a subnet of the virtual network, and the subnet of the virtual network includes a first subnet;
  • the cloud resource manager is further configured to instruct the network node to create a router, and configure a connection state between the router and a subnet of the virtual network, and a connection state between the router and an external network;
  • the network node is configured to send router information to the virtual network management device, where the router information is used to indicate a connection state between a router and a subnet of the virtual network, and between the router and an external network. Connection status
  • the cloud resource manager is further configured to instruct the computing node to create a virtual machine, and connect the virtual machine to a subnet of the virtual network;
  • the computing node is further configured to send virtual machine information to the virtual network management device, where the virtual machine information is used to indicate a subnet to which the virtual machine is connected;
  • the virtual network management device determines that the subnet to which the virtual machine is connected is the first subnet, and the first subnet is connected to the router, and the router is connected to the external network, Sending the network identification information, the router information, and the virtual machine information to a computing node where the virtual machine is located, to instruct the computing node to create a gateway, and configuring the gateway, where the gateway is used to Forward the virtual private network VPN packets.
  • the virtual network management device is specifically configured to:
  • the gateway Adding an uplink interface to the gateway, where the uplink interface is an interface of the external network, and is used for performing VPN packet forwarding with a user edge CE router;
  • the forwarding policy includes: a VPN packet received from the virtual machine, where a next hop address is an address of a downlink interface of the CE router; The VPN packet received by the downlink interface of the CE router. The destination address is the address of the virtual machine.
  • the virtual network management apparatus is further configured to instruct the network node to create a routing information publishing module, and the virtual machine Routing information is sent to the routing information publishing module;
  • the routing information issuing module is configured to advertise the routing information of the virtual machine to the CE router, so that the CE router maintains an updated CE routing table, and the content packet recorded by the CE routing table
  • the VPN packet received from the external network, the next hop address is the address of the gateway uplink interface.
  • the virtual network management apparatus is specifically configured to instruct the network node to create a routing information publisher instance, where the routing information is The publisher instance configures a separate address space, and connects the routing information publisher instance to a routing agent, where the routing information publisher instance is configured to send the virtual to the corresponding router instance on the CE router by using a dynamic routing protocol. Machine routing information.
  • the virtual network management device is specifically configured to pass the routing information after the virtual machine is created, migrated, or revoked.
  • the publishing module issues updated routing information of the virtual machine to the CE router.
  • the virtual network management device is further configured to acquire updated router information, according to the updated router information, when a connection between the first subnet and the router is disconnected, or the router and the When the connection of the external network is disconnected, the gateway is revoked;
  • the virtual network management device is further configured to obtain updated virtual machine information, and according to the updated virtual machine information, when the connection between the virtual machine and the first subnet is disconnected, the gateway is revoked .
  • the data transmission method, the virtual network management device, and the data transmission system provided by the embodiments of the present invention acquire the router information, acquire the virtual machine information, acquire the virtual machine information, and obtain the virtual machine information according to the network identification information, the router information, and the virtual machine.
  • the information is judged.
  • a distributed gateway is created on the computing node, and the distribution is performed.
  • the gateway is configured to forward VPN packets through the distributed gateway. VPN packets do not need to rely on the existing centralized processing scheme for forwarding.
  • multiple virtual machines belonging to the same virtual network or different virtual networks on the same computing node may share the same distributed gateway.
  • a distributed gateway because it is only responsible for forwarding VPN packets of the virtual machine on the compute node, the workload is small, and the distributed gateway is sufficient to forward the VPN packets of these virtual machines efficiently, thus avoiding the VPN.
  • the congestion of the message reduces the communication delay.
  • a fourth aspect of the present application provides a gateway creation method, including: a virtual network management apparatus first determining a subnet in which a virtual machine VM established on a computing node is located.
  • the virtual network management device may query the stored IP address segment of each subnet by using the IP address of the VM to confirm the subnet where the VM is located.
  • the virtual network management device determines a gateway address corresponding to the subnet where the VM is located, a network identifier ID of the subnet where the VM is located, an IP address segment of the external network corresponding to the tenant to which the VM belongs, a network ID of the external network, and the The gateway address corresponding to the external network.
  • the virtual network management device determines an IP address of the external network and a MAC address corresponding to the IP address of the external network, and the IP address of the external network belongs to an IP address segment of the external network.
  • the IP address of the uplink interface of the gateway created by the tenant on different computing nodes belongs to the IP address segment of the external network. Therefore, after the virtual network device acquires the IP address segment of the external network, it is required to allocate an IP address of the external network and a MAC address corresponding to the IP address of the external network as the gateway from the IP address segment of the external network.
  • the address of the upstream interface. The allocation action may be performed by the virtual network device or by the cloud resource manager.
  • the virtual network device allocates an unoccupied IP address from the IP address segment of the external network. If the allocation action is performed by the cloud resource manager, the virtual network device requests the cloud resource manager to allocate an unoccupied IP address from the IP address segment of the external network and assign a MAC address corresponding to the IP address of the external network. The cloud resource manager sends the assigned IP address of the external network and the MAC address corresponding to the IP address of the external network to the virtual network device.
  • the virtual network management device sends the gateway address corresponding to the subnet where the VM is located, the IP address of the external network and the MAC address corresponding to the IP address of the external network to the computing node, and instructs the computing node to create a gateway.
  • the scenario of establishing a VM on one computing node since the scenario of establishing a VM on one computing node is involved here, it only involves establishing a corresponding gateway on the computing node, and the actual data transmission system is provided with multiple computing nodes, each of which runs on the computing node of the VM.
  • the gateways are all provided with corresponding gateways. These gateways are distributed to each computing node. Compared with the traditional centralized routers deployed on the network nodes, the processing efficiency of VPN packets is not affected. Limited to the processing power of the network node.
  • the gateway is configured with an uplink interface and a downlink interface, and the address of the uplink interface of the gateway includes an IP address of the external network and a MAC address corresponding to the IP address of the external network, and the uplink of the gateway
  • the port is used for communicating with the downlink interface of the CE router.
  • the address of the downlink interface of the CE router is the gateway address corresponding to the external network, and the address of the downlink interface of the gateway is the gateway address corresponding to the subnet where the VM is located.
  • the downlink interface is used to communicate with the subnet where the VM is located.
  • the virtual network management device configures a forwarding policy for the gateway according to the gateway address corresponding to the external network, the network ID of the subnet where the VM is located, and the network ID of the external network, where the forwarding policy indicates that the gateway sends the first
  • the VPN packet is converted into a second VPN packet, where the first VPN packet carries the network ID of the subnet where the VM is located, and the second VPN packet carries the network ID of the external network, and the forwarding policy further indicates the The gateway sends the second VPN packet to the downlink interface of the CE router through the uplink interface of the gateway.
  • the method further includes: acquiring, by the virtual network management device, N subnets The subnet information, the subnet information of each subnet includes a network identifier ID and an IP address segment, where N is an integer greater than 0, and the N subnets belong to the tenant; the virtual network management device obtains the gateway address corresponding to each subnet.
  • the IP address segment of the external network, the network ID of the external network, and the gateway address corresponding to the external network; the virtual network management device determines that the subnet in which the VM established on the computing node is located includes: the virtual network management device acquires the The IP address of the VM, and the subnet where the VM is located is determined according to the IP address of the VM.
  • the virtual management device transmits various types of information determined according to the IP address of the VM to the virtual network management device in advance by the cloud resource manager.
  • the method further includes: the virtual network management device is configured to advertise the routing information of the VM to the CE router, where the route is The information is used to instruct the CE router to send a message destined for the VM to the uplink interface of the gateway.
  • the gateway provided by the present invention is distributed to each computing node.
  • the CE router receives the packet sent by the public network, the CE router needs to confirm, according to the routing information, which gateway the packet is sent to. interface.
  • the routing information of the VM needs to be released to the CE router.
  • the routing information corresponding to the revoked VM or the migrated VM needs to be updated to the CE router.
  • the method further includes: the virtual network management device determines that all VMs belonging to the tenant on the computing node are revoked; and the virtual network management device instructs the computing node to revoke the gateway.
  • the revoking the gateway may save the physical resources of the computing node, and may also The IP address and MAC address of the external network assigned to the gateway are released. Because the address resources of the external network to which each tenant belongs are limited, the reasonable recovery of the allocated address resources of the external network helps to improve the utilization of the address resources of the external network. rate.
  • a virtual network management apparatus for creating a gateway on a computing node that newly created a VM.
