WO2017173952A1 - Method, device, and system for centralizing management of virtual machines and implementing communications between virtual machines - Google Patents

Method, device, and system for centralizing management of virtual machines and implementing communications between virtual machines Download PDF

Info

Publication number
WO2017173952A1
WO2017173952A1 PCT/CN2017/078834 CN2017078834W WO2017173952A1 WO 2017173952 A1 WO2017173952 A1 WO 2017173952A1 CN 2017078834 W CN2017078834 W CN 2017078834W WO 2017173952 A1 WO2017173952 A1 WO 2017173952A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual machine
flow table
virtual
switch
network
Prior art date
Application number
PCT/CN2017/078834
Other languages
French (fr)
Chinese (zh)
Inventor
沈世元
袁俊
叶松青
孙月新
孙文颖
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017173952A1 publication Critical patent/WO2017173952A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/508Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement
    • H04L41/5096Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement wherein the managed service relates to distributed or central networked applications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method, device, and system for centralizing management of virtual machines and implementing communications between virtual machines. The method comprises: creating a first flow table and transmitting the same to a first switch for forwarding first virtual machine transceiving information, the first flow table comprising mapping between a first virtual machine and a virtual network; and creating a second flow table and transmitting the same to a second switch for forwarding second virtual machine transceiving information, the second flow table comprising mapping between a second virtual machine and a virtual network. The embodiment realizes centralized management for different types of virtual machines, increasing a service capability, and reducing operation costs. Furthermore, the forwarding process between the first virtual machine and the first switch is performed according to the first flow table, and the forwarding process between the second virtual machine and the second switch is performed according to the second flow table, implementing communication between different types of virtual machine, expanding a network scale in a virtual data center, and enabling the virtual data center to manage a larger network scale and range.

