WO2021139269A1 - Distributed routing method and apparatus based on open vswitch kernel state flow tables in overlay network - Google Patents

Distributed routing method and apparatus based on open vswitch kernel state flow tables in overlay network Download PDF

Info

Publication number
WO2021139269A1
WO2021139269A1 PCT/CN2020/118912 CN2020118912W WO2021139269A1 WO 2021139269 A1 WO2021139269 A1 WO 2021139269A1 CN 2020118912 W CN2020118912 W CN 2020118912W WO 2021139269 A1 WO2021139269 A1 WO 2021139269A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual
private cloud
flow table
virtual private
type
Prior art date
Application number
PCT/CN2020/118912
Other languages
French (fr)
Chinese (zh)
Inventor
覃华伟
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2021139269A1 publication Critical patent/WO2021139269A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/44Distributed routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/64Routing or path finding of packets in data switching networks using an overlay routing layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches

Definitions

  • This application relates to the field of artificial intelligence technology, and specifically to an overlay network based on Open Distributed routing method and device for vSwitch kernel state flow table.
  • Overlay refers to the virtualization technology mode superimposed on a network architecture in the field of computer network technology. Its general framework is to realize the bearer application on the network without large-scale modification of the basic network, and can be compatible with Separation of other network services, and based on IP-based basic network technology.
  • Open vSwitch (OvS for short) is an open source virtual switching software widely used in the cloud computing industry to provide network administrators with visibility and control of traffic between and within virtual cloud hosts. In short, Open vSwitch is an open OpenFlow switch.
  • the first packet needs to be forwarded to the user mode for flow table calculation, and the processing of the first packet will be delayed.
  • VPC Virtual Private Cloud
  • a distributed routing method based on an Open vSwitch kernel state flow table in an Overlay network including:
  • the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud.
  • a distributed routing device based on an Open vSwitch kernel state flow table in an Overlay network including:
  • the first module is used to configure flow tables for four types of intercommunication in the virtual private cloud synchronously when establishing a virtual machine in the virtual private cloud of the overlay network;
  • the second module is used to keep the flow table in the host kernel during the life cycle of the virtual machine
  • the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud.
  • an electronic device including a memory, a processor, and a computer program stored on the memory and running on the processor, and the processor executes the program,
  • the distributed routing method of the vSwitch kernel state flow table includes the following steps:
  • the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud.
  • a computer-readable storage medium is provided with a computer program stored thereon, and the program is executed by a processor to implement an Overlay network based on Open
  • the distributed routing method of the vSwitch kernel state flow table includes the following steps:
  • the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud.
  • the distributed routing method based on the Open vSwitch kernel state flow table in the Overlay network is to configure the flow tables for the four intercommunication types. All the configured flow tables adopt the kernel state flow table, which avoids the performance caused by a large number of upcalls. Decrease; the configured flow table accompanies the entire life cycle of the virtual machine and can provide stable and reliable statistics based on the flow table.
  • FIG. 1 shows a flow chart of a distributed routing method based on an Open vSwitch kernel state flow table in an Overlay network according to an embodiment of the present application
  • FIG. 2 shows a flow chart of the steps of configuring a flow table in a virtual private cloud for the types of intercommunication between virtual machines in the same virtual private cloud in an embodiment of the present application;
  • FIG. 3 shows a flow chart of the steps of configuring a flow table for the intercommunication types between virtual machines of different virtual private clouds in a virtual private cloud according to an embodiment of the present application
  • Fig. 4 shows a structural block diagram of a distributed routing device based on an Open vSwitch kernel state flow table in an Overlay network according to an embodiment of the present application.
  • VPC virtual private cloud
  • an embodiment of the present application provides a distributed routing method based on the Open vSwitch kernel state flow table in an Overlay network, including:
  • the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud.
  • Open vSwitch (OVS for short) is a virtual switch that implements OpenFlow.
  • the flow tables are respectively configured for the four types of interworking in the virtual private cloud, including:
  • Open vSwitch provides a command ovs-dpctl, which can directly send to the host kernel (kernel)
  • the datapath configures the flow table.
  • the style of the flow table can be:
  • the deployment of a virtual private cloud includes:
  • the virtual management network port corresponding to the physical management network port is associated with the OVS management bridge, and the virtual work corresponding to the physical working network port is associated
  • the network port is associated with the OVS working bridge;
  • this data distribution rule is used to instruct the target OVS network bridge to distribute the data of multiple users received by the target physical working network port to the corresponding user’s virtual
  • the target virtual network port of the VM can be any one of the physical working network ports
  • the target OVS working network bridge is the OVS network bridge created for the target physical working network port
  • the target virtual network port is The virtual working network port associated with the target OVS bridge.
  • VM-A sends data to VM-B, VM-C, and VM-D. It only needs to configure a flow table for each of the three virtual machines VM-B, VM-C, and VM-D.
  • the flow table style is as above State the style of the flow table.
  • VM-A can determine the flow tables sent by other VMs in the same VPC and VM-A receives the flow tables of other VMs in the same VPC. These flow tables can be synchronized when VM-A is created. It is delivered to the host (HOST-01) kernel (kernel) Open vSwitch data path (datapath), without the need to deliver the flow table when the actual traffic is generated, thereby reducing the first packet delay and avoiding upcall.
  • HOST-01 host
  • kernel kernel
  • Open vSwitch data path datapath
  • the step of issuing a flow table by a virtual machine includes:
  • step 2) According to the search result obtained in step 2), obtain the task priority parameter corresponding to the message.
  • step 3 According to the task priority parameter obtained in step 3), and set the corresponding standard flow entry priority.
  • the flow table is configured in the virtual private cloud for the types of intercommunication between virtual machines in the same virtual private cloud, including:
  • a first flow table is configured corresponding to each of the other virtual machines
  • the certain virtual machine configures a second flow table to receive data sent by each of the other virtual machines.
  • the configuration of the flow table in the virtual private cloud for the type of intercommunication between the virtual machines in the same virtual private cloud further includes: A3. Creating the first virtual machine When the first flow table and the second flow table are synchronously issued to the Open of the host kernel vSwitch data path.
  • NAT Network Address Translation, network address translation
  • NAT Network Address Translation
  • VXLAN Virtual eXtensible Local Area Network
  • IP TABLES IP TABLES
  • configuring a flow table in the virtual private cloud for the type of intercommunication between virtual machines of the different virtual private clouds includes:
  • the using network address translation technology to map the overlapping virtual machine IP addresses includes:
  • VPC-VM to the NAT gateway uses a fixed configuration flow table:
  • configuring a flow table in the virtual private cloud for the types of virtual machines in the virtual private cloud accessing the Internet includes:
  • the virtual machine in the virtual private cloud uses a fixed configuration flow table to access the network address translation gateway, and accesses the Internet through the network address translation gateway.
  • Types of virtual machines in the virtual private cloud accessing the public facilities of the data center
  • the public facilities of the data center may be, for example, public DNS, DNS PROXY, public database, HTTP PROXY, software package mirroring, or public network storage.
  • the IP address of the public facilities of the data center is usually configured as a fixed IP segment, and the VPC-VM to the public facilities of the data center also uses the flow table corresponding to the fixed configuration of the IP segment; the virtual machine VPC-VM in the virtual private cloud accesses the data When central public facilities, the flow table used is
  • configuring a flow table in the virtual private cloud for the types of virtual machines in the virtual private cloud accessing public facilities of the data center includes:
  • the virtual machine in the virtual private cloud accesses the public facilities of the data center through a flow table configured corresponding to a fixed IP segment; wherein the fixed IP segment is an IP address of the public facility of the data center.
  • the above four types of flow tables can be configured in the virtual private cloud simultaneously. During the life cycle of the virtual machine, these flow tables can be kept in the kernel of the host, and their corresponding statistical information can be operated and maintained.
  • the platform conducts continuous collection and analysis, such as:
  • a virtual machine VM-A is online, and when all virtual machines in the entire VPC are reachable, the above-mentioned four types of flow table configurations need to be performed on the host of the virtual machine; and the VPC is also required
  • the host of other virtual machines configures the flow table, namely FLOW:VM-x ⁇ VM-a.
  • the method further includes: when configuring the flow table, setting a matching item in the flow table, and the matching item is used for data packets sent and/or received by the virtual machine. Perform verification.
  • another embodiment of the present application provides a distributed routing device based on an Open vSwitch kernel state flow table in an overlay network, including:
  • the first module is used to configure flow tables for four types of intercommunication in the virtual private cloud synchronously when establishing a virtual machine in the virtual private cloud of the overlay network;
  • the second module is used to keep the flow table in the host kernel during the life cycle of the virtual machine
  • the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud.
  • Another embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory and running on the processor, and the processor executes the program to implement
  • the distributed routing method based on the Open vSwitch kernel state flow table in the Overlay network includes the following steps:
  • the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud.
  • the distributed routing method based on the Open vSwitch kernel state flow table in the Overlay network includes the following steps :
  • the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud.
  • the flow tables are configured for the four intercommunication types, and all the configured flow tables adopt the kernel state flow table, avoiding the performance caused by a large number of upcall Decline; the configured flow table accompanies the entire life cycle of the virtual machine, and can provide stable and reliable statistics based on the flow table; this method can be applied to both virtual machine and container networks to provide a consistent network operation and maintenance experience and architecture; in network control
  • the workload is stable and predictable, and there is no performance thrashing problem under short connections in solutions such as openstack; the use of flow tables for data packet distribution avoids the network bottleneck of centralized routing and the possibility of single points of failure, and reduces the network Design difficulty: In the flow table design, adding more matching items to the flow table can perform more verifications and enhance security.
  • module is not intended to be limited to a specific physical form. Depending on the specific application, the module can be implemented as hardware, firmware, software, and/or a combination thereof. In addition, different modules can share common components or even be implemented by the same components. There may or may not be clear boundaries between different modules.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present application relates to the field of artificial intelligence and discloses a distributed routing method and apparatus based on open vSwitch kernel state flow tables in an overlay network. The method comprises: when establishing virtual machines in a virtual private cloud of an overlay network, synchronously configuring flow tables separately for four different intercommunication types in the virtual private cloud; maintaining the flow tables in a host kernel during the life cycles of the virtual machines; the four intercommunication types include the type of intercommunication between different virtual machines in a same virtual private cloud, the type of intercommunication between virtual machines in different virtual private clouds, the type of Internet access by virtual machines in a virtual private cloud, and the type of data center common installation access by virtual machines in a virtual private cloud; the flow tables are Open vSwitch kernel state flow tables. The present application configures flow tables separately for four intercommunication types, and the configured flow tables all use kernel state flow tables, thereby avoiding performance degradation due to a large number of upcalls. The configured flow tables accompany the virtual machines for the whole life cycle, thereby providing stable and reliable flow table-based statistics.