  • the apparatus includes at least one module for performing the gateway creation method provided by any one of the fourth aspect or the fourth aspect.
  • a computing device comprising a processor and a memory.
  • the computing device can be a virtual network management device in a data transmission system on which software for implementing an SDN controller can be executed to enable the computing device to implement the functions of the SDN controller.
  • the computing device is configured to perform the gateway creation method provided by any one of the fourth aspect or the fourth aspect.
  • a data transmission system comprising a cloud resource manager, a virtual network management device provided by the fifth aspect or the sixth aspect, a CE router, and at least one computing node.
  • the cloud resource manager establishes a communication connection with the virtual network management device
  • the virtual network management device establishes a communication connection with each computing node
  • the CE router establishes a communication connection with each computing node.
  • the cloud resource manager is configured to use subnet information of N subnets, and the subnet information of each subnet includes a network ID and an IP address segment, where N is an integer greater than 0, and the N subnets belong to one tenant, each sub
  • the gateway address corresponding to the network, the IP address segment of the external network corresponding to the tenant, the network ID of the external network, and the gateway address corresponding to the external network are sent to the virtual network management device.
  • the virtual network management device is configured to determine an IP address of the VM created on the first computing node, the VM belongs to the tenant, determine a subnet where the VM is located according to the IP address of the VM, and determine a subnet corresponding to the VM.
  • the virtual network management device is further configured to send, to the computing node, a gateway address corresponding to the subnet where the VM is located, and an IP address of the external network and a MAC address corresponding to the IP address of the external network. And instructing the first computing node to create a gateway.
  • the gateway is configured with an uplink interface and a downlink interface, and the address of the uplink interface of the gateway includes a MAC address corresponding to an IP address of the external network and an IP address of the external network, and an uplink interface of the gateway is used for a downlink interface with the CE router.
  • the address of the downlink interface of the CE router is the gateway address corresponding to the external network
  • the address of the downlink interface of the gateway is the gateway address corresponding to the subnet where the VM is located, and the downlink interface of the gateway is used for the VM. Subnet communication.
  • the virtual network management device is further configured to generate a forwarding policy according to a gateway address corresponding to the external network, a network identifier ID of the subnet where the VM is located, and a network ID of the external network, where the forwarding policy indicates that the gateway sends the VM
  • the first VPN packet is converted into a second VPN packet, where the first VPN packet carries the network identifier of the subnet where the VM is located, and the second VPN packet carries the network ID of the external network, and the forwarding policy is used.
  • the gateway is also instructed to send the second VPN packet to the downlink interface of the CE router through the uplink interface of the gateway.
  • the first computing node is configured to create the gateway and receive the forwarding policy, and configure the forwarding policy for the gateway.
  • the virtual network management apparatus is further configured to: advertise routing information of the VM to the CE router, where the routing information is used to indicate that the CE router is to be a destination
  • the message of the VM is sent to the uplink interface of the gateway.
  • the data transmission system further includes a routing information issuing module, where the routing information issuing module is disposed in a computing node or a network node of the data transmission system;
  • the virtual network management device is further configured to generate routing information of the VM, where the routing information is used to indicate that the CE router sends a packet destined for the VM to an uplink interface of the gateway;
  • the routing information issuing module is configured to issue routing information of the VM to the CE router.
  • the virtual network management device is further configured to determine that all VMs belonging to the tenant on the computing node are revoked. Instructing the compute node to revoke the gateway.
  • a storage medium in which program code is stored, and when the program code is executed, the method provided by any one of the fourth aspect or the fourth aspect is executed.
  • the storage medium includes, but is not limited to, a flash memory (English: flash memory), a hard disk (English: hard disk drive, abbreviated as HDD) or a solid state drive (English: solid state drive, Abbreviation: SSD).
  • a ninth aspect of the present application provides a computer program product, which may be a software installation package, when the software installation package is executed, performing any one of the fourth aspect or the fourth aspect method.
  • FIG. 1 is a schematic diagram of a communication manner between virtual networks in a data center in the prior art
  • FIG. 2 is a schematic flowchart of a data transmission method according to Embodiment 1 of the present invention.
  • FIG. 3 is a schematic flowchart of a data transmission method according to Embodiment 2 of the present invention.
  • FIG. 4 is a schematic diagram of an SDN controller issuing routing information of a virtual machine through a routing information publishing module;
  • FIG. 5 is a schematic diagram of north-south communication of a direct connection network between a virtual machine and a communication peer according to Embodiment 2 of the present invention.
  • FIG. 6 is a schematic structural diagram of a virtual network management apparatus according to Embodiment 3 of the present invention.
  • FIG. 7 is a schematic structural diagram of a data transmission system according to Embodiment 4 of the present invention.
  • FIG. 8 is a schematic structural diagram of a data transmission system according to Embodiment 5 of the present invention.
  • FIG. 9 is a schematic structural diagram of a computing device according to an embodiment of the present invention.
  • FIG. 10 is a schematic structural diagram of a virtual network management apparatus according to an embodiment of the present invention.
  • Embodiments of the present invention provide a data transmission method, which is applied to a cloud computing scenario, and provides a distributed solution for north-south communication of a direct connection network mode.
  • the method involves a cloud resource manager, a virtual network management device, a network node, a computing node, and a CE router.
  • the cloud resource manager is used for resource allocation and management, including virtual network creation, virtual machine creation, migration, and deletion.
  • the cloud resource manager may be an object with the same or similar functions provided by Openstack, or other cloud resource management platform.
  • the network node is used for transmitting, forwarding, and the like of the network data.
  • the forwarding function of the north-south communication data is mainly involved.
  • a virtual machine is created in the computing node, and the virtual machine is a host in the virtual network, and is a main body for north-south communication with the communication peer.
  • the virtual network management device is the main body for managing the virtual network.
  • the virtual network management device acquires the topology of the entire virtual network from the information reported by the network node and the computing node, including between the virtual machine and the router in the virtual network, and between the router and the data center external network.
  • the connection state which manages the virtual network according to the topology of the virtual network.
  • the data packet of the north-south communication of the virtual network is sent from the data center, then enters the VPN through the CE router, and finally sends to the communication pair. end.
  • the data packets sent by the communication peer to the north-south communication of the virtual network in the data center are sent to the CE router through the VPN and forwarded to the data center through the CE router.
  • the data transmission method provided by the embodiment of the present invention is applied to a virtual network management apparatus. Referring to FIG. 2, the method includes the following steps:
  • the virtual network management device acquires network identification information of the virtual network.
  • the network identification information includes the network ID of the virtual network and the subnet information of the virtual network.
  • the subnet information is used to identify the subnet of the virtual network.
  • the subnet information is used to identify each subnet included in the virtual network, including the first subnet. Specifically, different subnets are identified by their respective Internet Protocol (English Protocol: Internet Protocol, IP address) and the corresponding subnet mask. Of course, the virtual network can also include only one subnet, the first subnet.
  • the virtual network management device is a software defined network (English name: Software Defined Network, English abbreviation: SDN) controller.
  • SDN Software Defined Network
  • the embodiment of the present invention is described by taking an application scenario in which the virtual network management device is an SDN controller as an example. After the virtual network is created, the network node sends the network identification information of the virtual network to the SDN controller.
  • the router information is used to indicate the connection status of the router, including which subnet connections of the router and the virtual network, and whether the router is connected to the external network of the data center.
  • a virtual network consists of two subnets. If both subnets are connected to a router, east-west communication can take place between the two subnets. If the router is further connected to an external network, any of the two subnets can communicate north-south.
  • the network node is instructed to create a router to provide a routing service for the created virtual network.
  • the cloud resource manager configures it to connect the router to some or all of the subnets in the virtual network, or to further connect the router to the external network of the data center.
  • the network node sends the router information to the SDN controller according to the connection state of the router.
  • the cloud resource manager After the cloud resource manager creates the virtual network, instructs the compute node to create a virtual machine and connect the virtual machine to a subnet of the virtual network.
  • the subnet connected to the virtual machine is the first subnet will be described as an example.
  • the compute node After the virtual machine is connected to the first subnet, the compute node sends the virtual machine information to the SDN controller.
  • the network identification information, the router information, and the virtual machine information are sent to the virtual machine.
  • Compute node to instruct the compute node to create a distributed gateway and configure the distributed gateway.
  • the distributed gateway is configured to forward the VPN packets of the virtual private network.
  • the VPN packet is a data packet when the virtual machine performs the north-south communication in the direct connection network mode.
  • steps 201-204 are respectively performed for different computing nodes, and a distributed gateway is established on multiple computing nodes to forward virtual machine VPN packets on different computing nodes. .
  • the SDN controller enters the network identification information, router information, and virtual machine information of the virtual network. It is determined that if the first subnet is connected to the router and the router is connected to the external network, it indicates that the virtual machine has a north-south communication requirement for direct connection network mode, and a distributed gateway is established at this time.
