WO2020135542A1 - 云计算数据中心系统、网关、服务器及报文处理方法 - Google Patents

云计算数据中心系统、网关、服务器及报文处理方法 Download PDF

Info

Publication number
WO2020135542A1
WO2020135542A1 PCT/CN2019/128497 CN2019128497W WO2020135542A1 WO 2020135542 A1 WO2020135542 A1 WO 2020135542A1 CN 2019128497 W CN2019128497 W CN 2019128497W WO 2020135542 A1 WO2020135542 A1 WO 2020135542A1
Authority
WO
WIPO (PCT)
Prior art keywords
vlan
message
service message
distributed gateway
service
Prior art date
Application number
PCT/CN2019/128497
Other languages
English (en)
French (fr)
Inventor
张争宪
刘扶舟
姚博
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to EP19902662.6A priority Critical patent/EP3883195A4/en
Priority to JP2021537822A priority patent/JP7231744B2/ja
Publication of WO2020135542A1 publication Critical patent/WO2020135542A1/zh
Priority to US17/358,264 priority patent/US11831551B2/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2408Traffic characterised by specific attributes, e.g. priority or QoS for supporting different services, e.g. a differentiated services [DiffServ] type of service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4637Interconnected ring systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/4675Dynamic sharing of VLAN information amongst network nodes
    • H04L12/4679Arrangements for the registration or de-registration of VLAN attribute values, e.g. VLAN identifiers, port VLAN membership
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/042Network management architectures or arrangements comprising distributed management centres cooperatively managing the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/66Layer 2 routing, e.g. in Ethernet based MAN's
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/354Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45579I/O management, e.g. providing access to device drivers or storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/64Routing or path finding of packets in data switching networks using an overlay routing layer