Description

Overlay网络中基于Open vSwitch内核态流表的分布式路由方法及装置Distributed routing method and device based on Open vSwitch kernel state flow table in Overlay network
本申请要求于2020年08月06日提交中国专利局、申请号为202010785582.4,发明名称为“Overlay网络中基于Open vSwitch内核态流表的分布式路由方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application is required to be submitted to the Chinese Patent Office on August 6, 2020, the application number is 202010785582.4, and the title of the invention is "Overlay network based on Open The priority of the Chinese patent application of "vSwitch kernel state flow table distributed routing method and device", the entire content of which is incorporated in this application by reference.
技术领域Technical field
本申请涉及人工智能技术领域,具体涉及一种Overlay网络中基于Open vSwitch内核态流表的分布式路由方法及装置。This application relates to the field of artificial intelligence technology, and specifically to an overlay network based on Open Distributed routing method and device for vSwitch kernel state flow table.
背景技术Background technique
Overlay指的是在计算机网络技术领域的一种网络架构上叠加的虚拟化技术模式,其大体框架是在对基础网络不进行大规模修改的条件下,实现应用在网络上的承载,并能与其它网络业务分离,并且以基于IP的基础网络技术为主。Open vSwitch(简称 OvS)是一个开源的虚拟交换软件,广泛应用于云计算行业,为网络管理员提供虚拟云主机之间和之内的流量可见性与可控性。简而言之,Open vSwitch 即开放的OpenFlow交换机。Overlay refers to the virtualization technology mode superimposed on a network architecture in the field of computer network technology. Its general framework is to realize the bearer application on the network without large-scale modification of the basic network, and can be compatible with Separation of other network services, and based on IP-based basic network technology. Open vSwitch (OvS for short) is an open source virtual switching software widely used in the cloud computing industry to provide network administrators with visibility and control of traffic between and within virtual cloud hosts. In short, Open vSwitch is an open OpenFlow switch.
技术问题technical problem
现有技术中较为常用的是Open vSwitch+ovsDB和openflow的控制结构,依赖Open vSwitch在用户空间计算流表,然后下发到内核态,或者在流表老化之后下发指令到内核态删除流表。发明人意识到,这种技术方案能实现API 兼容,流程通用。但是存在以下缺陷:In the prior art, the control structure of Open vSwitch+ovsDB and openflow is commonly used, which relies on Open The vSwitch calculates the flow table in the user space and then sends it to the kernel state, or sends an instruction to the kernel state to delete the flow table after the flow table ages. The inventor realized that this technical solution can achieve API compatibility and the process is universal. But there are the following shortcomings:
1.  对任何新建立的流,第一个包都需要被转发到用户态进行流表计算,首包处理会有延迟。1. For any newly created flow, the first packet needs to be forwarded to the user mode for flow table calculation, and the processing of the first packet will be delayed.
2.  对大量的新连接的建立,会有大量的包从内核态拷贝到用户态,在计算完流表之后从用户态拷贝会内核态,会造成大量计算资源浪费。极端情况下,大量短连接甚至会造成计算全部的计算能力都在处理 upcall 流程。2. For the establishment of a large number of new connections, a large number of packets will be copied from the kernel mode to the user mode. After calculating the flow table, copying from the user mode to the kernel mode will cause a lot of waste of computing resources. In extreme cases, a large number of short connections may even cause all computing power to be processed upcall process.
3.  在VPC(虚拟私有云,Virtual Private Cloud,简称VPC)网络内,不必要地频繁流表新建、老化流程消耗了过多资源。3. In a VPC (Virtual Private Cloud, VPC for short) network, unnecessary and frequent flow table creation and aging processes consume too much resources.
4.  流表一旦老化删除,其对应的统计项也会消失,对运维和问题跟踪不友好。4. Once the flow table is aging and deleted, its corresponding statistical items will disappear, which is not friendly to operation and maintenance and problem tracking.
技术解决方案Technical solutions
本申请的目的是提供一种Overlay网络中基于Open vSwitch内核态流表的分布式路由方法及装置。为了对披露的实施例的一些方面有一个基本的理解,下面给出了简单的概括。该概括部分不是泛泛评述,也不是要确定关键/重要组成元素或描绘这些实施例的保护范围。其唯一目的是用简单的形式呈现一些概念,以此作为后面的详细说明的序言。The purpose of this application is to provide a distributed routing method and device based on the Open vSwitch kernel state flow table in an overlay network. In order to have a basic understanding of some aspects of the disclosed embodiments, a brief summary is given below. This summary is not a general review, nor is it intended to identify key/important elements or describe the scope of protection of these embodiments. Its sole purpose is to present some concepts in a simple form as a prelude to the detailed description that follows.
根据本申请实施例的一个方面,提供一种Overlay网络中基于Open vSwitch内核态流表的分布式路由方法,包括:According to an aspect of the embodiments of the present application, a distributed routing method based on an Open vSwitch kernel state flow table in an Overlay network is provided, including:
在Overlay网络的虚拟私有云内建立虚拟机时,同步在所述虚拟私有云内针对四种互通类型分别配置流表;When establishing a virtual machine in the virtual private cloud of the Overlay network, synchronously configure flow tables for the four interworking types in the virtual private cloud;
在所述虚拟机的生命周期内,将所述流表保持在主机内核中;Maintaining the flow table in the host kernel during the life cycle of the virtual machine;
其中,所述四种互通类型包括同一虚拟私有云内的各虚拟机之间互通的类型、不同虚拟私有云的虚拟机之间互通的类型、虚拟私有云内的虚拟机访问互联网的类型以及虚拟私有云内的虚拟机访问数据中心公共设施的类型;所述流表为Open vSwitch内核态流表。Among them, the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud. The type of the virtual machine in the private cloud accessing the public facilities of the data center; the flow table is Open vSwitch kernel state flow table.
根据本申请实施例的另一个方面,提供一种Overlay网络中基于Open vSwitch内核态流表的分布式路由装置,包括:According to another aspect of the embodiments of the present application, a distributed routing device based on an Open vSwitch kernel state flow table in an Overlay network is provided, including:
第一模块,用于在Overlay网络的虚拟私有云内建立虚拟机时,同步在所述虚拟私有云内针对四种互通类型配置流表;The first module is used to configure flow tables for four types of intercommunication in the virtual private cloud synchronously when establishing a virtual machine in the virtual private cloud of the overlay network;
第二模块,用于在所述虚拟机的生命周期内,将所述流表保持在主机内核中;The second module is used to keep the flow table in the host kernel during the life cycle of the virtual machine;
其中,所述四种互通类型包括同一虚拟私有云内的各虚拟机之间互通的类型、不同虚拟私有云的虚拟机之间互通的类型、虚拟私有云内的虚拟机访问互联网的类型以及虚拟私有云内的虚拟机访问数据中心公共设施的类型;所述流表为Open vSwitch内核态流表。Among them, the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud. The type of the virtual machine in the private cloud accessing the public facilities of the data center; the flow table is Open vSwitch kernel state flow table.
根据本申请实施例的另一个方面,提供一种电子设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述程序,以实现一种Overlay网络中基于Open vSwitch内核态流表的分布式路由方法,其中,所述Overlay网络中基于Open vSwitch内核态流表的分布式路由方法包括以下步骤:According to another aspect of the embodiments of the present application, there is provided an electronic device including a memory, a processor, and a computer program stored on the memory and running on the processor, and the processor executes the program, In order to realize an Overlay network based on Open The distributed routing method of the vSwitch kernel state flow table, wherein the distributed routing method based on the Open vSwitch kernel state flow table in the Overlay network includes the following steps:
在Overlay网络的虚拟私有云内建立虚拟机时,同步在所述虚拟私有云内针对四种互通类型分别配置流表;When establishing a virtual machine in the virtual private cloud of the Overlay network, synchronously configure flow tables for the four interworking types in the virtual private cloud;
在所述虚拟机的生命周期内,将所述流表保持在主机内核中;Maintaining the flow table in the host kernel during the life cycle of the virtual machine;
其中,所述四种互通类型包括同一虚拟私有云内的各虚拟机之间互通的类型、不同虚拟私有云的虚拟机之间互通的类型、虚拟私有云内的虚拟机访问互联网的类型以及虚拟私有云内的虚拟机访问数据中心公共设施的类型;所述流表为Open vSwitch内核态流表。Among them, the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud. The type of the virtual machine in the private cloud accessing the public facilities of the data center; the flow table is Open vSwitch kernel state flow table.
根据本申请实施例的另一个方面,提供一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行,以实现一种Overlay网络中基于Open vSwitch内核态流表的分布式路由方法,其中,所述Overlay网络中基于Open vSwitch内核态流表的分布式路由方法包括以下步骤:According to another aspect of the embodiments of the present application, a computer-readable storage medium is provided with a computer program stored thereon, and the program is executed by a processor to implement an Overlay network based on Open The distributed routing method of the vSwitch kernel state flow table, wherein the distributed routing method based on the Open vSwitch kernel state flow table in the Overlay network includes the following steps:
在Overlay网络的虚拟私有云内建立虚拟机时,同步在所述虚拟私有云内针对四种互通类型分别配置流表;When establishing a virtual machine in the virtual private cloud of the Overlay network, synchronously configure flow tables for the four interworking types in the virtual private cloud;
在所述虚拟机的生命周期内,将所述流表保持在主机内核中;Maintaining the flow table in the host kernel during the life cycle of the virtual machine;
其中,所述四种互通类型包括同一虚拟私有云内的各虚拟机之间互通的类型、不同虚拟私有云的虚拟机之间互通的类型、虚拟私有云内的虚拟机访问互联网的类型以及虚拟私有云内的虚拟机访问数据中心公共设施的类型;所述流表为Open vSwitch内核态流表。Among them, the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud. The type of the virtual machine in the private cloud accessing the public facilities of the data center; the flow table is Open vSwitch kernel state flow table.
有益效果Beneficial effect
本申请实施例提供的Overlay网络中基于Open vSwitch内核态流表的分布式路由方法,针对四种互通类型分别配置流表,配置的流表全部采用内核态流表,避免了大量upcall造成的性能下降;配置的流表伴随虚拟机整个生命周期,可以提供稳定可靠的基于流表的统计。The distributed routing method based on the Open vSwitch kernel state flow table in the Overlay network provided by the embodiment of the application is to configure the flow tables for the four intercommunication types. All the configured flow tables adopt the kernel state flow table, which avoids the performance caused by a large number of upcalls. Decrease; the configured flow table accompanies the entire life cycle of the virtual machine and can provide stable and reliable statistics based on the flow table.
本申请的其他特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者,部分特征和优点可以从说明书中推知或毫无疑义地确定,或者通过实施本申请实施例了解。本申请的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Other features and advantages of this application will be described in the following specification, and partly become obvious from the specification, or part of the features and advantages can be inferred from the specification or determined without doubt, or implemented by implementing this application Example to understand. The purpose and other advantages of the present application can be realized and obtained through the structures specifically pointed out in the written description, claims, and drawings.