  • the distributed gateway is configured, including connecting the first subnet with the distributed gateway, and connecting the distributed gateway to the external network.
  • the virtual machine can send a VPN packet to the communication peer through the distributed gateway, or receive the VPN packet sent by the communication peer through the distributed gateway.
  • the SDN controller obtains the network identification information of the virtual network from the cloud resource manager, acquires the router information from the network node, acquires the virtual machine information from the computing node, and according to the network identification information, The router information and the virtual machine information are judged.
  • a distributed gateway is created on the computing node. The distributed gateway is configured to forward VPN packets through the distributed gateway. VPN packets do not need to rely on the existing centralized processing scheme for forwarding.
  • multiple virtual machines belonging to the same virtual network or different virtual networks on the same computing node may share the same distributed gateway.
  • a distributed gateway because it is only responsible for forwarding VPN packets of the virtual machine on the compute node, the workload is small, and the distributed gateway is sufficient to forward the VPN packets of these virtual machines efficiently, thus avoiding the VPN.
  • the congestion of the message reduces the communication delay.
  • the second embodiment of the present invention provides a data transmission method. Referring to FIG. 3, the following steps are included:
  • the cloud resource manager creates a virtual network, and sends network identification information of the virtual network to the SDN controller.
  • the network identification information includes the network ID of the virtual network and the subnet information of the virtual network.
  • the subnet information is used to identify a subnet of the virtual network, and the subnet of the virtual network includes the first subnet.
  • the network ID may be a virtual local area network (English name: Virtual Local Area Network, English abbreviation: VLAN) ID or a virtual extensible local area network (English full name: Virtual Extensible Local Area Network, English abbreviation: VxLAN) ID.
  • the subnet information of the virtual network is used to indicate the subnets included in the virtual network, and may specifically include the IP addresses of the subnets. And the subnet mask.
  • the cloud resource manager instructs the network node to create a router and configure a connection state of the router.
  • the configuration of the connection state of the router means that the router is connected to some or all of the subnets in the virtual network, or the router can be further connected to the external network.
  • connecting the router to the first subnet means adding a subnet interface to the router.
  • the IP address of the subnet interface is the gateway address of the first subnet.
  • the first subnet is any subnet of the virtual network.
  • connecting a router to an external network means adding an external network interface to the router.
  • a name space may be further created for the router. If the virtual network only needs to communicate directly with the north-south network, there is no need to create a namespace for the router.
  • the network node sends the router information to the SDN controller.
  • the router information is used to indicate the connection status of the router. It is specifically used to indicate which subnets in the virtual network the router is connected to and whether it is connected to the external network.
  • the cloud resource manager instructs the computing node to create a virtual machine and connect the virtual machine to a subnet of the virtual network.
  • the computing node sends the virtual machine information to the SDN controller.
  • the virtual machine information is used to indicate the subnet to which the virtual machine is connected.
  • the SDN controller acquires network identification information, router information, and virtual machine information of the virtual network, where the information describes the topology of the virtual network, including the connection relationship between the subnet and the router in the virtual network, and the sub-network.
  • the virtual machine connected to the network and the connection status between the virtual network and the external network.
  • the SDN controller determines that the subnet connected to the virtual machine is the first subnet, and the first subnet is connected to the router, and the router is connected to the external network, sending the network identification information, the router information, and the virtual machine information to The compute node where the virtual machine resides to instruct the compute node to create a distributed gateway.
  • the distributed gateway is used to forward the VPN packets of the virtual private network.
  • the VPN packets are the data packets when the virtual machine performs the north-south communication in the direct connection network mode.
  • the SDN controller judges according to the topology of the virtual network to determine whether to establish a distributed network. turn off. Specifically, if the router is not connected to the external network, that is, the external network interface is not configured for the router, indicating that the virtual machine does not have the requirement of direct-to-network communication in the north-south direction, there is no need to establish a distributed gateway. If the router is connected to the external network, it indicates that the virtual machine has a north-south communication requirement for the direct connection network mode, and a distributed gateway is established.
  • the SDN controller configures the distributed gateway.
  • the distributed gateway can forward VPN packets.
  • the configuration of the distributed gateway includes three points, adding a downlink interface for the distributed gateway, adding an uplink interface for the distributed gateway, and setting a forwarding policy for the distributed gateway.
  • the downlink interface of the distributed gateway is the interface between the distributed gateway and the virtual network subnet. This embodiment is only for the first subnet.
  • the SDN controller determines the network segment to which the first subnet belongs within the virtual network according to the network identification information, and then adds a downlink interface to the distributed gateway, where the IP address of the downlink interface is the gateway address of the first subnet.
  • the uplink interface of the distributed gateway is the interface between the distributed gateway and the CE router.
  • the SDN controller adds an uplink interface to the distributed gateway, and the uplink interface is an interface of the external network, and the downlink interface of the CE router belongs to the same external network, so that the distributed gateway can forward the VPN packet with the CE router.
  • a forwarding policy of a distributed gateway that is, a rule for a distributed gateway to forward VPN packets.
  • the forwarding policy may be implemented in the form of a routing table. Or implemented in the form of an OpenFlow flow table.
  • the OpenFlow-based forwarding rules are more flexible and applicable.
  • the compute nodes do not need to support the Name Space and do not need IP routing capabilities, thus reducing the requirements on computing nodes.
  • the SDN controller sets a forwarding policy for the distributed gateway according to the network identification information, and the forwarding policy includes: the VPN packet received from the virtual machine, the next hop address is the address of the downlink interface of the CE router; and the downlink is from the CE router.
  • the destination address is the address of the virtual machine.
  • the SDN controller instructs the network node to create a routing information publishing module, and dynamically advertises the routing information of the virtual machine to the CE router through the routing information publishing module.
  • step 307 after receiving the VPN packet, the distributed gateway completes the forwarding of the VPN packet from the distributed gateway to the CE router according to the forwarding policy of the distributed gateway.
  • the SDN controller instructs the network node to create a routing information publishing module, and dynamically sends the routing information of the virtual machine to the routing information publishing module, and the routing information publishing module issues the routing information of the virtual machine to the CE router to facilitate the CE router.
  • the content of the table record includes the VPN packet received from the external network, and the next hop address is the address of the uplink interface of the distributed gateway.
  • the CE router After receiving the VPN packet sent by the communication peer, the CE router forwards the VPN packet from the CE router to the distributed gateway according to the CE routing table.
  • the routing information publishing module includes a routing agent (English name: Routing Agent) and a routing information publisher instance.
  • the network node is instructed to create a routing information publishing module, which is specifically to create a routing information publisher instance, configure a separate address space for the routing information publisher instance, and connect the routing information publisher instance with the routing agent.
  • the routing agent is configured to communicate with the SDN controller to obtain routing information of the virtual machine.
  • the routing information of the virtual machine obtained by the routing agent is encapsulated by the routing information publisher instance according to the dynamic routing protocol and then advertised to the CE router.
  • the dynamic routing protocol may be a Border Gateway Protocol (English name: Border Gateway Protocol, English abbreviation: BGP).
  • a routing information publisher instance can advertise routing information of multiple virtual machines on different subnets in the virtual network to the CE router.
  • the routing information of the virtual machine is dynamically advertised to the CE router.
  • the routing information of the virtual machine is updated, the routing information of the updated virtual machine is released to the CE router.
  • the SDN controller issues the routing information of the updated virtual machine to the CE router through the routing information issuing module.
  • the routing information publishing module may include multiple routing information publisher instances, and each routing information publisher instance configures an independent address space.
  • the CE router creates multiple router instances through the VPN routing and forwarding (English full name: VPN Routing and Forwarding, English abbreviation: VRF) function.
  • the router instance corresponds to the routing information publisher instance.
  • the router instance 1 corresponds to the routing information publisher instance 1
  • the router instance 2 corresponds to the routing information publisher instance 2.
  • the routing information publisher instance 1 will be able to issue routing information of the virtual machines in the N virtual networks to the router instance 1, where N is an integer greater than or equal to 1.
  • the N virtual networks share router instance 1, or router instance 1 provides routing services for the N virtual networks.
  • the routing information publisher instance 2 can also provide routing services for at least one virtual network.
  • a tenant is usually configured with a router instance that provides routing services for at least one virtual network of the tenant. Different router instances provide routing services for virtual networks of different tenants.
  • the virtual machine communicates with the communication peer through the distributed router and the CE router in a direct connection network manner.
  • VPN packet forwarding process is illustrated when the virtual machine communicates with the communication peer directly in the north-south direction.
  • IP address of the virtual machine is 192.168.100.6, and the address of the media access control (English name: Media Access Control, English abbreviation: MAC) is 1122-3344-6666.