Definitions

  • This application relates to the field of network communication technology, in particular to a cloud computing data center system, gateway, server, and message processing method.
  • a large amount of network traffic needs to be distributed through a gateway.
  • the gateway has a great influence on the network performance, network scale, reliability, and system expansion of the cloud network.
  • the existing technology often adopts a centralized gateway, that is, the packets sent by the virtual machines of all computing nodes. If cross-virtual LAN communication is required, the packets need to be sent to the centralized gateway for processing first, which brings about the problem of insufficient reliability. For example, when the bandwidth of the centralized gateway is insufficient, it will affect the bandwidth of the entire network, and if the centralized gateway fails, large-scale network paralysis will occur.
  • This application provides a distributed gateway, a message processing method, and a server.
  • the distributed gateway is set locally to the computing node.
  • Each computing node is provided with a distributed gateway.
  • the packets sent by the virtual machine of each computing node can The local distributed gateway processes for cross-subnet transmission. Even if the local distributed gateway fails, it will only affect the communication of the virtual machine on the corresponding computing node and will not affect other computing nodes, so it can improve network reliability. .
  • the present application provides a packet processing method of a distributed gateway.
  • the distributed gateway and the first computing node are connected by a first high-speed peripheral component interconnected PCIe link, the distributed gateway and the switch are connected, and the first computing node is provided.
  • the method includes the following steps: the distributed gateway receives the management message sent by the cloud management platform, the management message carries the network information of the second VLAN, distributed The gateway records the network information of the second VLAN, the distributed gateway receives the first service message carrying the service data sent by the first virtual machine to the second virtual machine, the second virtual machine is located in the second VLAN, and the distributed gateway according to the second VLAN Modify the first service message to generate a second service message that can reach the second VLAN, where the second service message carries service data, and the distributed gateway sends the second service message to the switch.
  • the distributed gateway setting can receive the network information for the second VLAN sent by the cloud management platform, and modify the service message sent by the first virtual machine located in the first VLAN of the first computing node according to the network information, so that the modification
  • the subsequent service message can be transmitted to the second VLAN, so as to implement the gateway function locally at the first computing node.
  • the distributed gateway includes a network card controller and a network card, the network card is provided with a first physical function PF, a first virtual function VF, and a physical network port, and the network card controller and the first PF Connect, the first virtual machine is connected to the first VF, and the physical network port is connected to the switch.
  • the PF of the NIC is directly connected to the NIC controller, and the VF of the NIC is directly connected to the virtual machine of the computing node, so as to use the computing power of the NIC controller to modify the message and reduce the computing load of the computing node.
  • the computing power of the network card controller is greater than the computing power of the network card.
  • the network card controller is responsible for security modification and communication with the cloud management platform.
  • the network card does not need to take care of the above functions and will not affect the network card message forwarding speed.
  • the distributed gateway receives the first service message carrying the service data sent by the first virtual machine to the second virtual machine, by the following Implementation by way of: the network card receives the first service message from the first VF.
  • the service message sent by the first virtual machine does not need to go through the virtual machine manager, so the message transmission speed can be improved.
  • the distributed gateway modifies the first service packet according to the network information of the second VLAN to generate a first
  • the second service message includes: the network card forwards the first service message to the first PF, the network card controller obtains the first service message from the first PF, and modifies the first service message according to the network information of the second VLAN to Generate a second service message, and send the second service message to the first PF, and the network card sends the second service message to the physical network port.
  • the network card controller independently executes the steps of modifying the message without additional burden on the network card and does not affect the packet forwarding speed of the network card.
  • the destination MAC address of the management message is the MAC address of the network card controller, and the network card records the network card
  • the distributed gateway receives the management message sent by the cloud management platform, including: the network card receives the management message from the physical network port, and according to the destination MAC address of the management message
  • the third correspondence selects the first PF, and forwards the management message to the first PF, and the network card controller receives the management message from the first PF.
  • the cloud management platform can deliver management messages to the network card controller, users can manage the distributed gateway on the cloud management platform at any time, thereby improving the user experience.
  • the distributed gateway records the network information of the second VLAN, including: the network card controller obtains the network information of the second VLAN from the management message And record the network information of the second VLAN.
  • the network card controller and the network card are relatively independent. Recording the network information of the second VLAN by the network card controller does not increase the burden on the network card and does not affect the packet forwarding speed.
  • the first service packet is a VLAN packet
  • the first service packet The destination address is the MAC address of the second virtual machine
  • the first VLAN network is set with a first VLAN identification code
  • the second VLAN network is set with a second VLAN identification code different from the first VLAN identification code
  • the network information of the second VLAN Including the first correspondence between the MAC address of the second virtual machine and the second VLAN identification code
  • the distributed gateway modifies the first service message according to the network information of the second VLAN to generate a second service message that can reach the second VLAN
  • the document includes: the distributed gateway obtains the second VLAN identification code from the first correspondence according to the destination MAC address of the first service message, and the distributed gateway sets the second VLAN identification code in the first service message to generate the second service Message.
  • the second virtual machine’s MAC address and the second virtual machine’s VLAN identification code are issued through the cloud management platform.
  • the corresponding relationship between them is to the distributed gateway, so that the distributed gateway can set the second VLAN identification code to the service when receiving the service message sent by the first virtual machine and whose destination address is the MAC address of the second virtual machine Message, so that the switch can allow the modified service message carrying the second VLAN identification code to reach the second VLAN where the second virtual machine is located, so as to realize communication between virtual machines of different VLANs.
  • the first service packet is a VLAN packet
  • the first service packet The destination MAC address is the MAC address of the second virtual machine
  • the network information of the second VLAN includes the MAC address of the second virtual machine and the IP address of another distributed gateway connected to the second computing node through the second PCIe link
  • the second virtual machine is installed in the second computing node
  • the distributed gateway modifies the first service message according to the network information of the second VLAN to reach the second service message in the second VLAN, including: distribution
  • the distributed gateway obtains the IP address from the second correspondence according to the destination address of the first service message.
  • the distributed gateway encapsulates the first service message into the second service message.
  • the second service message is an overlay message. 2.
  • the destination IP address of the service message is the IP address.
  • the distributed gateway enables the distributed gateway to encapsulate the service message into an overlay message when receiving the service message sent by the first virtual machine and whose destination address is the MAC address of the second virtual machine, and the purpose of the overlay message
  • the IP address is the IP address of another distributed gateway, so that the switch can route the overlay message to the second virtual machine where the second virtual machine is connected to the second computing node through a PCIe link according to the IP address, thereby Realize communication between virtual machines in different VLANs.
  • the present application provides a distributed gateway.
  • the distributed gateway is connected to the first computing node through a PCIe interface, and the distributed gateway is connected to the switch.
  • the first computing node is provided with a first virtual machine, and the first virtual machine is located in the first One VLAN
  • the distributed gateway includes: a receiving module for receiving management messages sent by the cloud management platform, the management messages carrying network information of the second VLAN, a recording module for recording network information of the second VLAN, and a receiving module , Is also used to receive the first service message carrying the service data sent by the first virtual machine to the second virtual machine.
  • the second virtual machine is located in the second VLAN, and the conversion module is used to compare the first service message according to the network information of the second VLAN.
  • a service message is modified to generate a second service message that can reach the second VLAN, where the second service message carries service data, and a sending module is used to send the second service message to the switch.
  • the second aspect or any implementation manner of the second aspect is a device implementation corresponding to the first aspect or any implementation manner of the first aspect, and the description in the first aspect or any implementation manner of the first aspect is applicable to the second aspect Or any implementation manner of the second aspect, which will not be repeated here.
  • the present application provides a server, including a distributed gateway and a computing node, the distributed gateway and the computing node are connected by a PCIe interface interconnected by high-speed peripheral components, the distributed gateway and the switch are connected, and the computing node is provided with a first virtual machine,
  • the first virtual machine is located in the first virtual local area network VLAN, where: a distributed gateway is used to receive the management message sent by the cloud management platform, the management message carries the network information of the second VLAN, and the distributed gateway is also used to record the first Network information of the second VLAN, the first virtual machine is used to send a first service packet carrying service data to the second virtual machine, the second virtual machine is located in the second VLAN, and the distributed gateway is also used to receive the first service
  • the packet, a distributed gateway is also used to modify the first service packet according to the network information of the second VLAN to generate a second service packet that can reach the second VLAN, and send the second service packet to the switch, where , The second service message carries service data.
  • the third aspect or any implementation manner of the third aspect is a system implementation corresponding to the first aspect or any implementation manner of the first aspect, and the description in the first aspect or any implementation manner of the first aspect is applicable to the second aspect Or any implementation manner of the second aspect, which will not be repeated here.
  • the present application provides a distributed gateway, including a processor and a memory, the distributed gateway is connected to a computing node provided with a first virtual machine, the distributed gateway is connected to a switch, and the first virtual machine is located in a first virtual local area network
  • the VLAN and the memory store program instructions, and the processor runs the program instructions to perform the method described in the first aspect and any possible implementation manner of the first aspect.
  • the fourth aspect or any implementation manner of the fourth aspect is a physical device implementation corresponding to the first aspect or any implementation manner of the first aspect, and the description in the first aspect or any implementation manner of the first aspect applies to the fourth Any implementation manner of the aspect or the fourth aspect will not be repeated here.
  • the present application provides a cloud computing data center system, including a first server, a second server, a cloud management platform, and a switch.
  • the first server includes a first computing node connected by a PCIe link interconnected by a first high-speed peripheral component
  • the first distributed gateway the second server includes a second computing node and a second distributed gateway connected by a second PCIe link
  • the first computing node is provided with a first virtual machine located in the VLAN of the first virtual local area network
  • the second The computing node is provided with a second virtual machine located in the second VLAN.
  • the cloud management platform, the first distributed gateway, and the second distributed gateway are respectively connected to the switch.
  • the first distributed gateway is used to receive the management report sent by the cloud management platform.
  • the management message carries the network information of the second VLAN
  • the first distributed gateway is used to record the network information of the second VLAN
  • the first virtual machine is used to send the first service report carrying the service data to the second virtual machine
  • the first distributed gateway is used to receive the first service message, modify the first service message according to the network information of the second VLAN to generate a second service message that can reach the second VLAN, and convert the second service
  • the message is sent to the switch, where the second service message carries service data
  • the second distributed gateway is used to receive the second service message forwarded by the switch and send the service data carried by the second service message to the second virtual machine.
  • the first distributed gateway includes a first network card controller and a first network card.
  • the first network card is provided with a first physical function PF, a first virtual function VF, and a first physical network port.
  • the first network card controller and the first network card A PF connection, the first virtual machine is connected to the first VF, and the first physical network port is connected to the switch.
  • the first network card is configured to receive the first service message sent by the first virtual machine from the first VF.
  • the first network card is used to forward the first service message to the first PF
  • the first network card controller is used to obtain the service message from the first PF and the first service according to the network information of the second VLAN
  • the message is modified into a second service message, and the second service message is sent to the first PF, and the network card is also used to obtain the second service message from the first PF and send the second service message to the first physical Network port.
  • the management message is a VLAN message
  • the destination MAC address of the management message is the MAC address of the first network card controller
  • the first network card records a third correspondence between the MAC address of the first network card controller and the first PF Relationship
  • the first network card is used to receive the management message from the first physical network port, and select the first PF from the third correspondence relationship according to the destination MAC address of the management message, and forward the management message to the first PF
  • the first network card controller is configured to receive a management message from the first PF, obtain network information of the second VLAN from the management message, and record network information of the second VLAN.
  • the second distributed gateway includes a second network card controller and a second network card.
  • the second network card is provided with a second physical function PF, a second virtual function VF, and a second physical network port.
  • the second network card controller and the second network card Two PF connections, the second virtual machine is connected to the second VF, and the second physical network port is connected to the switch.
  • the second network card is used to receive the second service message sent by the switch from the second physical network port.
  • the second network card is used to forward the second service message to the second PF
  • the second network card controller is used to obtain the second service message from the second PF and modify the second service message to the second A service message, and sends the first service message to the second PF
  • the second network card is also used to obtain the first service message from the second PF and send the first service message to the second VF.
  • the second computing node is also provided with a cloud management platform client, and the cloud management platform client is used to collect network information of the second VLAN and send a registration message carrying the network information of the second VLAN to the cloud Management platform.
  • the first service message and the second service message are VLAN messages
  • the destination address of the first service message is the MAC address of the second virtual machine
  • the first VLAN network is provided with the first VLAN identification code
  • the second VLAN network is provided with a second VLAN identification code different from the first VLAN identification code.