附图说明Description of the drawings
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly describe the technical solutions in the embodiments of the present application or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments described in this application. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without creative work.
图1示出了本申请的一个实施例的Overlay网络中基于Open vSwitch内核态流表的分布式路由方法流程图;FIG. 1 shows a flow chart of a distributed routing method based on an Open vSwitch kernel state flow table in an Overlay network according to an embodiment of the present application;
图2示出了本申请的一个实施例中在虚拟私有云内针对同一虚拟私有云内的各虚拟机之间互通的类型配置流表的步骤流程图;FIG. 2 shows a flow chart of the steps of configuring a flow table in a virtual private cloud for the types of intercommunication between virtual machines in the same virtual private cloud in an embodiment of the present application;
图3示出了本申请的一个实施例的在虚拟私有云内针对不同虚拟私有云的虚拟机之间的互通类型配置流表的步骤流程图;FIG. 3 shows a flow chart of the steps of configuring a flow table for the intercommunication types between virtual machines of different virtual private clouds in a virtual private cloud according to an embodiment of the present application;
图4示出了本申请的一个实施例的Overlay网络中基于Open vSwitch内核态流表的分布式路由装置的结构框图。Fig. 4 shows a structural block diagram of a distributed routing device based on an Open vSwitch kernel state flow table in an Overlay network according to an embodiment of the present application.
本发明的最佳实施方式The best mode of the present invention
为了使本申请的目的、技术方案及优点更加清楚明白,下面结合附图和具体实施例对本申请做进一步说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不用于限定本申请。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the objectives, technical solutions, and advantages of this application clearer, the following further describes this application with reference to the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described here are only used to explain the application, and are not used to limit the application. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.
本技术领域技术人员可以理解,除非另外定义,这里使用的所有术语(包括技术术语和科学术语),具有与本申请所属领域中的普通技术人员的一般理解相同的意义。还应该理解的是,诸如通用字典中定义的那些术语,应该被理解为具有与现有技术的上下文中的意义一致的意义,并且除非像这里一样被特定定义,否则不会用理想化或过于正式的含义来解释。Those skilled in the art can understand that, unless otherwise defined, all terms (including technical terms and scientific terms) used herein have the same meanings as commonly understood by those of ordinary skill in the art to which this application belongs. It should also be understood that terms such as those defined in general dictionaries should be understood to have a meaning consistent with the meaning in the context of the prior art, and unless specifically defined as here, they will not be idealized or overly Explain the formal meaning.
在Overlay网络中,虚拟私有云(VPC)的虚拟机的互通类型可以分为四类:In the overlay network, the intercommunication types of virtual machines in a virtual private cloud (VPC) can be divided into four categories:
1.  同一虚拟私有云内的各虚拟机之间互通的类型;1. The type of intercommunication between virtual machines in the same virtual private cloud;
2.  不同虚拟私有云的虚拟机之间互通的类型;2. The type of intercommunication between virtual machines of different virtual private clouds;
3. 虚拟私有云内的虚拟机访问互联网的类型;3. The type of virtual machine accessing the Internet in the virtual private cloud;
4.  虚拟私有云内的虚拟机访问数据中心公共设施的类型。4. The type of virtual machines in the virtual private cloud that access the public facilities of the data center.
如图1所示,本申请的一个实施例提供了一种Overlay网络中基于Open vSwitch内核态流表的分布式路由方法,包括:As shown in Figure 1, an embodiment of the present application provides a distributed routing method based on the Open vSwitch kernel state flow table in an Overlay network, including:
S10、在Overlay网络的虚拟私有云内建立虚拟机时,同步在所述虚拟私有云内针对四种互通类型分别配置流表;S10. When establishing a virtual machine in the virtual private cloud of the Overlay network, synchronously configure flow tables for the four interworking types in the virtual private cloud;
S20、在所述虚拟机的生命周期内,将所述流表保持在主机内核中;S20. Keep the flow table in the host kernel during the life cycle of the virtual machine;
其中,所述四种互通类型包括同一虚拟私有云内的各虚拟机之间互通的类型、不同虚拟私有云的虚拟机之间互通的类型、虚拟私有云内的虚拟机访问互联网的类型以及虚拟私有云内的虚拟机访问数据中心公共设施的类型;所述流表为Open vSwitch内核态流表。Among them, the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud. The type of the virtual machine in the private cloud accessing the public facilities of the data center; the flow table is the Open vSwitch kernel state flow table.
Open vSwitch(简称OVS)是一个实现了OpenFlow的虚拟交换机。Open vSwitch (OVS for short) is a virtual switch that implements OpenFlow.
在所述虚拟私有云内针对四种互通类型分别配置流表,包括:The flow tables are respectively configured for the four types of interworking in the virtual private cloud, including:
A、在所述虚拟私有云内针对所述同一虚拟私有云内的各虚拟机之间互通的类型配置流表;A. Configure a flow table in the virtual private cloud for the type of intercommunication between virtual machines in the same virtual private cloud;
B、在所述虚拟私有云内针对所述不同虚拟私有云的虚拟机之间的互通类型配置流表;B. Configure a flow table in the virtual private cloud for the type of intercommunication between virtual machines of the different virtual private clouds;
C、在所述虚拟私有云内针对虚拟私有云内的虚拟机访问互联网的类型配置流表;C. Configure a flow table in the virtual private cloud for the types of virtual machines in the virtual private cloud that access the Internet;
D、在所述虚拟私有云内针对虚拟私有云内的虚拟机访问数据中心公共设施的类型配置流表。其中,A、B、C和D不代表步骤的执行先后顺序。D. Configure a flow table in the virtual private cloud for the types of virtual machines in the virtual private cloud that access the public facilities of the data center. Among them, A, B, C, and D do not represent the order of execution of the steps.
Open vSwitch 提供了一个命令ovs-dpctl,可以直接向主机内核(kernel) 数据路径(datapath)配置流表,流表的样式可以为:Open vSwitch provides a command ovs-dpctl, which can directly send to the host kernel (kernel) The datapath (datapath) configures the flow table. The style of the flow table can be:
ovs-dpctl add-flow vpc-dp "in_port({vma_veth_id}),eth(src={vma_mac},dst={vmb_mac}),eth_type(0x0800),ipv4(src={vma_ip},dst={vmb_ip})" "set(tunnel(tun_id={vpc_vni},src={host_1_ip},dst={host_2_ip},ttl=128,tp_dst=4789,flags(df|key))),{vxlan_port_id}"ovs-dpctl add-flow vpc-dp "in_port({vma_veth_id}),eth(src={vma_mac},dst={vmb_mac}),eth_type(0x0800),ipv4(src={vma_ip},dst={vmb_ip})" "set(tunnel(tun_id={vpc_vni},src={host_1_ip},dst={host_2_ip},ttl=128,tp_dst=4789,flags(df|key))),{vxlan_port_id}"
在某些实施方式中,虚拟私有云的部署,包括:In some embodiments, the deployment of a virtual private cloud includes:
为物理管理网口创建OVS网桥作为OVS管理网桥,并分别为各个物理工作网口创建OVS网桥作为OVS工作网桥;其中,物理网口与OVS网桥是一一对应的;Create an OVS bridge for the physical management network port as the OVS management bridge, and create an OVS bridge for each physical work network port as the OVS work bridge; among them, the physical network port and the OVS bridge are one-to-one correspondence;
在创建虚拟机(VM)时,将为虚拟机(VM)添加的虚拟网口中,与物理管理网口对应的虚拟管理网口与OVS管理网桥关联,将与物理工作网口对应的虚拟工作网口与OVS工作网桥关联;When creating a virtual machine (VM), among the virtual network ports added for the virtual machine (VM), the virtual management network port corresponding to the physical management network port is associated with the OVS management bridge, and the virtual work corresponding to the physical working network port is associated The network port is associated with the OVS working bridge;
通过OVS管理网桥为目标OVS工作网桥设置数据下发规则;该数据下发规则用于指示目标OVS网桥将目标物理工作网口接收的多个用户的数据分别下发至对应用户的虚拟机(VM)的目标虚拟网口;其中,目标物理工作网口可以为物理工作网口中的任意一个,目标OVS工作网桥为为目标物理工作网口创建的OVS网桥,目标虚拟网口为与目标OVS网桥关联的虚拟工作网口。Set data distribution rules for the target OVS working network bridge through the OVS management bridge; this data distribution rule is used to instruct the target OVS network bridge to distribute the data of multiple users received by the target physical working network port to the corresponding user’s virtual The target virtual network port of the VM; the target physical working network port can be any one of the physical working network ports, the target OVS working network bridge is the OVS network bridge created for the target physical working network port, and the target virtual network port is The virtual working network port associated with the target OVS bridge.
同一虚拟私有云内的各虚拟机之间互通的类型The type of intercommunication between virtual machines in the same virtual private cloud
大部分情况下,在虚拟私有云以及该虚拟私有云内的虚拟机全部建立之后,就不会再有太多架构变动。例如,在同一虚拟私有云中包括四个虚拟机VM-A、VM-B、VM-C和VM-D,以虚拟机VM-A视角为例:In most cases, after the virtual private cloud and the virtual machines in the virtual private cloud are all established, there will not be too many architectural changes. For example, four virtual machines VM-A, VM-B, VM-C, and VM-D are included in the same virtual private cloud. Take the virtual machine VM-A perspective as an example:
VM-A向VM-B、VM-C、VM-D发送数据,只需要对应VM-B、VM-C、VM-D三个虚拟机分别配置一条流表即可,流表样式如上文所述流表的样式。VM-A sends data to VM-B, VM-C, and VM-D. It only needs to configure a flow table for each of the three virtual machines VM-B, VM-C, and VM-D. The flow table style is as above State the style of the flow table.
VM-A 接收VM-B、VM-C、VM-D发送来的数据时只需要一条流表,流表样式如下:When VM-A receives data sent by VM-B, VM-C, VM-D, only one flow table is needed. The flow table style is as follows:
ovs-dpctl add-flow vpc-dp "tunnel(tun_id={vpc_vni},dst={host_vma_ip},flags(-df-csum+key),ttl=64),in_port({vxlan_port_id}),eth(dst={vm_mac}),eth_type(0x0800),ipv4(dst={vm_ip})" {vma_veth_id}ovs-dpctl add-flow vpc-dp "tunnel(tun_id={vpc_vni},dst={host_vma_ip},flags(-df-csum+key),ttl=64),in_port({vxlan_port_id}),eth(dst={vm_mac}),eth_type(0x0800) ,ipv4(dst={vm_ip})" {vma_veth_id}
以上举例可以看到,VM-A对同一VPC内其他VM发送的流表以及VM-A接收同一VPC内其他VM的流表是可以确定的,这些流表可以在VM-A 被创建的时候同步被下发到主机(HOST-01)内核(kernel) Open vSwitch数据路径(datapath)上,而不需要在实际流量产生的时候才下发流表,从而可以减少首包延迟,并避免upcall。The above example shows that VM-A can determine the flow tables sent by other VMs in the same VPC and VM-A receives the flow tables of other VMs in the same VPC. These flow tables can be synchronized when VM-A is created. It is delivered to the host (HOST-01) kernel (kernel) Open vSwitch data path (datapath), without the need to deliver the flow table when the actual traffic is generated, thereby reducing the first packet delay and avoiding upcall.
在某些实施方式中,虚拟机(VM)下发流表的步骤包括:In some embodiments, the step of issuing a flow table by a virtual machine (VM) includes:
1)在接收到来自虚拟交换机的请求下发第一流表项的报文之后,根据该报文中的IP地址和MAC地址,查找预设置的第一任务优先级列表;1) After receiving a message from the virtual switch requesting to issue the first flow entry, according to the IP address and MAC address in the message, search for the preset first task priority list;
2)若该第一任务优先级列表中无匹配表项,则根据该报文中的优先级字段信息,查找预设置的第二任务优先级列表。2) If there is no matching entry in the first task priority list, search the preset second task priority list according to the priority field information in the message.
3)根据步骤2)得到的查找结果,获取该报文对应的任务优先级参数。3) According to the search result obtained in step 2), obtain the task priority parameter corresponding to the message.
4)根据步骤3)得到的任务优先级参数,并设置对应的标准流表项优先级。4) According to the task priority parameter obtained in step 3), and set the corresponding standard flow entry priority.
5)向该虚拟交换机下发该第一流表项。5) Deliver the first flow entry to the virtual switch.
6)如果接收到来自该虚拟交换机的第一流表项的下发流表溢出失败消息,则将该标准流表项优先级与其保存的已成功下发到虚拟交换机上的流表项的优先级进行比较;根据比较结果,从优先级低于所述标准流表项优先级的流表项中,选择优先级最低的流表项作为第二流表项。6) If a flow table overflow failure message is received from the first flow entry of the virtual switch, the priority of the standard flow entry and the priority of the flow entry that has been successfully delivered to the virtual switch will be saved Perform comparison; according to the comparison result, select the flow entry with the lowest priority as the second flow entry from the flow entry with the priority lower than the priority of the standard flow entry.
7)通知该虚拟交换机删除第二流表项后,重新向该虚拟交换机下发第一流表项。7) After notifying the virtual switch to delete the second flow entry, the first flow entry is re-issued to the virtual switch.
在某些实施方式中,如图2所示,在虚拟私有云内针对同一虚拟私有云内的各虚拟机之间互通的类型配置流表,包括:In some embodiments, as shown in Figure 2, the flow table is configured in the virtual private cloud for the types of intercommunication between virtual machines in the same virtual private cloud, including:
A1、在同一虚拟私有云内,当某虚拟机向其他虚拟机发送数据时,对应所述其他虚拟机中的每一个分别配置一条第一流表;A1. In the same virtual private cloud, when a virtual machine sends data to other virtual machines, a first flow table is configured corresponding to each of the other virtual machines;
A2、所述某虚拟机配置一条第二流表以接收所述其他虚拟机中的每一个所发送的数据。A2. The certain virtual machine configures a second flow table to receive data sent by each of the other virtual machines.
在某些实施方式中,所述在所述虚拟私有云内针对所述同一虚拟私有云内的各虚拟机之间互通的类型配置流表,还包括:A3、在创建所述第一虚拟机时将所述第一流表和所述第二流表同步下发到所述主机内核的Open vSwitch数据路径上。In some embodiments, the configuration of the flow table in the virtual private cloud for the type of intercommunication between the virtual machines in the same virtual private cloud further includes: A3. Creating the first virtual machine When the first flow table and the second flow table are synchronously issued to the Open of the host kernel vSwitch data path.
不同虚拟私有云的虚拟机之间互通的类型Types of intercommunication between virtual machines of different virtual private clouds
检测不同虚拟私有云之间是否存在重叠的虚拟机IP地址。如果两个虚拟私有云之间不存在重叠的虚拟机IP地址,则仍可以直接使用流表来实现从一个虚拟私有云的虚拟机与另一个虚拟私有云的虚拟机之间的互通。Check whether there are overlapping virtual machine IP addresses between different virtual private clouds. If there is no overlapping virtual machine IP address between the two virtual private clouds, the flow table can still be used directly to realize the intercommunication between the virtual machine of one virtual private cloud and the virtual machine of the other virtual private cloud.
从VPC1-VM1到VPC2-VM2的互通,流表如下From VPC1-VM1 to VPC2-VM2, the flow table is as follows
ovs-dpctl add-flow vpc-dp "in_port({vpc1_vm1_port_id}),eth(src={vpc1_vm1_mac},dst={vpc2_vm2_mac}),eth_type(0x0800),ipv4(src={vpc1_vm1_ip},dst={vpc2_vm2_ip})" "set(tunnel(tun_id={vpc2_vni},src={host_vm1_ip},dst={host_vm2_ip},ttl=128,tp_dst=4789,flags(df|key))),{vxlan_port_id}"ovs-dpctl add-flow vpc-dp "in_port({vpc1_vm1_port_id}),eth(src={vpc1_vm1_mac},dst={vpc2_vm2_mac}),eth_type(0x0800),ipv4(src={vpc1_vm1_ip},dst={vpc2_vm2_ip})" "set(tunnel(tun_id={vpc2_vni},src={host_vm1_ip},dst={host_vm2_ip},ttl=128,tp_dst=4789,flags(df|key))),{vxlan_port_id}"
从VPC2-VM2 到VPC1-VM1的互通,流表如下From VPC2-VM2 to VPC1-VM1, the flow table is as follows
ovs-dpctl add-flow vpc-dp "in_port({vpc2_vm2_port_id}),eth(src={vpc2_vm2_mac},dst={vpc1_vm1_mac}),eth_type(0x0800),ipv4(src={vpc2_vm2_ip},dst={vpc1_vm1_ip})" "set(tunnel(tun_id={vpc1_vni},src={host_vm2_ip},dst={host_vm1_ip},ttl=128,tp_dst=4789,flags(df|key))),{vxlan_port_id}"ovs-dpctl add-flow vpc-dp "in_port({vpc2_vm2_port_id}),eth(src={vpc2_vm2_mac},dst={vpc1_vm1_mac}),eth_type(0x0800),ipv4(src={vpc2_vm2_ip},dst={vpc1_vm1_ip})" "set(tunnel(tun_id={vpc1_vni},src={host_vm2_ip},dst={host_vm1_ip},ttl=128,tp_dst=4789,flags(df|key))),{vxlan_port_id}"
如果不同的虚拟私有云之间具有相同的虚拟机IP(Internet Protocol,网际互连协议)地址,则使用 NAT(Network Address Translation,网络地址转换)技术对不同VPC之间的虚拟机的相同IP地址进行映射。If different virtual private clouds have the same virtual machine IP (Internet Protocol, Internet Protocol) address, use NAT (Network Address Translation, network address translation) technology for the same IP address of virtual machines between different VPCs Map it.
使用 NAT(Network Address Translation,网络地址转换)技术对不同VPC之间的虚拟机的相同IP地址进行映射,包括:引入支持VXLAN(Virtual eXtensible Local Area Network,虚拟扩展局域网)的NAT网关,并配置虚拟私有云的虚拟机IP地址的映射规则,例如使用IP TABLES。Use NAT (Network Address Translation (Network Address Translation) technology maps the same IP addresses of virtual machines between different VPCs, including: introducing a NAT gateway that supports VXLAN (Virtual eXtensible Local Area Network), and configuring the virtual private cloud Machine IP address mapping rules, such as using IP TABLES.
在某些实施方式中,如图3所示,在所述虚拟私有云内针对所述不同虚拟私有云的虚拟机之间的互通类型配置流表,包括:In some embodiments, as shown in FIG. 3, configuring a flow table in the virtual private cloud for the type of intercommunication between virtual machines of the different virtual private clouds includes:
B1、检测不同虚拟私有云之间是否存在重叠的虚拟机IP地址;B1. Detect whether there are overlapping virtual machine IP addresses between different virtual private clouds;
B2、若不存在,则直接使用流表来实现一虚拟私有云的虚拟机与另一虚拟私有云的虚拟机之间的互通;B2. If it does not exist, directly use the flow table to realize the intercommunication between the virtual machine of one virtual private cloud and the virtual machine of another virtual private cloud;
B3、若存在,则使用网络地址转换技术对所述重叠的虚拟机IP地址进行映射。B3. If it exists, use network address translation technology to map the overlapping virtual machine IP addresses.
所述使用网络地址转换技术对所述重叠的虚拟机IP地址进行映射,包括:The using network address translation technology to map the overlapping virtual machine IP addresses includes:
引入支持虚拟扩展局域网的网络地址转换网关,并配置虚拟私有云的虚拟机IP地址的映射规则。Introduce the network address translation gateway that supports the virtual extended LAN, and configure the mapping rules of the virtual machine IP address of the virtual private cloud.
虚拟私有云内的虚拟机访问互联网的类型The type of virtual machine accessing the Internet in the virtual private cloud
虚拟私有云内的虚拟机访问互联网需要使用VPC-VM映射到公网IP的NAT网关。VPC-VM到该NAT网关也使用固定配置的流表:To access the Internet, virtual machines in the virtual private cloud need to use a NAT gateway that maps VPC-VM to the public IP. VPC-VM to the NAT gateway also uses a fixed configuration flow table:
ovs-dpctl add-flow vpc-dp "in_port({vm_veth_id}),eth(dst=gateway_mac),eth_type(0x0800),ipv4()" "set(tunnel(tun_id={vpc_vni},src={host_vm_ip},dst={nat_gw_vtep},ttl=128,tp_dst=4789,flags(df|key))),{vxlan_port_id}"ovs-dpctl add-flow vpc-dp "in_port({vm_veth_id}),eth(dst=gateway_mac),eth_type(0x0800),ipv4()" "set(tunnel(tun_id={vpc_vni},src={host_vm_ip},dst={nat_gw_vtep},ttl=128,tp_dst=4789,flags(df|key))),{vxlan_port_id}"
在某些实施方式中,在所述虚拟私有云内针对虚拟私有云内的虚拟机访问互联网的类型配置流表,包括:In some embodiments, configuring a flow table in the virtual private cloud for the types of virtual machines in the virtual private cloud accessing the Internet includes:
所述虚拟私有云内的虚拟机使用固定配置的流表访问网络地址转换网关,通过所述网络地址转换网关访问互联网。The virtual machine in the virtual private cloud uses a fixed configuration flow table to access the network address translation gateway, and accesses the Internet through the network address translation gateway.
虚拟私有云内的虚拟机访问数据中心公共设施的类型Types of virtual machines in the virtual private cloud accessing the public facilities of the data center
数据中心公共设施例如可以为公共DNS、DNS PROXY、公共数据库、HTTP PROXY、软件包镜像或公共网络存储等。数据中心公共设施的IP地址通常配置为一个固定的IP段,则VPC-VM到数据中心公共设施也使用对应于该IP段固定配置的流表;虚拟私有云内的虚拟机VPC-VM访问数据中心公共设施时,使用的流表为The public facilities of the data center may be, for example, public DNS, DNS PROXY, public database, HTTP PROXY, software package mirroring, or public network storage. The IP address of the public facilities of the data center is usually configured as a fixed IP segment, and the VPC-VM to the public facilities of the data center also uses the flow table corresponding to the fixed configuration of the IP segment; the virtual machine VPC-VM in the virtual private cloud accesses the data When central public facilities, the flow table used is
ovs-dpctl add-flow vpc-dp "in_port({vm_veth_id}),eth(src={vm_mac}),eth_type(0x0800),ipv4(src={vm_ip},dst={comm_zone_cidr/mask})" "set(tunnel(tun_id={vpc_vni},src={host_vm_ip},dst={nat_gw_vtep},ttl=128,tp_dst=4789,flags(df|key))),{vxlan_port_id}"ovs-dpctl add-flow vpc-dp "in_port({vm_veth_id}),eth(src={vm_mac}),eth_type(0x0800),ipv4(src={vm_ip},dst={comm_zone_cidr/mask})" "set(tunnel(tun_id={vpc_vni},src={host_vm_ip},dst={nat_gw_vtep},ttl=128,tp_dst=4789,flags(df|key))),{vxlan_port_id}"
在某些实施方式中,在所述虚拟私有云内针对虚拟私有云内的虚拟机访问数据中心公共设施的类型配置流表,包括:In some implementation manners, configuring a flow table in the virtual private cloud for the types of virtual machines in the virtual private cloud accessing public facilities of the data center includes:
所述虚拟私有云内的虚拟机通过对应于固定IP段配置的流表访问数据中心公共设施;其中,所述固定IP段为所述数据中心公共设施的IP地址。The virtual machine in the virtual private cloud accesses the public facilities of the data center through a flow table configured corresponding to a fixed IP segment; wherein the fixed IP segment is an IP address of the public facility of the data center.
在虚拟私有云内建立虚拟机时,可同步在虚拟私有云内配置上述4类流表,在虚拟机生命周期内,这些流表可保持在主机的内核中,其对应的统计信息可由运维平台进行持续采集和分析,如:When creating a virtual machine in a virtual private cloud, the above four types of flow tables can be configured in the virtual private cloud simultaneously. During the life cycle of the virtual machine, these flow tables can be kept in the kernel of the host, and their corresponding statistical information can be operated and maintained. The platform conducts continuous collection and analysis, such as:
in_port(4),eth(src=88:88:11:11:00:03,dst=88:88:11:11:00:02),eth_type(0x0800),ipv4(src=28.8.0.3,dst=28.8.0.2), packets:2190, bytes:214892, used:52234.782s, actions:3in_port(4),eth(src=88:88:11:11:00:03,dst=88:88:11:11:00:02),eth_type(0x0800),ipv4(src=28.8.0.3,dst =28.8.0.2), packets: 2190, bytes: 214892, used: 52234.782s, actions: 3
从整体上看,一个虚拟机VM-A上线,在对整个VPC内所有虚拟机都可达的情况下,需要对该虚拟机的主机做上述的4类流表配置;也需要对有该VPC其他虚拟机的主机进行流表配置,即FLOW:VM-x→VM-a。On the whole, a virtual machine VM-A is online, and when all virtual machines in the entire VPC are reachable, the above-mentioned four types of flow table configurations need to be performed on the host of the virtual machine; and the VPC is also required The host of other virtual machines configures the flow table, namely FLOW:VM-x→VM-a.
而如果只希望VM-A在本VPC内只访问本网段的其他虚拟机,则只需要添加VM-A在本子网内的互通流表。If you only want VM-A to only access other virtual machines in this network segment in this VPC, you only need to add VM-A's intercommunication flow table in this subnet.
在某些实施方式中,所述方法还包括:在配置流表时,在所述流表中设置匹配项,所述匹配项用于对所述虚拟机所发送和/或所接收的数据包进行校验。In some embodiments, the method further includes: when configuring the flow table, setting a matching item in the flow table, and the matching item is used for data packets sent and/or received by the virtual machine. Perform verification.
在流表设计上,在流表中加入更多匹配项,例如SOURCE MAC,SOURCE IP, DST MAC, DST IP 等,对虚拟机发送和接收的数据包做尽可能多的校验,也可以给overlay网络在防火墙之外提供额外的安全性。In the flow table design, add more matching items to the flow table, such as SOURCE MAC, SOURCE IP, DST MAC, DST IP, etc., do as much verification as possible on the data packets sent and received by the virtual machine, and can also provide extra security for the overlay network outside the firewall.
如图4所示,本申请的另一个实施例提供了一种Overlay网络中基于Open vSwitch内核态流表的分布式路由装置,包括:As shown in FIG. 4, another embodiment of the present application provides a distributed routing device based on an Open vSwitch kernel state flow table in an overlay network, including:
第一模块,用于在Overlay网络的虚拟私有云内建立虚拟机时,同步在所述虚拟私有云内针对四种互通类型配置流表;The first module is used to configure flow tables for four types of intercommunication in the virtual private cloud synchronously when establishing a virtual machine in the virtual private cloud of the overlay network;
第二模块,用于在所述虚拟机的生命周期内,将所述流表保持在主机内核中;The second module is used to keep the flow table in the host kernel during the life cycle of the virtual machine;
其中,所述四种互通类型包括同一虚拟私有云内的各虚拟机之间互通的类型、不同虚拟私有云的虚拟机之间互通的类型、虚拟私有云内的虚拟机访问互联网的类型以及虚拟私有云内的虚拟机访问数据中心公共设施的类型;所述流表为Open vSwitch内核态流表。Among them, the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud. The type of the virtual machine in the private cloud accessing the public facilities of the data center; the flow table is the Open vSwitch kernel state flow table.
本申请的另一个实施例提供了一种电子设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述程序,以实现上述任一个示例性实施例所示出的Overlay网络中基于Open vSwitch内核态流表的分布式路由方法,所述Overlay网络中基于Open vSwitch内核态流表的分布式路由方法包括以下步骤:Another embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory and running on the processor, and the processor executes the program to implement The distributed routing method based on the Open vSwitch kernel state flow table in the Overlay network shown in any of the above exemplary embodiments, the distributed routing method based on the Open vSwitch kernel state flow table in the Overlay network includes the following steps:
在Overlay网络的虚拟私有云内建立虚拟机时,同步在所述虚拟私有云内针对四种互通类型分别配置流表;When establishing a virtual machine in the virtual private cloud of the Overlay network, synchronously configure flow tables for the four interworking types in the virtual private cloud;
在所述虚拟机的生命周期内,将所述流表保持在主机内核中;Maintaining the flow table in the host kernel during the life cycle of the virtual machine;
其中,所述四种互通类型包括同一虚拟私有云内的各虚拟机之间互通的类型、不同虚拟私有云的虚拟机之间互通的类型、虚拟私有云内的虚拟机访问互联网的类型以及虚拟私有云内的虚拟机访问数据中心公共设施的类型;所述流表为Open vSwitch内核态流表。Among them, the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud. The type of the virtual machine in the private cloud accessing the public facilities of the data center; the flow table is the Open vSwitch kernel state flow table.
本申请的另一个实施例提供了一种计算机可读存储介质,所述计算机可读存储介质可以是非易失性,也可以是易失性,其上存储有计算机程序,该程序被处理器执行,以实现上述任一个示例性实施例所示出的Overlay网络中基于Open vSwitch内核态流表的分布式路由方法,所述Overlay网络中基于Open vSwitch内核态流表的分布式路由方法包括以下步骤:Another embodiment of the present application provides a computer-readable storage medium. The computer-readable storage medium may be non-volatile or volatile. A computer program is stored thereon, and the program is executed by a processor. , In order to implement the distributed routing method based on the Open vSwitch kernel state flow table in the Overlay network shown in any of the above exemplary embodiments, the distributed routing method based on the Open vSwitch kernel state flow table in the Overlay network includes the following steps :
在Overlay网络的虚拟私有云内建立虚拟机时,同步在所述虚拟私有云内针对四种互通类型分别配置流表;When establishing a virtual machine in the virtual private cloud of the Overlay network, synchronously configure flow tables for the four interworking types in the virtual private cloud;
在所述虚拟机的生命周期内,将所述流表保持在主机内核中;Maintaining the flow table in the host kernel during the life cycle of the virtual machine;
其中,所述四种互通类型包括同一虚拟私有云内的各虚拟机之间互通的类型、不同虚拟私有云的虚拟机之间互通的类型、虚拟私有云内的虚拟机访问互联网的类型以及虚拟私有云内的虚拟机访问数据中心公共设施的类型;所述流表为Open vSwitch内核态流表。Among them, the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud. The type of the virtual machine in the private cloud accessing the public facilities of the data center; the flow table is the Open vSwitch kernel state flow table.
本申请实施例提供的Overlay网络中基于Open vSwitch内核态流表的分布式路由方法,针对四种互通类型分别配置流表,配置的流表全部采用内核态流表,避免了大量upcall造成的性能下降;配置的流表伴随虚拟机整个生命周期,可以提供稳定可靠的基于流表的统计;该方法可同时应用于虚拟机和容器网络,提供一致性的网络运维体验和架构;在网络控制面的工作负荷稳定可预测,没有openstack等方案中存在的在短连接下的性能颠簸问题;使用流表做数据包分发避免了集中式路由的网络瓶颈和单点故障的可能性,降低了网络设计难度;在流表设计上,在流表中加入更多匹配项,能进行更多的校验,增强了安全性。The distributed routing method based on the Open vSwitch kernel state flow table in the Overlay network provided by the embodiment of the application, the flow tables are configured for the four intercommunication types, and all the configured flow tables adopt the kernel state flow table, avoiding the performance caused by a large number of upcall Decline; the configured flow table accompanies the entire life cycle of the virtual machine, and can provide stable and reliable statistics based on the flow table; this method can be applied to both virtual machine and container networks to provide a consistent network operation and maintenance experience and architecture; in network control The workload is stable and predictable, and there is no performance thrashing problem under short connections in solutions such as openstack; the use of flow tables for data packet distribution avoids the network bottleneck of centralized routing and the possibility of single points of failure, and reduces the network Design difficulty: In the flow table design, adding more matching items to the flow table can perform more verifications and enhance security.
需要说明的是:It should be noted:
术语“模块”并非意图受限于特定物理形式。取决于具体应用,模块可以实现为硬件、固件、软件和/或其组合。此外,不同的模块可以共享公共组件或甚至由相同组件实现。不同模块之间可以存在或不存在清楚的界限。The term "module" is not intended to be limited to a specific physical form. Depending on the specific application, the module can be implemented as hardware, firmware, software, and/or a combination thereof. In addition, different modules can share common components or even be implemented by the same components. There may or may not be clear boundaries between different modules.
在此提供的算法和显示不与任何特定计算机、虚拟装置或者其它设备固有相关。各种通用装置也可以与基于在此的示教一起使用。根据上面的描述,构造这类装置所要求的结构是显而易见的。此外,本申请也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本申请的内容,并且上面对特定语言所做的描述是为了披露本申请的最佳实施方式。The algorithms and displays provided here are not inherently related to any particular computer, virtual device or other equipment. Various general-purpose devices can also be used with the teaching based on this. From the above description, the structure required to construct this type of device is obvious. In addition, this application is not aimed at any specific programming language. It should be understood that various programming languages can be used to implement the content of the application described herein, and the above description of a specific language is for the purpose of disclosing the best embodiment of the application.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本申请的示例性实施例的描述中,本申请的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本申请要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本申请的单独实施例。Similarly, it should be understood that, in order to simplify the present disclosure and help understand one or more of the various inventive aspects, in the above description of the exemplary embodiments of the present application, the various features of the present application are sometimes grouped together into a single embodiment, Figure, or its description. However, the disclosed method should not be interpreted as reflecting the intention that the claimed application requires more features than the features explicitly recorded in each claim. More precisely, as reflected in the following claims, the inventive aspect lies in less than all the features of a single embodiment disclosed previously. Therefore, the claims following the specific embodiment are thus explicitly incorporated into the specific embodiment, wherein each claim itself serves as a separate embodiment of the application.
应该理解的是,虽然附图的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,其可以以其他的顺序执行。而且,附图的流程图中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,其执行顺序也不必然是依次进行,而是可以与其他步骤或者其他步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that although the various steps in the flowchart of the drawings are displayed in sequence as indicated by the arrows, these steps are not necessarily performed in sequence in the order indicated by the arrows. Unless explicitly stated in this article, the execution of these steps is not strictly limited in order, and they can be executed in other orders. Moreover, at least part of the steps in the flowchart of the drawings may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily executed at the same time, but can be executed at different times, and the order of execution is also It is not necessarily performed sequentially, but may be performed alternately or alternately with at least a part of other steps or sub-steps or stages of other steps.