  • the downlink interface of the distributed gateway that is, the gateway of the first subnet is 192.168.100.1, and the MAC address is 1122-3344-5555.
  • the uplink interface of the distributed gateway that is, the interface between the distributed gateway and the CE router, the IP address is 192.168.120.3, and the MAC address is 1122-3344-3333.
  • the downlink interface of the CE router has an IP address of 192.168.120.1 and a MAC address of 1122-3344-1111.
  • the IP address of the communication peer is 192.168.200.35.
  • the communication peer and the CE router are connected through a VPN that traverses the public network.
  • the virtual machine requests the downlink interface MAC address of the distributed gateway through the address resolution protocol (English name: Address Resolution Protocol, English abbreviation: ARP). After the MAC address of the downlink interface of the distributed gateway is obtained, the VPN packet is sent to the distributed gateway.
  • the content of the VPN packet is shown in Table 1.
  • the VLAN ID of the virtual network is 500 and the VLAN ID of the external network is 100.
  • the distributed gateway After receiving the VPN data packet sent by the virtual machine, the distributed gateway queries the forwarding policy (the routing table of the distributed gateway or the OpenFlow flow table) according to the destination IP address, and determines that the next hop address is the address of the downlink interface of the CE router.
  • the source MAC address is modified to the uplink interface MAC address of the distributed gateway, and the destination MAC address is modified to be the downlink interface MAC address of the CE router.
  • the VPN packet is sent to the downlink interface of the CE router through the uplink interface of the distributed gateway.
  • the distributed gateway forwards the VPN packets sent by the virtual machine from the virtual network (VLAN ID 500) to the external network (VLAN ID 100), and finally passes through the public network through the VPN and is sent to the communication peer.
  • the next hop address is determined as the address of the uplink interface of the distributed gateway according to the CE routing table, and the source MAC address is modified to the downlink interface of the CE router.
  • the MAC address is changed to the uplink interface MAC address of the distributed gateway, and then the VPN packet is sent to the uplink interface of the distributed gateway through the downlink interface of the CE router.
  • the distributed gateway After receiving the VPN data packet sent by the CE router, the distributed gateway determines the virtual network subnet to which the virtual machine is connected according to the destination IP address, and modifies the source MAC address to the downlink interface MAC address of the distributed gateway, and the destination MAC address is changed to the virtual machine MAC address. At the same time, the VLAN ID of the external network is changed to the VLAN ID of the virtual network, and then the VPN packet is sent to the virtual machine through the downlink interface of the distributed gateway.
  • the SDN controller obtains updated router information from the network node.
  • the network node reports the updated router information to the SDN controller.
  • the SDN controller cancels the distributed gateway.
  • the SDN controller acquires updated virtual machine information from the computing node.
  • connection status of the virtual machine changes, for example, the connection between the virtual machine and the first subnet is disconnected, including the creation of a new virtual machine, or the revocation and migration of the existing virtual machine.
  • the computing node reports the updated virtual machine information to the SDN controller.
  • the distributed gateway is revoked.
  • the virtual machine is disconnected from the first subnet, including the virtual machine revocation and migration.
  • the SDN controller revokes the distributed gateway. .
  • the distributed gateway can be revoked.
  • a distributed gateway is created only on the computing nodes that need to perform direct-connection network mode north-south communication, so as to reduce the scale of the external network as much as possible, and save the hardware and software resources of the computing nodes.
  • the SDN controller obtains the network identification information of the virtual network from the cloud resource manager, acquires the router information from the network node, acquires the virtual machine information from the computing node, and according to the network identification information, The router information and the virtual machine information are judged.
  • a distributed gateway is created on the computing node, and The distributed gateway is configured to forward VPN packets through the distributed gateway. VPN packets do not need to rely on the existing centralized processing scheme for forwarding.
  • multiple virtual machines belonging to the same virtual network or different virtual networks on the same computing node may share the same distributed gateway.
  • a distributed gateway because it is only responsible for forwarding VPN packets of the virtual machine on the compute node, the workload is small, and the distributed gateway is sufficient to forward the VPN packets of these virtual machines efficiently, thus avoiding the VPN.
  • the congestion of the message reduces the communication delay.
  • the third embodiment of the present invention provides a virtual network management apparatus for performing the functions performed by the SDN controller in the foregoing embodiment.
  • the virtual network management device 600 includes:
  • the virtual network management module 601 is configured to obtain network identification information of the virtual network, where the network identification information includes subnet information of the virtual network, the subnet information is used to identify a subnet of the virtual network, and the subnet of the virtual network includes the first subnet.
  • the network node management module 602 is configured to obtain router information, where the router information is used to indicate a connection status between the router and the subnet of the virtual network, and a connection status between the router and the external network.
  • the computing node management module 603 is configured to obtain virtual machine information, where the virtual machine information is used to indicate virtual The subnet to which the machine is connected.
  • the computing node management module 603 determines that the subnet to which the virtual machine is connected is the first subnet, and the first subnet is connected to the router, and the router is connected to the external network, the network identification information, the router information, and the virtual machine information are sent to The computing node where the virtual machine is located indicates that the computing node creates a gateway and configures the gateway.
  • the gateway is used to forward the VPN packets of the virtual private network.
  • the computing node management module 603 is specifically configured to:
  • An uplink interface is added to the gateway, and the uplink interface is an interface of the external network, and is used for forwarding VPN packets with the user edge CE router.
  • the forwarding policy is set for the gateway according to the network identifier information.
  • the forwarding policy includes: the VPN packet received from the virtual machine, the next hop address is the address of the downlink interface of the CE router, and the VPN packet received from the downlink interface of the CE router.
  • the destination address is the address of the virtual machine.
  • the network node management module 602 is further configured to create a routing information publishing module, and advertise the routing information of the virtual machine to the CE router by using the routing information publishing module, so that the CE router maintains and updates the CE routing table, and the content of the CE routing table records.
  • the next hop address is the address of the gateway uplink interface.
  • the network node management module 602 is specifically configured to create a routing information publisher instance, configure an independent address space for the routing information publisher instance, and connect the routing information publisher instance to the routing proxy, and use the routing information publisher instance.
  • the routing information of the virtual machine is sent to the corresponding router instance on the CE router through the dynamic routing protocol.
  • the network node management module 602 is configured to: after the virtual machine is created, migrated, or revoked, distribute the routing information of the updated virtual machine to the CE router by using the routing information publishing module.
  • the network node management module 602 is further configured to obtain updated router information.
  • the computing node management module 603 is further configured to revoke the gateway when the connection between the first subnet and the router is disconnected, or when the connection between the router and the external network is disconnected according to the updated router information.
  • the computing node management module 603 is further configured to obtain updated virtual machine information from the computing node.
  • the computing node management module 603 is further configured to revoke the gateway when the connection between the virtual machine and the first subnet is disconnected according to the updated virtual machine information.
  • the virtual network management apparatus obtains the network identifier information of the virtual network from the cloud resource manager, acquires the router information from the network node, acquires the virtual machine information from the computing node, and obtains the virtual machine information according to the network identifier information and the router information. Determining with the virtual machine information, when it is determined that the subnet to which the virtual machine is connected is the first subnet, the first subnet is connected to the router, and the router is connected to the external network of the data center, a distributed gateway is created on the computing node, and The distributed gateway is configured to forward VPN packets through the distributed gateway. VPN packets do not need to rely on the existing centralized processing scheme for forwarding.
  • multiple virtual machines belonging to the same virtual network or different virtual networks on the same computing node may share the same distributed gateway.
  • a distributed gateway because it is only responsible for forwarding VPN packets of the virtual machine on the compute node, the workload is small, and the distributed gateway is sufficient to forward the VPN packets of these virtual machines efficiently, thus avoiding the VPN.
  • the congestion of the message reduces the communication delay.
  • Embodiment 4 of the present invention provides a data transmission system.
  • the data transmission system 70 includes: a cloud resource manager 701, a virtual network management device 702, a network node 703, and a computing node 704, to complete the embodiment.
  • the functions corresponding to the execution entities in the second embodiment implement the data transmission method provided in the second embodiment.
  • the cloud resource manager 701 is configured to create a virtual network, and send network identifier information of the virtual network to the virtual network management device 702.
  • the network identifier information includes subnet information of the virtual network, and the subnet information is used to identify the virtual network.
  • Subnet the subnet of the virtual network includes the first subnet.
  • the cloud resource manager 701 is further configured to instruct the network node 703 to create a router, and configure a connection state between the router and a subnet of the virtual network, and a connection state between the router and the external network.
  • the network node 703 is configured to send the router information to the virtual network management device 702, where the router information is used to indicate the connection status between the router and the subnet of the virtual network, and the connection status between the router and the external network.