  • the network information of the second VLAN includes a first correspondence between the MAC address of the second virtual machine and the second VLAN identification code, and the first distributed gateway , Used to obtain the second VLAN identification code from the first correspondence according to the destination MAC address of the first service packet, set the second VLAN identification code to the first service packet to generate the second service packet, and set the second The service message is sent to the switch, wherein the second VLAN identification code is used to instruct the switch to send the second service message to the second distributed gateway, and the second distributed gateway is used to receive the second service message sent by the switch, Send the second service message to the second virtual machine.
  • the first service message is a VLAN message
  • the second service message is an overlay message
  • the destination MAC address of the first service message is the MAC address of the second virtual machine
  • the network information of the second VLAN includes the first
  • the second correspondence between the MAC address of the two virtual machines and the IP address of the second distributed gateway, the first distributed gateway is used to obtain the second distributed from the second correspondence according to the destination MAC address of the first service message
  • the IP address of the gateway and encapsulates the first service message into a second service message and sends the second service message to the switch, where the destination IP address of the second service message is the IP address of the second distributed gateway
  • a second distributed gateway which is used by the gateway to decapsulate the second service message to obtain the first service message, and send the first service message to the second virtual machine.
  • FIG. 1 is a schematic diagram of a system structure of a cloud computing data center according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of another system of a cloud computing data center according to an embodiment of the present invention.
  • FIG. 3 is a data interaction diagram of a message processing method according to an embodiment of the present invention.
  • FIG. 4 is another data interaction diagram of a message processing method according to an embodiment of the present invention.
  • FIG. 5 is another data interaction diagram of a message processing method according to an embodiment of the present invention.
  • FIG. 6 is another data interaction diagram of a message processing method according to an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of the hardware structure of the server 1 according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of an apparatus of a distributed gateway according to an embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of another device of a distributed gateway according to an embodiment of the present invention.
  • Cloud management platform a platform for unified management of virtual machines of the cloud computing network.
  • the virtual machines of the cloud computing network are distributed among multiple computing nodes, and each computing node is provided with a cloud management platform client and a cloud management platform client. It is used to collect the status information of the virtual machine on the computing node where it is located and report it to the cloud management platform.
  • the cloud management platform is provided with a user interaction interface. The user can learn the status of the virtual machine through the user interaction interface. The user can also exchange the interface through the user.
  • the cloud management platform can send commands corresponding to the management operations to the cloud management platform client, and the cloud management platform client can execute the commands to manage the virtual machines.
  • the cloud management platform may be, for example, Openstack or VMware vSphere.
  • the overlay message is an Ethernet message encapsulated with a virtual machine message.
  • the overlay message includes an outer network address and an inner network address.
  • the outer network address is an Ethernet message.
  • the network address in the header includes the source IP address, destination IP address, source MAC address, and destination MAC address.
  • the inner network address is the network address in the header of the virtual machine packet, including the source IP address, destination IP address, The source MAC address and destination MAC address, and the implementation method of overlay messages can be Virtual Extensible Local Area Network (VXLAN) messages, Network Virtualization General Routing Encapsulation messages (Network Virtualization, Generic Routing, Encapsulation, NVGRE) or Stateless Transport Tunneling (Stateless Transport Tunneling, STT) message.
  • VXLAN Virtual Extensible Local Area Network
  • NVGRE Network Virtualization General Routing Encapsulation messages
  • STT Stateless Transport Tunneling
  • NIC virtualization can use single-root input/output virtualization (Single-Root I/O Virtualization, SR-IOV) or multi-root input/output virtualization (Multi-Root Input/Output Virtualization, MR-IOV), above NIC virtualization is also called NIC pass-through.
  • SR-IOV pass-through when the network card supports SR-IOV, the SR-IOV technology can be used to share the host network card with several virtual machines running on the host.
  • at least one physical function Physical Function, PF
  • multiple virtual functions Virtual Function, VF
  • the virtual machine on the host is connected to at least A VF.
  • the network card contains a switching device with a switch function.
  • the switching device forwards data packets according to the Media Access Control (MAC) table, and is responsible for forwarding data packets between the PF, VF, and physical network port.
  • MAC Media Access Control
  • Virtual Local Area Network is a communication technology that logically divides a physical LAN into multiple broadcast domains.
  • VLAN message It belongs to a layer 2 message, including the destination MAC field, source MAC field, VLAN ID field, and payload field.
  • Other fields are within the scope of the discussion of the embodiments of the present invention, and details are not described herein.
  • Virtual local area network identification code (Virtual Local Area Identification, VLAN ID): the VID field of the VLAN packet, which uniquely identifies a VLAN.
  • the 12-bit VID can represent 4096 different values, except for two reserved values and an ether
  • the network can be divided into 4094 VLANs at most.
  • FIG. 1 is a schematic diagram of a system structure of a cloud computing data center according to an embodiment of the present invention.
  • the cloud computing data center includes a server 1, a server 2, a server 3, a switch 4, and a cloud management platform 5 .
  • the server 1 includes a computing node 11 and a distributed gateway 12
  • the server 2 includes a computing node 21 and a distributed gateway 22
  • the server 3 includes a computing node 31 and a distributed gateway 32.
  • the computing node may be, for example, a physical host.
  • FIG. 1 only shows three servers for ease of description, but in actual applications, the number of servers may be other, and this is not limited in the embodiment of the present invention.
  • the distributed gateway may be connected to the computing node through a high-speed peripheral component interconnection (Peripheral Component Interconnect Express, PCIe) interface, and the distributed gateway may be connected to the switch through a physical network port.
  • PCIe peripheral component interconnection
  • the switch 4 may be, for example, a top-of-rack (TOR) switch.
  • the servers 1-3 may be installed on the same rack, and are respectively connected to the TOR switches located on the top of the rack.
  • TOR switch In a cloud computing data center In one rack, there is a TOR switch, each rack is inserted with multiple blade servers, and the racks are connected across the racks through the TOR switch.
  • the switch 4 has a layer 3 forwarding function.
  • the switch 4 allows layer 3 packets to pass through the ports 41-43.
  • the switch 4 also records the IP address in the server 1 and the switch 4 is connected to the server 1
  • the corresponding relationship between the port 41 of the port when receiving the layer 3 packet, if the destination IP address of the layer 3 packet is the IP address in the server 1, then send the layer 3 packet to the port 41, so as to achieve Layer 3 forwarding function.
  • the switch 4 also records the correspondence between the IP address in the server 2 and the port 42 where the switch 4 is connected to the server 1.
  • the switch 4 also records the correspondence between the IP address in the server 2 and the port 42 where the switch 4 is connected to the server 1.
  • the IP address in the server 1 includes the IP address of the distributed gateway 12, and the IP address in the server 2 includes the IP address of the distributed gateway 22.
  • the switch 4 can implement VLAN isolation.
  • the port 41 connected to the switch 4 and the server 1 is set to allow only VLAN packets with a VLAN ID of 1 to enter the server 1
  • the port 42 connected to the switch 4 and the server 2 is set to only VLAN packets with VLAN ID 2 are allowed to enter server 2
  • port 41 connecting switch 4 and server 3 is set to allow VLAN packets with VLAN ID 3 to enter server 3.
  • the port 45 connected to the switch 4 and the cloud management platform 5 is set to allow VLAN packets with a VLAN ID of 5 to enter the cloud management platform 5.
  • a VLAN is formed inside the server 1 with a VLAN ID of 1; a VLAN is formed inside the server 2 with a VLAN ID of 2; a VLAN is formed inside the server 3 with a VLAN ID of 3.
  • the switch 4 is provided with ports 41, 42, 43, 45. For example, after receiving the VLAN packet with the VLAN ID of 1, the switch 4 broadcasts the packet to each port, and only port 41 is allowed to pass the packet.
  • the switch 4 is configured to ignore the destination MAC address of the packet and select only the port to which the packet is sent based on the VLAN ID. In other examples of the present invention, the switch 4 may be configured to select a port according to the destination MAC address of the message.
  • the cloud management platform 5 may be set in a computing node and implemented by software installed in the computing node, or the cloud management platform 5 may be implemented by a dedicated network device, which is not limited in the embodiment of the present invention
  • the server 1-3 can communicate with the cloud management platform 5.
  • FIG. 2 shows a schematic diagram of another system structure of a cloud computing data center according to an embodiment of the present invention.
  • FIG. 2 is a further detailed description of FIG. 1 and, for clarity, FIG. 2 omits FIG. 1
  • the server 3 only shows the specific structure of servers 1 and 2.
  • the computing node 11 includes a first cloud management platform client 111, a virtual machine VM1 and a virtual machine VM2.
  • the distributed gateway 12 includes a network card controller 121 and a network card 122, wherein the network card controller 121 includes a second cloud management platform client 1221, the network card 122 supports a network card pass-through function, and the network card 122 includes a switching device 1221, physical network cards 1222, PF1, PF2 , VF1 and VF2.
  • the switching device 1221 can be implemented by software routing, such as Openvswitch.
  • an operating system may be running on the computing node 11, the first cloud management platform client 111 may be installed in the operating system as third-party software, and the first cloud management platform client 111 may be, for example, the novaagent component of openstack, novaagent The component can communicate with the nova component on the cloud management platform 5, the operating system can also be run on the network card controller 121, the second cloud management platform client 1211 can be installed in the operating system as third-party software, and the second cloud management platform client The end 1211 may be, for example, the neutron agent component of openstack, and the neutron agent component may communicate with the neutron component of the cloud management platform 5.
  • the computing node 11 may be, for example, a physical server based on the X86 platform
  • the network card controller 121 may be, for example, a smart board based on the ARM platform.
  • the distributed gateway 12 includes a network card controller 121 and a network card 122 that are connected to each other.
  • the network card controller 121 and the network card 122 can be connected through a PCIe interface, and the network card controller 121 has better computing capabilities than the network card 122.
  • the network card 122 has a pass-through function.
  • the PF1 of the network card 122 is directly connected to the network card controller 121.
  • the network card controller 121 is connected to the PF1 of the network card 122.
  • the VF1 of the network card 122 is directly connected to VM1.
  • the VM1 is connected to the VF1 of the network card 122.
  • the physical network port 1222 is connected to the port 41 of the switch 4.
  • the operating system of the computing node 11 is connected to PF2, and the first cloud management platform client 111 running on the operating system of the computing node 11 may be connected to the network card 122 through PF2.
  • the server 2 and the server 1 have a similar structure. For details, refer to FIG. 2, and details are not described herein.
  • the first cloud management platform client 111 and the third cloud management platform client 211 have pre-recorded VLAN ID 5, and communicate with the cloud management platform 5 according to the VLAN ID 5.
  • the cloud management platform 5 records the MAC address of the network card controller 221 and the MAC address of the network card controller 121 in advance, communicates with the network card controller 221 according to the MAC address of the network card controller 221, and according to the MAC address of the network card controller 121 The network card controller 121 performs communication.
  • the MAC table of the switching device 1221 records:
  • the switching device 1221 When the switching device 1221 cannot find the MAC address of the received message in the local MAC table, it sends the message to PF1. When the switching device 1221 determines that the VLAN ID of the packet is not 1, it sends the packet to the physical port 1222.
  • the switching device 1221 receives the Layer 3 packet from the physical network port 1222, it first forwards the Layer 3 packet to PF1.
  • the MAC table of the switching device 2221 records:
  • the switching device 2221 When the switching device 2221 cannot find the MAC address of the received message in the local MAC table, it sends the message to PF3. When the switching device 2221 determines that the VLAN ID of the packet is not 2, it sends the packet to the physical port 2222.
  • the switching device 2221 receives the Layer 3 packet from the physical network port 2222, it first forwards the Layer 3 packet to PF3.
  • the distributed gateway has the function of a network card, and the IP address of the distributed gateway can be used as the IP address exposed to the external network of the computing node connected to the distributed gateway through the PCIe link.
  • FIG. 3 is a data interaction diagram of a message processing method according to an embodiment of the present invention. As shown in FIG. 3, the message processing method includes the following steps:
  • Step S1 The second cloud management platform client 211 obtains the MAC addresses of VLAN 2 and VM3.
  • VLAN ID2 is the identification code of the VLAN where VM3 is located, VM1 and VM3 belong to different virtual local area networks, and the VLAN ID of VM1 is different from the VLAN ID of VM3.
  • Step S2 The second cloud management platform client 211 sends the first registration message to the network card 222.
  • the first registration message may be, for example, a VLAN message, whose VLAN ID is VLAN ID 5, and the payload carries the MAC addresses of VLAN 2 and VM3.
  • the second cloud management platform client 211 sends the first registration message to the PF4 of the network card 222, and the switching device 2221 of the network card 222 obtains the first registration message from the PF4, and determines the VLAN ID of the first registration message Instead of VLAN ID 2, the first registration message is sent to the physical network port 1222.
  • Step S3 The switching device 2221 sends the first registration message to the port 42 of the switch 4 through the physical network port 1222.
  • Step S4 The switch 4 receives the first registration message from the port 42 and sends the first registration message to the port 45 according to the VLAN ID 5 of the first registration message.
  • the cloud management platform 5 receives the first registration message from port 45.
  • the first cloud management platform client 211 can also obtain the VLAN ID and MAC address of the virtual machine of the computing node 11 and report it to the cloud management platform 5, which is not limited in the present invention.
  • Step S5 The cloud management platform obtains the MAC addresses of VLAN 2 and VM3 from the payload of the first registration message, and configures the network information of the second VLAN according to the MAC addresses of VLAN 2 and VM3, where the network information of the second VLAN includes The first correspondence between the VLAN ID 2 of the second VLAN and the MAC address of the VM 3 located in the second VLAN.
  • the cloud management platform 5 provides a user interaction interface.
  • the user selects and configures the network information of the second VLAN to the computing node 11 on the user exchange interface, so that the network information of the second VLAN is applicable to all virtual nodes of the computing node 11. machine.
  • Step S6 The cloud management platform 5 sends the first management message to the port 45 of the switch 4.
  • the first management message is a VLAN message
  • the destination address is the MAC address of the network card controller 121
  • the VLAN ID is 1
  • the payload of the first management message carries the network information of the second VLAN.
  • Step S7 The switch 4 sends the first management message to the physical network port 1222 of the network card 122 according to the VLAN ID 1 of the first management message.
  • Step S8 The network card 122 sends the first management message to the network card controller 121.
  • the switching device 1221 of the network card 122 obtains the first management message from the physical network port 1222, selects PF1 according to the destination MAC address of the first management message, and sends the first management message to PF1.
  • the three cloud management platform client 1211 obtains the first management message from PF1.
  • Step S9 The third cloud management platform client 1211 obtains the network information of the second VLAN from the first management message, and records the network information of the second VLAN.
  • the third cloud management platform client 1211 can record the network information of the second VLAN of all virtual machines that the user configures on the computing node 11, and subsequently the cross-VLAN communication can be realized through the network information of the second VLAN.
  • the first cloud management platform client 111 can also obtain the MAC of VLAN ID 1 and VM1, and report the MAC of VLAN ID 1 and VM1 as the network information of the first VLAN to the cloud management Platform 5.
  • FIG. 4 is another data interaction diagram of the message processing method according to an embodiment of the present invention.
  • FIG. 4 is a continuation of FIG. 3, where the message processing method further includes the following steps:
  • Step S10 VM1 sends the first service message to the network card 122.
  • the first service message is a VLAN message
  • the source MAC address is the MAC address of VM1
  • the destination MAC address is the MAC address of VM3
  • the payload carries the service data.
  • VM1 is sending the first service message Before the message arrives at VM3, the VLAN ID of the VLAN network where VM3 is located is not known. Therefore, VM1 sets the VLAN ID of the first service message to null, and VM1 sends the first service message to VF1.
  • Step S11 The network card 122 forwards the first service message to the network card controller 121.
  • the network card 122 obtains the first service message from VF1, determines that the destination MAC address of the first service message, that is, the MAC address of VM3, is not local, and forwards the first service message to PF1.
  • Step S12 The network card controller 121 modifies the first service message according to the network information of the second VLAN.
  • the third cloud management platform client 1211 can obtain the first service packet from PF1, obtain VLAN ID 2 from the network information of the second VLAN according to the destination MAC address of the first service packet, and convert the VLAN of the first service packet The ID is set to VLAN ID2, thereby generating a second service message carrying VLAN ID2, and the payload of the second service message carries service data.
  • the switch 4 Since the port 42 connected between the switch 4 and the server 2 only allows the packets of the VLAN ID 2 to pass, if the first service packet is directly sent to the switch 4, the switch 4 determines that the VLAN ID carried in the first service packet is empty, and The first service message is broadcast on all ports of the switch 4. Since the port 42 will not allow packets carrying only VLAN ID 2, the port 42 will not send the first service message to the server 2.
  • the third cloud management platform client 1211 of the embodiment of the present invention modifies the first service message into the second service message to ensure that the switch 4 can send the second service message to the server 2 through the port 42.
  • Step S13 The network card controller 121 sends the second service message to the network card 122.
  • the network card controller 121 sends the second service message to PF1, and the switching device 1221 of the network card 122 obtains the second service message from PF1.
  • Step S14 The network card 122 sends a second service message to the switch 4.
  • the switching device 1221 of the network card 122 determines that the VLAN ID of the second service packet is not 1, and sends the second service packet to the physical network port 1222.
  • Step S19 The switch 4 receives the second service message from the port 41, and forwards the second service message to the network card 222.
  • the switch 4 sends the second service packet to the port 42 according to the VLAN ID 2 of the second service packet, thereby reaching the physical network port 2222.
  • Step S20 The network card 222 forwards the second service message to VM3.
  • the switching device 2221 of the network card 222 obtains the second service message from the physical network port 2222, selects VF3 according to the destination MAC address of the second service message, and sends the second service message to VF3, and VM3 obtains the second service message from VF3.
  • VM3 can obtain service data from the payload of the second service message, so as to perform service processing according to the service data.
  • the distributed gateway 12 modifies the first service message into a second service message configured with VLAN ID 2, the second service message can be smoothly transmitted to the server 2 via the switch 4, thereby achieving cross-VLAN communication.
  • FIG. 5 is another data interaction diagram of a message processing method according to an embodiment of the present invention.
  • the packet processing method includes the following steps:
  • Step S17 The second cloud management platform client 211 obtains the MAC address of VM3.
  • Step S18 The second cloud management platform client 211 obtains the IP address of the network card controller 21.
  • the IP address of the network card controller 21 can be used as the external IP address of the distributed gateway 22 and the computing node.
  • Step S19 The second cloud management platform client 211 generates a second registration message, and sends the second registration message to the network card 222.
  • the second registration message is a VLAN message
  • its payload carries the MAC address of VM3 and the IP address of the distributed gateway
  • its VLAN ID is 5.
  • the second cloud management platform client 211 sends the second registration message to PF4.
  • Step S20 The network card 222 sends the third registration message to the switch 4.
  • the switching device 2221 of the network card 222 obtains the second registration message from the PF4, determines that the VLAN ID of the second registration message is not 2, and sends the second registration message to the physical network port 2222.
  • Step S21 The switch 4 forwards the second registration message to the cloud management platform 5 according to the VLAN ID 5 of the second registration message.
  • the switch 4 receives the second registration message from the port 42 connected to the physical network port 2222, and sends the second registration message to the port 45 according to the VLAN ID 5 of the second registration message.
  • the cloud management platform 5 receives the second registration message from port 45.
  • the first cloud management platform client 211 can also obtain the MAC address of the virtual machine on the computing node 21 and the IP address of the computing node 21, and report it to the cloud management platform 5.
  • the embodiment of the invention does not limit this.
  • Step S22 The cloud management platform 5 receives the second registration message, obtains the MAC address of the VM3 and the IP address of the computing node 21 from the second registration message, and configures the network information of the second VLAN, where the network information of the second VLAN This includes the correspondence between the MAC address of VM3 and the IP address of computing node 21.
  • the user can configure the network information of the second VLAN to the computing node 11 through the cloud management platform 5.
  • Step S23 The cloud management platform 5 generates a second management message and sends the second management message to the switch 4.
  • the second management message may be a VLAN message, the destination MAC address of which is the MAC address of the network card controller 121, and the VLAN ID carried by it is 1.
  • the MAC address and VLAN ID can be specified by the user.
  • the cloud management platform 5 can select the MAC address of the network card controller 121 connected to the computing node 11 and the VLAN ID 2 allowed by the port 41 of the switch 4.
  • Step S24 The switch 4 sends the second management message to the network card 122.
  • the switch 4 sends the second management message to the port 41 according to the VLAN ID of the second management message, and the port 41 allows the second management message to enter the physical network port 1222 of the network card 122.
  • Step S25 The network card 122 sends the second management message to the network card controller 121.
  • the switching device 1221 of the network card 122 obtains the second management message from the physical network port 1222, selects PF1 according to the destination MAC address of the second management message, and sends the second management message to PF1.
  • Step S26 The network card controller 121 obtains the network information of the second VLAN from the second management message, and records the network information of the second VLAN.
  • the third cloud management platform client 1211 of the network card controller 121 obtains the second management message from the PF1, obtains the network information of the second VLAN carried in the second management message, and records the network information of the second VLAN.
  • the first cloud management platform client 111 can also obtain the MAC address of VM1 and the IP address of the computing node 11, and use the MAC address of VM1 and the IP address of the computing node 11 as the first The network information of the VLAN is reported to the cloud management platform 5.
  • FIG. 6 is another data interaction diagram of the message processing method according to an embodiment of the present invention.
  • FIG. 6 is a continuation of FIG. 5, following FIG. 5, the message processing method further includes the following steps:
  • Step S27 VM1 sends a third service message to the network card 122.
  • the third service message is a VLAN message
  • the source MAC address is the MAC address of VM1
  • the destination MAC address is the MAC address of VM3
  • its payload carries service data.
  • VM1 does not know the VLAN ID of the VLAN network where VM3 is located.
  • the VLAN ID of a service packet is empty, and VM1 sends the third service packet to VF1.
  • Step S28 The network card 122 forwards the third service message to the network card controller 121.
  • the network card 122 obtains the third service message from VF1, determines that the MAC address of VM3 is not local, and forwards the third service message to PF1.
  • Step S29 The network card controller 121 modifies the third service message according to the network information of the second VLAN.
  • the third cloud management platform client 1211 obtains the third service packet from PF1, obtains the IP address of the distributed gateway 22 from the network information of the second VLAN according to the destination MAC address of the third service packet, and reports the third service
  • the text is encapsulated into an overlay message.
  • the destination IP address of the overlay message is the IP address of the computing node 21, and the destination MAC address is the MAC address of the next hop device of the computing node 21.
  • the overlay message carries the third service message.
  • the overlay message may be a VXLAN message.
  • Step S30 The network card controller 121 sends an overlay message to the network card 122.
  • the third cloud management platform client 1211 of the network card controller 121 sends the overlay message to PF1, and the switching device 1221 of the network card 122 obtains the overlay message from PF1.
  • Step S31 The network card 122 sends an overlay message to the switch 4.
  • the switching device 1221 of the network card 122 determines that the destination MAC of the overlay message is not local, and sends the overlay message to the physical network port 1222, so that the overlay message reaches the switch 4.
  • Step S32 The switch 4 receives the overlay message from the port 41, and forwards the overlay message to the network card 222.
  • the switch 4 sends the overlay message to the port 42 according to the destination IP address of the overlay message, and the switching device 2221 obtains the overlay message from the physical port 2222.
  • Step S33 The network card 222 forwards the overlay message to the network card controller 221.
  • the switching device 2221 of the network card 222 obtains the overlay message from the physical network port 2222, selects PF3 according to the destination IP address of the overlay message, and sends the overlay message to PF3.
  • Step S34 The network card controller 21 decapsulates the overlay message to obtain the third service message carried in the overlay message.
  • the fourth cloud management platform client 2211 of the network card controller 221 obtains the overlay message from the PF3, decapsulates the overlay message, and obtains the third service message carried in the overlay message.
  • Step S35 The network card controller 221 sends a third service message to the network card 222.
  • the fourth cloud management platform client 2211 of the network card controller 221 sends the third service message to the PF3.
  • Step S36 The network card 222 sends the third service message to VM3.
  • the switching device 2221 of the network card 222 obtains the third service message from PF3, selects VF3 according to the destination MAC address of the third service message, sends the third service message to VF3, and VM3 obtains the third service message from VF3, And obtain business data from the payload of the third business message, and perform business processing according to the business data.
  • the distributed gateway 12 modifies the third service message into an overlay message, the overlya message can be smoothly transmitted to the server 2 via the switch 4, thereby achieving cross-VLAN communication.
  • the local distributed gateway of the server fails, it will only affect the local virtual machine of the server. Other servers will not be affected because of the distributed gateway, and the network will not be affected by the failure of a single distributed gateway.
  • the distributed gateway 12 of the server 1 is implemented by a network card controller 121 and a network card 122.
  • the network card controller 121, the network card 122, and the computing node 11 may be connected to each other through a PCIe link.
  • FIG. 7 is a schematic diagram of the hardware structure of the server 1 according to an embodiment of the present invention.
  • the PCIe interface 1103 of the computing node 11 is connected to the PCIe interface 12103 of the network card controller 121 to form a PCIe link
  • the PCIe interface 1104 of the computing node 11 is connected to the PCIe interface 12203 of the network card 122 to form a PCIe link
  • the PCIe interface 12104 of the network card controller 121 is connected to the PCIe interface 12204 of the network card 122 to form a PCIe link.
  • the computing node 11 can supply power to the network card controller 121 through the PCIe interface 1103, and supply power to the network card 122 through the PCIe interface 1104.
  • the network card 122 provides a pass-through function to the computing node 11 through the PCIe link where the PCIe interface 12203 is located.
  • the network card 122 can also pass through The PCIe link where the PCIe interface 12204 is located provides a pass-through function.
  • the processor 1101 may be one or more processors with strong computing power in the X86 architecture, and the processor 12101 may be a processor with strong computing power in the ARM architecture, processor 12201 It can be a processor with average computing power.
  • the distributed gateway 22 also has a similar structure, which will not be repeated here.
  • the distributed gateway may also be implemented separately through an intelligent network card, for example, the physical network port and the switching device are integrated into the network card controller, which is not limited in this embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of an apparatus of a distributed gateway according to an embodiment of the present invention.
  • the distributed gateway includes:
  • the receiving module 411 is used to receive a management message sent by the cloud management platform, where the management message carries the network information of the second VLAN;
  • the recording module 413 is used to record network information of the second VLAN
  • the receiving module 411 is further configured to receive a first service packet carrying service data sent by the first virtual machine to the second virtual machine, and the second virtual machine is located in the second VLAN;
  • the conversion module 412 is configured to modify the first service message according to the network information of the second VLAN to generate a second service message that can reach the second VLAN, where the second service message carries service data;
  • the sending module 412 is used to send the second service message to the switch.
  • the specific functions of each functional module are also described in the embodiments shown in FIGS. 1 to 6 above, and will not be repeated here.
  • FIG. 9 is a schematic structural diagram of another device of a distributed gateway according to an embodiment of the present invention.
  • FIG. 9 shows a schematic structural diagram of another device of a distributed gateway according to an embodiment of the present invention.
  • the distributed gateway may include a processing unit 421 and a communication interface 422.
  • the processing unit 421 is used to Perform the functions defined by the operating system and various software programs running on the physical server, for example, to implement the functions of a virtual switch.
  • the communication interface 422 is used to communicate with other computing nodes. Other devices may be other physical servers. Specifically, the communication interface 422 may be a network adapter card.
  • the physical server may further include an input/output interface 423, and the input/output interface 423 is connected with an input/output device for receiving input information and outputting operation results.
  • the input/output interface 423 may be a mouse, a keyboard, a display, or an optical drive.
  • the physical server may further include an auxiliary storage 424, which is also generally called external storage.
  • the storage medium of the auxiliary storage 424 may be a magnetic medium (for example, a floppy disk, a hard disk, a magnetic tape), an optical medium (for example, an optical disk), or a semiconductor Media (such as solid state drives), etc.
  • the processing unit 421 may have various specific implementation forms.
  • the processing unit 421 may include a processor 4212 and a memory 4211.
  • the processor 4212 executes the distributed gateway 12 in the embodiments shown in FIGS. 2 to 4 according to program instructions stored in the memory 4211.
  • the processor 4212 may be a central processing unit (CPU) or an image processor (English: graphics processing unit, GPU), and the processor 4212 may be a single-core processor or a multi-core processor.
  • the processing unit 421 can also be implemented by using a logic device with built-in processing logic, such as a field programmable gate array (English full name: Field Programmable Gate Array, abbreviation: FPGA) or a digital signal processor (English: digital signal processor, DSP), etc. .
  • containers can also be used to replace virtual machines, which is not limited in this embodiment of the present invention.
  • any of the device embodiments described above are only schematic, wherein the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be The physical unit can be located in one place or can be distributed to multiple network units. Some or all of the processes may be selected according to actual needs to achieve the objectives of the solution of this embodiment.
  • the connection relationship between processes indicates that there is a communication connection between them, which may be specifically implemented as one or more communication buses or signal lines.
  • the technical solution of the present invention can be embodied in the form of a software product in essence or part that contributes to the existing technology, and the computer software product is stored in a readable storage medium, such as a computer floppy disk , U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or CD-ROM, etc., including several instructions to make a computer device (which can be (Personal computer, host, or network device, etc.) execute the methods described in the embodiments of the present invention.
  • a computer floppy disk U disk
  • mobile hard disk read-only memory
  • Read-Only Memory Read-Only Memory
  • RAM random access memory
  • magnetic disk or CD-ROM etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