Description

一种实现虚拟机统一管理及互通的方法、装置和系统Method, device and system for realizing unified management and intercommunication of virtual machines 技术领域Technical field
本文涉及但不限于通信网络,尤其涉及一种实现虚拟机统一管理及互通的方法、装置和系统。This document relates to, but is not limited to, a communication network, and in particular, to a method, device and system for implementing unified management and interworking of virtual machines.
背景技术Background technique
虚拟化数据中心(VDC,Virtual Data Center)是将云计算概念运用于互联网数据中心(IDC,Internet Data Center)的一种新型的数据中心形态。通过传统IDC业务与云计算技术相结合建设的统一创新型VDC运营管理系统,可以应用于虚拟化、自动化部署等技术,构建可伸缩的虚拟化基础架构,采用集中管理、分布服务模式,向用户提供一点受理、全网服务的基础IT设施方案与服务。VDC与传统IDC的主要区别在于,把基础设施作为服务提供;通过虚拟化技术将物理资源抽象整合,增强服务能力;通过动态资源分配和调度,提高资源利用能力和服务可靠性;提供自动化的服务开通能力、降低运维成本,并提供便捷用户体验;提供更多的安全机制和可靠性机制,满足企业级应用的安全标准。Virtual Data Center (VDC) is a new type of data center that applies the concept of cloud computing to the Internet Data Center (IDC). A unified and innovative VDC operation management system built by combining traditional IDC services and cloud computing technologies can be applied to technologies such as virtualization and automated deployment to build a scalable virtualized infrastructure, using centralized management and distributed service modes to users. Provide basic IT facilities solutions and services for acceptance and network-wide services. The main difference between VDC and traditional IDC is that infrastructure is provided as a service; abstraction of physical resources is abstracted through virtualization technology to enhance service capabilities; resource utilization and service reliability are improved through dynamic resource allocation and scheduling; and automated services are provided. Open capacity, reduce operation and maintenance costs, and provide a convenient user experience; provide more security mechanisms and reliability mechanisms to meet the security standards of enterprise applications.
软件定义网络(SDN,Software Defined Network),其核心技术OpenFlow通过将网络设备控制面与数据面分离开来,从而实现了网络流量的灵活控制,为核心网络及应用的创新提供了良好的平台,当前在运营商网络中就比较纯粹的SDN而言,首先可以从网络相对封闭的数据中心等场景开始入手,构建新型的SDN增强的VDC。通过在网络控制侧引入SDN控制器,对内建在计算资源之上虚拟交换机(vSwitch)和OF协议增强的机架架顶交换机(TOR,Top of Rack)硬件交换机等进行集中控制,变传统的数据中心的复杂的网络拓扑为大二层网络架构。Software Defined Network (SDN), whose core technology OpenFlow separates the control plane of the network device from the data plane, thus achieving flexible control of network traffic and providing a good platform for innovation of core networks and applications. Currently, in the carrier network, the pure SDN can start with a relatively closed data center and other scenarios to build a new SDN enhanced VDC. By introducing an SDN controller on the network control side, centralized control of the virtual switch (vSwitch) and the OF protocol enhanced TOR (Top of Rack) hardware switch built on the computing resources becomes a traditional one. The complex network topology of the data center is a large Layer 2 network architecture.
相关技术中,虚拟数据中心涉及的网元众多,包括Openstack虚拟平台、VMware ESXi虚拟平台、SDN、DVS、ToR交换机等网元,但是虚拟数据中心的管理门户不能同时统一管理类型不同的资源池,比如不能同时管理VMware和KVM资源池,如果管理门户可以同时统一管理VMware和KVM 资源池,那么这两种计算资源便可满足灵活组网需求,即既可以保留原有的VMware ESXi虚拟平台又可以把其与Openstack虚拟平台相互融合互通,在增强服务能力,降低运营成本的同时,使得基于SDN下的虚拟数据中心系统可以管理的网络规模和范围更大。为了对上述内容进行清楚理解,以下通过相关定义进行说明,包括:In the related art, the virtual data center involves a large number of network elements, including Openstack virtual platform, VMware ESXi virtual platform, SDN, DVS, ToR switch and other network elements, but the virtual data center management portal cannot simultaneously manage different types of resource pools. For example, you can't manage VMware and KVM resource pools at the same time, if the management portal can manage VMware and KVM at the same time. Resource pool, then these two computing resources can meet the requirements of flexible networking, that is, you can retain the original VMware ESXi virtual platform and integrate it with the Openstack virtual platform to enhance service capabilities and reduce operating costs. The network scale and scope that can be managed by the virtual data center system based on SDN is larger. In order to clearly understand the above, the following descriptions are made through relevant definitions, including:
Openstack虚拟平台:OpenStack是一个开源的云计算管理平台项目,由几个主要的组件组合起来完成具体工作。OpenStack支持几乎所有类型的云环境,项目目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。Openstack Virtual Platform: OpenStack is an open source cloud computing management platform project that combines several major components to accomplish specific tasks. OpenStack supports almost all types of cloud environments. The goal of the project is to provide a cloud computing management platform that is simple to implement, scalable, rich, and standardized.
VMware ESXi虚拟平台:VMware虚拟机软件,提供服务器、桌面虚拟化的解决方案,是一种能直接在硬件上运行的企业级的虚拟平台。VMware ESXi Virtual Platform: VMware virtual machine software, a server and desktop virtualization solution, is an enterprise-class virtual platform that runs directly on hardware.
SDN控制器:SDN所做的事是将网络设备上的控制权分离出来,由集中的控制器管理,无须依赖底层网络设备(路由器、交换机、防火墙),屏蔽了来自底层网络设备的差异。SDN controller: What SDN does is to separate the control rights on the network device and manage it by the centralized controller. It does not need to rely on the underlying network devices (routers, switches, firewalls), and shields the differences from the underlying network devices.
VDC的管理系统管理门户子模块:资源管理系统,对VDC主要提供集中的、弹性的、高可靠性的计算、存储、网络等资源,统一管理、按需分配、出租服务等。VDC management system management portal sub-module: resource management system, which provides centralized, flexible, and highly reliable computing, storage, network and other resources for VDC, unified management, on-demand distribution, and rental services.
TOR交换机:机架架顶交换机,通常用于物理服务器接入,需要提供堆叠/集群能力,堆叠/集群后的交换机支持OpenFlow协议,并且支持端口聚合(同设备或跨设备)和发卡(hairpin)转发。TOR switch: Rack top switch, usually used for physical server access, needs to provide stacking/clustering capability, stack/cluster switch supports OpenFlow protocol, and supports port aggregation (same or cross-device) and hairpin (hairpin) Forward.
DVS:一个虚拟交换机,可以用来组成虚拟网络,同时需要提供虚拟代理(Hypervisor agent)(位于ESXi中的一个代理虚拟机)进行对VMware虚拟机虚拟局域网(vlan)注册或vlan注销。DVS: A virtual switch that can be used to form a virtual network. It also needs to provide a hypervisor agent (a proxy virtual machine located in ESXi) to register or vlan log off the VMware virtual machine virtual LAN (vlan).
发明概述Summary of invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本发明实施例提供一种实现虚拟机统一管理及互通的方法、装置和系统,能够同时统一管理类型不同的虚拟机以及实现类型不同的虚拟机间的互 通。The embodiments of the present invention provide a method, a device, and a system for implementing unified management and interworking of a virtual machine, which can simultaneously manage and manage virtual machines of different types and implement virtual machines of different types. through.
本发明实施例提供一种实现虚拟机统一管理的方法,包括:构建第一流表,并将所述第一流表发送给配置为转发第一虚拟机收发信息的第一交换机,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息;构建第二流表,并将所述第二流表发送给配置为转发第二虚拟机收发信息的第二交换机,所述第二流表包含所述第二虚拟机与所述虚拟网络间的映射信息。An embodiment of the present invention provides a method for implementing unified management of a virtual machine, including: constructing a first flow table, and sending the first flow table to a first switch configured to forward and receive information of the first virtual machine, the first flow table Include the mapping information between the first virtual machine and the virtual network; construct a second flow table, and send the second flow table to a second switch configured to forward the second virtual machine to send and receive information, the second flow The table contains mapping information between the second virtual machine and the virtual network.
可选的,所述构建第一流表包括:将包含所述第一虚拟机标识信息的报文发送给控制器进行物理地址学习;控制器完成物理地址学习后,将包含所述第一虚拟机的物理地址与所述虚拟网络间映射关系的信息封装为所述第一流表。Optionally, the constructing the first flow table includes: sending a packet that includes the first virtual machine identification information to a controller for physical address learning; and after completing the physical address learning, the controller includes the first virtual machine The information of the mapping relationship between the physical address and the virtual network is encapsulated into the first flow table.
可选的,所述构建第二流表包括:接收所述第二交换机转发来的关联消息,根据所述关联消息设置所述第二虚拟机的端口与所述虚拟网络间的映射;将包含所述端口与所述虚拟网络间映射关系的信息封装为所述第二流表。Optionally, the constructing the second flow table includes: receiving an association message forwarded by the second switch, and setting a mapping between the port of the second virtual machine and the virtual network according to the associated message; The information of the mapping relationship between the port and the virtual network is encapsulated into the second flow table.
可选的,所述构建第二流表前,所述方法还包括:向所述第二交换机和所述控制器注册所述第二虚拟机,进行所述第二虚拟机与虚拟局域网络和端口标识间的映射。Optionally, before the constructing the second flow table, the method further includes: registering the second virtual machine with the second switch and the controller, and performing the second virtual machine and the virtual local area network. The mapping between port identifiers.
本发明实施例还提供一种实现虚拟机互通的方法,包括:向第一交换机或第二交换机发送第一报文,所述第一报文包含网络协议数据包和虚拟局域网信息;根据所述第一报文确定进行转发处理;通过第一流表进行第一虚拟机与所述第一交换机间的转发处理,第二流表进行第二虚拟机与所述第二交换机间的转发处理,以实现虚拟机互通;其中,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息所述第二流表包含所述第二虚拟机与所述虚拟网络间的映射信息。The embodiment of the present invention further provides a method for implementing virtual machine interworking, including: sending a first packet to a first switch or a second switch, where the first packet includes a network protocol data packet and virtual local area network information; Determining, by the first flow table, forwarding processing between the first virtual machine and the first switch, and the second flow table performing forwarding processing between the second virtual machine and the second switch, Implementing virtual machine interworking; wherein the first flow table includes mapping information between the first virtual machine and the virtual network, and the second flow table includes mapping information between the second virtual machine and the virtual network.
可选的,实现虚拟机互通包括:当所述第一虚拟机和所述第二虚拟机处于相同网段时,实现所述第一虚拟机和所述第二虚拟机间的二层互通;当所述第一虚拟机和所述第二虚拟机处于不同网段时,实现所述第一虚拟机和所述第二虚拟机间的二层和/或三层互通。Optionally, the implementation of the virtual machine interworking includes: when the first virtual machine and the second virtual machine are in the same network segment, implementing Layer 2 interworking between the first virtual machine and the second virtual machine; When the first virtual machine and the second virtual machine are in different network segments, the Layer 2 and/or Layer 3 interworking between the first virtual machine and the second virtual machine is implemented.
本发明实施例还提供一种实现虚拟机统一管理的装置,包括:第一处理 单元和第二处理单元,所述第一处理单元设置为构建第一流表,并将所述第一流表发送给配置为转发第一虚拟机收发信息的第一交换机,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息;所述第二处理单元设置为构建第二流表,并将所述第二流表发送给配置为转发第二虚拟机收发信息的第二交换机,所述第二流表包含所述第二虚拟机与所述虚拟网络间的映射信息。The embodiment of the invention further provides an apparatus for implementing unified management of a virtual machine, including: first processing a unit and a second processing unit, the first processing unit is configured to construct a first flow table, and send the first flow table to a first switch configured to forward and receive information of the first virtual machine, where the first flow table includes Mapping information between the first virtual machine and the virtual network; the second processing unit is configured to construct a second flow table, and send the second flow table to the second switch configured to forward the second virtual machine to send and receive information The second flow table includes mapping information between the second virtual machine and the virtual network.
可选的,所述第一处理单元包括第一处理子单元和第二处理子单元,所述第一处理子单元设置为将包含所述第一虚拟机标识信息的报文发送给控制器进行物理地址学习;所述第二处理子单元设置为:在控制器完成物理地址学习后,将包含所述第一虚拟机的物理地址与所述虚拟网络间映射关系的信息封装为所述第一流表。Optionally, the first processing unit includes a first processing subunit and a second processing subunit, where the first processing subunit is configured to send a packet that includes the first virtual machine identification information to a controller. The second processing sub-unit is configured to: after the controller completes the physical address learning, encapsulate information including a mapping relationship between the physical address of the first virtual machine and the virtual network as the first flow table.
可选的,所述第二处理单元包括第三处理子单元和第四处理子单元;其中,所述第三处理子单元设置为:接收所述第二交换机转发来的关联消息,根据所述关联消息设置所述第二虚拟机的端口与所述虚拟网络间的映射;所述第四处理子单元设置为:将包含所述端口与所述虚拟网络间映射关系的信息封装为所述第二流表。Optionally, the second processing unit includes a third processing subunit and a fourth processing subunit, where the third processing subunit is configured to: receive an association message forwarded by the second switch, according to the The association message sets a mapping between the port of the second virtual machine and the virtual network; the fourth processing subunit is configured to: encapsulate information including a mapping relationship between the port and the virtual network as the first Second-rate table.
本发明实施例还提供一种实现虚拟机互通的装置,第三处理单元、第四处理单元和第五处理单元,An embodiment of the present invention further provides an apparatus for implementing virtual machine interworking, a third processing unit, a fourth processing unit, and a fifth processing unit.
所述第三处理单元设置为:向第一交换机或第二交换机发送第一报文,所述第一报文包含网络协议数据包和虚拟局域网信息;The third processing unit is configured to: send a first packet to the first switch or the second switch, where the first packet includes a network protocol data packet and virtual local area network information;
所述第四处理单元设置为:根据所述第一报文确定进行转发处理;The fourth processing unit is configured to: perform forwarding processing according to the first packet;
所述第五处理单元设置为:通过第一流表进行第一虚拟机与所述第一交换机间的转发处理,第二流表进行第二虚拟机与所述第二交换机间的转发处理,以实现虚拟机互通;The fifth processing unit is configured to: perform forwarding processing between the first virtual machine and the first switch by using the first flow table, and perform forwarding processing between the second virtual machine and the second switch by using the second flow table, Implement virtual machine interworking;
其中,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息;The first flow table includes mapping information between the first virtual machine and a virtual network;
所述第二流表包含所述第二虚拟机与所述虚拟网络间的映射信息。The second flow table includes mapping information between the second virtual machine and the virtual network.
可选的,所述实现虚拟机互通包括:Optionally, the implementing the virtual machine interworking includes:
当所述第一虚拟机和所述第二虚拟机处于相同网段时,实现所述第一虚 拟机和所述第二虚拟机间的二层互通;When the first virtual machine and the second virtual machine are in the same network segment, implementing the first virtual Layer 2 interworking between the virtual machine and the second virtual machine;
当所述第一虚拟机和所述第二虚拟机处于不同网段时,实现所述第一虚拟机和所述第二虚拟机间的二层和/或三层互通。When the first virtual machine and the second virtual machine are in different network segments, the Layer 2 and/or Layer 3 interworking between the first virtual machine and the second virtual machine is implemented.
本发明实施例还提供一种实现虚拟机统一管理及互通的系统,包括:控制器,第一交换机和第二交换机,The embodiment of the invention further provides a system for implementing unified management and interworking of a virtual machine, comprising: a controller, a first switch and a second switch,
所述控制器设置为:构建第一流表与第二流表,并将所述第一流表发送给第一交换机,将所述第二流表发送给第二交换机;所述第一流表包括第一虚拟机与虚拟网络间的映射信息,所述第二流表包括第二虚拟机与所述虚拟网络间的映射信息;The controller is configured to: construct a first flow table and a second flow table, and send the first flow table to the first switch, and send the second flow table to the second switch; the first flow table includes Mapping information between a virtual machine and a virtual network, the second flow table including mapping information between the second virtual machine and the virtual network;
所述第一交换机设置为:接收所述控制器发送来的所述第一流表,通过所述第一流表进行与所述第一虚拟机和所述第二交换机间的转发处理;接收第一报文;所述第一报文包含网络协议数据包和虚拟局域网信息。The first switch is configured to receive the first flow table sent by the controller, perform forwarding processing with the first virtual machine and the second switch by using the first flow table, and receive the first a message; the first message includes a network protocol data packet and virtual local area network information.
所述第二交换机设置为:接收所述控制器发送来的所述第二流表,通过所述第二流表进行与所述第二虚拟机和所述第一交换机间的转发处理;接收第一报文。The second switch is configured to receive the second flow table sent by the controller, perform forwarding processing with the second virtual machine and the first switch by using the second flow table, and receive First message.
与相关技术相比,本发明实施例提供的技术方案,包括:构建第一流表,并将第一流表发送给用于转发第一虚拟机收发信息的第一交换机,第一流表包含第一虚拟机与虚拟网络间的映射信息;构建第二流表,并将第二流表发送给用于转发第二虚拟机收发信息的第二交换机,第二流表包含第二虚拟机与虚拟网络间的映射信息。实现了对不同类型虚拟机的统一管理,增强了服务能力,降低了运营成本。Compared with the related art, the technical solution provided by the embodiment of the present invention includes: constructing a first flow table, and sending the first flow table to a first switch for forwarding information sent and received by the first virtual machine, where the first flow table includes the first virtual Mapping information between the machine and the virtual network; constructing a second flow table, and sending the second flow table to the second switch for forwarding the second virtual machine to send and receive information, where the second flow table includes the second virtual machine and the virtual network Mapping information. It realizes unified management of different types of virtual machines, enhances service capabilities, and reduces operating costs.
另外,通过向第一交换机或第二交换机发送第一报文,第一报文包含网络协议数据包和虚拟局域网信息;根据第一报文确定进行转发处理;通过第一流表进行第一虚拟机与第一交换机间的转发处理;通过第二流表进行第二虚拟机与第二交换机间的转发处理。实现了不同类型虚拟机间的互通,扩展了虚拟数据中心中的网络规模,使虚拟数据中心系统可以管理的网络规模和范围更大。In addition, the first packet is sent to the first switch or the second switch, where the first packet includes the network protocol data packet and the virtual local area network information; the forwarding process is determined according to the first packet; and the first virtual machine is performed by using the first flow table. Forwarding processing with the first switch; forwarding processing between the second virtual machine and the second switch by the second flow table. The interoperability between different types of virtual machines is realized, and the network scale in the virtual data center is expanded, so that the scale and scope of the network that the virtual data center system can manage is larger.
在阅读并理解了附图和详细描述后,可以明白其他方面。 Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图概述BRIEF abstract
图1为本发明实施例一中实现虚拟机统一管理的方法流程图;1 is a flowchart of a method for implementing unified management of a virtual machine according to Embodiment 1 of the present invention;
图2为本发明实施例二中实现虚拟机互通的方法流程图;2 is a flowchart of a method for implementing virtual machine interworking in Embodiment 2 of the present invention;
图3为本发明实施例三中实现虚拟机统一管理的装置示意图;3 is a schematic diagram of an apparatus for implementing unified management of a virtual machine according to Embodiment 3 of the present invention;
图4为图3中第一处理单元示意图;Figure 4 is a schematic view of the first processing unit of Figure 3;
图5为图3中第二处理单元示意图;Figure 5 is a schematic view of the second processing unit of Figure 3;
图6为本发明实施例四中实现虚拟机互通的装置示意图;6 is a schematic diagram of an apparatus for implementing virtual machine interworking in Embodiment 4 of the present invention;
图7为本发明实施例五中实现虚拟机统一管理及互通的系统示意图;FIG. 7 is a schematic diagram of a system for implementing unified management and interworking of a virtual machine according to Embodiment 5 of the present invention; FIG.
图8为本发明实施例五中实现KVM和VMware虚拟机统一管理及互通的系统示意图;8 is a schematic diagram of a system for implementing unified management and interworking of KVM and VMware virtual machines according to Embodiment 5 of the present invention;
图9为本发明实施例五中实现KVM和VMware虚拟机统一管理及互通的系统的另一示意图;FIG. 9 is another schematic diagram of a system for implementing unified management and interworking of KVM and VMware virtual machines according to Embodiment 5 of the present invention; FIG.
图10为本发明实施例五中实现KVM和VMware虚拟机统一管理及互通的方法流程图。FIG. 10 is a flowchart of a method for implementing unified management and interworking of KVM and VMware virtual machine according to Embodiment 5 of the present invention.
详述Detailed
下文中将结合附图对本申请的实施例进行详细说明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。Embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.
为了使本技术领域的人员更好地理解本发明方案,下面将结合附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,而不是全部的实施例;需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described in the following with reference to the accompanying drawings. For example, not all of the embodiments; it should be noted that the embodiments of the present application and the features of the embodiments may be combined with each other without conflict. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts shall fall within the scope of the present invention.
实施例一:Embodiment 1:
本实施例提供一种实现虚拟机统一管理的方法,请参见图1,包括:This embodiment provides a method for implementing unified management of a virtual machine. Referring to FIG. 1, the method includes:
步骤101,构建第一流表,并将第一流表发送给设置为转发第一虚拟机收发信息的第一交换机,第一流表包含第一虚拟机与虚拟网络间的映射信 息;Step 101: Construct a first flow table, and send the first flow table to a first switch configured to forward and receive information of the first virtual machine, where the first flow table includes a mapping information between the first virtual machine and the virtual network. interest;
步骤102,构建第二流表,并将第二流表发送给设置为转发第二虚拟机收发信息的第二交换机,第二流表包含第二虚拟机与虚拟网络间的映射信息。Step 102: Construct a second flow table, and send the second flow table to a second switch configured to forward the second virtual machine to send and receive information, where the second flow table includes mapping information between the second virtual machine and the virtual network.
对于步骤101,构建第一流表包括将包含第一虚拟机标识信息的报文发送给控制器进行学习;学习结束后,将包含第一虚拟机的物理地址与虚拟网络间映射关系的信息封装为第一流表。可选的,先在管理界面上配置与第一虚拟机和第二虚拟机对应的虚拟平台,配置完成后,在管理界面上创建第一虚拟机,第一交换机将第一虚拟机的报文通过Packet-in Message发送至控制器进行虚拟机MAC(物理地址)学习,学习完成后由控制器向第一虚拟机所在的第一交换机下发第一流表,该第一流表包含VNET(虚拟网络)+SRC MAC(source MAC源虚拟机的物理网卡信息)的表项,后续第一虚拟机发送的流量就可以正常按照此第一流表进行转发。可选的,此处的第一虚拟机可以是KVM虚拟机,相应的第一交换机则为DVS,此处的控制器可以是SDN控制器。需要说明的是,上述第一虚拟机可以包括区别于第二虚拟机的一类虚拟机,而不是单指一个虚拟机;另外,该第一虚拟机不仅限于KVM虚拟机,第一交换机不仅限于DVS,控制器也不仅限于SDN控制器,任何可以实现上述步骤1内容的模块都在本实施例保护范围内,可以根据需要进行相应的选择和替换。For the step 101, the first flow table is configured to send the message including the first virtual machine identification information to the controller for learning. After the learning ends, the information including the mapping relationship between the physical address of the first virtual machine and the virtual network is encapsulated as First flow table. Optionally, the virtual platform corresponding to the first virtual machine and the second virtual machine is configured on the management interface. After the configuration is complete, the first virtual machine is created on the management interface, and the first switch sends the packet of the first virtual machine. After the packet is sent to the controller, the virtual machine MAC (physical address) is learned. After the learning is completed, the controller sends the first flow table to the first switch where the first virtual machine is located. The first flow table includes VNET (virtual network). The entry of the +SRC MAC (the physical NIC information of the source MAC source virtual machine), the traffic sent by the subsequent first virtual machine can be forwarded according to the first flow table. Optionally, the first virtual machine herein may be a KVM virtual machine, and the corresponding first switch is a DVS, where the controller may be an SDN controller. It should be noted that the first virtual machine may include one type of virtual machine different from the second virtual machine instead of one virtual machine. In addition, the first virtual machine is not limited to the KVM virtual machine, and the first switch is not limited to The DVS, the controller is not limited to the SDN controller, and any module that can implement the content of the above step 1 is within the protection scope of the embodiment, and can be correspondingly selected and replaced as needed.
对于步骤102,构建第二流表可以包括接收第二交换机转发来的关联消息,根据关联消息设置第二虚拟机端口与虚拟网络间的映射;将包含第二虚拟机的端口与虚拟网络间映射关系的信息封装为第二流表。构建第二流表前,本发明实施例还包括:向第二交换机和控制器注册第二虚拟机,进行所述第二虚拟机与虚拟局域网络和端口标识间的映射。可选的,在管理界面上创建第二虚拟机,包括{“端口标识(port_uuid)”,“虚拟网络标识(virtualnetwork_id)”,“名字(name)”,“地址(ip_address)”,“物理地址(mac)”,“安全组(security_groups)”}等信息。然后发送关联消息,进行port_uuid,可选的,该关联消息包含{port_uuid,vid};创建第二虚拟机和port_uuid完成后,通过关联消息向第二交换机和控制器进行注 册,注册信息包括port_uuid、vlan,进行VM和vlan、port_uuid的映射;在删除虚拟机时,则向第二交换机和控制器进行关联消除,通知控制器该虚拟机已经被删除。注册完成后,第二交换机根据控制器预先下发的第二流表,将关联消息上送到控制器,控制器根据上送packet-in的端口和dpid,先确定第二虚拟机的接入位置;然后根据port_uuid,确认关联消息关联的第二虚拟机的信息;接着根据vlan和OpenFlow的in_port,向第二虚拟机端口配置vlan子接口,并将vlan子接口加入虚拟网络,即设置port-vnet映射,根据上述处理过程,生成第二流表;该第二流表包含第二虚拟机端口与VNET间的映射关系;然后将该第二流表发送给第二交换机。可选的,该第二虚拟机可以是VMware虚拟机,相应的第二交换机则为ToR交换机,控制器可以是SDN控制器,管理界面为VDC的管理界面,创建VMware虚拟机时,VDC的管理界面通过OpenStack调用SDN控制器的北向接口,创建VMware虚拟机;相应的关联消息具体可以是VDP(VSI Discovery Protocol VSI发现协议)关联消息,该第二流表具体的可以是VDP协议流表。For step 102, constructing the second flow table may include receiving an association message forwarded by the second switch, setting a mapping between the second virtual machine port and the virtual network according to the association message, and mapping the port including the second virtual machine to the virtual network. The information of the relationship is encapsulated into a second flow table. Before the second flow table is constructed, the embodiment of the present invention further includes: registering the second virtual machine with the second switch and the controller, and performing mapping between the second virtual machine and the virtual local area network and the port identifier. Optionally, the second virtual machine is created on the management interface, including {"port_uuid", "virtual network_id", "name", "address (ip_address)", "physical address" (mac)", "security group (security_groups)"} and other information. Then, the association message is sent to perform port_uuid. Optionally, the associated message includes {port_uuid, vid}; after the second virtual machine is created and the port_uuid is completed, the second switch and the controller are injected through the associated message. The registration information includes the port_uuid and the vlan, and performs mapping between the VM and the vlan and the port_uuid. When the virtual machine is deleted, the association is eliminated to the second switch and the controller, and the controller is notified that the virtual machine has been deleted. After the registration is completed, the second switch sends the associated message to the controller according to the second flow table sent by the controller in advance, and the controller first determines the access of the second virtual machine according to the port and dpid sent to the packet-in. And then, according to the port_uuid, confirm the information of the second virtual machine associated with the associated message; then, according to the in_port of the vlan and the OpenFlow, configure the vlan sub-interface to the second virtual machine port, and add the vlan sub-interface to the virtual network, that is, set the port- And vnet mapping, according to the foregoing process, generating a second flow table; the second flow table includes a mapping relationship between the second virtual machine port and the VNET; and then sending the second flow table to the second switch. Optionally, the second virtual machine may be a VMware virtual machine, the corresponding second switch is a ToR switch, the controller may be an SDN controller, the management interface is a VDC management interface, and the VDC management is performed when the VMware virtual machine is created. The interface can be used to create a VMware virtual machine by using the northbound interface of the SDN controller. The corresponding associated message may be a VDP (VSI Discovery Protocol) association message. The second flow table may be a VDP protocol flow table.
需要理解的是,当第一虚拟机为KVM虚拟机,第二虚拟机为VMware虚拟机时,在VDC的管理界面上配置的虚拟平台可以是Openstack虚拟平台和VMware虚拟平台,预先下发的流表可以是(Ethertype:0x8940)。上述第一虚拟机和第二虚拟机包括类型不同的两类虚拟机,而不是单指一个虚拟机;另外,需要理解的是,任何可以实现上述内容的模块都在本实施例保护范围内,其可以根据需要进行相应的选择和替换。It should be understood that when the first virtual machine is a KVM virtual machine and the second virtual machine is a VMware virtual machine, the virtual platform configured on the management interface of the VDC may be an Openstack virtual platform and a VMware virtual platform, and the pre-delivered stream. The table can be (Ethertype: 0x8940). The first virtual machine and the second virtual machine include two types of virtual machines of different types, instead of one virtual machine. In addition, it should be understood that any module that can implement the foregoing content is within the protection scope of the embodiment. It can be selected and replaced as needed.