  • the cloud resource manager 701 is further configured to instruct the computing node 704 to create a virtual machine and connect the virtual machine to a subnet of the virtual network.
  • the computing node 704 is further configured to send the virtual machine information to the virtual network management device 702, where the virtual machine information is used to indicate the subnet to which the virtual machine is connected.
  • the virtual network management device 702 determines that the subnet to which the virtual machine is connected is the first subnet, and the first subnet is connected to the router, and the router is connected to the external network, the network identification information, the router information, and the virtual machine information are sent to The computing node 704, where the virtual machine is located, instructs the computing node 704 to create a gateway and configure the gateway for forwarding the virtual private network VPN packet.
  • the virtual network management device 702 is specifically configured to:
  • An uplink interface is added to the gateway, and the uplink interface is an interface of the external network, and is used for forwarding VPN packets with the user edge CE router.
  • the forwarding policy is set for the gateway according to the network identifier information.
  • the forwarding policy includes: the VPN packet received from the virtual machine, the next hop address is the address of the downlink interface of the CE router, and the VPN packet received from the downlink interface of the CE router.
  • the destination address is the address of the virtual machine.
  • the virtual network management device 702 is further configured to instruct the network node 703 to create a routing information publishing module, and send the routing information of the virtual machine to the routing information publishing module.
  • the routing information issuance module is configured to advertise the routing information of the virtual machine to the CE router, so that the CE router maintains and updates the CE routing table.
  • the content recorded in the CE routing table includes the VPN packet received from the external network, and the next hop address is the gateway. The address of the upstream interface.
  • the virtual network management device 702 is specifically configured to instruct the network node 703 to create a routing information publisher instance, configure an independent address space for the routing information publisher instance, and connect the routing information publisher instance to the routing agent, and the routing information.
  • the publisher instance is used to send routing information of the virtual machine to the corresponding router instance on the CE router through the dynamic routing protocol.
  • the virtual network management device 702 is specifically configured to: after the virtual machine is created, migrated, or revoked, distribute the routing information of the updated virtual machine to the CE router by using the routing information publishing module.
  • the virtual network management device 702 is further configured to obtain updated router information, when the connection between the first subnet and the router is disconnected, or the connection between the router and the external network is disconnected according to the updated router information. , revoke the gateway.
  • the virtual network management device 702 is further configured to obtain updated virtual machine information, and according to the updated virtual machine information, when the connection between the virtual machine and the first subnet is disconnected, the gateway is revoked.
  • the virtual network management device acquires the router information from the network node by acquiring the network identification information of the virtual network from the cloud resource manager.
  • the computing node obtains the virtual machine information, and determines according to the network identification information, the router information, and the virtual machine information.
  • the subnet to which the virtual machine is connected is the first subnet
  • the first subnet is connected to the router, and the router and the data center are connected.
  • a distributed gateway is created on the compute node, and the distributed gateway is configured to forward VPN packets through the distributed gateway. VPN packets do not need to rely on the existing centralized processing scheme for forwarding.
  • multiple virtual machines belonging to the same virtual network or different virtual networks on the same computing node may share the same distributed gateway.
  • a distributed gateway because it is only responsible for forwarding VPN packets of the virtual machine on the compute node, the workload is small, and the distributed gateway is sufficient to forward the VPN packets of these virtual machines efficiently, thus avoiding the VPN.
  • the congestion of the message reduces the communication delay.
  • the fifth embodiment of the present invention provides a gateway creation method, which is applied to the data transmission system shown in FIG. 8, and the method includes:
  • Step 802 The cloud resource manager sends the subnet information of the N subnets to the SDN controller, where N is an integer greater than 0.
  • N subnets through the Cloud Resource Manager. These N subnets can be VLAN subnets or VxLAN subnets or other types of subnets.
  • the subnet information of each subnet includes: the network ID corresponding to the subnet and the IP address segment of the subnet.
  • the subnet information of the first subnet includes: VLAN ID 500, 192.168.100.0/24.
  • Step 804 The cloud resource manager sends a gateway address corresponding to each subnet to the SDN controller.
  • the gateway address specifically includes: the IP address and MAC address of the gateway.
  • the gateway address of the first subnet includes an IP address of 192.168.100.1 and a MAC address of 1122-3344-5555.
  • Step 806 The cloud resource manager sends the IP address segment of the external network corresponding to the N subnets, the network ID of the external network, and the gateway address corresponding to the external network to the SDN controller.
  • the IP address segment of the external network includes: 192.168.120.0/24, and the network ID of the external network is VLAN ID 100, and the gateway address corresponding to the external network includes: IP address 192.168.10120.1, MAC address 1122-3344-1111 .
  • the external network may actually be one of a plurality of external networks allocated by the VPN for the data transmission system.
  • Each tenant of the data transmission system is assigned an IP address segment as the external network of the tenant.
  • the external network is used to route between the distributed gateway and the CE router to which the tenant belongs Message.
  • steps 804 and 806 may be interchanged, or step 802, step 804, step 806 may be combined into the same step, or step 804 and step 806 may be combined into the same step.
  • the cloud resource manager sends various types of information to the SDN controller, the tenant identifier needs to be sent.
  • the IP address segment of the external network corresponding to the subnet to which the same tenant belongs and the gateway address corresponding to the external network are the same.
  • the gateway address corresponding to the external network of a tenant is actually the address of the corresponding downlink interface of the tenant on the CE router.
  • the subnet information of the subnet corresponding to each tenant is stored in the SDN controller, the gateway address corresponding to each subnet, the IP address segment of the external network, the network ID of the external network, and the gateway address corresponding to the external network. .
  • the subnet information 11 includes VLAN ID 500, 192.168.10 0.0/24; the gateway address 11 of the subnet is the IP address 192.168.100.1, the MAC address 1122-3344-5555; and the IP address segment 1 of the external network is 192.168.120.0. /24;
  • the network ID of the external network is VLAN ID 100; the gateway address 1 of the external network is IP address 192.168.10 120.1, MAC address 1122-3344-1111.
  • Step 808 the cloud resource manager instructs a computing node to create a VM.
  • the VM-1 is created on the computing node 1 in step 808.
  • the IP address of the VM-1 is 192.168.100.6, and the MAC address is 1122-3344-6666. This VM-1 belongs to tenant 1.
  • the cloud resource manager sends the IP address and MAC address of the VM to be created to the computing node, and also sends the subnet information corresponding to the subnet where the VM is located to the computing node.
  • step 810 the computing node sends a VM creation message to the SDN controller.
  • the VM creation message instructs the SDN controller to create the VM on the compute node.
  • the computing node 1 After the computing node 1 creates a successful VM-1, it notifies that the SDN controller VM-1 is created, and the SDN controller acquires the IP address of the VM-1.
  • the IP address of the VM-1 may be specifically carried in the VM creation message sent by the computing node 1 to the SDN controller.
  • Step 812 The SDN controller determines information corresponding to the subnet where the VM is located, including a gateway address of the subnet, an IP address segment of the external network, a network ID of the external network, and a gateway address of the external network.
  • Step 814 the SDN controller determines an IP address of the external network and a MAC address corresponding to the IP address.
  • the SDN controller allocates an IP address from an IP address segment of the external network and assigns a MAC address corresponding to the IP address.
  • the SDN controller requests the cloud resource manager to allocate an IP address from an IP address segment of the external network and assign a MAC address corresponding to the IP address.
  • the SDN controller knows that the IP address of VM-1 is 192.168.100.6.
  • the SDN controller determines, according to the IP address of the VM-1, the information corresponding to the subnet where the VM-1 is located, including: subnet information VLAN ID 500, 192.168.10 0.0/24; subnet gateway address IP address 192.168 .100.1, MAC address 1122-3344-5555; IP address segment of external network 192.168.120.0/24; network ID of external network VLAN ID100; IP address of gateway of external network 192.168.10 120.1, MAC address 1122-3344-1111 .
  • the SDN controller allocates an IP address from 192.168.120.0/24 as the IP address of the uplink interface of the distributed gateway created on the subsequent computing node 1, for example, 192.168.120.3.
  • the SDN controller also assigns a MAC address corresponding to the IP address, for example, 1122-3344-3333, as the MAC address of the uplink interface of the distributed network created on the compute node 1.
  • the cloud resource manager uniformly manages the IP address and the MAC address in the entire data transmission system, and in step 814, the SDN controller requests the cloud resource manager to be from 192.168.120.0/24. Assign an IP address and assign a MAC address corresponding to the IP address.
  • Step 816 The computing node receives the gateway address of the subnet corresponding to the subnet where the VM is located, the IP address of the external network, and the MAC address corresponding to the IP address.
  • the information received in step 816 is used to create a distributed gateway on the compute node.
  • the gateway address of the subnet is used to create a downlink interface corresponding to the subnet where the VM is located.
  • the IP address and MAC address of the external network are used to create an uplink interface of the distributed gateway.
  • Step 818 The computing node establishes a distributed gateway according to the gateway address of the subnet corresponding to the subnet where the VM is located, the IP address and MAC address of the external network.
  • Step 820 The SDN controller generates a forwarding policy of the distributed gateway, and sends the forwarding policy to the computing node, so that the computing node configures the distributed gateway by using the forwarding policy.
  • the SDN controller configures a forwarding policy for the distributed gateway according to the gateway address corresponding to the external network, the network ID of the subnet where the VM is located, and the network ID of the external network.
  • the distributed gateway sends the packet sent by the subnet of the VM to the external network
  • the packet spans the subnet, that is, the network ID carried by the packet is from the subnet where the VM is located.