一种云计算数据中心系统,包括第一服务器、第二服务器、云管理平台以及交换机,第一服务器包括第一计算节点和第一分布式网关,第一分布式网关,接收云管理平台发送的管理报文,管理报文携带有第二VLAN的网络信息,第一分布式网关记录第二VLAN的网络信息,第一虚拟机,向第二虚拟机发送携带业务数据的第一业务报文,第一分布式网关,接收第一业务报文,根据第二VLAN的网络信息对第一业务报文进行修改以产生可到达第二VLAN的第二业务报文,将第二业务报文发送至交换机,其中,第二业务报文携带业务数据,第二分布式网关,接收交换机转发的第二业务报文,并将第二业务报文携带的业务数据发送至第二虚拟机。通过以上方式以可提高网络可靠性。

Description

云计算数据中心系统、网关、服务器及报文处理方法 技术领域
本申请涉及网络通信技术领域,特别涉及一种云计算数据中心系统、网关、服务器及报文处理方法。
背景技术
在云计算网络环境中,有大量的网络流量需要通过网关分发,网关对云网络的网络性能、网络规模、可靠性以及系统扩容等有着很大的影响。现有技术往往采用集中式网关,即所有计算节点的虚拟机发出的报文,若需要跨虚拟局域网通信,均需要先发送报文到集中式网关中进行处理,如此带来可靠性不足的问题,例如,当集中式网关带宽不足,则会影响到整体网络的带宽,且若集中式网关出现故障,则会出现大面积网络瘫痪。
发明内容
本申请提供一种分布式网关及报文处理方法、服务器,将分布式网关设置到计算节点本地,每一个计算节点设置有一个分布式网关,每一计算节点的虚拟机发出的报文可经本地的分布式网关进行处理以进行跨子网传输,即便本地的分布式网关出现故障,也仅会影响对应计算节点上的虚拟机的通信,不会影响其他计算节点,因此可提高网络可靠性。
第一方面,本申请提供一种分布式网关的报文处理方法,分布式网关与第一计算节点通过第一高速外围组件互联PCIe链路连接,分布式网关与交换机连接,第一计算节点设置有第一虚拟机,第一虚拟机位于第一虚拟局域网VLAN,该方法包括以下步骤:分布式网关接收云管理平台发送的管理报文,管理报文携带有第二VLAN的网络信息,分布式网关记录第二VLAN的网络信息,分布式网关接收第一虚拟机向第二虚拟机发送的携带业务数据的第一业务报文,第二虚拟机位于第二VLAN,分布式网关根据第二VLAN的网络信息对第一业务报文进行修改以产生可到达第二VLAN的第二业务报文,其中,第二业务报文携带业务数据,分布式网关发送第二业务报文至交换机。
由于分布式网关设置可接收云管理平台发送的针对第二VLAN的网络信息,并根据该网络信息针对第一计算节点的位于第一VLAN的第一虚拟机发出的业务报文进行修改,使得修改后的业务报文可传输至位于第二VLAN,从而在第一计算节点本地实现网关功能。
在第一方面的第一种可能的实现方式中,分布式网关包括网卡控制器和网卡,网卡设置有第一物理功能PF、第一虚拟功能VF以及物理网口,网卡控制器与第一PF连接,第一虚拟机与第一VF连接,物理网口与交换机连接。
通过网卡直通技术,将网卡的PF直通至网卡控制器,将网卡的VF直通至计算节点的虚拟机,以利用网卡控制器的运算能力对报文进行修改,减轻计算节点的运算量。
可选地,网卡控制器的运算能力大于网卡的运算能力,网卡控制器负责保卫修改,并负责与云管理平台的通信,网卡无需兼顾以上功能,不会影响网卡报文转发速度。
根据第一方面的第一种可能的实现方式,在第二种可能的实现方式中,分布式网关接收第一虚拟机向第二虚拟机发送的携带业务数据的第一业务报文,通过以下方式实现:网卡从第一VF接收第一业务报文。
由于网卡直通至第一虚拟机,因此第一虚拟机发送的业务报文无需经虚拟机管理器,因此可提高报文传输速度。
根据第一方面的第二种可能的实现方式,在第三种可能的实现方式中,分布式网关根据第二VLAN的网络信息对第一业务报文进行修改以产生可到达第二VLAN的第二业务报文,包括:网卡将第一业务报文转发至第一PF,网卡控制器从第一PF获取第一业务报文,根据第二VLAN的网络信息对第一业务报文进行修改以产生第二业务报文,并将第二业务报文发送至第一PF,网卡将第二业务报文发送至物理网口。
通过网卡控制器独立执行修改报文的步骤,不用对造成网卡的额外负担,不会影响网卡的报文转发速度。
根据第一方面的第一至第三种可能的实现方式中的任一者,在第四种可能的实现方式中,管理报文的目的MAC地址是网卡控制器的MAC地址,网卡记录有网卡控制器的MAC地址与第一PF的第三对应关系,分布式网关接收云管理平台发送的管理报文,包括:网卡从物理网口接收管理报文,并根据管理报文的目的MAC地址从第三对应关系选择第一PF,并将管理报文转发至第一PF,网卡控制器从第一PF接收管理报文。
由于云管理平台可将管理报文下发至网卡控制器,因此用户可随时在云管理平台对分布式网关进行管理,从而提高用户体验。
根据第一方面的第四种可能的实现方式,在第五种可能的实现方式中,分布式网关记录第二VLAN的网络信息,包括:网卡控制器从管理报文获取第二VLAN的网络信息,并记录第二VLAN的网络信息。
网卡控制器和网卡相对独立,由网卡控制器记录第二VLAN的网络信息不会增加网卡的负担,对报文转发速度不会造成影响。
根据第一方面、第一方面的第一至第五种可能的实现方式中的任一者,在第六种可能的实现方式中,第一业务报文是VLAN报文,第一业务报文的目的地址是第二虚拟机的MAC地址,第一VLAN网络设置有第一VLAN识别码,第二VLAN网络设置有与第一VLAN识别码不同的第二VLAN识别码,第二VLAN的网络信息包括第二虚拟机的MAC地址与第二VLAN识别码的第一对应关系,分布式网关根据第二VLAN的网络信息对第一业务报文进行修改以产生可到达第二VLAN的第二业务报文,包括:分布式网关根据第一业务报文的目的MAC地址从第一对应关系获取第二VLAN识别码,分布式网关将第二VLAN识别码设置于第一业务报文以产生第二业务报文。
由于第一虚拟机和第二虚拟机在不同的VLAN,不同的VLAN之间不能互通,通过云管理平台下发第二虚拟机的MAC地址与第二虚拟机所在的VLAN的第二VLAN识别码之间的对应关系至分布式网关,使得分布式网关在接收到第一虚拟机发送的目的地址是第二虚拟机的MAC地址的业务报文时,可将第二VLAN识别码设置到该业务报文,从而使得交换机可允许修改后的携带有第二VLAN识别码的业务报文到达第二虚拟机所在的第二VLAN,以此实现不同VLAN的虚拟机之间的通信。
根据第一方面、第一方面的第一至第五种可能的实现方式中的任一者,在第七种可能的实现方式中,第一业务报文是VLAN报文,第一业务报文的目的MAC地址是第二虚拟机的MAC地址,第二VLAN的网络信息包括第二虚拟机的MAC地址与与第二计算节点通过第二PCIe链路连接的另一分布式网关的IP地址的第二对应关系,第二虚拟机设置于第二计算节点,分布式网关根据第二VLAN的网络信息对第一业务报文进行修改以可到达第二VLAN的第二业务报文,包括:分布式网关根据第一业务报文的目的地址从第二对应关系获取IP地址,分布式网关将第一业务报文封装到第二业务报文,其中,第二业务报文为overlay报文,第二业务报文的目的IP地址是与IP地址。
由于第一虚拟机和第二虚拟机在不同的VLAN,不同的VLAN之间不能互通,通过云管理平台下发第二虚拟机的MAC地址与另一分布式网关的IP地址的对应关系至分布式网关,使得分布式网关在接收到第一虚拟机发送的目的地址是第二虚拟机的MAC地址的业务报文时,可将该业务报文封装为overlay报文,且overlay报文的目的IP地址为另一分布式网关的IP地址,从而使得交换机可根据该IP地址将overlay报文路由至第二虚拟机所在的与另一分布式网关通过PCIe链路连接第二计算节点,以此实现不同VLAN的虚拟机之间的通信。
第二方面,本申请提供一种分布式网关,分布式网关与第一计算节点通过PCIe接口连接,分布式网关与交换机连接,第一计算节点设置有第一虚拟机,第一虚拟机位于第一VLAN,分布式网关包括:接收模块,用于接收云管理平台发送的管理报文,管理报文携带有第二VLAN的网络信息,记录模块,用于记录第二VLAN的网络信息,接收模块,还用于接收第一虚拟机向第二虚拟机发送的携带有业务数据的第一业务报文,第二虚拟机位于第二VLAN,转换模块,用于根据第二VLAN的网络信息对第一业务报文进行修改以产生可到达第二VLAN的第二业务报文,其中,第二业务报文携带有业务数据,发送模块,用于发送第二业务报文至交换机。
第二方面或第二方面任意一种实现方式是第一方面或第一方面任意一种实现方式对应的装置实现,第一方面或第一方面任意一种实现方式中的描述适用于第二方面或第二方面任意一种实现方式,在此不再赘述。
第三方面,本申请提供一种服务器,包括分布式网关和计算节点,分布式网关与计算节点通过高速外围组件互联PCIe接口连接,分布式网关与交换机连接,计算节点设置有第一虚拟机,第一虚拟机位于第一虚拟局域网VLAN,其中:分布式网关,用于接收云管理平台发送的管理报文,管理报文携带有第二VLAN的网络信息,分布式网关,还用于记录第二VLAN的网络信息,第一虚拟机,用于向第二虚拟机发送携带有业务数据的第一业务报文,第二虚拟机位于第二VLAN,分布式网关,还用于接收第一业务报文,分布式网关,还用于根据第二VLAN的网络信息对第一业务报文进行修改以产生可到达第二VLAN的第二业务报文,并发送第二业务报文至交换机,其中,第二业务报文携带有业务数据。
第三方面或第三方面任意一种实现方式是第一方面或第一方面任意一种实现方式对应的系统实现,第一方面或第一方面任意一种实现方式中的描述适用于第二方面或第二方面任意一种实现方式,在此不再赘述。
第四方面,本申请提供一种分布式网关,包括处理器以及存储器,分布式网关与设置有第一虚拟机的计算节点连接,分布式网关与交换机连接,第一虚拟机位于第一虚拟局域 网VLAN,存储器存储有程序指令,处理器运行程序指令以执行第一方面及第一方面任意一种可能的实现方式所述的方法。
第四方面或第四方面任意一种实现方式是第一方面或第一方面任意一种实现方式对应的实体装置实现,第一方面或第一方面任意一种实现方式中的描述适用于第四方面或第四方面任意一种实现方式,在此不再赘述。
第五方面,本申请提供一种云计算数据中心系统,包括第一服务器、第二服务器、云管理平台以及交换机,第一服务器包括通过第一高速外围组件互联PCIe链路连接的第一计算节点和第一分布式网关,第二服务器包括通过第二PCIe链路连接的第二计算节点和第二分布式网关,第一计算节点设置有位于第一虚拟局域网VLAN的第一虚拟机,第二计算节点设置有位于第二VLAN的第二虚拟机,云管理平台、第一分布式网关和第二分布式网关分别连接至交换机,第一分布式网关,用于接收云管理平台发送的管理报文,管理报文携带有第二VLAN的网络信息,第一分布式网关用于记录第二VLAN的网络信息,第一虚拟机,用于向第二虚拟机发送携带业务数据的第一业务报文,第一分布式网关,用于接收第一业务报文,根据第二VLAN的网络信息对第一业务报文进行修改以产生可到达第二VLAN的第二业务报文,将第二业务报文发送至交换机,其中,第二业务报文携带业务数据,第二分布式网关,用于接收交换机转发的第二业务报文,并将第二业务报文携带的业务数据发送至第二虚拟机。
可选地,第一分布式网关包括第一网卡控制器和第一网卡,第一网卡设置有第一物理功能PF、第一虚拟功能VF以及第一物理网口,第一网卡控制器与第一PF连接,第一虚拟机与第一VF连接,第一物理网口与交换机连接。
可选地,第一网卡,用于从第一VF接收第一虚拟机发送的第一业务报文。
可选地,第一网卡,用于将第一业务报文转发至第一PF,第一网卡控制器,用于从第一PF获取业务报文,根据第二VLAN的网络信息将第一业务报文修改为第二业务报文,并将第二业务报文发送至第一PF,网卡,还用于从第一PF获取第二业务报文,将第二业务报文发送至第一物理网口。
可选地,管理报文是VLAN报文,管理报文的目的MAC地址是第一网卡控制器的MAC地址,第一网卡记录有第一网卡控制器的MAC地址与第一PF的第三对应关系,第一网卡,用于从第一物理网口接收管理报文,并根据管理报文的目的MAC地址从第三对应关系选择第一PF,并将管理报文转发至第一PF,
第一网卡控制器,用于从第一PF接收管理报文,从管理报文获取第二VLAN的网络信息,并记录第二VLAN的网络信息。
可选地,第二分布式网关包括第二网卡控制器和第二网卡,第二网卡设置有第二物理功能PF、第二虚拟功能VF以及第二物理网口,第二网卡控制器与第二PF连接,第二虚拟机与第二VF连接,第二物理网口与交换机连接。
可选地,第二网卡,用于从第二物理网口接收交换机发送的第二业务报文。
可选地,第二网卡,用于将第二业务报文转发至第二PF,第二网卡控制器,用于从第二PF获取第二业务报文,将第二业务报文修改为第一业务报文,并将第一业务报文发送至第二PF,第二网卡,还用于从第二PF获取第一业务报文,将第一业务报文发送至第二VF。
可选地,第二计算节点还设置有云管理平台客户端,云管理平台客户端,用于收集第二VLAN的网络信息,并将携带有第二VLAN的网络信息的注册报文发送至云管理平台。
可选地,第一业务报文和第二业务报文为VLAN报文,第一业务报文的目的地址是第二虚拟机的MAC地址,第一VLAN网络设置有第一VLAN识别码,第二VLAN网络设置有与第一VLAN识别码不同的第二VLAN识别码,第二VLAN的网络信息包括第二虚拟机的MAC地址与第二VLAN识别码的第一对应关系,第一分布式网关,用于根据第一业务报文的目的MAC地址从第一对应关系获取第二VLAN识别码,将第二VLAN识别码设置于第一业务报文以产生第二业务报文,并将第二业务报文发送至交换机,其中,第二VLAN识别码用于指示交换机将第二业务报文发送至第二分布式网关,第二分布式网关,用于接收交换机发送的第二业务报文,将第二业务报文发送至第二虚拟机。
可选地,第一业务报文为VLAN报文,第二业务报文为overlay报文,第一业务报文的目的MAC地址是第二虚拟机的MAC地址,第二VLAN的网络信息包括第二虚拟机的MAC地址与第第二分布式网关的IP地址的第二对应关系,第一分布式网关,用于根据第一业务报文的目的MAC地址从第二对应关系获取第二分布式网关的的IP地址,并将第一业务报文封装为第二业务报文并发送第二业务报文至交换机,其中,第二业务报文的目的IP地址是第二分布式网关的IP地址,第二分布式网关,用于网关对第二业务报文进行解封装处理以获取第一业务报文,并将第一业务报文发送至第二虚拟机。
附图说明
图1是根据本发明实施例的云计算数据中心的系统结构示意图;
图2是根据本发明实施例的云计算数据中心的另一系统结构示意图;
图3是根据本发明实施例的报文处理方法的数据交互图;