Claims (20)

  1. 一种Overlay网络中基于Open vSwitch内核态流表的分布式路由方法,其中,包括:An Overlay network based on Open The distributed routing method of the vSwitch kernel state flow table includes:
    在Overlay网络的虚拟私有云内建立虚拟机时,同步在所述虚拟私有云内针对四种互通类型分别配置流表;When establishing a virtual machine in the virtual private cloud of the Overlay network, synchronously configure flow tables for the four interworking types in the virtual private cloud;
    在所述虚拟机的生命周期内,将所述流表保持在主机内核中;Maintaining the flow table in the host kernel during the life cycle of the virtual machine;
    其中,所述四种互通类型包括同一虚拟私有云内的各虚拟机之间互通的类型、不同虚拟私有云的虚拟机之间互通的类型、虚拟私有云内的虚拟机访问互联网的类型以及虚拟私有云内的虚拟机访问数据中心公共设施的类型;所述流表为Open vSwitch内核态流表。Among them, the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud. The type of the virtual machine in the private cloud accessing the public facilities of the data center; the flow table is the Open vSwitch kernel state flow table.
  2. 根据权利要求1所述的方法,其中,在所述虚拟私有云内针对所述同一虚拟私有云内的各虚拟机之间互通的类型配置流表,包括:The method according to claim 1, wherein configuring a flow table in the virtual private cloud for the type of intercommunication between virtual machines in the same virtual private cloud comprises:
    在同一虚拟私有云内,当某虚拟机向其他虚拟机发送数据时,对应所述其他虚拟机中的每一个分别配置一条第一流表;In the same virtual private cloud, when a virtual machine sends data to other virtual machines, a first flow table is configured corresponding to each of the other virtual machines;
    所述某虚拟机配置一条第二流表以接收所述其他虚拟机中的每一个所发送的数据。The certain virtual machine configures a second flow table to receive data sent by each of the other virtual machines.
  3. 根据权利要求2所述的方法,其中,所述在所述虚拟私有云内针对所述同一虚拟私有云内的各虚拟机之间互通的类型配置流表,还包括:在创建所述第一虚拟机时将所述第一流表和所述第二流表同步下发到所述主机内核的Open vSwitch数据路径上。The method according to claim 2, wherein the configuring a flow table in the virtual private cloud for the type of intercommunication between the virtual machines in the same virtual private cloud further comprises: creating the first In the virtual machine, the first flow table and the second flow table are synchronously delivered to the Open vSwitch data path of the host kernel.
  4. 根据权利要求1所述的方法,其中,在所述虚拟私有云内针对所述不同虚拟私有云的虚拟机之间的互通类型配置流表,包括:The method according to claim 1, wherein configuring a flow table in the virtual private cloud for the type of intercommunication between virtual machines of the different virtual private clouds comprises:
    检测不同虚拟私有云之间是否存在重叠的虚拟机IP地址;Detect whether there are overlapping virtual machine IP addresses between different virtual private clouds;
    若不存在,则直接使用流表来实现一虚拟私有云的虚拟机与另一虚拟私有云的虚拟机之间的互通;If it does not exist, directly use the flow table to realize the intercommunication between the virtual machine of one virtual private cloud and the virtual machine of another virtual private cloud;
    若存在,则使用网络地址转换技术对所述重叠的虚拟机IP地址进行映射。If it exists, the network address translation technology is used to map the overlapping virtual machine IP addresses.
  5. 根据权利要求4所述的方法,其中,所述使用网络地址转换技术对所述重叠的虚拟机IP地址进行映射,包括:The method according to claim 4, wherein the using network address translation technology to map the overlapping virtual machine IP addresses comprises:
    引入支持虚拟扩展局域网的网络地址转换网关,并配置虚拟私有云的虚拟机IP地址的映射规则。Introduce the network address translation gateway that supports the virtual extended LAN, and configure the mapping rules of the virtual machine IP address of the virtual private cloud.
  6. 根据权利要求1所述的方法,其中,在所述虚拟私有云内针对虚拟私有云内的虚拟机访问互联网的类型配置流表,包括:The method according to claim 1, wherein configuring a flow table in the virtual private cloud for the type of virtual machines in the virtual private cloud accessing the Internet comprises:
    所述虚拟私有云内的虚拟机使用固定配置的流表访问网络地址转换网关,通过所述网络地址转换网关访问互联网。The virtual machine in the virtual private cloud uses a fixed configuration flow table to access the network address translation gateway, and accesses the Internet through the network address translation gateway.
  7. 根据权利要求1所述的方法,其中,所述方法还包括:在配置流表时,在所述流表中设置匹配项,所述匹配项用于对所述虚拟机所发送和/或所接收的数据包进行校验。The method according to claim 1, wherein the method further comprises: when configuring the flow table, setting a matching item in the flow table, and the matching item is used to send and/or all data to the virtual machine. The received data packet is checked.
  8. 一种Overlay网络中基于Open vSwitch内核态流表的分布式路由装置,其中,包括:An Overlay network based on Open The distributed routing device of the vSwitch kernel state flow table, including:
    第一模块,用于在Overlay网络的虚拟私有云内建立虚拟机时,同步在所述虚拟私有云内针对四种互通类型配置流表;The first module is used to configure flow tables for four types of intercommunication in the virtual private cloud synchronously when establishing a virtual machine in the virtual private cloud of the overlay network;
    第二模块,用于在所述虚拟机的生命周期内,将所述流表保持在主机内核中;The second module is used to keep the flow table in the host kernel during the life cycle of the virtual machine;
    其中,所述四种互通类型包括同一虚拟私有云内的各虚拟机之间互通的类型、不同虚拟私有云的虚拟机之间互通的类型、虚拟私有云内的虚拟机访问互联网的类型以及虚拟私有云内的虚拟机访问数据中心公共设施的类型;所述流表为Open vSwitch内核态流表。Among them, the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud. The type of the virtual machine in the private cloud accessing the public facilities of the data center; the flow table is the Open vSwitch kernel state flow table.
  9. 一种电子设备,其中,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述程序,以实现一种Overlay网络中基于Open vSwitch内核态流表的分布式路由方法:An electronic device, which includes a memory, a processor, and a computer program stored on the memory and capable of running on the processor, and the processor executes the program to implement an Overlay network based on Open Distributed routing method of vSwitch kernel state flow table:
    其中,所述Overlay网络中基于Open vSwitch内核态流表的分布式路由方法包括:Wherein, the Overlay network is based on Open The distributed routing method of the vSwitch kernel state flow table includes:
    在Overlay网络的虚拟私有云内建立虚拟机时,同步在所述虚拟私有云内针对四种互通类型分别配置流表;When establishing a virtual machine in the virtual private cloud of the Overlay network, synchronously configure flow tables for the four interworking types in the virtual private cloud;
    在所述虚拟机的生命周期内,将所述流表保持在主机内核中;Maintaining the flow table in the host kernel during the life cycle of the virtual machine;
    其中,所述四种互通类型包括同一虚拟私有云内的各虚拟机之间互通的类型、不同虚拟私有云的虚拟机之间互通的类型、虚拟私有云内的虚拟机访问互联网的类型以及虚拟私有云内的虚拟机访问数据中心公共设施的类型;所述流表为Open vSwitch内核态流表。Among them, the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud. The type of the virtual machine in the private cloud accessing the public facilities of the data center; the flow table is the Open vSwitch kernel state flow table.
  10. 根据权利要求9所述的电子设备,其中,在所述虚拟私有云内针对所述同一虚拟私有云内的各虚拟机之间互通的类型配置流表,包括:The electronic device according to claim 9, wherein configuring a flow table in the virtual private cloud for the type of intercommunication between the virtual machines in the same virtual private cloud comprises:
    在同一虚拟私有云内,当某虚拟机向其他虚拟机发送数据时,对应所述其他虚拟机中的每一个分别配置一条第一流表;In the same virtual private cloud, when a virtual machine sends data to other virtual machines, a first flow table is configured corresponding to each of the other virtual machines;
    所述某虚拟机配置一条第二流表以接收所述其他虚拟机中的每一个所发送的数据。The certain virtual machine configures a second flow table to receive data sent by each of the other virtual machines.