  • the network ID is converted to the network ID of the external network.
  • the network identification ID of the subnet where the VM is located and the network ID of the external network are used to set the forwarding policy.
  • the forwarding policy includes: converting the first VPN packet sent by the VM into the second VPN packet, where the first VPN packet carries the network identifier ID of the subnet where the VM is located, where the second VPN packet carries the The network ID of the external network.
  • the forwarding policy needs to indicate the routing path of the packet.
  • the MAC address of the external network and the gateway address of the external network are used to set the forwarding policy in the distributed gateway, where the forwarding policy indicates that the packet sent by the VM is sent to the external network through the uplink interface of the distributed gateway.
  • the gateway address that is, the packet sent by the VM-1, is sent to the downlink interface of the CE router corresponding to the tenant 1 through the uplink interface of the distributed gateway.
  • the forwarding policy can be implemented in the form of a flow table or a routing table.
  • the flow table needs to modify the source MAC address of the packet sent by the VM to the MAC address of the uplink interface of the distributed network, and modify the destination MAC address of the packet to correspond to the CE router.
  • the MAC address of the downlink interface corresponding to the tenant to which the VM belongs is also changed to the network ID of the subnet to which the VM belongs.
  • the SDN controller knows the IP address of the VM, and the SDN controller also knows the IP address and MAC address of the uplink interface of the distributed gateway, so the SDN controller needs to issue the VM to the CE router. Routing information to indicate that the CE router sends a packet destined for the VM to the uplink interface of the distributed gateway.
  • Step 822 The SDN controller sends the routing information to the CE router through the routing information issuing module, where the routing information indicates that the CE router sends the packet destined for the VM to the uplink interface of the distributed gateway.
  • the routing information publishing module can be deployed inside the SDN controller or deployed on any computing node.
  • the routing information may specifically indicate that the next hop of the packet sent to the VM is the IP address of the uplink interface of the distributed gateway.
  • routing information issuing module For a specific implementation manner of the routing information issuing module, refer to the portion corresponding to FIG. 4 in the foregoing embodiment.
  • Step 822 is performed at any time after step 814.
  • the process of establishing the distributed gateway and the route issuing process to the CE router may also be performed simultaneously.
  • the SDN controller may also release the routing information of the migrated VM to the CE router through the routing information issuing module, or the VM is revoked after the VM is revoked. Next, the SDN controller notifies the CE router to delete the routing information of the revoked VM.
  • Step 824 the SDN controller determines that all VMs belonging to the tenant to which the VM belongs on the computing node are revoked, and instructs the computing node to revoke the distributed gateway.
  • the SDN controller After the first VM established by a tenant on a computing node is described in the foregoing steps 808 to 818, the SDN controller establishes a distributed gateway for the tenant on the computing node. In practice, if the data transmission system includes other tenants, and other tenants also establish VMs on the computing node, the SDN controller also needs to establish a distribution for each tenant of the VM established on the computing node. Gateway.
  • the SDN controller manages which computing node each VM to which each tenant belongs is located in the data transmission system. Therefore, when the SDN controller confirms that all of the VMs of a tenant on a certain compute node are revoked, the SDN controller instructs the compute node to revoke the previously established distributed gateway.
  • step 824 has no timing relationship with the foregoing steps, that is, the SDN controller can also monitor each tenant on each computing node while establishing a distributed gateway for the newly created VM.
  • the operation of the VM once it is found that all the VMs of a certain tenant on a certain computing node are revoked, the SDN controller instructs the computing node to revoke the previously established distributed gateway.
  • step 824 is such that if all VMs belonging to a certain tenant on a certain computing node are revoked, the distributed gateway belonging to the tenant on the computing node may be deleted, the resources of the computing node are released, and the computing node is upgraded. The efficiency of the use of resources. At the same time, the IP address and MAC address of the external network corresponding to the tenant occupied by the distributed gateway can be released, and the use efficiency of the address of the external network is improved.
  • the method provided by the embodiment of the present invention creates a distributed gateway on the computing node and configures the distributed gateway to forward the VPN packet through the distributed gateway.
  • the VPN packets do not need to be forwarded according to the existing centralized processing scheme, which improves the processing efficiency of VPN packets.
  • the processing procedure of the VPN packet sent by the VM and the processing procedure of the VM receiving the VPN packet are referred to the embodiment corresponding to FIG. 5 described above.
  • the virtual network management device or SDN controller in the aforementioned figures may be implemented by computing device 1000.
  • the schematic diagram of the organization of the computing device 1000 includes a processor 1002, a memory 1004, and a bus 1008 and a communication interface 1006.
  • the processor 1002, the memory 1004, and the communication interface 1006 can implement communication connection with each other through the bus 1008, and can also implement communication by other means such as wireless transmission.
  • the processor 1002 can be a central processing unit (English: central processing unit, abbreviation: CPU).
  • the memory 1004 may include a volatile memory (English: volatile memory), such as random access memory (English: random-access memory, abbreviation: RAM); the memory may also include non-volatile memory (English: non-volatile memory) For example, a read-only memory (English: read-only memory, abbreviated as ROM), a flash memory, an HDD or an SSD; the memory 204 may also include a combination of the above types of memories.
  • the program code for implementing the portion of the method provided by the SDN controller in the method of FIG. 8 of the present application is stored in the memory 1004 and executed by the processor 1002.
  • Computing device 1000 communicates with other nodes in the data transport network and cloud resource management via communication interface 1006.
  • the embodiment of the present invention provides a virtual network management apparatus for performing the functions performed by the SDN controller in the foregoing embodiment.
  • the virtual network management device 1200 includes a processing module 1202, a transmitting module 1204, and a receiving module 1206.
  • the virtual network management device 1200 can be implemented by an application-specific integrated circuit (ASIC) or a programmable logic device (abbreviated as PLD).
  • ASIC application-specific integrated circuit
  • PLD programmable logic device
  • the above PLD may be a complex programmable logic device (English: complex programmable logic device, abbreviation: CPLD), a field programmable gate array (English: field programmable gate array, abbreviated: FPGA), general array logic (English: general array logic, Abbreviation: GAL) or any combination thereof.
  • the receiving module 1206 is configured to receive subnet information of N subnets sent by the cloud resource manager, a gateway address corresponding to each subnet, an IP address segment of the external network corresponding to the N subnets, a network ID of the external network, and The gateway address corresponding to the external network.
  • the receiving module 1206 will receive the subnet information of the N subnets, the gateway address corresponding to each subnet, the IP address segment of the external network corresponding to the N subnets, the network ID of the external network, and the gateway address corresponding to the external network. Send to processing module 1202.
  • the receiving module 1206 is further configured to receive a VM creation message.
  • the processing module 1202 is configured to determine information corresponding to the subnet where the VM is located, including a gateway address of the subnet, an IP address segment of the external network, a network ID of the external network, a gateway address of the external network, and determine an IP address of the external network. And the MAC address corresponding to the IP address.
  • the sending module 1204 is further configured to send the gateway address of the subnet corresponding to the subnet where the VM is located, the IP address of the external network, and the MAC address corresponding to the IP address to the computing node that creates the VM.
  • the processing module 1202 is further configured to generate, by the SDN controller, a forwarding policy according to a gateway address corresponding to the external network, a network identifier ID of the subnet where the VM is located, and a network ID of the external network.
  • the sending module 1204 is further configured to send the forwarding policy to the computing node.
  • the processing module 1202 is further configured to generate routing information of the VM, where the routing information is used to indicate that the CE router sends a packet destined for the VM to an uplink interface of the gateway.
  • the sending module 1204 is further configured to issue routing information of the VM to the CE router.
  • processing module 1202 and the transmitting module 1204 refer to step 822 in the fifth embodiment.
  • the processing module 1202 is further configured to determine that all VMs belonging to the tenant to which the VM belongs on the computing node are revoked.
  • the sending module 1204 is further configured to instruct the computing node to revoke the gateway.
  • processing module 1202 and the transmitting module 1204 refer to step 824 in the fifth embodiment.
  • Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another.
  • a storage medium may be any available media that can be accessed by a computer.
  • the computer readable medium may include random access memory (English name: Random Access Memory, English abbreviation: RAM), read only memory (English full name: Read Only Memory, English abbreviation: ROM), electrically erasable Programmable Read Only Memory (English full name: Electrically Erasable Programmable Read Only Memory, English abbreviation: EEPROM), read-only optical disc (English full name: Compact Disc Read Only Memory, English abbreviation: CD-ROM) or other optical disc storage, disk storage media Or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of an instruction or data structure and that can be accessed by a computer.
  • Any connection may suitably be a computer readable medium.
  • the software uses coaxial cable, fiber optic cable, twisted pair, digital subscriber line (English full name: Digital Subscriber Line, English abbreviation: DSL) or wireless technologies such as infrared, radio and microwave from the website, server or Other remote source transmissions, such as coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, wireless, and microwave, are included in the fixing of the associated medium.
  • coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, wireless, and microwave
  • the disc and the disc include a compact disc (English full name: Compact Disc, English abbreviation: CD), a laser disc, a disc, a digital versatile disc (English full name: Digital Versatile Disc, English abbreviation: DVD), a floppy disk and Blu-ray discs, in which discs are usually magnetically replicated, while discs use lasers to optically replicate data. Combinations of the above should also be included within the scope of the computer readable media.