图4是根据本发明实施例的报文处理方法的另一数据交互图;
图5是根据本发明实施例的报文处理方法的另一数据交互图;
图6是根据本发明实施例的报文处理方法的另一数据交互图;
图7是根据本发明实施例的服务器1的硬件结构示意图;
图8是根据本发明实施例的分布式网关的装置结构示意图;
图9是根据本发明实施例的分布式网关的另一装置结构示意图。
具体实施方式
首先对本发明实施例涉及的名词进行解释:
云管理平台:用于统一管理云计算网络的虚拟机的平台,云计算网络的虚拟机分布设置于多个计算节点中,每个计算节点分别设置有云管理平台客户端,云管理平台客户端用于收集所在的计算节点上的虚拟机的状态信息,并上报至云管理平台,云管理平台设置有用户交互界面,用户可通过用户交互界面获知虚拟机的状态,用户还可以通过用户交换界面配置针对虚拟机的管理操作,云管理平台可发送与管理操作对应的命令至云管理平台客户端,云管理平台客户端可执行该命令以管理虚拟机。举例而言,云管理平台可例如为Openstack或VMware vSphere。
叠加(overlay)报文:overlay报文是封装有虚拟机报文的以太网报文中,overlay报文包括外层网络地址和内层网络地址,外层网络地址是以太网报文的报文头中的网络地址,包括源IP地址、目的IP地址、源MAC地址以及目的MAC地址,内层网络地址是虚拟机报文的报文头中的网络地址,包括源IP地址、目的IP地址、源MAC地址以及目的MAC地址,overlay报文的实现方式可以是虚拟可扩展局域网(Virtual Extensible Local Area Network,VXLAN)报文、网络虚拟化通用路由封装报文(Network virtualization Generic Routing Encapsulation,NVGRE)或无状态传输隧道(Stateless Transport Tunneling,STT)报文。值得注意的是,在本发明实施例中,overlay报文具体可为VXLAN报文。
网卡虚拟化:网卡虚拟化可以采用单根输入输出虚拟化(Single-Root I/O Virtualization,SR-IOV)或或多根输入输出虚拟化(Multi Root Input/Output Virtualization,MR-IOV),上述网卡虚拟化又称为网卡直通。以SR-IOV直通为例,当网卡支持SR-IOV时,使用SR-IOV技术可以将主机上网卡共享给主机上运行的若干个虚拟机。在主机上使用支持SR-IOV能力的网卡时,网卡的网口会虚拟出至少一个物理功能(Physical Function,PF)以及多个虚拟功能(Virtual Function,VF),主机上的虚拟机连接到至少一个VF。网卡内部包含具备交换机功能的交换设备。该交换设备按照介质访问控制(MediaAccessControl,MAC)表转发数据包,负责着PF、VF和物理网口之间的数据包转发。
虚拟局域网(Virtual Local Area Network,VLAN):是将一个物理的LAN在逻辑上划分成多个广播域的通信技术。
VLAN报文:属于一种二层报文,包括目的MAC字段、源MAC字段、VLAN ID字段以及载荷(payload)字段,其他字段步骤本发明实施例讨论范围之内,于此不作赘述。
虚拟局域网识别码(Virtual Local Area Network identify,VLAN ID):VLAN报文的VID字段,该字段唯一标识了一个VLAN,12bit长度的VID可以表示4096个不同的值,除去两个保留值,一个以太网最多可以划分为4094个VLAN。
请参见图1,图1是根据本发明实施例的云计算数据中心的系统结构示意图,如图1所示,云计算数据中心包括服务器1、服务器2、服务器3、交换机4以及云管理平台5。
其中,服务器1包括计算节点11和分布式网关12,服务器2包括计算节点21和分布式网关22,服务器3包括计算节点31和分布式网关32。其中,计算节点可例如为物理主机。
值得注意的是,图1为便于说明,仅示出三个服务器,但在实际应用中,服务器可为其他数量,本发明实施例对此不作限定。
在本发明实施例中,分布式网关可通过高速外设部件互连标准(Peripheral Component Interconnect Express,PCIe)接口与计算节点连接,并且,分布式网关可通过物理网口与交换机连接。
交换机4可例如为机架顶(Top of Rack,TOR)交换机,举例而言,服务器1-3可设置于同一机架上,且分别与位于机架顶部的TOR交换机连接,在云计算数据中心中,一个机架设置有一个TOR交换机,每个机架插入多个刀片式服务器,机架之间通过TOR交换机进行跨机架连接。
在本发明实施例中,交换机4具有三层转发功能,举例而言,交换机4允许三层报文 通过端口41-43,交换机4还记录有服务器1中的IP地址与交换机4连接到服务器1的的端口41之间的对应关系,在接收到三层报文时,若三层报文的目的IP地址是服务器1中的IP地址,则将该三层报文发送至端口41,从而实现三层转发功能。
类似地,交换机4还记录有服务器2中的IP地址与交换机4连接到服务器1的的端口42之间的对应关系,在接收到三层报文时,若三层报文的目的IP地址是服务器2中的IP地址,则将该三层报文发送至端口42。
其中,服务器1中的IP地址包括分布式网关12的IP地址,服务器2中的IP地址包括分布式网关22的IP地址。
进一步,交换机4可实现VLAN隔离,举例而言,交换机4与服务器1连接的端口41设置为只允许VLAN ID为1的VLAN报文进入服务器1,交换机4与服务器2连接的端口42设置为只允许VLAN ID为2的VLAN报文进入服务器2,交换机4与服务器3连接的端口41设置为允许VLAN ID为3的VLAN报文进入服务器3。交换机4与云管理平台5连接的端口45设置为允许VLAN ID为5的VLAN报文进入云管理平台5。
在本发明实施例中,服务器1内部形成一个VLAN,其VLAN ID是1;服务器2内部形成一个VLAN,其VLAN ID是2;服务器3内部形成一个VLAN,其VLAN ID是3。交换机4设置有端口41,42,43,45,举例而言,交换机4接收到VLAN ID是1的VLAN报文之后,将报文广播到各端口,仅有端口41允许通过该报文。
在本发明实施例中,交换机4配置为忽略报文的目的MAC地址,只根据VLAN ID来选择将报文发送至哪个端口。在本发明另外一些示例中,交换机4可配置为根据报文的目的MAC地址选择端口。
在本发明实施例中,云管理平台5可设置在一个计算节点中,通过安装在该计算节点的软件实现,或者,云管理平台5可用专用的网络设备实现,本发明实施例对此不作限定,并且,服务器1-3可与云管理平台5进行通信。
以下请参见图2,图2示出根据本发明实施例的云计算数据中心的另一系统结构示意图,其中图2是图1的进一步具体说明,并且,为了清楚说明,图2省略了图1的服务器3,仅示出服务器1和2的具体结构。
如图2所示,计算节点11包括第一云管理平台客户端111、虚拟机VM1以及虚拟机VM2。分布式网关12包括网卡控制器121和网卡122,其中,网卡控制器121包括第二云管理平台客户端1221,网卡122支持网卡直通功能,网卡122包括交换装置1221、物理网卡1222、PF1、PF2、VF1以及VF2。
举例而言,交换装置1221可通过软件路由实现,例如Openvswitch。
并且,计算节点11上可运行有操作系统,第一云管理平台客户端111可作为第三方软件安装在操作系统中,第一云管理平台客户端111可例如为openstack的nova agent组件,nova agent组件可与云管理平台5上的nova组件通信,网卡控制器121上也可运行有操作系统,第二云管理平台客户端1211可作为第三方软件安装在操作系统中,第二云管理平台客户端1211可例如为openstack的neutron agent组件,neutron agent组件可与云管理平台5的neutron组件通信。值得注意的是,计算节点11可例如为基于X86平台的物理服务器,网卡控制器121可例如为基于ARM平台的智能板卡。
在本发明实施例中,分布式网关12包括相互连接的网卡控制器121和网卡122,网卡控制器121和网卡122可通过PCIe接口连接,网卡控制器121相对于网卡122具有更好的运算能力,以实现报文的快速处理,例如根据管理报文实现跨网络传输。并且,网卡122具有直通功能,网卡122的PF1直通至网卡控制器121,网卡控制器121与网卡122的PF1连接,网卡122的VF1直通至VM1,VM1与网卡122的VF1连接。
进一步,物理网口1222与交换机4的端口41连接。计算节点11的操作系统与PF2连接,运行在计算节点11的操作系统上的第一云管理平台客户端111可通过PF2连接至网卡122。
服务器2与服务器1具有类似的结构,具体可参见图2,于此不作赘述。
并且,在本发明实施例中,第一云管理平台客户端111和第三云管理平台客户端211预先记录有VLAN ID 5,根据VLAN ID 5与云管理平台5进行通信。
并且,云管理平台5预先记录有网卡控制器221的MAC地址和网卡控制器121的MAC地址,根据网卡控制器221的MAC地址与网卡控制器221进行通信,根据网卡控制器121的MAC地址与网卡控制器121进行通信。
进一步,交换装置1221的MAC表记录有:
VLAN ID 1;
VM1的MAC地址与VF1的对应关系;
VM2的MAC地址与VF2的对应关系;
计算节点11的MAC地址与PF2的对应关系;
网卡控制器121的MAC地址与PF1的对应关系。
当交换装置1221在本地MAC表查询不到接收到的报文的MAC地址,则将该报文发送至PF1。当交换装置1221判断到报文的VLAN ID不是1时,将报文发送至物理端口1222。
进一步,交换装置1221若从物理网口1222接收到三层报文,则先将该三层报文转发至PF1。
类似地,交换装置2221的MAC表记录有:
VLAN ID 2;
VM3的MAC地址与VF3的对应关系;
VM4的MAC地址与VF4的对应关系;
计算节点21的MAC地址与PF4的对应关系;
网卡控制器221的MAC地址与PF3的对应关系。
当交换装置2221在本地MAC表查询不到接收到的报文的MAC地址,则将该报文发送至PF3。当交换装置2221判断到报文的VLAN ID不是2时,将报文发送至物理端口2222。
进一步,交换装置2221若从物理网口2222接收到三层报文,则先将该三层报文转发至PF3。
并且,在本发明实施例中,分布式网关具有网卡的功能,分布式网关的IP地址可作为与分布式网关通过PCIe链路连接的计算节点的对外网暴露的IP地址。
并请参见图3,图3是根据本发明实施例的报文处理方法的数据交互图,如图3所示,报文处理方法包括以下步骤:
步骤S1:第二云管理平台客户端211获取VLAN ID 2和VM3的MAC地址。
其中,VLAN ID 2是VM3所在的VLAN的标识码,VM1与VM3属于不同的虚拟局域网,VM1的VLAN ID与VM3的VLAN ID不同。
步骤S2:第二云管理平台客户端211发送第一注册报文至网卡222。
其中,第一注册报文可例如为VLAN报文,其VLAN ID是VLAN ID 5,载荷中携带有VLAN ID 2和VM3的MAC地址。
具体而言,第二云管理平台客户端211将第一注册报文发送至网卡222的PF4,网卡222的交换装置2221从PF4获取第一注册报文,判断到第一注册报文的VLAN ID不是VLAN ID 2,将第一注册报文发送至物理网口1222。
步骤S3:交换装置2221通过物理网口1222将第一注册报文发送至交换机4的端口42。
步骤S4:交换机4从端口42接收第一注册报文,根据第一注册报文的VLAN ID 5将第一注册报文发送至端口45。云管理平台5从端口45接收第一注册报文。
值得注意的是,在本发明实施例中,第一云管理平台客户端211也可获取计算节点11的虚拟机的VLAN ID和MAC地址并上报给云管理平台5,本发明对此不作限定。
步骤S5:云管理平台从第一注册报文的载荷获取VLAN ID 2和VM3的MAC地址,根据VLAN ID 2和VM3的MAC地址配置第二VLAN的网络信息,其中,第二VLAN的网络信息包括第二VLAN的VLAN ID 2和位于第二VLAN的VM3的MAC地址的第一对应关系。
举例而言,云管理平台5提供用户交互界面,用户在用户交换界面上选择并将第二VLAN的网络信息配置到计算节点11,以使得第二VLAN的网络信息适用于计算节点11的所有虚拟机。
步骤S6:云管理平台5发送第一管理报文至交换机4的端口45。
其中,第一管理报文为VLAN报文,其目的地址是网卡控制器121的MAC地址,其VLAN ID是1,并且,第一管理报文的载荷携带有第二VLAN的网络信息。
步骤S7:交换机4根据第一管理报文的VLAN ID 1将第一管理报文发送至网卡122的物理网口1222。
步骤S8:网卡122将第一管理报文发送至网卡控制器121。
具体地,网卡122的交换装置1221从物理网口1222获取第一管理报文,根据第一管理报文的目的MAC地址选择PF1,将第一管理报文发送至PF1,网卡控制器121的第三云管理平台客户端1211从PF1获取第一管理报文。
步骤S9:第三云管理平台客户端1211从第一管理报文获取第二VLAN的网络信息,并记录第二VLAN的网络信息。
综上,第三云管理平台客户端1211可记录用户配置于计算节点11上的所有虚拟机的第二VLAN的网络信息,后续可通过第二VLAN的网络信息来实现跨VLAN的通信。
值得注意的是,在本发明实施例中,第一云管理平台客户端111也可获取VLAN ID 1和VM1的MAC,将VLAN ID 1和VM1的MAC作为第一VLAN的网络信息上报至云管理平台5。
并请参见图4,图4是根据本发明实施例的报文处理方法的另一数据交互图,图4是图3的延续,其中,报文处理方法还包括以下步骤:
步骤S10:VM1发送第一业务报文至网卡122。
其中,第一业务报文为VLAN报文,源MAC地址是VM1的MAC地址,目的MAC地址是VM3的MAC地址,载荷携带有业务数据,在本发明实施例中,VM1在发第一业务报文到VM3之前,并不知道VM3所在的VLAN网络的VLAN ID,因此,VM1将第一业务报文的VLAN ID设置为空,VM1将第一业务报文发送至VF1。
步骤S11:网卡122将第一业务报文转发到网卡控制器121。
其中,网卡122从VF1获取第一业务报文,判断到第一业务报文的目的MAC地址即VM3的MAC地址不在本地,将第一业务报文转发至PF1。
步骤S12:网卡控制器121根据第二VLAN的网络信息对第一业务报文进行修改。