  11. 根据权利要求10所述的电子设备,其中,所述在所述虚拟私有云内针对所述同一虚拟私有云内的各虚拟机之间互通的类型配置流表,还包括:在创建所述第一虚拟机时将所述第一流表和所述第二流表同步下发到所述主机内核的Open vSwitch数据路径上。The electronic device according to claim 10, wherein the configuring a flow table in the virtual private cloud for the type of intercommunication between the virtual machines in the same virtual private cloud further comprises: creating the first When a virtual machine is used, the first flow table and the second flow table are synchronously delivered to the Open vSwitch data path of the host kernel.
  12. 根据权利要求9所述的电子设备,其中,在所述虚拟私有云内针对所述不同虚拟私有云的虚拟机之间的互通类型配置流表,包括:The electronic device according to claim 9, wherein configuring a flow table in the virtual private cloud for the type of intercommunication between virtual machines of the different virtual private clouds comprises:
    检测不同虚拟私有云之间是否存在重叠的虚拟机IP地址;Detect whether there are overlapping virtual machine IP addresses between different virtual private clouds;
    若不存在,则直接使用流表来实现一虚拟私有云的虚拟机与另一虚拟私有云的虚拟机之间的互通;If it does not exist, directly use the flow table to realize the intercommunication between the virtual machine of one virtual private cloud and the virtual machine of another virtual private cloud;
    若存在,则使用网络地址转换技术对所述重叠的虚拟机IP地址进行映射。If it exists, the network address translation technology is used to map the overlapping virtual machine IP addresses.
  13. 根据权利要求12所述的电子设备,其中,所述使用网络地址转换技术对所述重叠的虚拟机IP地址进行映射,包括:The electronic device according to claim 12, wherein said using network address translation technology to map said overlapping virtual machine IP addresses comprises:
    引入支持虚拟扩展局域网的网络地址转换网关,并配置虚拟私有云的虚拟机IP地址的映射规则。Introduce the network address translation gateway that supports the virtual extended LAN, and configure the mapping rules of the virtual machine IP address of the virtual private cloud.
  14. 根据权利要求9所述的电子设备,其中,在所述虚拟私有云内针对虚拟私有云内的虚拟机访问互联网的类型配置流表,包括:The electronic device according to claim 9, wherein configuring a flow table in the virtual private cloud for the type of virtual machines in the virtual private cloud accessing the Internet comprises:
    所述虚拟私有云内的虚拟机使用固定配置的流表访问网络地址转换网关,通过所述网络地址转换网关访问互联网。The virtual machine in the virtual private cloud uses a fixed configuration flow table to access the network address translation gateway, and accesses the Internet through the network address translation gateway.
  15. 根据权利要求9所述的电子设备,其中,还包括:在配置流表时,在所述流表中设置匹配项,所述匹配项用于对所述虚拟机所发送和/或所接收的数据包进行校验。The electronic device according to claim 9, further comprising: when configuring the flow table, setting a matching item in the flow table, and the matching item is used for data sent and/or received by the virtual machine The data packet is checked.
  16. 一种计算机可读存储介质,其上存储有计算机程序,其中,该程序被处理器执行,以实现一种Overlay网络中基于Open vSwitch内核态流表的分布式路由方法,其中,所述Overlay网络中基于Open vSwitch内核态流表的分布式路由方法包括以下步骤:A computer-readable storage medium has a computer program stored thereon, where the program is executed by a processor to implement a distributed routing method based on an Open vSwitch kernel state flow table in an overlay network, wherein the overlay network The distributed routing method based on the Open vSwitch kernel state flow table in, includes the following steps:
    在Overlay网络的虚拟私有云内建立虚拟机时,同步在所述虚拟私有云内针对四种互通类型分别配置流表;When establishing a virtual machine in the virtual private cloud of the Overlay network, synchronously configure flow tables for the four interworking types in the virtual private cloud;
    在所述虚拟机的生命周期内,将所述流表保持在主机内核中;Maintaining the flow table in the host kernel during the life cycle of the virtual machine;
    其中,所述四种互通类型包括同一虚拟私有云内的各虚拟机之间互通的类型、不同虚拟私有云的虚拟机之间互通的类型、虚拟私有云内的虚拟机访问互联网的类型以及虚拟私有云内的虚拟机访问数据中心公共设施的类型;所述流表为Open vSwitch内核态流表。Among them, the four types of intercommunication include the type of intercommunication between virtual machines in the same virtual private cloud, the type of intercommunication between virtual machines of different virtual private clouds, the type of virtual machines in the virtual private cloud accessing the Internet, and the type of virtual machines in the virtual private cloud. The type of the virtual machine in the private cloud accessing the public facilities of the data center; the flow table is the Open vSwitch kernel state flow table.
  17. 根据权利要求16所述的计算机可读存储介质,其中,在所述虚拟私有云内针对所述同一虚拟私有云内的各虚拟机之间互通的类型配置流表,包括:The computer-readable storage medium according to claim 16, wherein configuring a flow table in the virtual private cloud for the type of intercommunication between virtual machines in the same virtual private cloud comprises:
    在同一虚拟私有云内,当某虚拟机向其他虚拟机发送数据时,对应所述其他虚拟机中的每一个分别配置一条第一流表;In the same virtual private cloud, when a virtual machine sends data to other virtual machines, a first flow table is configured corresponding to each of the other virtual machines;
    所述某虚拟机配置一条第二流表以接收所述其他虚拟机中的每一个所发送的数据。The certain virtual machine configures a second flow table to receive data sent by each of the other virtual machines.
  18. 根据权利要求17所述的计算机可读存储介质,其中,所述在所述虚拟私有云内针对所述同一虚拟私有云内的各虚拟机之间互通的类型配置流表,还包括:在创建所述第一虚拟机时将所述第一流表和所述第二流表同步下发到所述主机内核的Open vSwitch数据路径上。The computer-readable storage medium according to claim 17, wherein the configuring a flow table in the virtual private cloud for the type of intercommunication between the virtual machines in the same virtual private cloud further comprises: creating The first virtual machine synchronously delivers the first flow table and the second flow table to the Open vSwitch data path of the host kernel.
  19. 根据权利要求16所述的计算机可读存储介质,其中,在所述虚拟私有云内针对所述不同虚拟私有云的虚拟机之间的互通类型配置流表,包括:The computer-readable storage medium according to claim 16, wherein configuring a flow table in the virtual private cloud for the type of intercommunication between virtual machines of the different virtual private clouds comprises:
    检测不同虚拟私有云之间是否存在重叠的虚拟机IP地址;Detect whether there are overlapping virtual machine IP addresses between different virtual private clouds;
    若不存在,则直接使用流表来实现一虚拟私有云的虚拟机与另一虚拟私有云的虚拟机之间的互通;If it does not exist, directly use the flow table to realize the intercommunication between the virtual machine of one virtual private cloud and the virtual machine of another virtual private cloud;
    若存在,则使用网络地址转换技术对所述重叠的虚拟机IP地址进行映射。If it exists, the network address translation technology is used to map the overlapping virtual machine IP addresses.
  20. 根据权利要求19所述的计算机可读存储介质,其中,所述使用网络地址转换技术对所述重叠的虚拟机IP地址进行映射,包括:The computer-readable storage medium according to claim 19, wherein said using network address translation technology to map said overlapping virtual machine IP addresses comprises:
    引入支持虚拟扩展局域网的网络地址转换网关,并配置虚拟私有云的虚拟机IP地址的映射规则。Introduce the network address translation gateway that supports the virtual extended LAN, and configure the mapping rules of the virtual machine IP address of the virtual private cloud.
PCT/CN2020/118912 2020-08-06 2020-09-29 Distributed routing method and apparatus based on open vswitch kernel state flow tables in overlay network WO2021139269A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010785582.4A CN111817961B (en) 2020-08-06 2020-08-06 Open vSwitch kernel flow table-based distributed routing method and device in Overlay network
CN202010785582.4 2020-08-06

Publications (1)

Publication Number Publication Date
WO2021139269A1 true WO2021139269A1 (en) 2021-07-15

Family

ID=72863653

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/118912 WO2021139269A1 (en) 2020-08-06 2020-09-29 Distributed routing method and apparatus based on open vswitch kernel state flow tables in overlay network

Country Status (2)

Country Link
CN (1) CN111817961B (en)
WO (1) WO2021139269A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113472598A (en) * 2021-08-31 2021-10-01 阿里云计算有限公司 Cloud service method, electronic device, and computer-readable storage medium
CN113783765A (en) * 2021-08-10 2021-12-10 济南浪潮数据技术有限公司 Method, system, equipment and medium for realizing intercommunication between cloud internal network and cloud external network
CN113904986A (en) * 2021-09-29 2022-01-07 烽火通信科技股份有限公司 Two-layer intercommunication method and equipment for vxlan virtual network and vlan network
CN114172789A (en) * 2021-12-07 2022-03-11 北京天融信网络安全技术有限公司 Virtual device link detection method, device, equipment and storage medium
CN115412512A (en) * 2022-10-31 2022-11-29 浙江九州云信息科技有限公司 IPv 6-based multi-cloud cross-network intercommunication method and device
CN115550309A (en) * 2022-08-29 2022-12-30 紫光云技术有限公司 Method for solving VPC intercommunication address overlapping
CN116015827A (en) * 2022-12-15 2023-04-25 北京秒如科技有限公司 Method for realizing minimization of safe group flow table
CN116723162A (en) * 2023-08-10 2023-09-08 浪潮电子信息产业股份有限公司 Network first packet processing method, system, device, medium and heterogeneous equipment

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113612688B (en) * 2021-07-14 2023-03-24 曙光信息产业(北京)有限公司 Distributed software defined network control system and construction method thereof
CN113595905B (en) * 2021-07-23 2022-11-29 平安科技(深圳)有限公司 Distributed routing method, device, equipment and storage medium
CN115002028B (en) * 2022-04-30 2024-02-13 济南浪潮数据技术有限公司 Message processing method, device and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105591863A (en) * 2014-10-20 2016-05-18 中兴通讯股份有限公司 Method and device for realizing interworking between virtual private cloud network and external network
WO2016172066A1 (en) * 2015-04-24 2016-10-27 Alcatel Lucent User-defined flexible traffic monitoring in an sdn switch
CN107276783A (en) * 2016-04-08 2017-10-20 中兴通讯股份有限公司 A kind of methods, devices and systems for realizing virtual machine unified management and intercommunication
CN108881069A (en) * 2018-06-26 2018-11-23 新华三云计算技术有限公司 Retransmission method, device and the server of multicast traffic

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102497434B (en) * 2011-12-16 2014-11-05 中国科学院计算技术研究所 Establishing method of kernel state virtual network equipment and packet transmitting and receiving methods thereof
US9379973B2 (en) * 2013-02-11 2016-06-28 Cisco Technology, Inc. Binary compatible extension architecture in an openflow compliant network environment
CN104601468B (en) * 2015-01-13 2018-10-09 新华三技术有限公司 Message forwarding method and equipment
CN111130975B (en) * 2018-11-01 2022-01-18 深信服科技股份有限公司 Hybrid cloud network intercommunication system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105591863A (en) * 2014-10-20 2016-05-18 中兴通讯股份有限公司 Method and device for realizing interworking between virtual private cloud network and external network
WO2016172066A1 (en) * 2015-04-24 2016-10-27 Alcatel Lucent User-defined flexible traffic monitoring in an sdn switch
CN107276783A (en) * 2016-04-08 2017-10-20 中兴通讯股份有限公司 A kind of methods, devices and systems for realizing virtual machine unified management and intercommunication
CN108881069A (en) * 2018-06-26 2018-11-23 新华三云计算技术有限公司 Retransmission method, device and the server of multicast traffic

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113783765B (en) * 2021-08-10 2023-01-06 济南浪潮数据技术有限公司 Method, system, equipment and medium for realizing intercommunication between cloud internal network and cloud external network
CN113783765A (en) * 2021-08-10 2021-12-10 济南浪潮数据技术有限公司 Method, system, equipment and medium for realizing intercommunication between cloud internal network and cloud external network
CN113472598A (en) * 2021-08-31 2021-10-01 阿里云计算有限公司 Cloud service method, electronic device, and computer-readable storage medium
CN113904986A (en) * 2021-09-29 2022-01-07 烽火通信科技股份有限公司 Two-layer intercommunication method and equipment for vxlan virtual network and vlan network
CN113904986B (en) * 2021-09-29 2022-11-18 烽火通信科技股份有限公司 Two-layer intercommunication method and equipment for vxlan virtual network and vlan network
CN114172789A (en) * 2021-12-07 2022-03-11 北京天融信网络安全技术有限公司 Virtual device link detection method, device, equipment and storage medium
CN114172789B (en) * 2021-12-07 2023-11-10 北京天融信网络安全技术有限公司 Virtual equipment link detection method, device, equipment and storage medium
CN115550309A (en) * 2022-08-29 2022-12-30 紫光云技术有限公司 Method for solving VPC intercommunication address overlapping
CN115412512B (en) * 2022-10-31 2023-03-24 浙江九州云信息科技有限公司 IPv 6-based multi-cloud cross-network intercommunication method and device
CN115412512A (en) * 2022-10-31 2022-11-29 浙江九州云信息科技有限公司 IPv 6-based multi-cloud cross-network intercommunication method and device
CN116015827A (en) * 2022-12-15 2023-04-25 北京秒如科技有限公司 Method for realizing minimization of safe group flow table
CN116015827B (en) * 2022-12-15 2024-06-04 北京秒如科技有限公司 Method for realizing minimization of safe group flow table
CN116723162A (en) * 2023-08-10 2023-09-08 浪潮电子信息产业股份有限公司 Network first packet processing method, system, device, medium and heterogeneous equipment
CN116723162B (en) * 2023-08-10 2023-11-03 浪潮电子信息产业股份有限公司 Network first packet processing method, system, device, medium and heterogeneous equipment

Also Published As

Publication number Publication date
CN111817961A (en) 2020-10-23
CN111817961B (en) 2022-02-08

Similar Documents

Publication Publication Date Title
WO2021139269A1 (en) Distributed routing method and apparatus based on open vswitch kernel state flow tables in overlay network
US10437775B2 (en) Remote direct memory access in computing systems
US9940153B2 (en) Method for generating configuration information, and network control unit
JP6487979B2 (en) Framework and interface for offload device-based packet processing
CN110313163B (en) Load balancing in distributed computing systems
US10200235B2 (en) Distributed database structure for logical and physical network data
JP6087922B2 (en) Communication control method and gateway
WO2021135345A1 (en) Virtual private cloud communication method, virtual private cloud communication configuration method, and related apparatuses
US10038629B2 (en) Virtual machine migration using label based underlay network forwarding
US9936014B2 (en) Method for virtual machine migration in computer networks
US9923800B2 (en) Method for reachability management in computer networks
US20180343228A1 (en) Packet Generation Method Based on Server Cluster and Load Balancer
WO2018086014A1 (en) Packet processing method in cloud computing system, host, and system
CN109474627B (en) Virtual tenant network isolation method and system based on SDN
WO2017133291A1 (en) Server cluster-based message generation method and load balancer
US11997015B2 (en) Route updating method and user cluster
CN116057909A (en) Routing advertisement supporting distributed gateway services architecture
CN106712988A (en) Virtual network management method and device
CN114301868B (en) Method for quickly generating virtual container floating IP and method and device for network direct connection
WO2023116268A1 (en) Network isolation method and system, and proxy device
CN112968879B (en) Method and equipment for realizing firewall management
Han et al. High-Performance and Low-Cost VPP Gateway for Virtual Cloud Networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20911715

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20911715

Country of ref document: EP

Kind code of ref document: A1