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention porte, dans des modes de réalisation, sur un procédé de transmission de données, sur un appareil de gestion de réseau virtuel et sur un système de transmission de données, qui peuvent fournir une solution distribuée pour une communication nord-sud dans un mode de réseau par liaison directe, améliorer l'efficacité d'acheminement de données et réduire un retard de communication. Une solution spécifique consiste à : acquérir des informations d'identification de réseau concernant un réseau virtuel, un sous-réseau du réseau virtuel comprenant un premier sous-réseau ; acquérir des informations de routeur ; acquérir des informations de machine virtuelle, les informations de machine virtuelle étant utilisées pour indiquer le sous-réseau connecté par une machine virtuelle ; et lorsqu'il est déterminé que le sous-réseau connecté par la machine virtuelle est le premier sous-réseau, le premier sous-réseau est connecté à un routeur et le routeur est connecté à un réseau externe, ordonner à un nœud informatique de créer une passerelle, et configurer la passerelle, la passerelle étant utilisée pour acheminer un paquet de réseau privé virtuel (VPN pour Virtual Private Network). La présente invention est utilisée pour mettre en œuvre des communications nord-sud dans un mode de réseau par liaison directe.
PCT/CN2016/096372 2015-08-25 2016-08-23 Procédé de transmission de données, appareil de gestion de réseau virtuel et système de transmission de données WO2017032300A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201510526841 2015-08-25
CN201510526841.0 2015-08-25
CN201610698151.8 2016-08-19
CN201610698151.8A CN106487695B (zh) 2015-08-25 2016-08-19 一种数据传输方法、虚拟网络管理装置及数据传输系统

Publications (1)

Publication Number Publication Date
WO2017032300A1 true WO2017032300A1 (fr) 2017-03-02

Family

ID=58099587

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/096372 WO2017032300A1 (fr) 2015-08-25 2016-08-23 Procédé de transmission de données, appareil de gestion de réseau virtuel et système de transmission de données

Country Status (1)

Country Link
WO (1) WO2017032300A1 (fr)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106685835A (zh) * 2017-03-06 2017-05-17 无锡华云数据技术服务有限公司 一种在数据中心的计算节点间实现高速分布式路由的方法
CN110336730A (zh) * 2019-07-09 2019-10-15 腾讯科技(深圳)有限公司 一种网络系统及数据传输方法
CN111106991A (zh) * 2018-10-29 2020-05-05 中国移动通信集团浙江有限公司 一种云专线系统及其业务发放和开通方法
WO2020181735A1 (fr) * 2019-03-08 2020-09-17 平安科技(深圳)有限公司 Procédé permettant de fournir un service de traduction d'adresse réseau (nat) et contrôleur
CN111835876A (zh) * 2019-04-22 2020-10-27 杭州海康威视系统技术有限公司 网络地址配置方法、装置、服务器集群及存储介质
CN112242952A (zh) * 2019-07-16 2021-01-19 中移(苏州)软件技术有限公司 一种数据转发方法、柜顶式交换机和存储介质
CN113709200A (zh) * 2020-05-21 2021-11-26 阿里巴巴集团控股有限公司 一种建立通信连接的方法及装置
CN114338397A (zh) * 2021-12-27 2022-04-12 中国联合网络通信集团有限公司 云平台网络配置方法、装置、服务器、存储介质及系统
CN115150327A (zh) * 2022-06-29 2022-10-04 济南浪潮数据技术有限公司 一种接口设置方法、装置、设备及介质
CN115412466A (zh) * 2022-08-26 2022-11-29 济南浪潮数据技术有限公司 一种流量监控方法、装置及其介质
WO2023024768A1 (fr) * 2021-08-25 2023-03-02 中兴通讯股份有限公司 Procédé et appareil pour émettre un message de routage rt-5g, et support de stockage et appareil électronique
CN116232997A (zh) * 2023-02-10 2023-06-06 中国联合网络通信集团有限公司 数据转发方法、装置及存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120207174A1 (en) * 2011-02-10 2012-08-16 Choung-Yaw Michael Shieh Distributed service processing of network gateways using virtual machines
CN103581324A (zh) * 2013-11-11 2014-02-12 中国联合网络通信集团有限公司 一种云计算资源池系统及其实现方法
US20140372582A1 (en) * 2013-06-12 2014-12-18 Dell Products L.P. Systems and methods for providing vlan-independent gateways in a network virtualization overlay implementation
CN104468775A (zh) * 2014-12-05 2015-03-25 国云科技股份有限公司 一种适用于云计算的分布式路由器实现方法
CN104660479A (zh) * 2015-02-13 2015-05-27 南京华讯方舟通信设备有限公司 一种组网方法以及网络系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120207174A1 (en) * 2011-02-10 2012-08-16 Choung-Yaw Michael Shieh Distributed service processing of network gateways using virtual machines
US20140372582A1 (en) * 2013-06-12 2014-12-18 Dell Products L.P. Systems and methods for providing vlan-independent gateways in a network virtualization overlay implementation
CN103581324A (zh) * 2013-11-11 2014-02-12 中国联合网络通信集团有限公司 一种云计算资源池系统及其实现方法
CN104468775A (zh) * 2014-12-05 2015-03-25 国云科技股份有限公司 一种适用于云计算的分布式路由器实现方法
CN104660479A (zh) * 2015-02-13 2015-05-27 南京华讯方舟通信设备有限公司 一种组网方法以及网络系统

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106685835A (zh) * 2017-03-06 2017-05-17 无锡华云数据技术服务有限公司 一种在数据中心的计算节点间实现高速分布式路由的方法
CN106685835B (zh) * 2017-03-06 2019-06-28 无锡华云数据技术服务有限公司 一种在数据中心的计算节点间实现高速分布式路由的方法
CN111106991A (zh) * 2018-10-29 2020-05-05 中国移动通信集团浙江有限公司 一种云专线系统及其业务发放和开通方法
CN111106991B (zh) * 2018-10-29 2022-05-06 中国移动通信集团浙江有限公司 一种云专线系统及其业务发放和开通方法
WO2020181735A1 (fr) * 2019-03-08 2020-09-17 平安科技(深圳)有限公司 Procédé permettant de fournir un service de traduction d'adresse réseau (nat) et contrôleur
CN111835876A (zh) * 2019-04-22 2020-10-27 杭州海康威视系统技术有限公司 网络地址配置方法、装置、服务器集群及存储介质
CN110336730A (zh) * 2019-07-09 2019-10-15 腾讯科技(深圳)有限公司 一种网络系统及数据传输方法
CN112242952A (zh) * 2019-07-16 2021-01-19 中移(苏州)软件技术有限公司 一种数据转发方法、柜顶式交换机和存储介质
CN113709200A (zh) * 2020-05-21 2021-11-26 阿里巴巴集团控股有限公司 一种建立通信连接的方法及装置
CN113709200B (zh) * 2020-05-21 2023-11-28 阿里巴巴集团控股有限公司 一种建立通信连接的方法及装置
WO2023024768A1 (fr) * 2021-08-25 2023-03-02 中兴通讯股份有限公司 Procédé et appareil pour émettre un message de routage rt-5g, et support de stockage et appareil électronique
CN114338397B (zh) * 2021-12-27 2023-11-03 中国联合网络通信集团有限公司 云平台网络配置方法、装置、服务器、存储介质及系统
CN114338397A (zh) * 2021-12-27 2022-04-12 中国联合网络通信集团有限公司 云平台网络配置方法、装置、服务器、存储介质及系统
CN115150327A (zh) * 2022-06-29 2022-10-04 济南浪潮数据技术有限公司 一种接口设置方法、装置、设备及介质
CN115412466A (zh) * 2022-08-26 2022-11-29 济南浪潮数据技术有限公司 一种流量监控方法、装置及其介质
CN116232997A (zh) * 2023-02-10 2023-06-06 中国联合网络通信集团有限公司 数据转发方法、装置及存储介质
CN116232997B (zh) * 2023-02-10 2024-04-09 中国联合网络通信集团有限公司 数据转发方法、装置及存储介质

Similar Documents

Publication Publication Date Title
WO2017032300A1 (fr) Procédé de transmission de données, appareil de gestion de réseau virtuel et système de transmission de données
US11588886B2 (en) Managing replication of computing nodes for provided computer networks
CN106487695B (zh) 一种数据传输方法、虚拟网络管理装置及数据传输系统
JP6483781B2 (ja) 分散論理l3ルーティング
US10567283B2 (en) Route advertisement by managed gateways
US20190319914A1 (en) Source-dependent address resolution
US9225597B2 (en) Managed gateways peering with external router to attract ingress packets
US10320895B2 (en) Live migration of load balanced virtual machines via traffic bypass
JP5763081B2 (ja) 仮想化ネットワークインフラストラクチャを用いたトランスペアレントなクラウドコンピューティングのための方法および装置
US8804745B1 (en) Virtualization mapping
RU2595540C9 (ru) Базовые контроллеры для преобразования универсальных потоков
JP2022122873A (ja) 高性能コンピューティング環境においてパーティションメンバーシップに関連して定義されるマルチキャストグループメンバーシップを提供するシステムおよび方法
CN111492627B (zh) 为不同应用建立不同隧道的基于控制器的服务策略映射
US9936014B2 (en) Method for virtual machine migration in computer networks
US9923800B2 (en) Method for reachability management in computer networks
CN107113241B (zh) 路由确定方法、网络配置方法以及相关装置
WO2022001669A1 (fr) Procédé permettant d'établir un tunnel vxlan et dispositif associé
WO2020108587A1 (fr) Procédé de traitement de données, dispositif de commande et dispositif de transfert
WO2019184653A1 (fr) Procédé de configuration de liaison et dispositif de commande
WO2021098727A1 (fr) Procédé et système de déploiement de réseau
WO2022110535A1 (fr) Procédé, dispositif et système d'envoi de paquet
WO2018045992A1 (fr) Procédé et appareil de gestion d'adresse
US20220086040A1 (en) Systems and methods for zero-touch provisioning of a switch in intermediate distribution frames and main distribution frames
US10257118B2 (en) Implementation method and device for VLAN to access VF network, and FCF
EP3210113B1 (fr) Mobilité de recouvrement virtuelle à l'aide d'un transfert de réseau de sous-couche basé sur une étiquette

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16838558

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16838558

Country of ref document: EP

Kind code of ref document: A1