其中,第三云管理平台客户端1211可从PF1获取第一业务报文,根据第一业务报文的目的MAC地址从第二VLAN的网络信息获取VLAN ID 2,将第一业务报文的VLAN ID设置为VLAN ID 2,从而产生携带有VLAN ID 2的第二业务报文,且第二业务报文的载荷携带有业务数据。
由于交换机4与服务器2连接的端口42只允许VLAN ID 2的报文通过,因此若直接发送第一业务报文到交换机4,交换机4判断到第一业务报文携带的VLAN ID为空,将第一业务报文在交换机4的所有端口进行广播,由于端口42不会允许只允许携带VLAN ID 2的报文通过,因此端口42不会讲第一业务报文发送至服务器2。
因此,本发明实施例的第三云管理平台客户端1211将第一业务报文修改成第二业务报文,以确保交换机4可通过端口42将第二业务报文发送至服务器2。
步骤S13:网卡控制器121将第二业务报文发送至网卡122。
其中,网卡控制器121将第二业务报文发送至PF1,网卡122的交换装置1221从PF1获取第二业务报文。
步骤S14:网卡122发送第二业务报文至交换机4。
其中,网卡122的交换装置1221判断到第二业务报文的VLAN ID不是1,将第二业务报文发送至物理网口1222。
步骤S19:交换机4从端口41接收第二业务报文,将第二业务报文转发至网卡222。
其中,交换机4根据第二业务报文的VLAN ID 2将第二业务报文发送至端口42,从而到达物理网口2222。
步骤S20:网卡222将第二业务报文转发至VM3。
其中,网卡222的交换装置2221从物理网口2222获取第二业务报文,根据第二业务报文的目的MAC地址选择VF3,并将第二业务报文发送至VF3,VM3从VF3获取到第二业务报文,VM3可从第二业务报文的载荷获取业务数据,从而根据业务数据进行业务处理。
由于分布式网关12将第一业务报文修改为配置有VLAN ID 2的第二业务报文,因此第二业务报文可经交换机4顺利传输至服务器2,从而实现跨VLAN的通信。
以上实施例示出分布式网关实现跨VLAN的报文传输的过程,值得注意的是,在本发明实施例中,分布式网关也可以实现overlay报文的封装,从而实现大二层跨网络通信,具体请参见图5,图5是根据本发明实施例的报文处理方法的另一数据交互图。
如图5所示,报文处理方法包括以下步骤:
步骤S17:第二云管理平台客户端211获取VM3的MAC地址。
步骤S18:第二云管理平台客户端211获取网卡控制器21的IP地址。
值得注意的是,在本发明实施例中,网卡控制器21的IP地址可作为分布式网关22以及计算节点对外的IP地址。
步骤S19:第二云管理平台客户端211产生第二注册报文,将第二注册报文发送至网卡222。
其中,第二注册报文为VLAN报文,其载荷携带有VM3的MAC地址和分布式网关的IP地址,且其VLAN ID是5。
具体地,第二云管理平台客户端211将第二注册报文发送至PF4。
步骤S20:网卡222将第三注册报文发送至交换机4。
具体地,网卡222的交换装置2221从PF4获取第二注册报文,判断到第二注册报文的VLAN ID不是2,将第二注册报文发送至物理网口2222。
步骤S21:交换机4根据第二注册报文的VLAN ID 5将第二注册报文转发至云管理平台5。
具体地,交换机4从与物理网口2222连接的端口42接收第二注册报文,根据第二注册报文的VLAN ID 5将第二注册报文发送至端口45。云管理平台5从端口45接收到第二注册报文。
值得注意的是,在本发明实施例中,第一云管理平台客户端211也可以获取计算节点21上的虚拟机的MAC地址以及计算节点21的IP地址,并上报至云管理平台5,本发明实施例对此不作限定。
步骤S22:云管理平台5接收第二注册报文,从第二注册报文获取VM3的MAC地址和计算节点21的IP地址,并配置第二VLAN的网络信息,其中,第二VLAN的网络信息包括VM3的MAC地址和计算节点21的IP地址的对应关系。
可选地,用户可通过云管理平台5将第二VLAN的网络信息配置给计算节点11。
步骤S23:云管理平台5产生第二管理报文,并将第二管理报文发送至交换机4。
其中,第二管理报文可为VLAN报文,其目的MAC地址是网卡控制器121的MAC地址,其携带的VLAN ID为1,该MAC地址和VLAN ID可以由用户指定,如用户想针对计算节点11上的所有虚拟机进行转发配置,则可通过云管理平台5选择与计算节点11连接的网卡控制器121的MAC地址以及交换机4的端口41允许通过的VLAN ID 2。
步骤S24:交换机4将第二管理报文发送至网卡122。
具体地,交换机4根据第二管理报文的VLAN ID 1将第二管理报文发送至端口41,端口41允许第二管理报文进入网卡122的物理网口1222。
步骤S25:网卡122将第二管理报文发送至网卡控制器121。
具体地,网卡122的交换装置1221从物理网口1222获取第二管理报文,根据第二管理报文的目的MAC地址选择PF1,将第二管理报文发送至PF1。
步骤S26:网卡控制器121从第二管理报文获取第二VLAN的网络信息,记录第二VLAN的网络信息。
具体地,网卡控制器121的第三云管理平台客户端1211从PF1获取第二管理报文,获取第二管理报文携带的第二VLAN的网络信息并记录第二VLAN的网络信息。
值得注意的是,在本发明实施例中,第一云管理平台客户端111也可获取VM1的MAC地址和计算节点11的IP地址,将VM1的MAC地址和计算节点11的IP地址作为第一VLAN的网络信息上报至云管理平台5。
并请参见图6,图6是根据本发明实施例的报文处理方法的另一数据交互图,图6是图5的延续,承接图5,报文处理方法还包括以下步骤:
步骤S27:VM1发送第三业务报文至网卡122。
其中,第三业务报文为VLAN报文,源MAC地址是VM1的MAC地址,目的MAC地址是VM3的MAC地址,其载荷携带有业务数据,VM1不知道VM3所在的VLAN网络的VLAN ID,第一业务报文的VLAN ID为空,VM1将第三业务报文发送至VF1。
步骤S28:网卡122将第三业务报文转发到网卡控制器121。
其中,网卡122从VF1获取第三业务报文,判断到VM3的MAC地址不在本地,将第三业务报文转发至PF1。
步骤S29:网卡控制器121根据第二VLAN的网络信息对第三业务报文进行修改。
其中,第三云管理平台客户端1211从PF1获取第三业务报文,根据第三业务报文的目的MAC地址从第二VLAN的网络信息获取分布式网关22的IP地址,将第三业务报文封装至overlay报文中,overlay报文的目的IP地址是计算节点21的IP地址,目的MAC地址是计算节点21的下一跳设备的MAC地址,overlay报文携带有第三业务报文。
举例而言overlay报文可以是VXLAN报文。
步骤S30:网卡控制器121将overlay报文发送至网卡122。
其中,网卡控制器121的第三云管理平台客户端1211将overlay报文发送至PF1,网卡122的交换装置1221从PF1获取overlay报文。
步骤S31:网卡122发送overlay报文至交换机4。
其中,网卡122的交换装置1221判断到overlay报文的目的MAC不在本地,将overlay报文发送至物理网口1222,从而使得overlay报文到达交换机4。
步骤S32:交换机4从端口41接收overlay报文,将overlay报文转发至网卡222。
其中,交换机4根据overlay报文的目的IP地址将overlay报文发送至端口42,交换装置2221从物理端口2222获取overlay报文。
步骤S33:网卡222将overlay报文转发至网卡控制器221。
其中,网卡222的交换装置2221从物理网口2222获取overlay报文,根据overlay报文的目的IP地址选择PF3,并将overlay报文发送至PF3。
步骤S34:网卡控制器21对overlay报文进行解封装以获取overlay报文携带的第三业务报文。
其中,网卡控制器221的第四云管理平台客户端2211从PF3获取overlay报文,对overlay报文进行解封装,获取overlay报文携带的第三业务报文。
步骤S35:网卡控制器221发送第三业务报文至网卡222。
其中,网卡控制器221的第四云管理平台客户端2211将第三业务报文发送至PF3。
步骤S36:网卡222将第三业务报文发送至VM3。
其中,网卡222的交换装置2221从PF3获取第三业务报文,根据第三业务报文的目的 MAC地址选择VF3,将第三业务报文发送至VF3,VM3从VF3获取第三业务报文,并从第三业务报文的载荷获取业务数据,根据业务数据进行业务处理。
由于分布式网关12将第三业务报文修改为overlay报文,overlya报文可经交换机4顺利传输至服务器2,从而实现跨VLAN的通信。
综上,在服务器本地的分布式网关发生故障时,仅会影响服务器本地虚拟机,其他服务器由于设置有分布式网关,因此不会受到影响,网络不会受到单一分布式网关故障影响。
在本发明实施例中,服务器1的分布式网关12通过网卡控制器121和网卡122实现,网卡控制器121、网卡122以及计算节点11可通过PCIe链路相互连接,具体可参见图7,图7是根据本发明实施例的服务器1的硬件结构示意图。
如图7所示,计算节点11的PCIe接口1103与网卡控制器121的PCIe接口12103连接,形成PCIe链路,计算节点11的PCIe接口1104与网卡122的PCIe接口12203连接,形成PCIe链路,网卡控制器121的PCIe接口12104与网卡122的PCIe接口12204连接,形成PCIe链路。
其中,计算节点11可通过PCIe接口1103向网卡控制器121供电,通过PCIe接口1104向网卡122供电,网卡122通过PCIe接口12203所在的PCIe链路向计算节点11提供直通功能,网卡122还可以通过PCIe接口12204所在的PCIe链路提供直通功能,处理器1101可为X86架构的运算能力强大的一个或多个处理器,处理器12101可为ARM架构的运算能力较强的处理器,处理器12201可为运算能力一般的处理器。
分布式网关22也具有类似结构,于此不作赘述。
值得注意的是,在本发明另外一些示例中,分布式网关也可以通过一个智能网卡单独实现,例如将物理网口和交换装置集成到网卡控制器,本发明实施例对此不作限定。
以下请参见图8,图8是根据本发明实施例的分布式网关的装置结构示意图。
如图8所示,分布式网关包括:
接收模块411,用于接收云管理平台发送的管理报文,管理报文携带有第二VLAN的网络信息;
记录模块413,用于记录第二VLAN的网络信息;
接收模块411,还用于接收第一虚拟机向第二虚拟机发送的携带有业务数据的第一业务报文,第二虚拟机位于第二VLAN;
转换模块412,用于根据第二VLAN的网络信息对第一业务报文进行修改以产生可到达第二VLAN的第二业务报文,其中,第二业务报文携带有业务数据;
发送模块,412用于发送第二业务报文至交换机。各功能模块的具体功能,在上述图1至图6所示实施例中亦有相关描述,在此不再赘述。
以下请参见图9,图9是根据本发明实施例的分布式网关的另一装置结构示意图。
以下请参见图9,图9示出根据本发明实施例的分布式网关的另一装置结构示意图,如图9所示,分布式网关可以包括处理单元421和通信接口422,处理单元421用于执行物理服务器上运行的操作系统以及各种软件程序所定义的功能,例如,用于实现虚拟交换机的功能。通信接口422用于与其他计算节点进行通信交互,其他设备可以是其它物理服务器,具体地,通信接口422可以是网络适配卡。可选地,该物理服务器还可以包括输入/ 输出接口423,输入/输出接口423连接有输入/输出设备,用于接收输入的信息,输出操作结果。输入/输出接口423可以为鼠标、键盘、显示器、或者光驱等。可选地,该物理服务器还可以包括辅助存储器424,一般也称为外存,辅助存储器424的存储介质可以是磁性介质(例如,软盘、硬盘、磁带)、光介质(例如光盘)、或者半导体介质(例如固态硬盘)等。处理单元421可以有多种具体实现形式,例如处理单元421可以包括处理器4212和存储器4211,处理器4212根据存储器4211中存储的程序指令执行图2至图4所示实施例中分布式网关12或分布式网关22的相关操作,处理器4212可以为中央处理器(CPU)或图像处理器(英文:graphics processing unit,GPU),处理器4212可以是单核处理器或多核处理器。处理单元421也可以单独采用内置处理逻辑的逻辑器件来实现,例如现场可编程门阵列(英文全称:Field Programmable Gate Array,缩写:FPGA)或数字信号处理器(英文:digital signal processor,DSP)等。
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
进一步地,在本发明其他实施例中,也可以使用容器来替换虚拟机,本发明实施例对此不作限定。
需说明的是,以上描述的任意装置实施例都仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部进程来实现本实施例方案的目的。另外,本发明提供的装置实施例附图中,进程之间的连接关系表示它们之间具有通信连接,具体可以实现为一条或多条通信总线或信号线。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。
通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到本发明可借助软件加必需的通用硬件的方式来实现,当然也可以通过专用硬件包括专用集成电路、专用CPU、专用存储器、专用元器件等来实现。一般情况下,凡由计算机程序完成的功能都可以很容易地用相应的硬件来实现,而且,用来实现同一功能的具体硬件结构也可以是多种多样的,例如模拟电路、数字电路或专用电路等。但是,对本发明而言更多情况下软件程序实现是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在可读取的存储介质中,如计算机的软盘,U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,主机,或者网络设备等)执行本发明各个实施例所述的方法。
所属领域的技术人员可以清楚地了解到,上述描述的系统、装置或单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以所述权利要求的保护范围为准。