本实施例提供的实现虚拟机统一管理的方法,通过构建第一流表,并将第一流表发送给用于转发第一虚拟机收发信息的第一交换机,第一流表包含第一虚拟机与虚拟网络间的映射信息;构建第二流表,并将第二流表发送给用于转发第二虚拟机收发信息的第二交换机,第二流表包含第二虚拟机与虚拟网络间的映射信息。实现了管理界面对虚拟机的统一管理,增强了系统的服务能力,降低了运营成本。The method for implementing the unified management of the virtual machine provided in this embodiment, by constructing the first flow table, and sending the first flow table to the first switch for forwarding the information of the first virtual machine to send and receive, the first flow table includes the first virtual machine and the virtual Mapping information between the networks; constructing a second flow table, and sending the second flow table to the second switch for forwarding the second virtual machine to send and receive information, where the second flow table includes mapping information between the second virtual machine and the virtual network . The unified management of the virtual machine by the management interface is realized, the service capability of the system is enhanced, and the operation cost is reduced.
本发明实施例还提供一种计算机存储介质,计算机存储介质中存储有计算机可执行指令,计算机可执行指令用于执行上述实现虚拟机统一管理的方 法。The embodiment of the invention further provides a computer storage medium, wherein the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the foregoing method for realizing unified management of the virtual machine. law.
本发明实施例还提供一种实现虚拟机统一管理的装置,包括:存储器和处理器;其中,The embodiment of the invention further provides an apparatus for implementing unified management of a virtual machine, comprising: a memory and a processor; wherein
处理器被配置为执行存储器中的程序指令;The processor is configured to execute program instructions in the memory;
程序指令在处理器读取执行以下操作:Program instructions perform the following operations on the processor read:
构建第一流表,并将第一流表发送给配置为转发第一虚拟机收发信息的第一交换机,第一流表包含第一虚拟机与虚拟网络间的映射信息;Constructing a first flow table, and sending the first flow table to the first switch configured to forward the first virtual machine to send and receive information, where the first flow table includes mapping information between the first virtual machine and the virtual network;
构建第二流表,并将第二流表发送给配置为转发第二虚拟机收发信息的第二交换机,第二流表包含所述第二虚拟机与虚拟网络间的映射信息。Constructing a second flow table, and sending the second flow table to the second switch configured to forward the second virtual machine to send and receive information, where the second flow table includes mapping information between the second virtual machine and the virtual network.
实施例二:Embodiment 2:
本实施例提供了一种实现虚拟机互通的方法,请参见图2,包括:This embodiment provides a method for implementing virtual machine interworking. Referring to FIG. 2, the method includes:
步骤201,向第一交换机发送第一报文;第一报文包含网络协议数据包和虚拟局域网信息;Step 201: Send a first packet to the first switch, where the first packet includes a network protocol data packet and virtual local area network information.
步骤202,根据第一报文确定进行转发处理;Step 202: Determine, according to the first packet, that forwarding processing is performed.
步骤203,通过第一流表进行第一虚拟机与第一交换机间的转发处理;第一流表包含第一虚拟机与虚拟网络间的映射信息;Step 203: Perform forwarding processing between the first virtual machine and the first switch by using the first flow table. The first flow table includes mapping information between the first virtual machine and the virtual network.
步骤204,通过第二流表进行第二虚拟机与第二交换机间的交换机转发处理;第二流表包含第二虚拟机与虚拟网络间的映射信息。Step 204: Perform switch forwarding processing between the second virtual machine and the second switch by using the second flow table. The second flow table includes mapping information between the second virtual machine and the virtual network.
本发明实施例通过第一流表进行第一虚拟机与所述第一交换机间的转发处理,第二流表进行第二虚拟机与第二交换机间的转发处理,可以实现虚拟机互通;The embodiment of the present invention performs forwarding processing between the first virtual machine and the first switch by using the first flow table, and the second flow table performs forwarding processing between the second virtual machine and the second switch, so that virtual machine interworking can be implemented;
通过上述步骤实现虚拟机间的互通包括:当第一虚拟机和第二虚拟机处于相同网段时,实现第一虚拟机和第二虚拟机间的二层转发互通;当第一虚拟机和第二虚拟机处于不同网段时,实现VMware虚拟机和KVM虚拟机间的二层和/或三层转发互通。 The interworking between the virtual machines is performed by the foregoing steps: when the first virtual machine and the second virtual machine are in the same network segment, the Layer 2 forwarding interworking between the first virtual machine and the second virtual machine is implemented; when the first virtual machine and the first virtual machine When the second virtual machine is in different network segments, Layer 2 and/or Layer 3 forwarding interworking between the VMware virtual machine and the KVM virtual machine is implemented.
可选的,可以将网络协议数据包(IP包)增加vlan(虚拟局域网)信息封装为第一报文,转发给第二交换机,第二交换机按照控制器下发的第一流表,进行转发处理,从而实现虚拟机间二层、三层的转发互通。如果第一虚拟机和第二虚拟机是相同网段,且第一虚拟机作为目的端,第二虚拟机作为源端,则管理程序(Hypervisor)将第二虚拟机的IP包增加vlan,转发给第二交换机,第二交换机按照控制器发送的第一流表,进行转发处理,根据vlan、inport,将报文vlan pop,并转换为元数据(metadata)(虚拟网络(VNET),即转换为虚拟网络的元数据;根据metadata(VNET)和源(src)MAC,确定是否需要进行主机学习;根据metadata(VNET)和dst MAC确定进行二层转发,目的端的第一交换机收到请求报文后转发给第一虚拟机,第一虚拟机的响应报文也按照第一交换机上的第一流表发送到第二交换机,第二交换机再转发给第二虚拟机,从而实现第一虚拟机和第二虚拟机之间的二层互通。如果第一虚拟机和第二虚拟机在不同网段,Hypervisor将第二虚拟机的IP包增加vlan1,转发给第二交换机,第二交换机按照控制器发送的流表进行转发处理,根据vlan、inport,将报文vlan pop,并转换为metadata(VNET);根据metadata(VNET)和src MAC,确定是否需要进行主机学习;根据metadata(VNET)和dst MAC,确定进行二层转发;根据metadata(虚拟路由转发表(VRF))和dst IP,即根据虚拟路由转发表的元数据和dst IP进行三层转发;目的端第一交换机收到请求报文后转发给第一虚拟机,第一虚拟机的响应报文也按照第一交换机上的第一流表发送到第二交换机,第二交换机再转发给第二虚拟机,从而实现第一虚拟机和第二虚拟机之间的三层互通。Optionally, the network protocol data packet (IP packet) may be encapsulated into a first packet by using a vlan (virtual local area network) information, and then forwarded to the second switch, and the second switch performs forwarding processing according to the first flow table sent by the controller. Therefore, the two-layer and three-layer forwarding interworking between virtual machines is realized. If the first virtual machine and the second virtual machine are the same network segment, and the first virtual machine is used as the destination end and the second virtual machine is used as the source end, the hypervisor adds the vlan of the second virtual machine to the vlan and forwards the IP packet. To the second switch, the second switch performs forwarding processing according to the first flow table sent by the controller, and converts the message vlan pop according to vlan and inport, and converts it into metadata (virtual network (VNET), that is, converts to Metadata of the virtual network; determining whether host learning is required according to the metadata (VNET) and the source (src) MAC; performing Layer 2 forwarding according to the metadata (VNET) and the dst MAC, and the first switch at the destination receives the request packet. Forwarding to the first virtual machine, the response packet of the first virtual machine is also sent to the second switch according to the first flow table on the first switch, and the second switch is forwarded to the second virtual machine, thereby implementing the first virtual machine and the first virtual machine. The second virtual machine and the second virtual machine are in different network segments. If the first virtual machine and the second virtual machine are on different network segments, the hypervisor adds the vlan1 of the second virtual machine to the second switch, and the second switch presses the second virtual switch. According to the flow table sent by the controller, the packet is forwarded according to vlan and inport, and converted into metadata (VNET); according to metadata (VNET) and src MAC, it is determined whether host learning is required; according to metadata (VNET) And the dst MAC, determine to perform Layer 2 forwarding; according to metadata (virtual routing forwarding table (VRF)) and dst IP, that is, according to the virtual routing forwarding table metadata and dst IP for Layer 3 forwarding; the destination first switch receives After the request packet is forwarded to the first virtual machine, the response packet of the first virtual machine is sent to the second switch according to the first flow table on the first switch, and the second switch is forwarded to the second virtual machine, thereby implementing the first Three layers of interworking between the virtual machine and the second virtual machine.
可选的,该第一虚拟机可以包括KVM虚拟机,该第二虚拟机可以包括VMware虚拟机,控制器可以包括SDN控制器,相应的,第一交换机则为DVS,第二交换机为ToR交换机,上述第一虚拟机和第二虚拟机包括类型不同的两类虚拟机,而不是单指一个虚拟机;另外,需要理解的是,任何可以实现上述步骤所述内容的模块都在本实施例保护范围内,可以根据需要进行相应的选择和替换。Optionally, the first virtual machine may include a KVM virtual machine, the second virtual machine may include a VMware virtual machine, and the controller may include an SDN controller. Correspondingly, the first switch is a DVS, and the second switch is a ToR switch. The first virtual machine and the second virtual machine include two types of virtual machines of different types instead of one virtual machine. In addition, it should be understood that any module that can implement the foregoing steps is in this embodiment. Within the scope of protection, you can make the appropriate selection and replacement as needed.
本实施例通过向第一交换机或第二交换机发送第一报文,第一报文包含 网络协议数据包和虚拟局域网信息;根据第一报文确定进行转发处理;通过第一流表进行第一虚拟机与第一交换机间的转发处理,第一流表包含第一虚拟机与虚拟网络间的映射信息;通过第二流表进行第二虚拟机与第二交换机间的转发处理第二流表包含第二虚拟机与虚拟网络间的映射信息。实现了不同类型虚拟机间的互通,扩展了虚拟数据中心中的网络规模,使虚拟数据中心系统可以管理的网络规模和范围更大。In this embodiment, the first packet is sent to the first switch or the second switch, where the first packet includes Network protocol data packet and virtual local area network information; performing forwarding processing according to the first packet; performing forwarding processing between the first virtual machine and the first switch by using the first flow table, where the first flow table includes the first virtual machine and the virtual network Mapping information; performing forwarding processing between the second virtual machine and the second switch by using the second flow table. The second flow table includes mapping information between the second virtual machine and the virtual network. The interoperability between different types of virtual machines is realized, and the network scale in the virtual data center is expanded, so that the scale and scope of the network that the virtual data center system can manage is larger.
本发明实施例还提供一种计算机存储介质,计算机存储介质中存储有计算机可执行指令,计算机可执行指令用于执行上述实现虚拟机互通的方法。The embodiment of the invention further provides a computer storage medium, wherein the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the foregoing method for implementing virtual machine interworking.
本发明实施例还提供一种实现虚拟机互通的装置,包括:存储器和处理器;其中,An embodiment of the present invention further provides an apparatus for implementing virtual machine interworking, including: a memory and a processor; wherein
处理器被配置为执行存储器中的程序指令;The processor is configured to execute program instructions in the memory;
程序指令在处理器读取执行以下操作:Program instructions perform the following operations on the processor read:
向第一交换机或第二交换机发送第一报文,第一报文包含网络协议数据包和虚拟局域网信息;Sending a first packet to the first switch or the second switch, where the first packet includes a network protocol data packet and virtual local area network information;
根据第一报文确定进行转发处理;Performing forwarding processing according to the first packet;
通过第一流表进行第一虚拟机与所述第一交换机间的转发处理,第二流表进行第二虚拟机与所述第二交换机间的转发处理,以实现虚拟机互通;The forwarding process between the first virtual machine and the first switch is performed by using the first flow table, and the second flow table performs forwarding processing between the second virtual machine and the second switch to implement virtual machine interworking;
其中,第一流表包含第一虚拟机与虚拟网络间的映射信息;The first flow table includes mapping information between the first virtual machine and the virtual network;
第二流表包含第二虚拟机与虚拟网络间的映射信息。The second flow table includes mapping information between the second virtual machine and the virtual network.
实施例三:Embodiment 3:
本实施例提供一种实现虚拟机统一管理的装置,请参见图3,包括第一处理单元11和第二处理单元12,第一处理单元11设置为构建第一流表,并将第一流表发送给配置为转发第一虚拟机收发信息的第一交换机,第一流表包含第一虚拟机与虚拟网络间的映射信息;第二处理单元12设置为构建 第二流表,并将第二流表发送给配置为转发第二虚拟机收发信息的第二交换机,第二流表包含第二虚拟机与虚拟网络间的映射信息。This embodiment provides an apparatus for implementing unified management of a virtual machine. Referring to FIG. 3, the first processing unit 11 and the second processing unit 12 are configured. The first processing unit 11 is configured to construct a first flow table, and send the first flow table. For the first switch configured to forward the first virtual machine to send and receive information, the first flow table includes mapping information between the first virtual machine and the virtual network; and the second processing unit 12 is configured to build The second flow table is sent to the second switch configured to forward the second virtual machine to send and receive information, and the second flow table includes mapping information between the second virtual machine and the virtual network.
可选的,请参见图4,第一处理单元11包括第一处理子单元111和第二处理子单元112,第一处理子单元111设置为将包含第一虚拟机标识信息的报文发送给控制器进行物理地址学习;第二处理子单元112设置为,控制器完成物理地址学习后,将包含第一虚拟机的物理地址与虚拟网络间映射关系的信息封装为第一流表。可选的,先在管理界面上配置与第一虚拟机和第二虚拟机对应的虚拟平台,配置完成后,在管理界面上创建第一虚拟机,第一交换机将第一虚拟机的报文通过Packet-in Message发送至控制器进行虚拟机MAC(物理地址)学习,学习完成后由控制器向第一虚拟机所在的第一交换机下发第一流表,该第一流表包含VNET(虚拟网络)+SRC MAC(source MAC源虚拟机的物理网卡信息)的表项,后续第一虚拟机发送的流量就可以正常按照此第一流表进行转发。可选的,此处的第一虚拟机可以包括KVM虚拟机,相应的第一交换机则可以为DVS,此处的控制器可以是SDN控制器。需要理解的是,上述第一虚拟机包括区别于第二虚拟机的一类虚拟机,而不是单指一个虚拟机;另外,该第一虚拟机不仅限于KVM虚拟机,第一交换机不仅限于DVS,控制器也不仅限于SDN控制器,任何可以实现上述内容的模块都在本实施例保护范围内,可以根据需要进行相应的选择和替换。Optionally, referring to FIG. 4, the first processing unit 11 includes a first processing sub-unit 111 and a second processing sub-unit 112, and the first processing sub-unit 111 is configured to send a packet including the first virtual machine identification information to The controller performs physical address learning. The second processing sub-unit 112 is configured to encapsulate, after the physical address learning, the information including the mapping relationship between the physical address of the first virtual machine and the virtual network as the first flow table. Optionally, the virtual platform corresponding to the first virtual machine and the second virtual machine is configured on the management interface. After the configuration is complete, the first virtual machine is created on the management interface, and the first switch sends the packet of the first virtual machine. After the packet is sent to the controller, the virtual machine MAC (physical address) is learned. After the learning is completed, the controller sends the first flow table to the first switch where the first virtual machine is located. The first flow table includes VNET (virtual network). The entry of the +SRC MAC (the physical NIC information of the source MAC source virtual machine), the traffic sent by the subsequent first virtual machine can be forwarded according to the first flow table. Optionally, the first virtual machine herein may include a KVM virtual machine, and the corresponding first switch may be a DVS, where the controller may be an SDN controller. It should be understood that the first virtual machine includes a virtual machine that is different from the second virtual machine, rather than a single virtual machine. In addition, the first virtual machine is not limited to the KVM virtual machine, and the first switch is not limited to the DVS. The controller is not limited to the SDN controller, and any module that can implement the above content is within the protection scope of the embodiment, and can be correspondingly selected and replaced as needed.
可选的,请参见图5,第二处理单元12包括第三处理子单元121和第四处理子单122,第三处理子单元121设置为:接收第二交换机转发来的关联消息,根据关联消息设置第二虚拟机端口与虚拟网络间的映射;第四处理子单元122设置为:将包含第二虚拟机的端口与虚拟网络间映射关系的信息封装为第二流表。需要理解的是,在构建第二流表前,还包括向第二交换机和控制器注册第二虚拟机,进行第二虚拟机与虚拟局域网络和端口标识间的映射。Optionally, referring to FIG. 5, the second processing unit 12 includes a third processing sub-unit 121 and a fourth processing sub-unit 122. The third processing sub-unit 121 is configured to: receive an association message forwarded by the second switch, according to the association. The message sets a mapping between the second virtual machine port and the virtual network. The fourth processing sub-unit 122 is configured to encapsulate the information including the mapping relationship between the port of the second virtual machine and the virtual network as the second flow table. It is to be understood that before the second flow table is constructed, the second virtual machine is registered with the second switch and the controller, and the mapping between the second virtual machine and the virtual local area network and the port identifier is performed.
可选的,在管理界面上创建第二虚拟机,包括{“端口标识(port_uuid)”,“虚拟网络标识(virtualnetwork_id)”,“名字(name)”,“地址(ip_address)”,“物理地址(mac)”,“安全组(security_groups)”}等信息。然后发送 关联消息,进行port_uuid,可选的,该关联消息包含{port_uuid,vid};创建第二虚拟机和port_uuid完成后,通过关联消息向第二交换机和控制器进行注册,注册信息包括port_uuid、vlan,进行VM和vlan、port_uuid的映射;在删除虚拟机时,则向第二交换机和控制器进行关联消除,通知控制器该虚拟机已经被删除。注册完成后,第二交换机根据控制器预先下发的第二流表,将关联消息上送到控制器,控制器根据上送packet-in的端口和dpid,先确定第二虚拟机的接入位置;然后根据port_uuid,确认关联消息关联的第二虚拟机的信息;接着根据vlan和OpenFlow的in_port,向第二虚拟机端口配置vlan子接口,并将vlan子接口加入虚拟网络,即设置port-vnet映射,根据上述处理过程,生成第二流表;该第二流表包含第二虚拟机端口与VNET间的映射关系;然后将该第二流表发送给第二交换机。可选的,该第二虚拟机可以是VMware虚拟机,相应的第二交换机则为ToR交换机,控制器可以是SDN控制器,管理界面为VDC的管理界面,创建VMware虚拟机时,VDC的管理界面通过OpenStack调用SDN控制器的北向接口,创建VMware虚拟机;相应的关联消息具体可以是VDP(VSI Discovery Protocol VSI发现协议)关联消息,该第二流表具体的可以是VDP协议流表。Optionally, the second virtual machine is created on the management interface, including {"port_uuid", "virtual network_id", "name", "address (ip_address)", "physical address" (mac)", "security group (security_groups)"} and other information. Then send Associate the message with port_uuid. Optionally, the associated message includes {port_uuid, vid}. After the second virtual machine and port_uuid are created, the second switch and the controller are registered by the associated message, and the registration information includes port_uuid and vlan. The mapping between the VM and the vlan and the port_uuid is performed. When the virtual machine is deleted, the association is eliminated to the second switch and the controller, and the controller is notified that the virtual machine has been deleted. After the registration is completed, the second switch sends the associated message to the controller according to the second flow table sent by the controller in advance, and the controller first determines the access of the second virtual machine according to the port and dpid sent to the packet-in. And then, according to the port_uuid, confirm the information of the second virtual machine associated with the associated message; then, according to the in_port of the vlan and the OpenFlow, configure the vlan sub-interface to the second virtual machine port, and add the vlan sub-interface to the virtual network, that is, set the port- And vnet mapping, according to the foregoing process, generating a second flow table; the second flow table includes a mapping relationship between the second virtual machine port and the VNET; and then sending the second flow table to the second switch. Optionally, the second virtual machine may be a VMware virtual machine, the corresponding second switch is a ToR switch, the controller may be an SDN controller, the management interface is a VDC management interface, and the VDC management is performed when the VMware virtual machine is created. The interface can be used to create a VMware virtual machine by using the northbound interface of the SDN controller. The corresponding associated message may be a VDP (VSI Discovery Protocol) association message. The second flow table may be a VDP protocol flow table.
需要理解的是,当第一虚拟机为KVM虚拟机,第二虚拟机为VMware虚拟机时,在VDC的管理界面上配置的虚拟平台可以是Openstack虚拟平台和VMware虚拟平台,预先下发的流表可以是(Ethertype:0x8940)。上述第一虚拟机和第二虚拟机包括类型不同的两类虚拟机,而不是单指一个虚拟机;另外,需要理解的是,任何可以实现上述步骤1和步骤2所述内容的模块都在本实施例保护范围内,其可以根据需要进行相应的选择和替换。It should be understood that when the first virtual machine is a KVM virtual machine and the second virtual machine is a VMware virtual machine, the virtual platform configured on the management interface of the VDC may be an Openstack virtual platform and a VMware virtual platform, and the pre-delivered stream. The table can be (Ethertype: 0x8940). The first virtual machine and the second virtual machine include two types of virtual machines of different types instead of one virtual machine. In addition, it should be understood that any module that can implement the contents of steps 1 and 2 above is Within the scope of protection of this embodiment, it can be correspondingly selected and replaced as needed.
本实施例提供的实现虚拟机统一管理的方法,通过构建第一流表,并将第一流表发送给配置为转发第一虚拟机收发信息的第一交换机,第一流表包含第一虚拟机与虚拟网络间的映射信息;构建第二流表,并将第二流表发送给配置为转发第二虚拟机收发信息的第二交换机,第二流表包含第二虚拟机与虚拟网络间的映射信息。实现了管理界面对虚拟机的统一管理,增强了系统的服务能力,降低了运营成本。The method for implementing the unified management of the virtual machine provided by the embodiment includes: constructing the first flow table, and sending the first flow table to the first switch configured to forward the information of the first virtual machine to send and receive information, where the first flow table includes the first virtual machine and the virtual Mapping information between networks; constructing a second flow table, and sending the second flow table to a second switch configured to forward and receive information of the second virtual machine, where the second flow table includes mapping information between the second virtual machine and the virtual network . The unified management of the virtual machine by the management interface is realized, the service capability of the system is enhanced, and the operation cost is reduced.
实施例四: Embodiment 4:
本实施例提供了一种实现虚拟机互通的装置,请参见图6,包括第三处理单元13,第四处理单元14,第五处理单元15;第三处理单元13设置为:向第一交换机或第二交换机发送第一报文,第一报文包含网络协议数据包和虚拟局域网信息;第四处理单元14设置为:根据第一报文确定进行转发处理;第五处理单元15设置为:通过第一流表进行第一虚拟机与第一交换机间的转发处理,第二流表进行第二虚拟机与第二交换机间的转发处理,以实现虚拟机互通;其中,第一流表包含第一虚拟机与虚拟网络间的映射信息;第二流表包含第二虚拟机与虚拟网络间的映射信息。This embodiment provides an apparatus for implementing virtual machine interworking. Referring to FIG. 6, a third processing unit 13, a fourth processing unit 14, and a fifth processing unit 15 are provided. The third processing unit 13 is configured to: Or the second switch sends the first packet, where the first packet includes the network protocol data packet and the virtual local area network information; the fourth processing unit 14 is configured to: perform forwarding processing according to the first packet, and the fifth processing unit 15 is configured to: The first flow table performs forwarding processing between the first virtual machine and the first switch, and the second flow table performs forwarding processing between the second virtual machine and the second switch to implement virtual machine interworking; wherein the first flow table includes the first Mapping information between the virtual machine and the virtual network; the second flow table includes mapping information between the second virtual machine and the virtual network.
通过上述步骤,实现虚拟机间的互通,包括:当第一虚拟机和第二虚拟机处于相同网段时,实现第一虚拟机和第二虚拟机间的二层转发互通;当第一虚拟机和第二虚拟机处于不同网段时,实现第一虚拟机和第二虚拟机间的二层和三层转发互通。Through the foregoing steps, the interworking between the virtual machines is implemented, including: when the first virtual machine and the second virtual machine are in the same network segment, implementing Layer 2 forwarding interworking between the first virtual machine and the second virtual machine; When the second virtual machine is in different network segments, the Layer 2 and Layer 3 forwarding interworking between the first virtual machine and the second virtual machine is implemented.
可选的,可以将IP包(网络协议数据包)增加vlan(虚拟局域网)信息,封装为第一报文,转发给第二交换机,第二交换机按照控制器下发的第一流表,进行转发处理,从而实现虚拟机间二层、三层的转发互通。如果第一虚拟机和第二虚拟机是相同网段,且第一虚拟机作为目的端,第二虚拟机作为源端,则Hypervisor将第二虚拟机的IP包增加vlan,转发给第二交换机,第二交换机按照控制器发送的第一流表,进行转发处理,根据vlan,inport,将报文vlan pop,并转换为metadata(VNET);根据metadata(VNET)和src MAC,确定是否需要进行主机学习;根据metadata(VNET)和dst MAC确定进行二层转发,目的端的第一交换机收到请求报文后转发给第一虚拟机,第一虚拟机的响应报文也按照第一交换机上的第一流表发送到第二交换机,第二交换机再转发给第二虚拟机,从而实现第一虚拟机和第二虚拟机之间的二层互通。如果第一虚拟机和第二虚拟机在不同网段,Hypervisor将第二虚拟机的IP包增加vlan1,转发给第二交换机,第二交换机按照控制器发送的流表进行转发处理,根据vlan,inport,将报文vlan pop,并转换为metadata(VNET);根据metadata(VNET)和src MAC,确定是否需要进行主机学习;根据metadata(VNET)和dst MAC,确定进行二层转发;根据metadata(VRF)和dst IP,进行三层转发;目的端第一交换机收到请求报文后转发 给第一虚拟机,第一虚拟机的响应报文也按照第一交换机上的第一流表发送到第二交换机,第二交换机再转发给第二虚拟机,从而实现第一虚拟机和第二虚拟机之间的三层互通。Optionally, the IP packet (network protocol data packet) may be added with a vlan (virtual local area network) information, and the first packet is forwarded to the second switch, and the second switch forwards the packet according to the first flow table sent by the controller. Processing, so as to realize the forwarding and interworking between Layer 2 and Layer 3 of the virtual machine. If the first virtual machine and the second virtual machine are the same network segment, and the first virtual machine is used as the destination end and the second virtual machine is used as the source end, the hypervisor adds the IP packet of the second virtual machine to the vlan and forwards the packet to the second switch. The second switch performs forwarding processing according to the first flow table sent by the controller, converts the message vlan pop according to vlan, inport, and converts it into metadata (VNET); determines whether the host needs to be performed according to the metadata (VNET) and the src MAC. Learning; determining the Layer 2 forwarding according to the metadata (VNET) and the dst MAC, the first switch of the destination end receives the request packet and forwards the request packet to the first virtual machine, and the response packet of the first virtual machine is also according to the first switch. The first-class table is sent to the second switch, and the second switch is forwarded to the second virtual machine to implement Layer 2 interworking between the first virtual machine and the second virtual machine. If the first virtual machine and the second virtual machine are on different network segments, the hypervisor adds the vlan1 of the second virtual machine to the second switch, and the second switch performs forwarding processing according to the flow table sent by the controller. According to the vlan, Inport, the message vlan pop, and converted to metadata (VNET); according to metadata (VNET) and src MAC, determine whether host learning is required; according to metadata (VNET) and dst MAC, determine to carry out Layer 2 forwarding; according to metadata ( VRF) and dst IP, perform Layer 3 forwarding; the destination switch forwards the request packet after receiving the request packet. The first virtual machine sends the response packet of the first virtual machine to the second switch according to the first flow table on the first switch, and the second switch forwards the second virtual machine to the second virtual machine, thereby implementing the first virtual machine and the second virtual machine. Three layers of interworking between virtual machines.
可选的,该第一虚拟机可以是KVM虚拟机,该第二虚拟机可以是VMware虚拟机,控制器可以是SDN控制器;相应的,第一交换机则为DVS,第二交换机为ToR交换机,上述第一虚拟机和第二虚拟机是指类型不同的两类虚拟机,而不是单指一个虚拟机;另外,需要理解的是任何可以实现上述步骤所述内容的模块都在本实施例保护范围内,其可以根据需要进行相应的选择和替换。Optionally, the first virtual machine may be a KVM virtual machine, the second virtual machine may be a VMware virtual machine, and the controller may be an SDN controller; correspondingly, the first switch is a DVS, and the second switch is a ToR switch. The first virtual machine and the second virtual machine refer to two types of virtual machines of different types, instead of one virtual machine. In addition, it should be understood that any module that can implement the foregoing steps is in this embodiment. Within the scope of protection, it can be selected and replaced as needed.
本实施例通过向第一交换机或第二交换机发送第一报文,第一报文包含网络协议数据包和虚拟局域网信息;根据第一报文确定进行转发处理;通过第一流表进行第一虚拟机与第一交换机间的转发处理,第一流表包含第一虚拟机与虚拟网络间的映射信息;通过第二流表进行第二虚拟机与第二交换机间的转发处理,第二流表包含第二虚拟机与虚拟网络间的映射信息。实现了不同类型虚拟机间的互通,扩展了虚拟数据中心中的网络规模,使虚拟数据中心系统可以管理的网络规模和范围更大。In this embodiment, the first packet is sent to the first switch or the second switch, where the first packet includes the network protocol data packet and the virtual local area network information; the forwarding process is determined according to the first packet; and the first virtual table is used to perform the first virtual process. Forwarding processing between the machine and the first switch, the first flow table includes mapping information between the first virtual machine and the virtual network; and the second flow table performs forwarding processing between the second virtual machine and the second switch, where the second flow table includes Mapping information between the second virtual machine and the virtual network. The interoperability between different types of virtual machines is realized, and the network scale in the virtual data center is expanded, so that the scale and scope of the network that the virtual data center system can manage is larger.
实施例五:Embodiment 5:
本实施例提供一种实现虚拟机统一管理及互通的系统,请参见图7,包括:控制器1,第一交换机2和第二交换机3,控制器1设置为:构建第一流表与第二流表,并将第一流表发送给第一交换机2,将第二流表发送给第二交换机3;第一流表包括第一虚拟机与虚拟网络间的映射信息,第二流表包括第二虚拟机与虚拟网络间的映射信息;第一交换机2设置为:接收控制器发送来的第一流表,通过第一流表进行与第一虚拟机和第二交换机间的转发处理;第二交换机3设置为:接收控制器发送来的第二流表,通过第二流表进行与第二虚拟机和第一交换机间的转发处理;第一交换机和第二交换机还设置为接收第一报文,第一报文包含网络协议数据包和虚拟局域网信息。This embodiment provides a system for implementing unified management and interworking of a virtual machine. Referring to FIG. 7, the system includes: a controller 1, a first switch 2, and a second switch 3. The controller 1 is configured to: construct a first flow table and a second Flowing the table, and sending the first flow table to the first switch 2, and sending the second flow table to the second switch 3; the first flow table includes mapping information between the first virtual machine and the virtual network, and the second flow table includes the second Mapping information between the virtual machine and the virtual network; the first switch 2 is configured to: receive the first flow table sent by the controller, perform forwarding processing with the first virtual machine and the second switch by using the first flow table; and the second switch 3 The method is configured to: receive a second flow table sent by the controller, perform forwarding processing with the second virtual machine and the first switch by using the second flow table; and the first switch and the second switch are further configured to receive the first packet, The first message contains network protocol packets and virtual local area network information.
可选的,该第一虚拟机可以是KVM虚拟机,该第二虚拟机可以是VMware虚拟机,控制器可以是SDN控制器,相应的,第一交换机则为DVS,第二交换机为ToR交换机,与KVM虚拟机和VMware虚拟机对应虚拟平台 是Openstack虚拟平台和VMware ESXI虚拟平台。Optionally, the first virtual machine may be a KVM virtual machine, the second virtual machine may be a VMware virtual machine, and the controller may be an SDN controller. Correspondingly, the first switch is a DVS, and the second switch is a ToR switch. , corresponding to the KVM virtual machine and VMware virtual machine virtual platform It is the Openstack virtual platform and the VMware ESXI virtual platform.
可选的,请参见图8,实现KVM虚拟机和VMware虚拟机统一管理及互通的系统包括Openstack虚拟平台21,VMware ESXI虚拟平台22,SDN控制器23,ToR交换机24和DVS25,可选的,Openstack虚拟平台21和VMware ESXI虚拟平台22分别设置为在管理界面上创建KVM虚拟机和创建VMware虚拟机;SDN控制器23设置为构建第一流表与第二流表,并将第一流表发送给DVS25,将第二流表发送给TOR交换机24;第一流表包括KVM虚拟机的物理地址与VNET间的映射信息,第二流表包括VMware虚拟机的端口与VNET间的映射信息;DVS25设置为接收SDN控制器发送来的第一流表,通过第一流表进行与KVM虚拟机和TOR交换机间的转发处理;TOR交换机设置为接收SDN控制器23发送来的第二流表,通过第二流表进行与VMware虚拟机和DVS25间的转发处理;还设置为接收Hypervisor发送来的报文。Optionally, referring to FIG. 8, the system for implementing unified management and interworking of the KVM virtual machine and the VMware virtual machine includes an Openstack virtual platform 21, a VMware ESXI virtual platform 22, an SDN controller 23, a ToR switch 24, and a DVS 25, optionally, The Openstack virtual platform 21 and the VMware ESXI virtual platform 22 are respectively configured to create a KVM virtual machine and create a VMware virtual machine on the management interface; the SDN controller 23 is configured to construct the first flow table and the second flow table, and send the first flow table to The DVS 25 sends the second flow table to the TOR switch 24; the first flow table includes mapping information between the physical address of the KVM virtual machine and the VNET, and the second flow table includes mapping information between the port of the VMware virtual machine and the VNET; the DVS 25 is set to Receiving a first flow table sent by the SDN controller, performing forwarding processing with the KVM virtual machine and the TOR switch by using the first flow table; the TOR switch is configured to receive the second flow table sent by the SDN controller 23, and pass the second flow table Perform forwarding processing with the VMware virtual machine and DVS25; also set to receive packets sent by the Hypervisor.
请参见图9,图9为本实施例提供的实现VMware虚拟机和KVM虚拟机统一管理及互通的系统的另一示意图,除图8所示的模块外,还包括虚拟中心(Vcenter)/VDP26,VM1和VM2,可选的,DVS25可以是ZXDVS,VM1是VMware虚拟机,VM2是KVM虚拟机。Referring to FIG. 9, FIG. 9 is another schematic diagram of a system for implementing unified management and interworking of a VMware virtual machine and a KVM virtual machine according to the embodiment. In addition to the module shown in FIG. 8, the virtual center (Vcenter)/VDP26 is also included. VM1 and VM2, optionally, DVS25 can be ZXDVS, VM1 is a VMware virtual machine, and VM2 is a KVM virtual machine.
请参见图10,下面对本实施例中提供的实现VMware和KVM虚拟机统一管理及互通的方法做说明,包括:Referring to FIG. 10, the following provides a method for implementing unified management and interworking of VMware and KVM virtual machines provided in this embodiment, including:
步骤301,在VDC的管理界面上配置Openstack虚拟平台和VMware虚拟平台,在管理界面上创建KVM虚拟机,得到第一流表;Step 301: Configure an Openstack virtual platform and a VMware virtual platform on the management interface of the VDC, and create a KVM virtual machine on the management interface to obtain a first flow table.
可选的,DVS将虚拟机报文通过Packet-in Message发送至SDN控制器进行虚拟机MAC学习,学习完成后由SDN控制器向KVM虚拟机所在的DVS下发包含VNET+SRC MAC的表项,即第一流表,即控制器将虚拟机vid(virtual network id虚拟网络标识)关联到VLAN子接口,后续虚拟机发送的流量就可以正常按照此第一流表进行转发;Optionally, the DVS sends the virtual machine packet to the SDN controller through the Packet-in Message to learn the MAC address of the virtual machine. After the learning is completed, the SDN controller sends the VNET+SRC MAC entry to the DVS where the KVM virtual machine is located. , that is, the first flow table, that is, the controller associates the virtual machine vid (virtual network id) to the VLAN sub-interface, and the traffic sent by the subsequent virtual machine can be forwarded according to the first flow table.
步骤302,VDC的管理界面通过OpenStack调用SDN控制器的北向接口,创建VMware虚拟机; Step 302: The VDC management interface invokes the northbound interface of the SDN controller through OpenStack to create a VMware virtual machine.
可选的,传递{“port_uuid(端口标识)”,“virtualnetwork_id(虚拟网络标识)”,“name(名字)”,“ip_address(地址)”,“mac(物理地址)”,“security_groups(安全组)”}等信息给SDN控制器,SDN控制器将虚拟机的这些信息保存到本地数据库;Optionally, pass {"port_uuid", "virtualnetwork_id", "name", "ip_address", "mac (physical address)", "security_groups" (security group) )") to the SDN controller, the SDN controller saves the virtual machine's information to the local database;
步骤303,位于ESXi中已有的代理(agent)虚拟机发送VDP关联消息,包含{port_uuid,vid};Step 303: An existing agent virtual machine located in the ESXi sends a VDP association message, including {port_uuid, vid};
步骤304,创建VMware虚拟机和port_uuid完成后,由agent通过VDP消息向TOR和SDN控制器进行注册;Step 304: After the VMware virtual machine and the port_uuid are created, the agent registers with the TOR and the SDN controller through the VDP message.
可选的,注册信息包括port_uuid、vlan,进行VM和vlan、port_uuid的映射;在删除虚拟机时,由agent向TOR和SDN控制器进行关联消除,通知控制器虚拟机已经被删除;Optionally, the registration information includes port_uuid and vlan, and mapping between the VM and the vlan and the port_uuid. When the virtual machine is deleted, the agent removes the association between the TOR and the SDN controller to notify the controller that the virtual machine has been deleted.
步骤305,封装第二流表;即设置port-vnet映射,得到第二流表; Step 305, encapsulating the second flow table; that is, setting a port-vnet mapping to obtain a second flow table;
可选的,ToR交换机根据SDN控制器预先下发的VDP流表(Ethertype:0x8940),将VDP消息上送到SDN控制器,控制器根据上送packet-in的端口和dpid,确定接入位置;根据port_uuid,确认VDP消息关联的虚拟机信息;根据vlan和OpenFlow的in_port,向端口配置vlan子接口,并将vlan子接口加入虚拟网络,即设置port-vnet映射,处理结束后,向ToR交换机发送第二流表,该第二流表可以是VDP协议流表;Optionally, the ToR switch sends the VDP message to the SDN controller according to the VDP flow table (Ethertype: 0x8940) pre-delivered by the SDN controller, and the controller determines the access location according to the port and dpid sent to the packet-in. According to the port_uuid, the virtual machine information associated with the VDP message is confirmed. According to the in_port of the vlan and the OpenFlow, the vlan sub-interface is configured on the port, and the vlan sub-interface is added to the virtual network, that is, the port-vnet mapping is set. After the processing ends, the switch is sent to the ToR switch. Sending a second flow table, where the second flow table is a VDP protocol flow table;
步骤306,通过第一流表进行KVM虚拟机与DVS间的转发处理,通过第二流表进行VMware虚拟机与TOR间的转发处理;Step 306: Perform forwarding processing between the KVM virtual machine and the DVS through the first flow table, and perform forwarding processing between the VMware virtual machine and the TOR through the second flow table.
可选的,如果VMware虚拟机和KVM虚拟机是相同网段,Hypervisor将VMware虚拟机的IP包增加vlan,转发给ToR交换机,ToR按照SDN控制器发送的流表,进行转发处理,根据vlan,inport,将报文vlan pop,并转换为metadata(VNET);根据metadata(VNET)和src MAC,确定是否需要进行主机学习;根据metadata(VNET)和dst MAC确定进行二层转发,目的端DVS收到请求报文后转发给KVM虚拟机,KVM虚拟机的响应报文也按照DVS上的流表发送到ToR交换机,ToR交换机再转发给VMware虚拟机,从而实现VMware虚拟机机和KVM虚拟机之间的二层互通; Optionally, if the VMware virtual machine and the KVM virtual machine are on the same network segment, the Hypervisor adds the vlan of the VMware virtual machine to the ToR switch, and the ToR performs forwarding processing according to the flow table sent by the SDN controller. According to the vlan, Inport, converts the message vlan pop and converts it to metadata (VNET); determines whether host learning is required according to metadata (VNET) and src MAC; performs Layer 2 forwarding according to metadata (VNET) and dst MAC, and destination DVS receives After the request message is forwarded to the KVM virtual machine, the response message of the KVM virtual machine is also sent to the ToR switch according to the flow table on the DVS, and the ToR switch is forwarded to the VMware virtual machine, thereby implementing the VMware virtual machine and the KVM virtual machine. Inter-layer two-way interworking;
如果VMware虚拟机和KVM虚拟机在不同网段,Hypervisor将VMware虚拟机的IP包增加vlan1,转发给ToR交换机,ToR按照SDN控制器发送的流表进行转发处理,根据vlan,inport,将报文vlan pop,并转换为metadata(VNET);根据metadata(VNET)和src MAC,确定是否需要进行主机学习;根据metadata(VNET)和dst MAC,确定进行二层转发;根据metadata(VRF)和dst IP,进行二层转发;目的端DVS收到请求报文后转发给KVM虚拟机,KVM虚拟机的响应报文也按照DVS上的流表发送到TOR交换机,ToR交换机再转发给VMware虚拟机,从而实现VMware虚拟机机和KVM虚拟机之间的三层互通。If the VMware VM and the KVM VM are on different network segments, the Hypervisor will add the IP packet of the VMware VM to vlan1 and forward it to the ToR switch. The ToR will forward the packet according to the flow table sent by the SDN controller. According to vlan and inport, the packet will be forwarded. Vlan pop, and converted to metadata (VNET); according to metadata (VNET) and src MAC, determine whether host learning is required; according to metadata (VNET) and dst MAC, determine to carry out Layer 2 forwarding; according to metadata (VRF) and dst IP The destination DVS receives the request packet and forwards it to the KVM virtual machine. The response message of the KVM virtual machine is also sent to the TOR switch according to the flow table on the DVS, and the ToR switch forwards it to the VMware virtual machine. Implement three levels of interworking between VMware virtual machines and KVM virtual machines.
本实施例提供的实现VMware和KVM虚拟机统一管理及互通的系统,基于“不要求VMware开放特殊接口,不需要同VMware进行深度捆绑和认证”这个原则,将VTEP点上移到ToR交换机,通过上述系统,实现了VMware虚拟机和KVM虚拟机的统一管理及互通,增强了系统的服务能力,降低了运营成本,扩展了基于SDN下虚拟数据中心中的网络规模,使虚拟数据中心系统可以管理的网络规模和范围更大。The system for implementing unified management and interworking of VMware and KVM virtual machines provided by this embodiment is based on the principle of “not requiring VMware to open a special interface and does not require deep bundling and authentication with VMware”, and moves the VTEP point to the ToR switch. The above system realizes the unified management and intercommunication of VMware virtual machine and KVM virtual machine, enhances the service capability of the system, reduces the operation cost, expands the network scale in the virtual data center based on SDN, and enables the virtual data center system to be managed. The size and scope of the network is larger.
需要注意的是,VTEP由vSwitch上移到ToR交换机,ToR交换机同一个端口下,每个VM一个VLAN,VLAN不区分网络,只区分主机(同一个网络的两个主机,VLAN也不相同),ToR不同的端口下,VLAN可以重复使用,既可以简化VMware虚拟机和KVM虚拟机之间的二层、三层互通流程,又可以对VMware虚拟机进行管理和对其设置高级功能,如:安全组、Meter、流镜像,重定向策略等,同时又可以扩展基于SDN下虚拟数据中心中的网络规模,使虚拟数据中心系统可以管理的网络规模和范围更大,既可以对接openstack虚拟平台又可以对接VMware虚拟平台,还能同时管理两者并且融合互通。It should be noted that the VTEP is moved from the vSwitch to the ToR switch. The ToR switch is on the same port. Each VM has one VLAN. The VLAN does not distinguish between the network and only the host (two hosts on the same network, and the VLANs are different). Under different ports of ToR, VLANs can be reused, which can simplify the Layer 2 and Layer 3 interworking processes between VMware virtual machines and KVM virtual machines. It can also manage VMware virtual machines and set advanced functions such as security. Group, meter, flow mirroring, redirection strategy, etc., and can expand the network scale in the virtual data center based on SDN, so that the virtual data center system can manage a larger network scale and scope, which can be connected to the openstack virtual platform. Docking VMware virtual platforms can also manage both and integrate.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序来指令相关硬件(例如处理器)完成,所述程序可以存储于计算机可读存储介质中,如只读存储器、磁盘或光盘等。可选地,上述实施例的全部或部分步骤也可以使用一个或多个集成电路来实现。相应地,上述实施例中的每 个模块/单元可以采用硬件的形式实现,例如通过集成电路来实现其相应功能,也可以采用软件功能模块的形式实现,例如通过处理器执行存储于存储器中的程序/指令来实现其相应功能。本发明不限制于任何特定形式的硬件和软件的结合。One of ordinary skill in the art will appreciate that all or a portion of the above steps may be performed by a program to instruct related hardware, such as a processor, which may be stored in a computer readable storage medium, such as a read only memory, disk or optical disk. Wait. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Accordingly, each of the above embodiments The modules/units may be implemented in the form of hardware, for example, by an integrated circuit to implement their respective functions, or in the form of software functional modules, for example, by executing a program/instruction stored in the memory by the processor to perform its respective functions. The invention is not limited to any specific form of combination of hardware and software.
虽然本申请所揭露的实施方式如上,但所述的内容仅为便于理解本申请而采用的实施方式,并非用以限定本申请,如本发明实施方式中的具体的实现方法。任何本申请所属领域内的技术人员,在不脱离本申请所揭露的精神和范围的前提下,可以在实施的形式及细节上进行任何的修改与变化,但本申请的专利保护范围,仍须以所附的权利要求书所界定的范围为准。The embodiments disclosed in the present application are as described above, but the descriptions are only for the purpose of understanding the present application, and are not intended to limit the present application, such as the specific implementation method in the embodiments of the present invention. Any modifications and changes in the form and details of the embodiments may be made by those skilled in the art without departing from the spirit and scope of the disclosure. The scope defined by the appended claims shall prevail.
工业实用性Industrial applicability
上述技术方案实现了对不同类型虚拟机的统一管理和不同类型虚拟机间的互通,增强了服务能力,扩展了虚拟数据中心中的网络规模。 The foregoing technical solution realizes unified management of different types of virtual machines and interworking between different types of virtual machines, enhances service capabilities, and expands the network scale in the virtual data center.

Claims (12)

  1. 一种实现虚拟机统一管理的方法,包括:A method for implementing unified management of a virtual machine, comprising:
    构建第一流表,并将第一流表发送给配置为转发第一虚拟机收发信息的第一交换机,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息;Constructing a first flow table, and sending the first flow table to the first switch configured to forward the first virtual machine to send and receive information, where the first flow table includes mapping information between the first virtual machine and the virtual network;
    构建第二流表,并将第二流表发送给配置为转发第二虚拟机收发信息的第二交换机,所述第二流表包含所述第二虚拟机与所述虚拟网络间的映射信息。Constructing a second flow table, and sending the second flow table to a second switch configured to forward the second virtual machine to send and receive information, where the second flow table includes mapping information between the second virtual machine and the virtual network .
  2. 如权利要求1所述的方法,其中,所述构建第一流表包括:The method of claim 1 wherein said constructing said first flow table comprises:
    将包含所述第一虚拟机标识信息的报文发送给控制器进行物理地址学习;Sending the packet containing the first virtual machine identification information to the controller for physical address learning;
    控制器完成物理地址学习后,将包含所述第一虚拟机的物理地址与所述虚拟网络间映射关系的信息封装为所述第一流表。After the controller completes the physical address learning, the information including the mapping relationship between the physical address of the first virtual machine and the virtual network is encapsulated into the first flow table.
  3. 如权利要求1或2所述的方法,其中,所述构建第二流表包括:The method of claim 1 or 2, wherein said constructing the second flow table comprises:
    接收所述第二交换机转发来的关联消息,根据所述关联消息设置所述第二虚拟机的端口与所述虚拟网络间的映射;Receiving an association message forwarded by the second switch, and setting a mapping between a port of the second virtual machine and the virtual network according to the associated message;
    将包含所述端口与虚拟网络间映射关系的信息封装为所述第二流表。Encapsulating information including a mapping relationship between the port and the virtual network is the second flow table.
  4. 如权利要求3所述的方法,所述构建第二流表前,所述方法还包括:The method of claim 3, before the constructing the second flow table, the method further comprises:
    向所述第二交换机和所述控制器注册所述第二虚拟机,进行所述第二虚拟机与虚拟局域网络和端口标识间的映射。Registering the second virtual machine with the second switch and the controller, and performing mapping between the second virtual machine and the virtual local area network and the port identifier.
  5. 一种实现虚拟机互通的方法,包括:A method for implementing virtual machine interworking, including:
    向第一交换机或第二交换机发送第一报文,所述第一报文包含网络协议数据包和虚拟局域网信息;Sending a first packet to the first switch or the second switch, where the first packet includes a network protocol data packet and virtual local area network information;
    根据所述第一报文确定进行转发处理;Determining, according to the first packet, forwarding processing;
    通过第一流表进行第一虚拟机与所述第一交换机间的转发处理,第二流表进行第二虚拟机与所述第二交换机间的转发处理,以实现虚拟机互通;The forwarding process between the first virtual machine and the first switch is performed by using the first flow table, and the second flow table performs forwarding processing between the second virtual machine and the second switch to implement virtual machine interworking;
    其中,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息; The first flow table includes mapping information between the first virtual machine and a virtual network;
    所述第二流表包含所述第二虚拟机与所述虚拟网络间的映射信息。The second flow table includes mapping information between the second virtual machine and the virtual network.
  6. 如权利要求5所述的方法,其中,所述实现虚拟机互通包括:The method of claim 5 wherein said implementing virtual machine interworking comprises:
    当所述第一虚拟机和所述第二虚拟机处于相同网段时,实现所述第一虚拟机和所述第二虚拟机间的二层互通;When the first virtual machine and the second virtual machine are in the same network segment, implementing Layer 2 interworking between the first virtual machine and the second virtual machine;
    当所述第一虚拟机和所述第二虚拟机处于不同网段时,实现所述第一虚拟机和所述第二虚拟机间的二层和/或三层互通。When the first virtual machine and the second virtual machine are in different network segments, the Layer 2 and/or Layer 3 interworking between the first virtual machine and the second virtual machine is implemented.
  7. 一种实现虚拟机统一管理的装置,包括:第一处理单元和第二处理单元,An apparatus for implementing unified management of a virtual machine includes: a first processing unit and a second processing unit,
    所述第一处理单元设置为构建第一流表,并将所述第一流表发送给配置为转发第一虚拟机收发信息的第一交换机,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息;The first processing unit is configured to construct a first flow table, and send the first flow table to a first switch configured to forward and receive information of the first virtual machine, where the first flow table includes the first virtual machine and the virtual Mapping information between networks;
    所述第二处理单元设置为构建第二流表,并将所述第二流表发送给配置为转发第二虚拟机收发信息的第二交换机,所述第二流表包含所述第二虚拟机与所述虚拟网络间的映射信息。The second processing unit is configured to construct a second flow table, and send the second flow table to a second switch configured to forward the second virtual machine to send and receive information, where the second flow table includes the second virtual Mapping information between the machine and the virtual network.
  8. 如权利要求7所述的装置,所述第一处理单元包括第一处理子单元和第二处理子单元;其中,The apparatus of claim 7, the first processing unit comprising a first processing subunit and a second processing subunit; wherein
    所述第一处理子单元设置为:将包含所述第一虚拟机标识信息的报文发送给控制器进行物理地址学习;The first processing sub-unit is configured to: send a packet that includes the first virtual machine identification information to a controller for physical address learning;
    所述第二处理子单元设置为:在控制器完成物理地址学习后,将包含所述第一虚拟机的物理地址与所述虚拟网络间映射关系的信息封装为所述第一流表。The second processing sub-unit is configured to: after the controller completes the physical address learning, encapsulate information including a mapping relationship between the physical address of the first virtual machine and the virtual network as the first flow table.
  9. 如权利要求7或8所述的装置,其中,所述第二处理单元包括第三处理子单元和第四处理子单元;其中,The apparatus according to claim 7 or 8, wherein said second processing unit comprises a third processing subunit and a fourth processing subunit; wherein
    所述第三处理子单元设置为:接收所述第二交换机转发来的关联消息,根据所述关联消息设置所述第二虚拟机的端口与所述虚拟网络间的映射;The third processing sub-unit is configured to: receive an association message forwarded by the second switch, and set a mapping between a port of the second virtual machine and the virtual network according to the association message;
    所述第四处理子单元设置为:将包含所述端口与所述虚拟网络间映射关系的信息封装为所述第二流表。 The fourth processing subunit is configured to encapsulate information including a mapping relationship between the port and the virtual network as the second flow table.
  10. 一种实现虚拟机互通的装置,包括第三处理单元、第四处理单元和第五处理单元,An apparatus for implementing virtual machine interworking, comprising a third processing unit, a fourth processing unit, and a fifth processing unit,
    所述第三处理单元设置为:向第一交换机或第二交换机发送第一报文,所述第一报文包含网络协议数据包和虚拟局域网信息;The third processing unit is configured to: send a first packet to the first switch or the second switch, where the first packet includes a network protocol data packet and virtual local area network information;
    所述第四处理单元设置为:根据所述第一报文确定进行转发处理;The fourth processing unit is configured to: perform forwarding processing according to the first packet;
    所述第五处理单元设置为:通过第一流表进行第一虚拟机与所述第一交换机间的转发处理,第二流表进行第二虚拟机与所述第二交换机间的转发处理,以实现虚拟机互通;The fifth processing unit is configured to: perform forwarding processing between the first virtual machine and the first switch by using the first flow table, and perform forwarding processing between the second virtual machine and the second switch by using the second flow table, Implement virtual machine interworking;
    其中,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息;The first flow table includes mapping information between the first virtual machine and a virtual network;
    所述第二流表包含所述第二虚拟机与所述虚拟网络间的映射信息。The second flow table includes mapping information between the second virtual machine and the virtual network.
  11. 如权利要求10所述的装置,其中,所述实现虚拟机互通包括:The apparatus of claim 10 wherein said implementing virtual machine interworking comprises:
    当所述第一虚拟机和所述第二虚拟机处于相同网段时,实现所述第一虚拟机和所述第二虚拟机间的二层互通;When the first virtual machine and the second virtual machine are in the same network segment, implementing Layer 2 interworking between the first virtual machine and the second virtual machine;
    当所述第一虚拟机和所述第二虚拟机处于不同网段时,实现所述第一虚拟机和所述第二虚拟机间的二层和/或三层互通。When the first virtual machine and the second virtual machine are in different network segments, the Layer 2 and/or Layer 3 interworking between the first virtual machine and the second virtual machine is implemented.
  12. 一种实现虚拟机统一管理及互通的系统,包括:控制器,第一交换机和第二交换机,A system for implementing unified management and interworking of virtual machines, comprising: a controller, a first switch, and a second switch,
    所述控制器设置为:构建第一流表与第二流表,并将所述第一流表发送给第一交换机,将所述第二流表发送给第二交换机;所述第一流表包括第一虚拟机与虚拟网络间的映射信息,所述第二流表包括第二虚拟机与所述虚拟网络间的映射信息;The controller is configured to: construct a first flow table and a second flow table, and send the first flow table to the first switch, and send the second flow table to the second switch; the first flow table includes Mapping information between a virtual machine and a virtual network, the second flow table including mapping information between the second virtual machine and the virtual network;
    所述第一交换机设置为:接收所述控制器发送来的所述第一流表,通过所述第一流表进行与所述第一虚拟机和所述第二交换机间的转发处理;接收第一报文;所述第一报文包含网络协议数据包和虚拟局域网信息;The first switch is configured to receive the first flow table sent by the controller, perform forwarding processing with the first virtual machine and the second switch by using the first flow table, and receive the first a packet; the first packet includes a network protocol packet and virtual local area network information;
    所述第二交换机设置为:接收所述控制器发送来的所述第二流表,通过所述第二流表进行与所述第二虚拟机和所述第一交换机间的转发处理;接收第一报文。 The second switch is configured to receive the second flow table sent by the controller, perform forwarding processing with the second virtual machine and the first switch by using the second flow table, and receive First message.
PCT/CN2017/078834 2016-04-08 2017-03-30 Method, device, and system for centralizing management of virtual machines and implementing communications between virtual machines WO2017173952A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610217435.0 2016-04-08
CN201610217435.0A CN107276783B (en) 2016-04-08 2016-04-08 Method, device and system for realizing unified management and intercommunication of virtual machines

Publications (1)

Publication Number Publication Date
WO2017173952A1 true WO2017173952A1 (en) 2017-10-12

Family

ID=60000829

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/078834 WO2017173952A1 (en) 2016-04-08 2017-03-30 Method, device, and system for centralizing management of virtual machines and implementing communications between virtual machines

Country Status (2)

Country Link
CN (1) CN107276783B (en)
WO (1) WO2017173952A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112105056A (en) * 2020-08-03 2020-12-18 国家计算机网络与信息安全管理中心 Code stream transmission method and device based on 5GSA network
CN112187517A (en) * 2020-09-07 2021-01-05 烽火通信科技股份有限公司 Configuration method, platform and controller for SDN virtual routing of data center
CN113285892A (en) * 2020-02-20 2021-08-20 华为技术有限公司 Message processing system, message processing method, machine-readable storage medium, and program product
CN113965470A (en) * 2021-09-30 2022-01-21 中国人民解放军空军工程大学 Aviation information network experiment simulation system
CN114124813A (en) * 2021-11-23 2022-03-01 浪潮云信息技术股份公司 L3-agent implementation method based on flow table in openstack
CN114301656A (en) * 2021-12-23 2022-04-08 北京赛宁网安科技有限公司 Virtual-real combination system and method for network attack and defense platform
CN114697246A (en) * 2022-02-23 2022-07-01 浙江众合科技股份有限公司 Virtual machine test environment construction method
CN115150224A (en) * 2022-06-29 2022-10-04 济南浪潮数据技术有限公司 Inter-cluster network two-layer communication method, device, equipment and storage medium

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108173767B (en) * 2017-12-25 2021-02-26 杭州迪普科技股份有限公司 Message forwarding method and device based on VLAN-IF interface multiplexing
CN110300060B (en) * 2018-03-23 2022-06-07 北京京东尚科信息技术有限公司 Communication method and device for software defined network
CN108924028B (en) * 2018-06-28 2020-11-10 新华三技术有限公司 Method and device for switching unknown unicast message between tunnels
CN111817961B (en) * 2020-08-06 2022-02-08 平安科技(深圳)有限公司 Open vSwitch kernel flow table-based distributed routing method and device in Overlay network
CN114338606B (en) * 2020-09-25 2023-07-18 华为云计算技术有限公司 Public cloud network configuration method and related equipment
CN113572634B (en) * 2021-06-22 2023-04-07 济南浪潮数据技术有限公司 Method and system for realizing two-layer intercommunication between in-cloud network and out-cloud network
CN113904986B (en) * 2021-09-29 2022-11-18 烽火通信科技股份有限公司 Two-layer intercommunication method and equipment for vxlan virtual network and vlan network
CN114978781B (en) * 2022-08-02 2022-11-11 中国电子科技集团公司第三十研究所 Tor network-oriented hybrid anonymous link communication method and system
CN115987842B (en) * 2022-12-15 2024-03-26 浪潮思科网络科技有限公司 Fault positioning method, device, equipment and medium based on firewall bypass mode

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104253770A (en) * 2013-06-27 2014-12-31 杭州华三通信技术有限公司 Method and equipment for realizing distributed virtual switch system
CN104468462A (en) * 2013-09-12 2015-03-25 杭州华三通信技术有限公司 Method and apparatus for forwarding message of distributed virtual switch system
CN104468358A (en) * 2013-09-25 2015-03-25 杭州华三通信技术有限公司 Message forwarding method and device of distributive virtual switch system
US20150172101A1 (en) * 2013-12-18 2015-06-18 International Business Machines Corporation Software-defined networking disaster recovery
CN104869058A (en) * 2015-06-04 2015-08-26 北京京东尚科信息技术有限公司 Method and device for transmitting data message

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014071637A1 (en) * 2012-11-12 2014-05-15 华为技术有限公司 Method and device for performing network configuration on virtual machine
WO2015100656A1 (en) * 2013-12-31 2015-07-09 华为技术有限公司 Method and device for implementing virtual machine communication
CN104767676B (en) * 2014-01-03 2017-12-12 华为技术有限公司 Data message forwarding method and system in SDN
CN104243265B (en) * 2014-09-05 2018-01-05 华为技术有限公司 A kind of gateway control method, apparatus and system based on virtual machine (vm) migration
CN104601432B (en) * 2014-12-31 2018-03-13 新华三技术有限公司 A kind of message transmitting method and equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104253770A (en) * 2013-06-27 2014-12-31 杭州华三通信技术有限公司 Method and equipment for realizing distributed virtual switch system
CN104468462A (en) * 2013-09-12 2015-03-25 杭州华三通信技术有限公司 Method and apparatus for forwarding message of distributed virtual switch system
CN104468358A (en) * 2013-09-25 2015-03-25 杭州华三通信技术有限公司 Message forwarding method and device of distributive virtual switch system
US20150172101A1 (en) * 2013-12-18 2015-06-18 International Business Machines Corporation Software-defined networking disaster recovery
CN104869058A (en) * 2015-06-04 2015-08-26 北京京东尚科信息技术有限公司 Method and device for transmitting data message

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113285892A (en) * 2020-02-20 2021-08-20 华为技术有限公司 Message processing system, message processing method, machine-readable storage medium, and program product
CN112105056A (en) * 2020-08-03 2020-12-18 国家计算机网络与信息安全管理中心 Code stream transmission method and device based on 5GSA network
CN112105056B (en) * 2020-08-03 2022-12-20 国家计算机网络与信息安全管理中心 Code stream transmission method and device based on 5GSA network
CN112187517B (en) * 2020-09-07 2022-06-07 烽火通信科技股份有限公司 Configuration method, platform and controller for SDN virtual routing of data center
CN112187517A (en) * 2020-09-07 2021-01-05 烽火通信科技股份有限公司 Configuration method, platform and controller for SDN virtual routing of data center
CN113965470A (en) * 2021-09-30 2022-01-21 中国人民解放军空军工程大学 Aviation information network experiment simulation system
CN113965470B (en) * 2021-09-30 2023-08-25 中国人民解放军空军工程大学 Aviation information network experiment simulation system
CN114124813A (en) * 2021-11-23 2022-03-01 浪潮云信息技术股份公司 L3-agent implementation method based on flow table in openstack
CN114124813B (en) * 2021-11-23 2023-08-25 浪潮云信息技术股份公司 Method for realizing l3-agent based on flow table in openstack
CN114301656A (en) * 2021-12-23 2022-04-08 北京赛宁网安科技有限公司 Virtual-real combination system and method for network attack and defense platform
CN114301656B (en) * 2021-12-23 2023-10-27 北京赛宁网安科技有限公司 Virtual-real combination system and method for network attack and defense platform
CN114697246A (en) * 2022-02-23 2022-07-01 浙江众合科技股份有限公司 Virtual machine test environment construction method
CN115150224A (en) * 2022-06-29 2022-10-04 济南浪潮数据技术有限公司 Inter-cluster network two-layer communication method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN107276783A (en) 2017-10-20
CN107276783B (en) 2022-05-20

Similar Documents

Publication Publication Date Title
WO2017173952A1 (en) Method, device, and system for centralizing management of virtual machines and implementing communications between virtual machines
US10708082B1 (en) Unified control plane for nested clusters in a virtualized computing infrastructure
CN115699698B (en) Loop prevention in virtual L2 networks
CN109561108B (en) Policy-based container network resource isolation control method
US9413554B2 (en) Virtual network overlays
Bakshi Considerations for software defined networking (SDN): Approaches and use cases
CN111049796B (en) Method for realizing Overlay multi-tenant CNI (CNI) container network based on Open vSwitch
US9178828B2 (en) Architecture for agentless service insertion
US8837476B2 (en) Overlay network capable of supporting storage area network (SAN) traffic
US10164866B2 (en) Virtual extensible LAN intercommunication mechanism for multicast in networking
CN109218053A (en) Implementation method, system and the storage medium of virtual data center
CN105681191A (en) SDN (Software Defined Network) platform based on router virtualization and implementation method
JP2024503321A (en) Internet Group Management Protocol (IGMP) for Layer 2 networks in virtualized cloud environments
US9225631B2 (en) Implementation of protocol in virtual link aggregate group
WO2015149253A1 (en) Data center system and virtual network management method of data center
US9590855B2 (en) Configuration of transparent interconnection of lots of links (TRILL) protocol enabled device ports in edge virtual bridging (EVB) networks
US20230079209A1 (en) Containerized routing protocol process for virtual private networks
US11799972B2 (en) Session management in a forwarding plane
EP4161003A1 (en) Evpn host routed bridging (hrb) and evpn cloud native data center
JP2024503600A (en) Layer 2 networking span ports in virtualized cloud environments
US9503278B2 (en) Reflective relay processing on logical ports for channelized links in edge virtual bridging systems
JP2024503318A (en) Layer 2 networking using access control lists in virtualized cloud environments
CN116888940A (en) Containerized router using virtual networking
Bakshi Network considerations for open source based clouds
Liu et al. Challenges of traditional networks and development of programmable networks

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17778616

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17778616

Country of ref document: EP

Kind code of ref document: A1