Claims (14)

  1. 一种云计算数据中心系统,其特征在于,包括第一服务器、第二服务器、云管理平台以及交换机,所述第一服务器包括通过第一高速外围组件互联PCIe链路连接的第一计算节点和第一分布式网关,所述第二服务器包括通过第二PCIe链路连接的第二计算节点和第二分布式网关,所述第一计算节点设置有位于第一虚拟局域网VLAN的第一虚拟机,所述第二计算节点设置有位于第二VLAN的第二虚拟机,所述云管理平台、所述第一分布式网关和所述第二分布式网关分别连接至所述交换机,
    所述第一分布式网关,用于接收云管理平台发送的管理报文,所述管理报文携带有所述第二VLAN的网络信息,所述第一分布式网关用于记录所述第二VLAN的网络信息;
    所述第一虚拟机,用于向所述第二虚拟机发送携带业务数据的第一业务报文;
    所述第一分布式网关,用于接收所述第一业务报文,根据所述第二VLAN的网络信息对所述第一业务报文进行修改以产生可到达所述第二VLAN的第二业务报文,将所述第二业务报文发送至所述交换机,其中,所述第二业务报文携带所述业务数据;
    所述第二分布式网关,用于接收所述交换机转发的所述第二业务报文,并将所述第二业务报文携带的业务数据发送至所述第二虚拟机。
  2. 一种分布式网关的报文处理方法,其特征在于,分布式网关与第一计算节点通过第一高速外围组件互联PCIe链路连接,所述分布式网关与交换机连接,所述第一计算节点设置有第一虚拟机,所述第一虚拟机位于第一虚拟局域网VLAN,所述方法包括:
    所述分布式网关接收云管理平台发送的管理报文,所述管理报文携带有第二VLAN的网络信息;
    所述分布式网关记录所述第二VLAN的网络信息;
    所述分布式网关接收所述第一虚拟机向第二虚拟机发送的携带业务数据的第一业务报文,所述第二虚拟机位于所述第二VLAN;
    所述分布式网关根据所述第二VLAN的网络信息对所述第一业务报文进行修改以产生可到达所述第二VLAN的第二业务报文,其中,所述第二业务报文携带所述业务数据;
    所述分布式网关发送所述第二业务报文至所述交换机。
  3. 根据权利要求2所述的方法,其特征在于,所述分布式网关包括网卡控制器和网卡,所述网卡设置有第一物理功能PF、第一虚拟功能VF以及物理网口,所述网卡控制器与所述第一PF连接,所述第一虚拟机与所述第一VF连接,所述物理网口与所述交换机连接。
  4. 根据权利要求3所述的方法,其特征在于,所述分布式网关接收所述第一虚拟机向第二虚拟机发送的携带业务数据的第一业务报文,包括:
    所述网卡从所述第一VF接收所述第一业务报文。
  5. 根据权利要求4所述的方法,其特征在于,所述分布式网关根据所述第二VLAN的网络信息对所述第一业务报文进行修改以产生可到达所述第二VLAN的第二业务报文,包括:
    所述网卡将所述第一业务报文转发至所述第一PF;
    所述网卡控制器从所述第一PF获取所述第一业务报文,根据所述第二VLAN的网络信息对所述第一业务报文进行修改以产生所述第二业务报文,并将所述第二业务报文发送至所述第一PF;
    所述网卡将所述第二业务报文发送至所述物理网口。
  6. 根据权利要求3至5任一项所述的方法,其特征在于,所述管理报文的目的MAC地址是所述网卡控制器的MAC地址,所述网卡记录有所述网卡控制器的MAC地址与所述第一PF的第三对应关系,所述分布式网关接收所述云管理平台发送的管理报文,包括:
    所述网卡从所述物理网口接收所述管理报文,并根据所述管理报文的目的MAC地址从所述第三对应关系选择所述第一PF,并将所述管理报文转发至所述第一PF;
    所述网卡控制器从所述第一PF接收所述管理报文。
  7. 根据权利要求6所述的方法,其特征在于,所述分布式网关记录所述第二VLAN的网络信息,包括:
    所述网卡控制器从所述管理报文获取所述第二VLAN的网络信息,并记录所述第二VLAN的网络信息。
  8. 根据权利要求2至7任一项所述的方法,其特征在于,所述第一业务报文是VLAN报文,所述第一业务报文的目的地址是所述第二虚拟机的MAC地址,所述第一VLAN网络设置有第一VLAN识别码,所述第二VLAN网络设置有与所述第一VLAN识别码不同的第二VLAN识别码,所述第二VLAN的网络信息包括所述第二虚拟机的MAC地址与所述第二VLAN识别码的第一对应关系,所述分布式网关根据所述第二VLAN的网络信息对所述第一业务报文进行修改以产生可到达所述第二VLAN的第二业务报文,包括:
    所述分布式网关根据所述第一业务报文的目的MAC地址从所述第一对应关系获取所述第二VLAN识别码;
    所述分布式网关将所述第二VLAN识别码设置于所述第一业务报文以产生所述第二业务报文。
  9. 根据权利要求2至7任一项所述的方法,其特征在于,所述第一业务报文是VLAN报文,所述第一业务报文的目的MAC地址是第二虚拟机的MAC地址,所述第二VLAN的网络信息包括所述第二虚拟机的MAC地址与与第二计算节点通过第二PCIe链路连接的另一分布式网关的IP地址的第二对应关系,所述第二虚拟机设置于所述第二计算节点,所述分布式网关根据所述第二VLAN的网络信息对所述第一业务报文进行修改以可到达所述第二VLAN的第二业务报文,包括:
    所述分布式网关根据所述第一业务报文的目的地址从所述第二对应关系获取所述IP地址;
    所述分布式网关将所述第一业务报文封装到所述第二业务报文,其中,所述第二业务报文为overlay报文,所述第二业务报文的目的IP地址是与所述IP地址。
  10. 一种分布式网关,其特征在于,所述分布式网关与第一计算节点通过PCIe接口连接,所述分布式网关与交换机连接,所述第一计算节点设置有第一虚拟机,所述第一虚拟机位于第一VLAN,所述分布式网关包括:
    接收模块,用于接收云管理平台发送的管理报文,所述管理报文携带有第二VLAN的网络信息;
    记录模块,用于记录所述第二VLAN的网络信息;
    所述接收模块,还用于接收所述第一虚拟机向第二虚拟机发送的携带有业务数据的第 一业务报文,所述第二虚拟机位于所述第二VLAN;
    转换模块,用于根据所述第二VLAN的网络信息对所述第一业务报文进行修改以产生可到达所述第二VLAN的第二业务报文,其中,所述第二业务报文携带有所述业务数据;
    发送模块,用于发送所述第二业务报文至所述交换机。
  11. 根据权利要求10所述的分布式网关,其特征在于,所述第一业务报文是VLAN报文,所述第一业务报文的目的地址是所述第二虚拟机的MAC地址,所述第一VLAN网络设置有第一VLAN识别码,所述第二VLAN网络设置有与所述第一VLAN识别码不同的第二VLAN识别码,
    所述转换模块,用于根据所述第一业务报文的目的MAC地址从所述第一对应关系获取所述第二VLAN识别码,将所述第二VLAN识别码设置于所述第一业务报文以产生所述第二业务报文。
  12. 根据权利要求10所述的分布式网关,其特征在于,所述第一业务报文是VLAN报文,所述第一业务报文的目的MAC地址是第二虚拟机的MAC地址,所述第二VLAN的网络信息包括所述第二虚拟机的MAC地址与与第二计算节点通过第二PCIe链路连接的另一分布式网关的IP地址的第二对应关系,
    所述转换模块,用于根据所述业务报文的目的地址从所述第二对应关系获取所述IP地址,将所述第一业务报文封装到所述第二业务报文,其中,所述第二业务报文为overlay报文,所述第二业务报文的目的IP地址是与所述与第二计算节点通过第二PCIe链路连接的另一分布式网关的IP地址。
  13. 一种服务器,其特征在于,包括分布式网关和计算节点,所述分布式网关与所述计算节点通过高速外围组件互联PCIe接口连接,所述分布式网关与交换机连接,所述计算节点设置有第一虚拟机,所述第一虚拟机位于第一虚拟局域网VLAN,其中:
    所述分布式网关,用于接收云管理平台发送的管理报文,所述管理报文携带有第二VLAN的网络信息;
    所述分布式网关,还用于记录所述第二VLAN的网络信息;
    所述第一虚拟机,用于向第二虚拟机发送携带有业务数据的第一业务报文,所述第二虚拟机位于所述第二VLAN;
    所述分布式网关,还用于接收所述第一业务报文;
    所述分布式网关,还用于根据所述第二VLAN的网络信息对所述第一业务报文进行修改以产生可到达所述第二VLAN的第二业务报文,并发送所述第二业务报文至所述交换机,其中,所述第二业务报文携带有所述业务数据。
  14. 一种分布式网关,其特征在于,包括处理器以及存储器,所述分布式网关与设置有第一虚拟机的计算节点连接,所述分布式网关与交换机连接,所述第一虚拟机位于第一虚拟局域网VLAN,所述存储器存储有程序指令,所述处理器运行所述程序指令以执行权利要求2至9任一项所述的方法。
PCT/CN2019/128497 2018-12-26 2019-12-26 云计算数据中心系统、网关、服务器及报文处理方法 WO2020135542A1 (zh)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP19902662.6A EP3883195A4 (en) 2018-12-26 2019-12-26 CLOUD COMPUTING DATA CENTER SYSTEM, GATEWAY, SERVER AND MESSAGE PROCESSING METHOD
JP2021537822A JP7231744B2 (ja) 2018-12-26 2019-12-26 クラウドコンピューティングデータセンタシステム、ゲートウェイ、サーバ、およびパケット処理方法
US17/358,264 US11831551B2 (en) 2018-12-26 2021-06-25 Cloud computing data center system, gateway, server, and packet processing method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811602177.3 2018-12-26
CN201811602177.3A CN109617735B (zh) 2018-12-26 2018-12-26 云计算数据中心系统、网关、服务器及报文处理方法

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/358,264 Continuation US11831551B2 (en) 2018-12-26 2021-06-25 Cloud computing data center system, gateway, server, and packet processing method

Publications (1)

Publication Number Publication Date
WO2020135542A1 true WO2020135542A1 (zh) 2020-07-02

Family

ID=66010622

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/128497 WO2020135542A1 (zh) 2018-12-26 2019-12-26 云计算数据中心系统、网关、服务器及报文处理方法

Country Status (5)

Country Link
US (1) US11831551B2 (zh)
EP (1) EP3883195A4 (zh)
JP (1) JP7231744B2 (zh)
CN (1) CN109617735B (zh)
WO (1) WO2020135542A1 (zh)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109617735B (zh) * 2018-12-26 2021-04-09 华为技术有限公司 云计算数据中心系统、网关、服务器及报文处理方法
CN110071918B (zh) * 2019-04-19 2020-10-09 北京那镁克科技有限公司 一种基于混合云的数据通信方法及装置
US11076004B2 (en) * 2019-08-20 2021-07-27 The Calany Holding S.Á R.L. Virtual radio access network system and method for optimized real-time responsive continuous location-based cloud computing, rendering, tracking, and communication services in three-dimensional space through a distributed computing center network
CN110830477B (zh) * 2019-11-11 2022-03-11 北京天融信网络安全技术有限公司 一种业务的识别方法、装置、网关、系统及存储介质
CN110944044B (zh) * 2019-11-20 2020-11-13 广州市品高软件股份有限公司 一种分布式api网关系统及其实现方法
CN112019598A (zh) * 2020-07-31 2020-12-01 深圳华云信息系统有限公司 一种分布式云计算系统
CN112367278B (zh) * 2020-11-03 2021-07-20 清华大学 基于可编程数据交换机的云网关系统及其报文处理方法
CN112596669A (zh) * 2020-11-25 2021-04-02 新华三云计算技术有限公司 一种基于分布式存储的数据处理方法及装置
CN112737915B (zh) * 2020-12-29 2022-10-25 优刻得科技股份有限公司 基于智能网卡的内网隧道跨域网关转发方法、系统、设备和介质
US20230031462A1 (en) * 2021-07-30 2023-02-02 Oracle International Corporation Selective handling of traffic received from on-premises data centers
CN114448752B (zh) * 2022-04-07 2022-09-09 杭州优云科技有限公司 一种多子网通信方法及装置
CN117118774B (zh) * 2023-10-23 2024-02-27 杭州优云科技有限公司 二层网络下云计算网关的接入方法及装置

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140201733A1 (en) * 2013-01-15 2014-07-17 International Business Machines Corporation Scalable network overlay virtualization using conventional virtual switches
CN104506404A (zh) * 2014-12-17 2015-04-08 杭州华三通信技术有限公司 建立虚拟局域网转发通道的方法和装置
CN104639363A (zh) * 2013-11-13 2015-05-20 财团法人资讯工业策进会 用于在虚拟区域网络中管理云端装置的管理伺服器及其管理方法
CN105591925A (zh) * 2015-12-10 2016-05-18 杭州华三通信技术有限公司 应用于sdn中的报文转发方法和设备
CN108337192A (zh) * 2017-12-28 2018-07-27 华为技术有限公司 一种云数据中心中报文通信方法和装置
CN109617735A (zh) * 2018-12-26 2019-04-12 华为技术有限公司 云计算数据中心系统、网关、服务器及报文处理方法

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8369333B2 (en) 2009-10-21 2013-02-05 Alcatel Lucent Method and apparatus for transparent cloud computing with a virtualized network infrastructure
JP5585219B2 (ja) 2010-06-03 2014-09-10 富士通株式会社 スイッチング装置および仮想lan構築方法
CN102801599B (zh) * 2012-07-26 2015-09-30 华为技术有限公司 一种通信方法和系统
US9210079B2 (en) 2012-08-14 2015-12-08 Vmware, Inc. Method and system for virtual and physical network integration
JP6024474B2 (ja) * 2013-01-23 2016-11-16 富士通株式会社 マルチテナントシステム、管理装置、管理プログラム、およびマルチテナントシステムの制御方法
JP6107307B2 (ja) 2013-03-28 2017-04-05 日本電気株式会社 仮想化システム、フレーム伝送方法、及びフレーム伝送プログラム
US9419897B2 (en) 2014-06-30 2016-08-16 Nicira, Inc. Methods and systems for providing multi-tenancy support for Single Root I/O Virtualization
JP6428296B2 (ja) 2015-01-22 2018-11-28 富士通株式会社 情報処理システム、情報処理装置、および情報処理システムの制御方法
JP6629681B2 (ja) 2016-06-24 2020-01-15 APRESIA Systems株式会社 スイッチ装置および中継システム
JP6513835B2 (ja) * 2016-11-09 2019-05-15 ホアウェイ・テクノロジーズ・カンパニー・リミテッド クラウドコンピューティングシステムにおけるパケット処理方法、ホスト、およびシステム
CN108337092B (zh) 2017-01-17 2021-02-12 华为国际有限公司 用于在通信网络中执行集体认证的方法和系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140201733A1 (en) * 2013-01-15 2014-07-17 International Business Machines Corporation Scalable network overlay virtualization using conventional virtual switches
CN104639363A (zh) * 2013-11-13 2015-05-20 财团法人资讯工业策进会 用于在虚拟区域网络中管理云端装置的管理伺服器及其管理方法
CN104506404A (zh) * 2014-12-17 2015-04-08 杭州华三通信技术有限公司 建立虚拟局域网转发通道的方法和装置
CN105591925A (zh) * 2015-12-10 2016-05-18 杭州华三通信技术有限公司 应用于sdn中的报文转发方法和设备
CN108337192A (zh) * 2017-12-28 2018-07-27 华为技术有限公司 一种云数据中心中报文通信方法和装置
CN109617735A (zh) * 2018-12-26 2019-04-12 华为技术有限公司 云计算数据中心系统、网关、服务器及报文处理方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3883195A4 *

Also Published As

Publication number Publication date
CN109617735A (zh) 2019-04-12
CN109617735B (zh) 2021-04-09
EP3883195A4 (en) 2022-01-26
JP7231744B2 (ja) 2023-03-01
EP3883195A1 (en) 2021-09-22
JP2022515839A (ja) 2022-02-22
US20210320872A1 (en) 2021-10-14
US11831551B2 (en) 2023-11-28

Similar Documents

Publication Publication Date Title
WO2020135542A1 (zh) 云计算数据中心系统、网关、服务器及报文处理方法
US12010093B1 (en) Allocating addresses from pools
US11792126B2 (en) Configuring service load balancers with specified backend virtual networks
CN110875848B (zh) 控制器和用于配置虚拟执行元件的虚拟网络接口的方法
US10567275B2 (en) Network interface card switching for virtual networks
US20220123960A1 (en) Data Packet Processing Method, Host, and System
JP6605713B2 (ja) クラウドコンピューティングシステムにおけるパケット処理方法、ホスト及びシステム
EP3031179B1 (en) Switch clusters having layer-3 distributed router functionality
US11658933B2 (en) Dynamically learning media access control and internet protocol addresses
US9178828B2 (en) Architecture for agentless service insertion
JP6087922B2 (ja) 通信制御方法及びゲートウェイ
WO2018032910A1 (zh) 一种跨网络通信的方法、设备
US20110032944A1 (en) Method and System for Switching in a Virtualized Platform
WO2018019092A1 (zh) 一种网络中vlan id分配的方法及控制器
JP7113006B2 (ja) 分散顧客構内機器
US11658918B2 (en) Latency-aware load balancer for topology-shifting software defined networks
KR101621717B1 (ko) 소프트웨어 정의 데이터 센터의 네트워크 자원을 가상화 하는 방법, 장치 및 컴퓨터 프로그램
WO2017219272A1 (zh) 转发报文的方法和装置
CN117255019A (zh) 用于虚拟化计算基础设施的系统、方法及存储介质
CN116743681A (zh) Vxlan网络中报文转发方法、装置、计算机设备和存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19902662

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2019902662

Country of ref document: EP

Effective date: 20210615

ENP Entry into the national phase

Ref document number: 2021537822

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE