CN107276783A - A kind of methods, devices and systems for realizing virtual machine unified management and intercommunication - Google Patents
A kind of methods, devices and systems for realizing virtual machine unified management and intercommunication Download PDFInfo
- Publication number
- CN107276783A CN107276783A CN201610217435.0A CN201610217435A CN107276783A CN 107276783 A CN107276783 A CN 107276783A CN 201610217435 A CN201610217435 A CN 201610217435A CN 107276783 A CN107276783 A CN 107276783A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- flow table
- virtual
- switch
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/508—Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement
- H04L41/5096—Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement wherein the managed service relates to distributed or central networked applications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明提供的实现虚拟机统一管理及互通的方法、装置和系统,通过构建第一流表,并将第一流表发送给用于转发第一虚拟机收发信息的第一交换机,第一流表包含第一虚拟机与虚拟网络间的映射信息;构建第二流表,并将第二流表发送给用于转发第二虚拟机收发信息的第二交换机,第二流表包含第二虚拟机与虚拟网络间的映射信息。实现了对不同类型虚拟机的统一管理,增强了服务能力,降低了运营成本。另外,通过第一流表进行第一虚拟机与第一交换机间的转发处理;通过第二流表进行第二虚拟机与第二交换机间的转发处理。实现了不同类型虚拟机间的互通,扩展了虚拟数据中心中的网络规模,使虚拟数据中心系统可以管理的网络规模和范围更大。
The method, device and system for realizing the unified management and intercommunication of virtual machines provided by the present invention construct the first flow table and send the first flow table to the first switch for forwarding the information sent and received by the first virtual machine. The first flow table contains the first flow table Mapping information between a virtual machine and a virtual network; construct a second flow table, and send the second flow table to a second switch for forwarding information sent and received by the second virtual machine, the second flow table includes the second virtual machine and the virtual network Mapping information between networks. It realizes unified management of different types of virtual machines, enhances service capabilities, and reduces operating costs. In addition, the forwarding process between the first virtual machine and the first switch is performed through the first flow table; the forwarding process between the second virtual machine and the second switch is performed through the second flow table. The intercommunication between different types of virtual machines is realized, the network scale in the virtual data center is expanded, and the network scale and range that the virtual data center system can manage are larger.
Description
技术领域technical field
本发明涉及通信网络,尤其涉及一种实现虚拟机统一管理及互通的方法、装置和系统。The invention relates to a communication network, in particular to a method, device and system for realizing unified management and intercommunication of virtual machines.
背景技术Background technique
虚拟化数据中心(Virtual Data Center,VDC)是将云计算概念运用于IDC(互联网数据中心,Internet Data Center)的一种新型的数据中心形态。通过传统IDC业务与云计算技术相结合,建设统一创新型VDC运营管理系统,应用虚拟化、自动化部署等技术,构建可伸缩的虚拟化基础架构,采用集中管理、分布服务模式,向用户提供一点受理、全网服务的基础IT设施方案与服务。VDC与传统IDC的主要区别在于,通过技术手段把基础设施作为服务提供;通过虚拟化技术将物理资源抽象整合,增强服务能力;通过动态资源分配和调度,提高资源利用能力和服务可靠性;提供自动化的服务开通能力、降低运维成本,并提供便捷用户体验;提供更多的安全机制和可靠性机制,满足企业级应用的安全标准。A virtualized data center (Virtual Data Center, VDC) is a new data center form that applies the concept of cloud computing to an IDC (Internet Data Center, Internet Data Center). Through the combination of traditional IDC business and cloud computing technology, build a unified and innovative VDC operation management system, apply technologies such as virtualization and automatic deployment, build a scalable virtual infrastructure, adopt centralized management and distributed service mode, and provide users with one-point Basic IT infrastructure solutions and services for acceptance and network-wide services. The main difference between VDC and traditional IDC is that infrastructure is provided as a service through technical means; physical resources are abstracted and integrated through virtualization technology to enhance service capabilities; resource utilization capabilities and service reliability are improved through dynamic resource allocation and scheduling; Automated service provisioning capabilities, lower operation and maintenance costs, and provide a convenient user experience; provide more security mechanisms and reliability mechanisms to meet the security standards of enterprise-level applications.
软件定义网络(Software Defined Network,SDN),其核心技术OpenFlow通过将网络设备控制面与数据面分离开来,从而实现了网络流量的灵活控制,为核心网络及应用的创新提供了良好的平台,当前在运营商网络中就比较纯粹的SDN而言,首先可以从网络相对封闭的数据中心等场景开始入手,构建新型的SDN增强的VDC。通过在网络控制侧引入SDN控制器,对内建在计算资源之上vSwitch和OF协议增强的ToR(Top of Rack机架架顶交换机)硬件交换机等进行集中控制,变传统的数据中心的复杂的网络拓扑为大二层网络架构。Software Defined Network (Software Defined Network, SDN), its core technology, OpenFlow, realizes flexible control of network traffic by separating the control plane of network equipment from the data plane, and provides a good platform for core network and application innovation. Currently, in terms of relatively pure SDN in carrier networks, it is possible to start with scenarios such as data centers with relatively closed networks to build a new type of SDN-enhanced VDC. By introducing an SDN controller on the network control side, the vSwitch built on the computing resources and the ToR (Top of Rack switch) hardware switch enhanced by the OF protocol are centrally controlled to change the traditional data center. The network topology is a large two-layer network architecture.
现有技术中,虚拟数据中心涉及的网元众多,包括Openstack虚拟平台、VMware ESXi虚拟平台、SDN、DVS、ToR交换机等网元,但是虚拟数据中心的管理门户不能同时统一管理类型不同的资源池,比如不能同时管理VMware和KVM资源池,如果管理门户可以同时统一管理VMware和KVM资源池,那么这两种计算资源便可满足灵活组网需求,即既可以保留原有的VMware ESXi虚拟平台又可以把其与Openstack虚拟平台相互融合互通,在增强服务能力,降低运营成本的同时,使得基于SDN下的虚拟数据中心系统可以管理的网络规模和范围更大。In the existing technology, the virtual data center involves many network elements, including Openstack virtual platform, VMware ESXi virtual platform, SDN, DVS, ToR switch and other network elements, but the management portal of the virtual data center cannot manage different types of resource pools at the same time For example, VMware and KVM resource pools cannot be managed at the same time. If the management portal can manage both VMware and KVM resource pools at the same time, then these two computing resources can meet the needs of flexible networking, that is, the original VMware ESXi virtual platform can be retained. It can be integrated and interoperated with the Openstack virtual platform. While enhancing service capabilities and reducing operating costs, the SDN-based virtual data center system can manage a larger network scale and scope.
Openstack虚拟平台:OpenStack是一个开源的云计算管理平台项目,由几个主要的组件组合起来完成具体工作。OpenStack支持几乎所有类型的云环境,项目目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。Openstack virtual platform: OpenStack is an open source cloud computing management platform project, which is composed of several main components to complete specific work. OpenStack supports almost all types of cloud environments. The goal of the project is to provide a cloud computing management platform that is simple to implement, scalable, rich, and standardized.
VMware ESXI虚拟平台:VMware虚拟机软件,提供服务器、桌面虚拟化的解决方案,是一种能直接在硬件上运行的企业级的虚拟平台。VMware ESXI virtual platform: VMware virtual machine software, providing server and desktop virtualization solutions, is an enterprise-level virtual platform that can run directly on hardware.
SDN控制器:SDN所做的事是将网络设备上的控制权分离出来,由集中的控制器管理,无须依赖底层网络设备(路由器、交换机、防火墙),屏蔽了来自底层网络设备的差异。SDN controller: What SDN does is to separate the control rights on the network devices and manage them by a centralized controller without relying on the underlying network devices (routers, switches, firewalls), shielding the differences from the underlying network devices.
VDC的管理系统管理门户子模块:资源管理系统,对VDC主要提供集中的、弹性的、高可靠性的计算、存储、网络等资源,统一管理、按需分配、出租服务等。VDC management system management portal sub-module: resource management system, which mainly provides centralized, elastic, and highly reliable computing, storage, and network resources for VDC, unified management, on-demand allocation, and rental services.
TOR交换机:机架架顶交换机,通常用于物理服务器接入,需要提供堆叠/集群能力,堆叠/集群后的交换机支持OpenFlow协议,并且支持端口聚合(同设备或跨设备)和hairpin转发。TOR switch: A top-of-rack switch, usually used for physical server access, needs to provide stacking/clustering capabilities. The switch behind the stacking/clustering supports the OpenFlow protocol, and supports port aggregation (same device or cross-device) and hairpin forwarding.
DVS:一个虚拟交换机,可以用来组成虚拟网络,同时需要提供Hypervisoragent(位于ESXI中的一个代理虚拟机)进行对VMware虚拟机vlan注册或vlan注销。DVS: A virtual switch that can be used to form a virtual network. At the same time, it is necessary to provide a Hypervisoragent (a proxy virtual machine located in ESXI) to register or log out of the VMware virtual machine vlan.
发明内容Contents of the invention
本发明要解决的主要技术问题是,提供一种实现虚拟机统一管理及互通的方法、装置和系统,解决现有技术中管理界面不能同时统一管理类型不同的虚拟机以及类型不同的虚拟机间不能互通,造成服务能力不足,运维成本高,虚拟数据中心系统可以管理的网络规模和范围存在局限性的问题。The main technical problem to be solved by the present invention is to provide a method, device and system for realizing the unified management and intercommunication of virtual machines, so as to solve the problem that the management interface in the prior art cannot simultaneously manage virtual machines of different types and between virtual machines of different types. Inability to interoperate, resulting in insufficient service capabilities, high operation and maintenance costs, and limitations in the network scale and scope that the virtual data center system can manage.
为解决上述技术问题,本发明提供一种实现虚拟机统一管理的方法,包括:构建第一流表,并将所述第一流表发送给用于转发第一虚拟机收发信息的第一交换机,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息;构建第二流表,并将所述第二流表发送给用于转发第二虚拟机收发信息的第二交换机,所述第二流表包含所述第二虚拟机与所述虚拟网络间的映射信息。In order to solve the above-mentioned technical problems, the present invention provides a method for realizing unified management of virtual machines, including: constructing a first flow table, and sending the first flow table to a first switch for forwarding information sent and received by the first virtual machine, so The first flow table includes mapping information between the first virtual machine and the virtual network; construct a second flow table, and send the second flow table to the second switch for forwarding the information sent and received by the second virtual machine, so The second flow table includes mapping information between the second virtual machine and the virtual network.
在本发明的一种实施例中,所述构建第一流表,包括:将包含所述第一虚拟机标识信息的报文发送给控制器进行学习;学习结束后,将包含所述第一虚拟机的物理地址与所述虚拟网络间映射关系的信息封装为所述第一流表。In an embodiment of the present invention, the constructing the first flow table includes: sending a message containing the identification information of the first virtual machine to the controller for learning; The information of the mapping relationship between the physical address of the machine and the virtual network is encapsulated into the first flow table.
在本发明的一种实施例中,所述构建第二流表,包括:接收所述第二交换机转发来的关联消息,根据所述关联消息设置所述第二虚拟机的端口与所述虚拟网络间的映射;将包含所述端口与所述虚拟网络间映射关系的信息封装为所述第二流表。In an embodiment of the present invention, the constructing the second flow table includes: receiving an association message forwarded by the second switch, and setting the port of the second virtual machine and the virtual flow table according to the association message. Mapping between networks: encapsulating information including the mapping relationship between the port and the virtual network into the second flow table.
在本发明的一种实施例中,所述构建第二流表前,还包括:向所述第二交换机和所述控制器注册所述第二虚拟机,进行所述第二虚拟机与虚拟局域网络和端口标识间的映射。In an embodiment of the present invention, before constructing the second flow table, it further includes: registering the second virtual machine with the second switch and the controller, and performing the connection between the second virtual machine and the virtual Mapping between LAN and port IDs.
本发明提供一种实现虚拟机互通的方法,包括:向第一交换机或第二交换机发送第一报文,所述第一报文包含网络协议数据包和虚拟局域网信息;根据所述第一报文确定进行转发处理;通过第一流表进行第一虚拟机与所述第一交换机间的转发处理,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息;通过第二流表进行第二虚拟机与所述第二交换机间的转发处理,所述第二流表包含所述第二虚拟机与所述虚拟网络间的映射信息。The present invention provides a method for realizing virtual machine intercommunication, comprising: sending a first message to a first switch or a second switch, the first message includes network protocol data packets and virtual local area network information; according to the first message The document determines to perform forwarding processing; perform forwarding processing between the first virtual machine and the first switch through the first flow table, and the first flow table contains mapping information between the first virtual machine and the virtual network; through the second flow table The table performs forwarding processing between the second virtual machine and the second switch, and the second flow table includes mapping information between the second virtual machine and the virtual network.
在本发明的一种实施例中,实现所述第一虚拟机和所述第二虚拟机间的互通包括:当所述第一虚拟机和所述第二虚拟机处于相同网段时,实现所述第一虚拟机和所述第二虚拟机间的二层互通;当所述第一虚拟机和所述第二虚拟机处于不同网段时,实现所述第一虚拟机和所述第二虚拟机间的二层和三层互通。In an embodiment of the present invention, implementing the intercommunication between the first virtual machine and the second virtual machine includes: when the first virtual machine and the second virtual machine are on the same network segment, implementing Layer 2 intercommunication between the first virtual machine and the second virtual machine; when the first virtual machine and the second virtual machine are on different network segments, the first virtual machine and the second virtual machine are implemented Layer 2 and Layer 3 communication between two virtual machines.
本发明提供一种实现虚拟机统一管理的装置,包括:第一处理单元和第二处理单元,所述第一处理单元用于构建第一流表,并将所述第一流表发送给用于转发第一虚拟机收发信息的第一交换机,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息;所述第二处理单元用于构建第二流表,并将所述第二流表发送给用于转发第二虚拟机收发信息的第二交换机,所述第二流表包含所述第二虚拟机与所述虚拟网络间的映射信息。The present invention provides a device for realizing unified management of virtual machines, including: a first processing unit and a second processing unit, the first processing unit is used to construct a first flow table, and send the first flow table to a The first switch for the first virtual machine to send and receive information, the first flow table includes mapping information between the first virtual machine and the virtual network; the second processing unit is configured to construct a second flow table, and the first flow table includes the mapping information between the first virtual machine and the virtual network; The second flow table is sent to the second switch for forwarding the information sent and received by the second virtual machine, and the second flow table includes mapping information between the second virtual machine and the virtual network.
在本发明的一种实施例中,所述第一处理单元包括第一处理子单元和第二处理子单元,所述第一处理子单元用于将包含所述第一虚拟机标识信息的报文发送给控制器进行学习;所述第二处理子单元用于学习结束后,将包含所述第一虚拟机的物理地址与所述虚拟网络间映射关系的信息封装为所述第一流表。In an embodiment of the present invention, the first processing unit includes a first processing subunit and a second processing subunit, and the first processing subunit is configured to convert the report containing the identification information of the first virtual machine to The file is sent to the controller for learning; the second processing subunit is configured to encapsulate information including the mapping relationship between the physical address of the first virtual machine and the virtual network into the first flow table after the learning is completed.
在本发明的一种实施例中,所述第二处理单元包括第三处理子单元和第四处理子单元,所述第三处理子单元用于接收所述第二交换机转发来的关联消息,根据所述关联消息设置所述第二虚拟机的端口与所述虚拟网络间的映射;所述第四处理子单元用于将包含所述端口与所述虚拟网络间映射关系的信息封装为所述第二流表。In an embodiment of the present invention, the second processing unit includes a third processing subunit and a fourth processing subunit, the third processing subunit is configured to receive the association message forwarded by the second switch, Setting the mapping between the port of the second virtual machine and the virtual network according to the association message; the fourth processing subunit is configured to encapsulate information including the mapping relationship between the port and the virtual network into the Describe the second flow table.
本发明提供一种实现虚拟机互通的装置,包括第三处理单元,第四处理单元,第五处理单元和第六处理单元,所述第三处理单元用于向第一交换机或第二交换机发送第一报文,所述第一报文包含网络协议数据包和虚拟局域网信息;所述第四处理单元用于根据所述第一报文确定进行转发处理;所述第五处理单元用于通过第一流表进行第一虚拟机与所述第一交换机间的转发处理,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息;所述第六处理单元用于通过第二流表进行第二虚拟机与所述第二交换机间的转发处理,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息。The present invention provides a device for realizing virtual machine intercommunication, including a third processing unit, a fourth processing unit, a fifth processing unit and a sixth processing unit, and the third processing unit is used to send The first message, the first message includes network protocol data packets and virtual local area network information; the fourth processing unit is used to determine forwarding processing according to the first message; the fifth processing unit is used to pass The first flow table performs forwarding processing between the first virtual machine and the first switch, and the first flow table includes mapping information between the first virtual machine and the virtual network; the sixth processing unit is used to pass the second The flow table performs forwarding processing between the second virtual machine and the second switch, and the first flow table includes mapping information between the first virtual machine and the virtual network.
本发明提供一种实现虚拟机统一管理及互通的系统,包括:控制器,第一交换机和第二交换机,所述控制器用于构建第一流表与第二流表,并将所述第一流表发送给第一交换机,将所述第二流表发送给所述第二交换机;所述第一流表包括第一虚拟机与虚拟网络间的映射信息,所述第二流表包括所述第二虚拟机与所述虚拟网络间的映射信息;所述第一交换机用于接收所述控制器发送来的所述第一流表,通过所述第一流表进行与所述第一虚拟机和所述第二交换机间的转发处理;所述第二交换机用于接收所述控制器发送来的所述第二流表,通过所述第二流表进行与所述第二虚拟机和所述第一交换机间的转发处理;所述第一交换机和所述第二交换机还用于接收第一报文,所述第一报文包含网络协议数据包和虚拟局域网信息。The present invention provides a system for realizing unified management and intercommunication of virtual machines, including: a controller, a first switch and a second switch, the controller is used to construct a first flow table and a second flow table, and set the first flow table Send to the first switch, and send the second flow table to the second switch; the first flow table includes mapping information between the first virtual machine and the virtual network, and the second flow table includes the second Mapping information between a virtual machine and the virtual network; the first switch is configured to receive the first flow table sent by the controller, and communicate with the first virtual machine and the first flow table through the first flow table Forwarding processing between the second switches; the second switch is used to receive the second flow table sent by the controller, and communicate with the second virtual machine and the first virtual machine through the second flow table Forwarding processing between switches; the first switch and the second switch are further configured to receive a first message, and the first message includes network protocol data packets and virtual local area network information.
本发明的有益效果是:The beneficial effects of the present invention are:
本发明提供的实现虚拟机统一管理及互通的方法、装置和系统,通过构建第一流表,并将第一流表发送给用于转发第一虚拟机收发信息的第一交换机,第一流表包含第一虚拟机与虚拟网络间的映射信息;构建第二流表,并将第二流表发送给用于转发第二虚拟机收发信息的第二交换机,第二流表包含第二虚拟机与虚拟网络间的映射信息。实现了对不同类型虚拟机的统一管理,增强了服务能力,降低了运营成本。The method, device and system for realizing the unified management and intercommunication of virtual machines provided by the present invention construct the first flow table and send the first flow table to the first switch for forwarding the information sent and received by the first virtual machine. The first flow table contains the first flow table Mapping information between a virtual machine and a virtual network; construct a second flow table, and send the second flow table to a second switch for forwarding information sent and received by the second virtual machine, the second flow table includes the second virtual machine and the virtual network Mapping information between networks. It realizes unified management of different types of virtual machines, enhances service capabilities, and reduces operating costs.
另外,通过向第一交换机或第二交换机发送第一报文,第一报文包含网络协议数据包和虚拟局域网信息;根据第一报文确定进行转发处理;通过第一流表进行第一虚拟机与第一交换机间的转发处理,所述第一流表包括第一虚拟机与虚拟网络间的映射信息;通过第二流表进行第二虚拟机与第二交换机间的转发处理,所述第二流表包括所述第二虚拟机与所述虚拟网络间的映射信息。实现了不同类型虚拟机间的互通,扩展了虚拟数据中心中的网络规模,使虚拟数据中心系统可以管理的网络规模和范围更大。In addition, by sending the first message to the first switch or the second switch, the first message includes network protocol data packets and virtual local area network information; according to the first message, it is determined to perform forwarding processing; through the first flow table, the first virtual machine For forwarding processing with the first switch, the first flow table includes mapping information between the first virtual machine and the virtual network; for forwarding processing between the second virtual machine and the second switch through the second flow table, the second The flow table includes mapping information between the second virtual machine and the virtual network. The intercommunication between different types of virtual machines is realized, the network scale in the virtual data center is expanded, and the network scale and range that the virtual data center system can manage are larger.
附图说明Description of drawings
图1为本发明实施例一中实现虚拟机统一管理的方法流程图;FIG. 1 is a flowchart of a method for realizing unified management of virtual machines in Embodiment 1 of the present invention;
图2为本发明实施例二中实现虚拟机互通的方法流程图;FIG. 2 is a flowchart of a method for realizing virtual machine intercommunication in Embodiment 2 of the present invention;
图3为本发明实施例三中实现虚拟机统一管理的装置示意图;FIG. 3 is a schematic diagram of an apparatus for realizing unified management of virtual machines in Embodiment 3 of the present invention;
图4为图3中第一处理单元示意图;Fig. 4 is a schematic diagram of the first processing unit in Fig. 3;
图5为图3中第二处理单元示意图;Fig. 5 is a schematic diagram of the second processing unit in Fig. 3;
图6为本发明实施例四中实现虚拟机互通的装置示意图;FIG. 6 is a schematic diagram of an apparatus for implementing virtual machine intercommunication in Embodiment 4 of the present invention;
图7为本发明实施例五中实现虚拟机统一管理及互通的系统示意图;FIG. 7 is a schematic diagram of a system for realizing unified management and intercommunication of virtual machines in Embodiment 5 of the present invention;
图8为本发明实施例五中实现KVM和VMware虚拟机统一管理及互通的系统示意图;8 is a schematic diagram of a system that realizes unified management and intercommunication of KVM and VMware virtual machines in Embodiment 5 of the present invention;
图9为本发明实施例五中实现KVM和VMware虚拟机统一管理及互通的系统的另一示意图;9 is another schematic diagram of a system for realizing unified management and intercommunication of KVM and VMware virtual machines in Embodiment 5 of the present invention;
图10为本发明实施例五中实现KVM和VMware虚拟机统一管理及互通的方法流程图。FIG. 10 is a flowchart of a method for realizing unified management and intercommunication between KVM and VMware virtual machines in Embodiment 5 of the present invention.
具体实施方式detailed description
为了使本技术领域的人员更好地理解本发明方案,下面将结合附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,而不是全部的实施例;需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。In order to enable those skilled in the art to better understand the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings. Obviously, the described embodiments are only part of the implementation of the present invention Examples, not all embodiments; It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts shall fall within the protection scope of the present invention.
实施例一:Embodiment one:
本实施例提供一种实现虚拟机统一管理的方法,请参见图1,包括:This embodiment provides a method for realizing unified management of virtual machines, please refer to FIG. 1, including:
步骤101,构建第一流表,并将所述第一流表发送给用于转发第一虚拟机收发信息的第一交换机,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息;Step 101, constructing a first flow table, and sending the first flow table to a first switch for forwarding information sent and received by the first virtual machine, the first flow table includes mapping information between the first virtual machine and a virtual network ;
步骤102,构建第二流表,并将所述第二流表发送给用于转发第二虚拟机收发信息的第二交换机,所述第二流表包含所述第二虚拟机与所述虚拟网络间的映射信息。Step 102, construct a second flow table, and send the second flow table to the second switch for forwarding the information sent and received by the second virtual machine, the second flow table includes the second virtual machine and the virtual machine Mapping information between networks.
对于步骤101,构建第一流表包括将包含第一虚拟机标识信息的报文发送给控制器进行学习;学习结束后,将包含第一虚拟机的物理地址与虚拟网络间映射关系的信息封装为第一流表。具体的,先在管理界面上配置与第一虚拟机和第二虚拟机对应的虚拟平台,配置完成后,在管理界面上创建第一虚拟机,第一交换机将第一虚拟机的报文通过Packet-in Message发送至控制器进行虚拟机MAC(物理地址)学习,学习完成后由控制器向第一虚拟机所在的第一交换机下发第一流表,该第一流表包含VNET(虚拟网络)+SRC MAC(source MAC源虚拟机的物理网卡信息)的表项,后续第一虚拟机发送的流量就可以正常按照此第一流表进行转发。更进一步的,此处的第一虚拟机可以是KVM虚拟机,相应的第一交换机则为DVS,此处的控制器具体的可以是SDN控制器。需要理解的是,上述第一虚拟机是指区别于第二虚拟机的一类虚拟机,而不是单指一个虚拟机;另外,该第一虚拟机不仅限于KVM虚拟机,第一交换机不仅限于DVS,控制器也不仅限于SDN控制器,任何可以实现上述步骤1内容的模块都在本实施例保护范围内,具体可以根据需要进行相应的选择和替换。For step 101, building the first flow table includes sending a packet containing the identification information of the first virtual machine to the controller for learning; after the learning is completed, encapsulating the information containing the mapping relationship between the physical address of the first virtual machine and the virtual network as First stream table. Specifically, first configure the virtual platforms corresponding to the first virtual machine and the second virtual machine on the management interface, after the configuration is completed, create the first virtual machine on the management interface, and the first switch passes the packets of the first virtual machine through The Packet-in Message is sent to the controller to learn the MAC (physical address) of the virtual machine. After the learning is completed, the controller sends the first flow table to the first switch where the first virtual machine is located. The first flow table includes VNET (virtual network) +SRC MAC (source MAC physical network card information of the source virtual machine), the subsequent traffic sent by the first virtual machine can be normally forwarded according to this first flow table. Furthermore, the first virtual machine here may be a KVM virtual machine, the corresponding first switch is a DVS, and the controller here may specifically be an SDN controller. It should be understood that the above-mentioned first virtual machine refers to a type of virtual machine that is different from the second virtual machine, rather than a single virtual machine; in addition, the first virtual machine is not limited to the KVM virtual machine, and the first switch is not limited to The DVS and the controller are not limited to the SDN controller, any module that can realize the content of the above step 1 is within the scope of protection of this embodiment, and can be selected and replaced according to specific needs.
对于步骤102,构建第二流表包括接收第二交换机转发来的关联消息,根据关联消息设置第二虚拟机端口与虚拟网络间的映射;将包含第二虚拟机的端口与虚拟网络间映射关系的信息封装为第二流表。构建第二流表前,还包括:向第二交换机和控制器注册第二虚拟机,进行所述第二虚拟机与虚拟局域网络和端口标识间的映射。具体的,在管理界面上创建第二虚拟机,包括{“port_uuid(端口标识)”,“virtualnetwork_id(虚拟网络标识)”,“name(名字)”,“ip_address(地址)”,“mac(物理地址)”,“security_groups(安全组)”}等信息。然后发送关联消息,进行port_uuid,该关联消息包含{port_uuid,vid}。创建第二虚拟机和port_uuid完成后,通过关联消息向第二交换机和控制器进行注册,注册信息包括port_uuid、vlan,进行VM和vlan、port_uuid的映射;在删除虚拟机时,则向第二交换机和控制器进行关联消除,通知控制器该虚拟机已经被删除。注册完成后,第二交换机根据控制器预先下发的流表,将关联消息上送到控制器,控制器根据上送packet-in的端口和dpid,先确定第二虚拟机的接入位置;然后根据port_uuid,确认关联消息关联的第二虚拟机的信息;接着根据vlan和OpenFlow的in_port,向第二虚拟机端口配置vlan子接口,并将vlan子接口加入虚拟网络,即设置port-vnet映射,根据上述处理过程,生成第二流表,该第二流表包含第二虚拟机端口与VNET间的映射关系;然后将该第二流表发送给第二交换机。更进一步的,该第二虚拟机可以是VMware虚拟机,相应的第二交换机则为ToR交换机,控制器可以是SDN控制器,管理界面为VDC的管理界面,创建VMware虚拟机时,VDC的管理界面通过OpenStack调用SDN控制器的北向接口,创建VMware虚拟机;相应的关联消息具体可以是VDP(VSI Discovery Protocol VSI发现协议)关联消息,该第二流表具体的可以是VDP协议流表。For step 102, constructing the second flow table includes receiving the association message forwarded by the second switch, setting the mapping between the port of the second virtual machine and the virtual network according to the association message; mapping the port containing the second virtual machine and the virtual network The information of is encapsulated into the second flow table. Before constructing the second flow table, it also includes: registering the second virtual machine with the second switch and the controller, and performing mapping between the second virtual machine and the virtual local area network and port identifier. Specifically, create a second virtual machine on the management interface, including {"port_uuid (port identification)", "virtualnetwork_id (virtual network identification)", "name (name)", "ip_address (address)", "mac (physical Address)", "security_groups (security group)"} and other information. Then send an association message for port_uuid, which contains {port_uuid, vid}. After creating the second virtual machine and port_uuid, register with the second switch and the controller through the associated message, the registration information includes port_uuid, vlan, and perform the mapping of VM and vlan, port_uuid; when deleting the virtual machine, then register with the second switch Disassociate with the controller, and notify the controller that the virtual machine has been deleted. After the registration is completed, the second switch sends the association message to the controller according to the flow table issued by the controller in advance, and the controller first determines the access location of the second virtual machine according to the port and dpid of the packet-in sent; Then according to the port_uuid, confirm the information of the second virtual machine associated with the association message; then configure the vlan sub-interface to the port of the second virtual machine according to the in_port of vlan and OpenFlow, and add the vlan sub-interface to the virtual network, that is, set the port-vnet mapping , according to the above process, generate a second flow table, where the second flow table includes the mapping relationship between the second virtual machine port and the VNET; and then send the second flow table to the second switch. Furthermore, the second virtual machine can be a VMware virtual machine, the corresponding second switch is a ToR switch, the controller can be an SDN controller, and the management interface is the management interface of the VDC. When creating a VMware virtual machine, the management of the VDC The interface invokes the northbound interface of the SDN controller through OpenStack to create a VMware virtual machine; the corresponding associated message may specifically be a VDP (VSI Discovery Protocol VSI Discovery Protocol) associated message, and the second flow table may specifically be a VDP protocol flow table.
需要理解的是当第一虚拟机为KVM虚拟机,第二虚拟机为VMware虚拟机时,具体的在VDC的管理界面上配置的虚拟平台是Openstack虚拟平台和VMware虚拟平台,预先下发的流表可以是(Ethertype:0x8940)。上述第一虚拟机和第二虚拟机是指类型不同的两类虚拟机,而不是单指一个虚拟机;另外,需要理解的是任何可以实现上述内容的模块都在本实施例保护范围内,其可以根据需要进行相应的选择和替换。It should be understood that when the first virtual machine is a KVM virtual machine and the second virtual machine is a VMware virtual machine, the specific virtual platforms configured on the VDC management interface are Openstack virtual platform and VMware virtual platform, and the pre-delivered stream Table can be (Ethertype: 0x8940). The above-mentioned first virtual machine and second virtual machine refer to two types of virtual machines of different types, rather than just one virtual machine; in addition, it should be understood that any module that can realize the above content is within the scope of protection of this embodiment. It can be selected and replaced as required.
本实施例提供的实现虚拟机统一管理的方法,通过构建第一流表,并将第一流表发送给用于转发第一虚拟机收发信息的第一交换机,第一流表包含第一虚拟机与虚拟网络间的映射信息;构建第二流表,并将第二流表发送给用于转发第二虚拟机收发信息的第二交换机,第二流表包含第二虚拟机与虚拟网络间的映射信息。实现了管理界面对虚拟机的统一管理,增强了系统的服务能力,降低了运营成本。The method for realizing the unified management of virtual machines provided by this embodiment is to construct the first flow table and send the first flow table to the first switch for forwarding the information sent and received by the first virtual machine. The first flow table includes the first virtual machine and the virtual machine. Mapping information between networks; build a second flow table, and send the second flow table to a second switch for forwarding information sent and received by the second virtual machine, the second flow table includes mapping information between the second virtual machine and the virtual network . It realizes the unified management of the virtual machine by the management interface, enhances the service capability of the system, and reduces the operation cost.
实施例二:Embodiment two:
本实施例提供了一种实现虚拟机互通的方法,请参见图2,包括:This embodiment provides a method for realizing virtual machine intercommunication, please refer to Figure 2, including:
步骤201,向第一交换机发送第一报文,所述第一报文包含网络协议数据包和虚拟局域网信息;Step 201, sending a first message to a first switch, where the first message includes a network protocol data packet and virtual local area network information;
步骤202,根据所述第一报文确定进行转发处理;Step 202, determine to perform forwarding processing according to the first message;
步骤203,通过第一流表进行所述第一虚拟机与第一交换机间的转发处理,所述第一流表包含所述第一虚拟机与虚拟网络间的映射信息;Step 203, perform forwarding processing between the first virtual machine and the first switch through a first flow table, where the first flow table includes mapping information between the first virtual machine and a virtual network;
步骤204,通过第二流表进行所述第二虚拟机与第二交换机间的交换机转发处理,所述第二流表包含所述第二虚拟机与所述虚拟网络间的映射信息。Step 204, perform switch forwarding processing between the second virtual machine and the second switch through a second flow table, where the second flow table includes mapping information between the second virtual machine and the virtual network.
通过上述步骤,实现虚拟机间的互通,具体的当第一虚拟机和第二虚拟机处于相同网段时,实现第一虚拟机和第二虚拟机间的二层转发互通;当第一虚拟机和第二虚拟机处于不同网段时,实现VMware虚拟机和KVM虚拟机间的二层和三层转发互通。Through the above steps, the intercommunication between the virtual machines is realized. Specifically, when the first virtual machine and the second virtual machine are in the same network segment, the Layer 2 forwarding intercommunication between the first virtual machine and the second virtual machine is realized; When the virtual machine and the second virtual machine are on different network segments, the Layer 2 and Layer 3 forwarding intercommunication between the VMware virtual machine and the KVM virtual machine is realized.
具体的,可以将IP包(网络协议数据包)增加vlan(虚拟局域网)信息,封装为第一报文,转发给第二交换机,第二交换机按照控制器下发的第一流表,进行转发处理,从而实现虚拟机间二层、三层的转发互通。如果第一虚拟机和第二虚拟机是相同网段,且第一虚拟机作为目的端,第二虚拟机作为源端,则Hypervisor将第二虚拟机的IP包增加vlan,转发给第二交换机,第二交换机按照控制器发送的第一流表,进行转发处理,根据vlan,inport,将报文vlanpop,并转换为metadata(VNET);根据metadata(VNET)和src MAC,确定是否需要进行主机学习;根据metadata(VNET)和dst MAC确定进行二层转发,目的端的第一交换机收到请求报文后转发给第一虚拟机,第一虚拟机的响应报文也按照第一交换机上的第一流表发送到第二交换机,第二交换机再转发给第二虚拟机,从而实现第一虚拟机和第二虚拟机之间的二层互通。如果第一虚拟机和第二虚拟机在不同网段,Hypervisor将第二虚拟机的IP包增加vlan1,转发给第二交换机,第二交换机按照控制器发送的流表进行转发处理,根据vlan,inport,将报文vlan pop,并转换为metadata(VNET);根据metadata(VNET)和src MAC,确定是否需要进行主机学习;根据metadata(VNET)和dst MAC,确定进行二层转发;根据metadata(VRF)和dst IP,进行三层转发;目的端第一交换机收到请求报文后转发给第一虚拟机,第一虚拟机的响应报文也按照第一交换机上的第一流表发送到第二交换机,第二交换机再转发给第二虚拟机,从而实现第一虚拟机和第二虚拟机之间的三层互通。Specifically, the IP packet (network protocol data packet) can be added with vlan (virtual local area network) information, encapsulated into a first message, and forwarded to the second switch, and the second switch performs forwarding processing according to the first flow table issued by the controller , so as to realize the forwarding intercommunication of the second layer and the third layer between the virtual machines. If the first virtual machine and the second virtual machine are on the same network segment, and the first virtual machine is used as the destination end, and the second virtual machine is used as the source end, then the Hypervisor adds a vlan to the IP packet of the second virtual machine and forwards it to the second switch , the second switch performs forwarding processing according to the first flow table sent by the controller, vlanpops the message according to vlan and inport, and converts it into metadata (VNET); determines whether host learning is required according to metadata (VNET) and src MAC ;According to the metadata (VNET) and dst MAC to determine the layer-2 forwarding, the first switch at the destination end forwards the request message to the first virtual machine after receiving the request message, and the response message of the first virtual machine is also according to the first flow on the first switch The table is sent to the second switch, and the second switch forwards it to the second virtual machine, thereby realizing Layer 2 intercommunication between the first virtual machine and the second virtual machine. If the first virtual machine and the second virtual machine are on different network segments, the Hypervisor adds vlan1 to the IP packet of the second virtual machine and forwards it to the second switch. The second switch performs forwarding processing according to the flow table sent by the controller. According to the vlan, Inport, the message vlan pop, and converted to metadata (VNET); according to metadata (VNET) and src MAC, determine whether host learning is required; according to metadata (VNET) and dst MAC, determine the second layer forwarding; according to metadata ( VRF) and dst IP, for three-layer forwarding; the first switch at the destination end forwards the request message to the first virtual machine after receiving the request message, and the response message of the first virtual machine is also sent to the first virtual machine according to the first flow table on the first switch. two switches, and the second switch forwards the data to the second virtual machine, thereby realizing Layer 3 intercommunication between the first virtual machine and the second virtual machine.
更进一步的,该第一虚拟机可以是KVM虚拟机,该第二虚拟机可以是VMware虚拟机,控制器可以是SDN控制器,相应的,第一交换机则为DVS,第二交换机为ToR交换机,上述第一虚拟机和第二虚拟机是指类型不同的两类虚拟机,而不是单指一个虚拟机;另外,需要理解的是任何可以实现上述步骤所述内容的模块都在本实施例保护范围内,具体可以根据需要进行相应的选择和替换。Furthermore, the first virtual machine may be a KVM virtual machine, the second virtual machine may be a VMware virtual machine, and the controller may be an SDN controller. Correspondingly, the first switch is a DVS, and the second switch is a ToR switch , the above-mentioned first virtual machine and second virtual machine refer to two types of virtual machines of different types, rather than just one virtual machine; in addition, it should be understood that any module that can realize the content described in the above steps is included in this embodiment Within the scope of protection, specific selections and replacements can be made as required.
本实施例通过向第一交换机或第二交换机发送第一报文,第一报文包含网络协议数据包和虚拟局域网信息;根据第一报文确定进行转发处理;通过第一流表进行第一虚拟机与第一交换机间的转发处理,第一流表包含第一虚拟机与虚拟网络间的映射信息;通过第二流表进行第二虚拟机与第二交换机间的转发处理第二流表包含第二虚拟机与虚拟网络间的映射信息。实现了不同类型虚拟机间的互通,扩展了虚拟数据中心中的网络规模,使虚拟数据中心系统可以管理的网络规模和范围更大。In this embodiment, by sending the first message to the first switch or the second switch, the first message includes network protocol data packets and virtual local area network information; it is determined to perform forwarding processing according to the first message; The forwarding process between the virtual machine and the first switch, the first flow table contains the mapping information between the first virtual machine and the virtual network; the forwarding process between the second virtual machine and the second switch is performed through the second flow table, and the second flow table contains the first 2. Mapping information between the virtual machine and the virtual network. The intercommunication between different types of virtual machines is realized, the network scale in the virtual data center is expanded, and the network scale and range that the virtual data center system can manage are larger.
实施例三:Embodiment three:
本实施例提供一种实现虚拟机统一管理的装置,请参见图3,包括第一处理单元11和第二处理单元12,第一处理单元11用于构建第一流表,并将第一流表发送给用于转发第一虚拟机收发信息的第一交换机,第一流表包含第一虚拟机与虚拟网络间的映射信息;第二处理单元12用于构建第二流表,并将第二流表发送给用于转发第二虚拟机收发信息的第二交换机,第二流表包含第二虚拟机与虚拟网络间的映射信息。This embodiment provides a device for realizing unified management of virtual machines. Please refer to FIG. 3 , which includes a first processing unit 11 and a second processing unit 12. To the first switch for forwarding the first virtual machine to send and receive information, the first flow table includes mapping information between the first virtual machine and the virtual network; the second processing unit 12 is used to construct the second flow table, and the second flow table sent to the second switch for forwarding the information sent and received by the second virtual machine, and the second flow table includes the mapping information between the second virtual machine and the virtual network.
进一步的,请参见图4,第一处理单元11包括第一处理子单元111和第二处理子单元112,第一处理子单元111用于将包含第一虚拟机标识信息的报文发送给控制器进行学习;第二处理子单元112用于学习结束后,将包含第一虚拟机的物理地址与虚拟网络间映射关系的信息封装为第一流表。Further, referring to FIG. 4 , the first processing unit 11 includes a first processing subunit 111 and a second processing subunit 112, and the first processing subunit 111 is configured to send a message containing the identification information of the first virtual machine to the control The second processing subunit 112 is configured to encapsulate information including the mapping relationship between the physical address of the first virtual machine and the virtual network into a first flow table after the learning is completed.
具体的,先在管理界面上配置与第一虚拟机和第二虚拟机对应的虚拟平台,配置完成后,在管理界面上创建第一虚拟机,第一交换机将第一虚拟机的报文通过Packet-in Message发送至控制器进行虚拟机MAC(物理地址)学习,学习完成后由控制器向第一虚拟机所在的第一交换机下发第一流表,该第一流表包含VNET(虚拟网络)+SRC MAC(source MAC源虚拟机的物理网卡信息)的表项,后续第一虚拟机发送的流量就可以正常按照此第一流表进行转发。更进一步的,此处的第一虚拟机可以是KVM虚拟机,相应的第一交换机则为DVS,此处的控制器具体的可以是SDN控制器。需要理解的是,上述第一虚拟机是指区别于第二虚拟机的一类虚拟机,而不是单指一个虚拟机;另外,该第一虚拟机不仅限于KVM虚拟机,第一交换机不仅限于DVS,控制器也不仅限于SDN控制器,任何可以实现上述内容的模块都在本实施例保护范围内,可以根据需要进行相应的选择和替换。Specifically, first configure the virtual platforms corresponding to the first virtual machine and the second virtual machine on the management interface, after the configuration is completed, create the first virtual machine on the management interface, and the first switch passes the packets of the first virtual machine through The Packet-in Message is sent to the controller to learn the MAC (physical address) of the virtual machine. After the learning is completed, the controller sends the first flow table to the first switch where the first virtual machine is located. The first flow table includes VNET (virtual network) +SRC MAC (source MAC physical network card information of the source virtual machine), the subsequent traffic sent by the first virtual machine can be normally forwarded according to this first flow table. Furthermore, the first virtual machine here may be a KVM virtual machine, the corresponding first switch is a DVS, and the controller here may specifically be an SDN controller. It should be understood that the above-mentioned first virtual machine refers to a type of virtual machine that is different from the second virtual machine, rather than a single virtual machine; in addition, the first virtual machine is not limited to the KVM virtual machine, and the first switch is not limited to The DVS and the controller are not limited to the SDN controller, and any module that can realize the above content is within the scope of protection of this embodiment, and can be selected and replaced as required.
进一步的,请参见图5,第二处理单元12包括第三处理子单元121和第四处理子单122,第三处理子单元121用于接收第二交换机转发来的关联消息,根据关联消息设置第二虚拟机端口与虚拟网络间的映射;第四处理子单元122用于将包含第二虚拟机的端口与虚拟网络间映射关系的信息封装为第二流表。需要理解的是,在构建第二流表前,还包括向第二交换机和控制器注册第二虚拟机,进行第二虚拟机与虚拟局域网络和端口标识间的映射。Further, referring to FIG. 5 , the second processing unit 12 includes a third processing subunit 121 and a fourth processing subunit 122, the third processing subunit 121 is configured to receive the association message forwarded by the second switch, and set the Mapping between the port of the second virtual machine and the virtual network; the fourth processing subunit 122 is configured to encapsulate information including the mapping relationship between the port of the second virtual machine and the virtual network into a second flow table. It should be understood that before constructing the second flow table, it also includes registering the second virtual machine with the second switch and the controller, and performing mapping between the second virtual machine and the virtual local area network and port identifier.
具体的,在管理界面上创建第二虚拟机,包括{“port_uuid(端口标识)”,“virtualnetwork_id(虚拟网络标识)”,“name(名字)”,“ip_address(地址)”,“mac(物理地址)”,“security_groups(安全组)”}等信息。然后发送关联消息,进行port_uuid,该关联消息包含{port_uuid,vid}。创建第二虚拟机和port_uuid完成后,通过关联消息向第二交换机和控制器进行注册,注册信息包括port_uuid、vlan,进行VM和vlan、port_uuid的映射;在删除虚拟机时,则向第二交换机和控制器进行关联消除,通知控制器该虚拟机已经被删除。注册完成后,第二交换机根据控制器预先下发的流表,将关联消息上送到控制器,控制器根据上送packet-in的端口和dpid,先确定第二虚拟机的接入位置;然后根据port_uuid,确认关联消息关联的第二虚拟机的信息;接着根据vlan和OpenFlow的in_port,向第二虚拟机端口配置vlan子接口,并将vlan子接口加入虚拟网络,即设置port-vnet映射,根据上述处理过程,生成第二流表,该第二流表包含第二虚拟机端口与VNET间的映射关系;然后将该第二流表发送给第二交换机。更进一步的,该第二虚拟机可以是VMware虚拟机,相应的第二交换机则为ToR交换机,控制器可以是SDN控制器,管理界面为VDC的管理界面,创建VMware虚拟机时,VDC的管理界面通过OpenStack调用SDN控制器的北向接口,创建VMware虚拟机;相应的关联消息具体可以是VDP关联消息,该第二流表具体的可以是VDP协议流表。Specifically, create a second virtual machine on the management interface, including {"port_uuid (port identification)", "virtualnetwork_id (virtual network identification)", "name (name)", "ip_address (address)", "mac (physical Address)", "security_groups (security group)"} and other information. Then send an association message for port_uuid, which contains {port_uuid, vid}. After creating the second virtual machine and port_uuid, register with the second switch and the controller through the associated message, the registration information includes port_uuid, vlan, and perform the mapping of VM and vlan, port_uuid; when deleting the virtual machine, then register with the second switch Disassociate with the controller, and notify the controller that the virtual machine has been deleted. After the registration is completed, the second switch sends the association message to the controller according to the flow table issued by the controller in advance, and the controller first determines the access location of the second virtual machine according to the port and dpid of the packet-in sent; Then according to the port_uuid, confirm the information of the second virtual machine associated with the association message; then configure the vlan sub-interface to the port of the second virtual machine according to the in_port of vlan and OpenFlow, and add the vlan sub-interface to the virtual network, that is, set the port-vnet mapping , according to the above process, generate a second flow table, where the second flow table includes the mapping relationship between the second virtual machine port and the VNET; and then send the second flow table to the second switch. Furthermore, the second virtual machine can be a VMware virtual machine, the corresponding second switch is a ToR switch, the controller can be an SDN controller, and the management interface is the management interface of the VDC. When creating a VMware virtual machine, the management of the VDC The interface invokes the northbound interface of the SDN controller through OpenStack to create a VMware virtual machine; the corresponding associated message may specifically be a VDP associated message, and the second flow table may specifically be a VDP protocol flow table.
需要理解的是当第一虚拟机为KVM虚拟机,第二虚拟机为VMware虚拟机时,具体的在VDC的管理界面上配置的虚拟平台是Openstack虚拟平台和VMware虚拟平台,预先下发的流表可以是(Ethertype:0x8940)。上述第一虚拟机和第二虚拟机是指类型不同的两类虚拟机,而不是单指一个虚拟机;另外,需要理解的是任何可以实现上述步骤1和步骤2所述内容的模块都在本实施例保护范围内,其可以根据需要进行相应的选择和替换。It should be understood that when the first virtual machine is a KVM virtual machine and the second virtual machine is a VMware virtual machine, the specific virtual platforms configured on the VDC management interface are Openstack virtual platform and VMware virtual platform, and the pre-delivered stream Table can be (Ethertype: 0x8940). The above-mentioned first virtual machine and second virtual machine refer to two types of virtual machines of different types, rather than just one virtual machine; in addition, it needs to be understood that any module that can implement the content described in the above steps 1 and 2 is in the Within the protection scope of this embodiment, it can be selected and replaced as required.
本实施例提供的实现虚拟机统一管理的方法,通过构建第一流表,并将第一流表发送给用于转发第一虚拟机收发信息的第一交换机,第一流表包含第一虚拟机与虚拟网络间的映射信息;构建第二流表,并将第二流表发送给用于转发第二虚拟机收发信息的第二交换机,第二流表包含第二虚拟机与虚拟网络间的映射信息。实现了管理界面对虚拟机的统一管理,增强了系统的服务能力,降低了运营成本。The method for realizing the unified management of virtual machines provided by this embodiment is to construct the first flow table and send the first flow table to the first switch for forwarding the information sent and received by the first virtual machine. The first flow table includes the first virtual machine and the virtual machine. Mapping information between networks; build a second flow table, and send the second flow table to a second switch for forwarding information sent and received by the second virtual machine, the second flow table includes mapping information between the second virtual machine and the virtual network . It realizes the unified management of the virtual machine by the management interface, enhances the service capability of the system, and reduces the operation cost.
实施例四:Embodiment four:
本实施例提供了一种实现虚拟机互通的装置,请参见图6,包括第三处理单元13,第四处理单元14,第五处理单元15和第六处理单元16,第三处理单元13用于向第一交换机或第二交换机发送第一报文,第一报文包含网络协议数据包和虚拟局域网信息;第四处理单元14用于根据第一报文确定进行转发处理;第五处理单元15用于通过第一流表进行第一虚拟机与第一交换机间的转发处理,第一流表包含第一虚拟机与虚拟网络间的映射信息;第六处理单元16用于通过第二流表进行第二虚拟机与第二交换机间的转发处理,第二流表包含第二虚拟机与虚拟网络间的映射信息。This embodiment provides a device for realizing virtual machine intercommunication, please refer to FIG. For sending the first message to the first switch or the second switch, the first message includes network protocol data packets and virtual local area network information; the fourth processing unit 14 is used to determine forwarding processing according to the first message; the fifth processing unit 15 is used to perform forwarding processing between the first virtual machine and the first switch through the first flow table, and the first flow table includes mapping information between the first virtual machine and the virtual network; the sixth processing unit 16 is used to perform forwarding processing between the first virtual machine and the virtual network through the second flow table For forwarding processing between the second virtual machine and the second switch, the second flow table includes mapping information between the second virtual machine and the virtual network.
通过上述步骤,实现虚拟机间的互通,具体的当第一虚拟机和第二虚拟机处于相同网段时,实现第一虚拟机和第二虚拟机间的二层转发互通;当第一虚拟机和第二虚拟机处于不同网段时,实现第一虚拟机和第二虚拟机间的二层和三层转发互通。Through the above steps, the intercommunication between the virtual machines is realized. Specifically, when the first virtual machine and the second virtual machine are in the same network segment, the Layer 2 forwarding intercommunication between the first virtual machine and the second virtual machine is realized; When the virtual machine and the second virtual machine are on different network segments, the Layer 2 and Layer 3 forwarding intercommunication between the first virtual machine and the second virtual machine is realized.
具体的,可以将IP包(网络协议数据包)增加vlan(虚拟局域网)信息,封装为第一报文,转发给第二交换机,第二交换机按照控制器下发的第一流表,进行转发处理,从而实现虚拟机间二层、三层的转发互通。如果第一虚拟机和第二虚拟机是相同网段,且第一虚拟机作为目的端,第二虚拟机作为源端,则Hypervisor将第二虚拟机的IP包增加vlan,转发给第二交换机,第二交换机按照控制器发送的第一流表,进行转发处理,根据vlan,inport,将报文vlanpop,并转换为metadata(VNET);根据metadata(VNET)和src MAC,确定是否需要进行主机学习;根据metadata(VNET)和dst MAC确定进行二层转发,目的端的第一交换机收到请求报文后转发给第一虚拟机,第一虚拟机的响应报文也按照第一交换机上的第一流表发送到第二交换机,第二交换机再转发给第二虚拟机,从而实现第一虚拟机和第二虚拟机之间的二层互通。如果第一虚拟机和第二虚拟机在不同网段,Hypervisor将第二虚拟机的IP包增加vlan1,转发给第二交换机,第二交换机按照控制器发送的流表进行转发处理,根据vlan,inport,将报文vlan pop,并转换为metadata(VNET);根据metadata(VNET)和src MAC,确定是否需要进行主机学习;根据metadata(VNET)和dst MAC,确定进行二层转发;根据metadata(VRF)和dst IP,进行三层转发;目的端第一交换机收到请求报文后转发给第一虚拟机,第一虚拟机的响应报文也按照第一交换机上的第一流表发送到第二交换机,第二交换机再转发给第二虚拟机,从而实现第一虚拟机和第二虚拟机之间的三层互通。Specifically, the IP packet (network protocol data packet) can be added with vlan (virtual local area network) information, encapsulated into a first message, and forwarded to the second switch, and the second switch performs forwarding processing according to the first flow table issued by the controller , so as to realize the forwarding intercommunication of the second layer and the third layer between the virtual machines. If the first virtual machine and the second virtual machine are on the same network segment, and the first virtual machine is used as the destination end, and the second virtual machine is used as the source end, then the Hypervisor adds a vlan to the IP packet of the second virtual machine and forwards it to the second switch , the second switch performs forwarding processing according to the first flow table sent by the controller, vlanpops the message according to vlan and inport, and converts it into metadata (VNET); determines whether host learning is required according to metadata (VNET) and src MAC ;According to the metadata (VNET) and dst MAC to determine the layer-2 forwarding, the first switch at the destination end forwards the request message to the first virtual machine after receiving the request message, and the response message of the first virtual machine is also according to the first flow on the first switch The table is sent to the second switch, and the second switch forwards it to the second virtual machine, thereby realizing Layer 2 intercommunication between the first virtual machine and the second virtual machine. If the first virtual machine and the second virtual machine are on different network segments, the Hypervisor adds vlan1 to the IP packet of the second virtual machine and forwards it to the second switch. The second switch performs forwarding processing according to the flow table sent by the controller. According to the vlan, Inport, the message vlan pop, and converted to metadata (VNET); according to metadata (VNET) and src MAC, determine whether host learning is required; according to metadata (VNET) and dst MAC, determine the second layer forwarding; according to metadata ( VRF) and dst IP, for three-layer forwarding; the first switch at the destination end forwards the request message to the first virtual machine after receiving the request message, and the response message of the first virtual machine is also sent to the first virtual machine according to the first flow table on the first switch. two switches, and the second switch forwards the data to the second virtual machine, thereby realizing Layer 3 intercommunication between the first virtual machine and the second virtual machine.
更进一步的,该第一虚拟机可以是KVM虚拟机,该第二虚拟机可以是VMware虚拟机,控制器可以是SDN控制器,相应的,第一交换机则为DVS,第二交换机为ToR交换机,上述第一虚拟机和第二虚拟机是指类型不同的两类虚拟机,而不是单指一个虚拟机;另外,需要理解的是任何可以实现上述步骤所述内容的模块都在本实施例保护范围内,其可以根据需要进行相应的选择和替换。Furthermore, the first virtual machine may be a KVM virtual machine, the second virtual machine may be a VMware virtual machine, and the controller may be an SDN controller. Correspondingly, the first switch is a DVS, and the second switch is a ToR switch , the above-mentioned first virtual machine and second virtual machine refer to two types of virtual machines of different types, rather than just one virtual machine; in addition, it should be understood that any module that can realize the content described in the above steps is included in this embodiment Within the scope of protection, it can be selected and replaced as required.
本实施例通过向第一交换机或第二交换机发送第一报文,第一报文包含网络协议数据包和虚拟局域网信息;根据第一报文确定进行转发处理;通过第一流表进行第一虚拟机与第一交换机间的转发处理,第一流表包含第一虚拟机与虚拟网络间的映射信息;通过第二流表进行第二虚拟机与第二交换机间的转发处理,第二流表包含第二虚拟机与虚拟网络间的映射信息。实现了不同类型虚拟机间的互通,扩展了虚拟数据中心中的网络规模,使虚拟数据中心系统可以管理的网络规模和范围更大。In this embodiment, by sending the first message to the first switch or the second switch, the first message includes network protocol data packets and virtual local area network information; it is determined to perform forwarding processing according to the first message; The forwarding process between the virtual machine and the first switch, the first flow table contains the mapping information between the first virtual machine and the virtual network; the forwarding process between the second virtual machine and the second switch is performed through the second flow table, and the second flow table contains Mapping information between the second virtual machine and the virtual network. The intercommunication between different types of virtual machines is realized, the network scale in the virtual data center is expanded, and the network scale and range that the virtual data center system can manage are larger.
实施例五:Embodiment five:
本实施例提供一种实现虚拟机统一管理及互通的系统,请参见图7,包括:控制器1,第一交换机2和第二交换机3,控制器1用于构建第一流表与第二流表,并将第一流表发送给第一交换机2,将第二流表发送给第二交换机3;第一流表包括第一虚拟机与虚拟网络间的映射信息,第二流表包括所述第二虚拟机与虚拟网络间的映射信息;第一交换机2用于接收所述控制器发送来的第一流表,通过第一流表进行与第一虚拟机和第二交换机间的转发处理;第二交换机3用于接收控制器发送来的第二流表,通过第二流表进行与第二虚拟机和第一交换机间的转发处理;第一交换机和所述第二交换机还用于接收第一报文,所述第一报文包含网络协议数据包和虚拟局域网信息。This embodiment provides a system for realizing unified management and intercommunication of virtual machines, please refer to FIG. 7 , including: a controller 1, a first switch 2 and a second switch 3, and the controller 1 is used to construct the first flow table and the second flow table, and send the first flow table to the first switch 2, and send the second flow table to the second switch 3; the first flow table includes the mapping information between the first virtual machine and the virtual network, and the second flow table includes the first flow table Mapping information between the second virtual machine and the virtual network; the first switch 2 is used to receive the first flow table sent by the controller, and perform forwarding processing between the first virtual machine and the second switch through the first flow table; the second The switch 3 is used to receive the second flow table sent by the controller, and perform forwarding processing with the second virtual machine and the first switch through the second flow table; the first switch and the second switch are also used to receive the first A message, the first message includes a network protocol data packet and virtual local area network information.
进一步的,该第一虚拟机可以是KVM虚拟机,该第二虚拟机可以是VMware虚拟机,控制器可以是SDN控制器,相应的,第一交换机则为DVS,第二交换机为ToR交换机,与KVM虚拟机和VMware虚拟机对应虚拟平台是Openstack虚拟平台和VMware ESXI虚拟平台。Further, the first virtual machine may be a KVM virtual machine, the second virtual machine may be a VMware virtual machine, and the controller may be an SDN controller. Correspondingly, the first switch is a DVS, and the second switch is a ToR switch. The virtual platforms corresponding to the KVM virtual machine and the VMware virtual machine are the Openstack virtual platform and the VMware ESXI virtual platform.
具体的,请参见图8,实现KVM虚拟机和VMware虚拟机统一管理及互通的系统包括Openstack虚拟平台21,VMware ESXI虚拟平台22,SDN控制器23,ToR交换机24和DVS25,具体的,Openstack虚拟平台21和VMware ESXI虚拟平台22分别用于在管理界面上创建KVM虚拟机和创建VMware虚拟机;SDN控制器23用于构建第一流表与第二流表,并将第一流表发送给DVS25,将第二流表发送给ToR交换机24;第一流表包括KVM虚拟机的物理地址与VNET间的映射信息,第二流表包括VMware虚拟机的端口与VNET间的映射信息;DVS25用于接收SDN控制器发送来的第一流表,通过第一流表进行与所述KVM虚拟机和ToR交换机间的转发处理;ToR交换机用于接收SDN控制器23发送来的所述第二流表,通过第二流表进行与VMware虚拟机和DVS25间的转发处理;还用于接收Hypervisor发送来的报文。Specifically, please refer to FIG. 8, the system for realizing the unified management and intercommunication of KVM virtual machine and VMware virtual machine includes Openstack virtual platform 21, VMware ESXI virtual platform 22, SDN controller 23, ToR switch 24 and DVS25, specifically, Openstack virtual Platform 21 and VMware ESXI virtual platform 22 are respectively used for creating KVM virtual machine and creating VMware virtual machine on the management interface; SDN controller 23 is used for constructing the first flow table and the second flow table, and the first flow table is sent to DVS25, The second flow table is sent to the ToR switch 24; the first flow table includes the mapping information between the physical address of the KVM virtual machine and the VNET, and the second flow table includes the mapping information between the port of the VMware virtual machine and the VNET; DVS25 is used to receive the SDN The first flow table sent by the controller performs forwarding processing with the KVM virtual machine and the ToR switch through the first flow table; the ToR switch is used to receive the second flow table sent by the SDN controller 23, through the second flow table The flow table performs forwarding processing with the VMware virtual machine and the DVS25; it is also used to receive messages sent by the Hypervisor.
请参见图9,图9为本实施例提供的实现VMware虚拟机和KVM虚拟机统一管理及互通的系统的另一示意图,除图8所示的各模块外,还包括Vcenter/VDP26,VM1和VM2,具体的,DVS25可以是ZXDVS,VM1是VMware虚拟机,VM2是KVM虚拟机。Please refer to FIG. 9. FIG. 9 is another schematic diagram of a system for realizing the unified management and intercommunication of VMware virtual machines and KVM virtual machines provided by this embodiment. In addition to each module shown in FIG. 8, it also includes Vcenter/VDP26, VM1 and VM2, specifically, DVS25 may be ZXDVS, VM1 is a VMware virtual machine, and VM2 is a KVM virtual machine.
请参见图10,下面对本实施例中提供的实现VMware和KVM虚拟机统一管理及互通的方法做详细说明,具体包括:Referring to FIG. 10, the method for realizing the unified management and intercommunication of VMware and KVM virtual machines provided in this embodiment will be described in detail below, specifically including:
步骤301,在VDC的管理界面上配置Openstack虚拟平台和VMware虚拟平台,在管理界面上创建KVM虚拟机,得到第一流表;Step 301, configure the Openstack virtual platform and the VMware virtual platform on the management interface of the VDC, create a KVM virtual machine on the management interface, and obtain the first flow table;
具体的,DVS将虚拟机报文通过Packet-in Message发送至SDN控制器进行虚拟机MAC学习,学习完成后由SDN控制器向KVM虚拟机所在的DVS下发包含VNET+SRC MAC的表项,即第一流表,即控制器将虚拟机vid(virtual networkid虚拟网络标识)关联到VLAN子接口,后续虚拟机发送的流量就可以正常按照此第一流表进行转发;Specifically, the DVS sends the virtual machine message to the SDN controller through the Packet-in Message to learn the virtual machine MAC. After the learning is completed, the SDN controller sends the entry containing VNET+SRC MAC to the DVS where the KVM virtual machine is located. That is, the first flow table, that is, the controller associates the virtual machine vid (virtual networkid virtual network identifier) with the VLAN sub-interface, and the traffic sent by the subsequent virtual machine can be normally forwarded according to the first flow table;
步骤302,VDC的管理界面通过OpenStack调用SDN控制器的北向接口,创建VMware虚拟机;Step 302, the management interface of the VDC invokes the northbound interface of the SDN controller through OpenStack to create a VMware virtual machine;
具体的,传递{“port_uuid(端口标识)”,“virtualnetwork_id(虚拟网络标识)”,“name(名字)”,“ip_address(地址)”,“mac(物理地址)”,“security_groups(安全组)”}等信息给SDN控制器,SDN控制器将虚拟机的这些信息保存到本地数据库;Specifically, pass {"port_uuid (port identification)", "virtualnetwork_id (virtual network identification)", "name (name)", "ip_address (address)", "mac (physical address)", "security_groups (security group) "} and other information to the SDN controller, and the SDN controller saves the information of the virtual machine to the local database;
步骤303,位于ESXI中已有的agent虚拟机发送VDP关联消息,包含{port_uuid,vid};Step 303, the existing agent virtual machine in ESXI sends a VDP association message, including {port_uuid, vid};
步骤304,创建VMware虚拟机和port_uuid完成后,由agent通过VDP消息向TOR和SDN控制器进行注册;Step 304, after the VMware virtual machine and port_uuid are created, the agent registers with the TOR and the SDN controller through the VDP message;
具体的,注册信息包括port_uuid、vlan,进行VM和vlan、port_uuid的映射;在删除虚拟机时,由agent向TOR和SDN控制器进行关联消除,通知控制器虚拟机已经被删除;Specifically, the registration information includes port_uuid and vlan, and the mapping between VM and vlan and port_uuid is performed; when the virtual machine is deleted, the agent removes the association between TOR and the SDN controller, and notifies the controller that the virtual machine has been deleted;
步骤305,设置port-vnet映射,得到第二流表;Step 305, setting port-vnet mapping to obtain the second flow table;
具体的,ToR交换机根据SDN控制器预先下发的VDP流表(Ethertype:0x8940),将VDP消息上送到SDN控制器,控制器根据上送packet-in的端口和dpid,确定接入位置;根据port_uuid,确认VDP消息关联的虚拟机信息;根据vlan和OpenFlow的in_port,向端口配置vlan子接口,并将vlan子接口加入虚拟网络,即设置port-vnet映射,处理结束后,向ToR交换机发送第二流表,该第二流表可以是VDP协议流表;Specifically, the ToR switch sends the VDP message to the SDN controller according to the VDP flow table (Ethertype: 0x8940) issued in advance by the SDN controller, and the controller determines the access location according to the port and dpid of the packet-in sent; According to the port_uuid, confirm the virtual machine information associated with the VDP message; configure the vlan sub-interface to the port according to the in_port of vlan and OpenFlow, and add the vlan sub-interface to the virtual network, that is, set the port-vnet mapping, and send it to the ToR switch after processing A second flow table, the second flow table may be a VDP protocol flow table;
步骤306,通过第一流表进行KVM虚拟机与DVS间的转发处理,通过第二流表进行VMware虚拟机与ToR间的转发处理;Step 306, carry out forwarding processing between the KVM virtual machine and the DVS through the first flow table, and carry out forwarding processing between the VMware virtual machine and the ToR through the second flow table;
具体的,如果VMware虚拟机和KVM虚拟机是相同网段,Hypervisor将VMware虚拟机的IP包增加vlan,转发给ToR交换机,ToR按照SDN控制器发送的流表,进行转发处理,根据vlan,inport,将报文vlan pop,并转换为metadata(VNET);根据metadata(VNET)和src MAC,确定是否需要进行主机学习;根据metadata(VNET)和dst MAC确定进行二层转发,目的端DVS收到请求报文后转发给KVM虚拟机,KVM虚拟机的响应报文也按照DVS上的流表发送到ToR交换机,ToR交换机再转发给VMware虚拟机,从而实现VMware虚拟机机和KVM虚拟机之间的二层互通;Specifically, if the VMware virtual machine and the KVM virtual machine are on the same network segment, the Hypervisor adds a vlan to the IP packet of the VMware virtual machine and forwards it to the ToR switch. ToR performs forwarding processing according to the flow table sent by the SDN controller. According to vlan, inport , pop the message vlan and convert it to metadata (VNET); determine whether host learning is required according to metadata (VNET) and src MAC; determine whether to perform Layer 2 forwarding according to metadata (VNET) and dst MAC, and the destination DVS receives After the request message is forwarded to the KVM virtual machine, the response message of the KVM virtual machine is also sent to the ToR switch according to the flow table on the DVS, and the ToR switch forwards it to the VMware virtual machine, thereby realizing the communication between the VMware virtual machine and the KVM virtual machine. Layer 2 interworking;
如果VMware虚拟机和KVM虚拟机在不同网段,Hypervisor将VMware虚拟机的IP包增加vlan1,转发给ToR交换机,ToR按照SDN控制器发送的流表进行转发处理,根据vlan,inport,将报文vlan pop,并转换为metadata(VNET);根据metadata(VNET)和src MAC,确定是否需要进行主机学习;根据metadata(VNET)和dst MAC,确定进行二层转发;根据metadata(VRF)和dst IP,进行二层转发;目的端DVS收到请求报文后转发给KVM虚拟机,KVM虚拟机的响应报文也按照DVS上的流表发送到TOR交换机,ToR交换机再转发给VMware虚拟机,从而实现VMware虚拟机机和KVM虚拟机之间的三层互通。If the VMware virtual machine and the KVM virtual machine are on different network segments, the Hypervisor adds vlan1 to the IP packet of the VMware virtual machine and forwards it to the ToR switch. The ToR forwards the packet according to the flow table sent by the SDN controller. Vlan pop and convert to metadata (VNET); determine whether host learning is required according to metadata (VNET) and src MAC; determine layer 2 forwarding according to metadata (VNET) and dst MAC; according to metadata (VRF) and dst IP , carry out two-layer forwarding; the destination DVS forwards the request message to the KVM virtual machine after receiving the request message, and the response message of the KVM virtual machine is also sent to the TOR switch according to the flow table on the DVS, and the ToR switch forwards it to the VMware virtual machine, thereby Realize the three-layer communication between the VMware virtual machine and the KVM virtual machine.
本实施例提供的实现VMware和KVM虚拟机统一管理及互通的系统,基于“不要求VMware开放特殊接口,不需要同VMware进行深度捆绑和认证”这个原则,将VTEP点上移到ToR交换机,通过上述系统,实现了VMware虚拟机和KVM虚拟机的统一管理及互通,增强了系统的服务能力,降低了运营成本,扩展了基于SDN下虚拟数据中心中的网络规模,使虚拟数据中心系统可以管理的网络规模和范围更大。The system provided in this embodiment to realize the unified management and intercommunication of VMware and KVM virtual machines is based on the principle of "do not require VMware to open a special interface, and does not need to be deeply bound and authenticated with VMware", and the VTEP point is moved up to the ToR switch. The above system realizes the unified management and intercommunication of VMware virtual machine and KVM virtual machine, enhances the service capability of the system, reduces operating costs, expands the network scale of the virtual data center based on SDN, and enables the virtual data center system to manage The size and scope of the network is larger.
需要注意的是,VTEP由vSwitch上移到ToR交换机,ToR交换机同一个端口下,每个VM一个VLAN,VLAN不区分网络,只区分主机(同一个网络的两个主机,VLAN也不相同),ToR不同的端口下,VLAN可以重复使用,既可以简化VMware虚拟机和KVM虚拟机之间的二层、三层互通流程,又可以对VMware虚拟机进行管理和对其设置高级功能,如:安全组、Meter、流镜像,重定向策略等,同时又可以扩展基于SDN下虚拟数据中心中的网络规模,使虚拟数据中心系统可以管理的网络规模和范围更大,既可以对接openstack虚拟平台又可以对接VMware虚拟平台,还能同时管理两者并且融合互通。It should be noted that the VTEP is moved up from the vSwitch to the ToR switch. Under the same port of the ToR switch, each VM has a VLAN. VLAN does not distinguish between networks, but only distinguishes hosts (two hosts on the same network have different VLANs). Under different ToR ports, VLANs can be reused, which can not only simplify the Layer 2 and Layer 3 intercommunication processes between VMware virtual machines and KVM virtual machines, but also manage VMware virtual machines and set advanced functions for them, such as: security Group, Meter, flow mirroring, redirection strategy, etc., and at the same time, it can expand the network scale in the virtual data center based on SDN, so that the network scale and scope that the virtual data center system can manage is larger, and it can be connected to the openstack virtual platform and Docking with the VMware virtual platform, it can also manage the two at the same time and integrate and communicate with each other.
显然,本领域的技术人员应该明白,上述本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储介质(ROM/RAM、磁碟、光盘)中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。所以,本发明不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that each module or each step of the present invention can be realized by a general-purpose computing device, and they can be concentrated on a single computing device, or distributed on a network formed by multiple computing devices , alternatively, they can be implemented with program codes executable by a computing device, thus, they can be stored in a storage medium (ROM/RAM, magnetic disk, optical disk) to be executed by a computing device, and in some cases , the steps shown or described may be performed in a different order than here, or they may be fabricated into individual integrated circuit modules, or multiple modules or steps among them may be fabricated into a single integrated circuit module for implementation. Therefore, the present invention is not limited to any specific combination of hardware and software.
以上内容是结合具体的实施方式对本发明所作的进一步详细说明,不能认定本发明的具体实施只局限于这些说明。对于本发明所属技术领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本发明的保护范围。The above content is a further detailed description of the present invention in conjunction with specific embodiments, and it cannot be assumed that the specific implementation of the present invention is limited to these descriptions. For those of ordinary skill in the technical field of the present invention, without departing from the concept of the present invention, some simple deduction or replacement can be made, which should be regarded as belonging to the protection scope of the present invention.
Claims (11)
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610217435.0A CN107276783B (en) | 2016-04-08 | 2016-04-08 | Method, device and system for realizing unified management and intercommunication of virtual machines |
| PCT/CN2017/078834 WO2017173952A1 (en) | 2016-04-08 | 2017-03-30 | Method, device, and system for centralizing management of virtual machines and implementing communications between virtual machines |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610217435.0A CN107276783B (en) | 2016-04-08 | 2016-04-08 | Method, device and system for realizing unified management and intercommunication of virtual machines |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107276783A true CN107276783A (en) | 2017-10-20 |
| CN107276783B CN107276783B (en) | 2022-05-20 |
Family
ID=60000829
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610217435.0A Expired - Fee Related CN107276783B (en) | 2016-04-08 | 2016-04-08 | Method, device and system for realizing unified management and intercommunication of virtual machines |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN107276783B (en) |
| WO (1) | WO2017173952A1 (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108173767A (en) * | 2017-12-25 | 2018-06-15 | 杭州迪普科技股份有限公司 | A kind of message forwarding method and device based on VLAN-IF interface duplexes |
| CN108924028A (en) * | 2018-06-28 | 2018-11-30 | 新华三技术有限公司 | The switching method and device of a kind of unknown unicast message between tunnel |
| CN110300060A (en) * | 2018-03-23 | 2019-10-01 | 北京京东尚科信息技术有限公司 | Communication means and device for software defined network |
| WO2021139269A1 (en) * | 2020-08-06 | 2021-07-15 | 平安科技(深圳)有限公司 | Distributed routing method and apparatus based on open vswitch kernel state flow tables in overlay network |
| CN113572634A (en) * | 2021-06-22 | 2021-10-29 | 济南浪潮数据技术有限公司 | Method and system for realizing two-layer intercommunication between in-cloud network and out-cloud network |
| CN113904986A (en) * | 2021-09-29 | 2022-01-07 | 烽火通信科技股份有限公司 | Two-layer intercommunication method and equipment for vxlan virtual network and vlan network |
| CN114338606A (en) * | 2020-09-25 | 2022-04-12 | 华为云计算技术有限公司 | Network configuration method of public cloud and related equipment |
| CN114978781A (en) * | 2022-08-02 | 2022-08-30 | 中国电子科技集团公司第三十研究所 | Tor network-oriented mixed anonymous link communication method and system |
| CN115987842A (en) * | 2022-12-15 | 2023-04-18 | 浪潮思科网络科技有限公司 | Fault positioning method, device, equipment and medium based on firewall side-hanging mode |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113285892B (en) * | 2020-02-20 | 2024-12-24 | 华为云计算技术有限公司 | Message processing system, method, machine-readable storage medium, and program product |
| CN112105056B (en) * | 2020-08-03 | 2022-12-20 | 国家计算机网络与信息安全管理中心 | Code stream transmission method and device based on 5GSA network |
| CN112187517B (en) * | 2020-09-07 | 2022-06-07 | 烽火通信科技股份有限公司 | Configuration method, platform and controller for SDN virtual routing of data center |
| CN113965470B (en) * | 2021-09-30 | 2023-08-25 | 中国人民解放军空军工程大学 | An experimental simulation system for aviation information network |
| CN114124813B (en) * | 2021-11-23 | 2023-08-25 | 浪潮云信息技术股份公司 | Method for realizing l3-agent based on flow table in openstack |
| CN114301656B (en) * | 2021-12-23 | 2023-10-27 | 北京赛宁网安科技有限公司 | Virtual-real combination system and method for network attack and defense platform |
| CN114697246A (en) * | 2022-02-23 | 2022-07-01 | 浙江众合科技股份有限公司 | Virtual machine test environment construction method |
| CN115150224B (en) * | 2022-06-29 | 2024-10-29 | 济南浪潮数据技术有限公司 | Method, device, equipment and storage medium for two-layer communication of inter-cluster network |
| CN116346536A (en) * | 2023-04-13 | 2023-06-27 | 安超云软件有限公司 | Method, device, equipment and medium for virtual machine to access cloud platform management network |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104040950A (en) * | 2012-11-12 | 2014-09-10 | 华为技术有限公司 | Method and device for performing network configuration on virtual machine |
| CN104115453A (en) * | 2013-12-31 | 2014-10-22 | 华为技术有限公司 | A method and device for realizing virtual machine communication |
| CN104243265A (en) * | 2014-09-05 | 2014-12-24 | 华为技术有限公司 | Gateway control method, device and system based on virtual machine migration |
| CN104468462A (en) * | 2013-09-12 | 2015-03-25 | 杭州华三通信技术有限公司 | Method and apparatus for forwarding message of distributed virtual switch system |
| WO2015043464A1 (en) * | 2013-09-25 | 2015-04-02 | Hangzhou H3C Technologies Co., Ltd. | Packet forwarding |
| CN104601432A (en) * | 2014-12-31 | 2015-05-06 | 杭州华三通信技术有限公司 | Method and device for transmitting message |
| CN104767676A (en) * | 2014-01-03 | 2015-07-08 | 华为技术有限公司 | Data packet forwarding method and system in SDN network |
| CN104869058A (en) * | 2015-06-04 | 2015-08-26 | 北京京东尚科信息技术有限公司 | Method and device for transmitting data message |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104253770B (en) * | 2013-06-27 | 2017-07-14 | 新华三技术有限公司 | Realize the method and apparatus of the distributed virtual switch system |
| US9253026B2 (en) * | 2013-12-18 | 2016-02-02 | International Business Machines Corporation | Software-defined networking disaster recovery |
-
2016
- 2016-04-08 CN CN201610217435.0A patent/CN107276783B/en not_active Expired - Fee Related
-
2017
- 2017-03-30 WO PCT/CN2017/078834 patent/WO2017173952A1/en not_active Ceased
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104040950A (en) * | 2012-11-12 | 2014-09-10 | 华为技术有限公司 | Method and device for performing network configuration on virtual machine |
| CN104468462A (en) * | 2013-09-12 | 2015-03-25 | 杭州华三通信技术有限公司 | Method and apparatus for forwarding message of distributed virtual switch system |
| WO2015043464A1 (en) * | 2013-09-25 | 2015-04-02 | Hangzhou H3C Technologies Co., Ltd. | Packet forwarding |
| CN104115453A (en) * | 2013-12-31 | 2014-10-22 | 华为技术有限公司 | A method and device for realizing virtual machine communication |
| CN104767676A (en) * | 2014-01-03 | 2015-07-08 | 华为技术有限公司 | Data packet forwarding method and system in SDN network |
| CN104243265A (en) * | 2014-09-05 | 2014-12-24 | 华为技术有限公司 | Gateway control method, device and system based on virtual machine migration |
| CN104601432A (en) * | 2014-12-31 | 2015-05-06 | 杭州华三通信技术有限公司 | Method and device for transmitting message |
| CN104869058A (en) * | 2015-06-04 | 2015-08-26 | 北京京东尚科信息技术有限公司 | Method and device for transmitting data message |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108173767B (en) * | 2017-12-25 | 2021-02-26 | 杭州迪普科技股份有限公司 | Message forwarding method and device based on VLAN-IF interface multiplexing |
| CN108173767A (en) * | 2017-12-25 | 2018-06-15 | 杭州迪普科技股份有限公司 | A kind of message forwarding method and device based on VLAN-IF interface duplexes |
| CN110300060A (en) * | 2018-03-23 | 2019-10-01 | 北京京东尚科信息技术有限公司 | Communication means and device for software defined network |
| CN108924028A (en) * | 2018-06-28 | 2018-11-30 | 新华三技术有限公司 | The switching method and device of a kind of unknown unicast message between tunnel |
| CN108924028B (en) * | 2018-06-28 | 2020-11-10 | 新华三技术有限公司 | Method and device for switching unknown unicast message between tunnels |
| WO2021139269A1 (en) * | 2020-08-06 | 2021-07-15 | 平安科技(深圳)有限公司 | Distributed routing method and apparatus based on open vswitch kernel state flow tables in overlay network |
| CN114338606A (en) * | 2020-09-25 | 2022-04-12 | 华为云计算技术有限公司 | Network configuration method of public cloud and related equipment |
| CN114338606B (en) * | 2020-09-25 | 2023-07-18 | 华为云计算技术有限公司 | A public cloud network configuration method and related equipment |
| CN113572634A (en) * | 2021-06-22 | 2021-10-29 | 济南浪潮数据技术有限公司 | Method and system for realizing two-layer intercommunication between in-cloud network and out-cloud network |
| CN113572634B (en) * | 2021-06-22 | 2023-04-07 | 济南浪潮数据技术有限公司 | Method and system for realizing two-layer intercommunication between in-cloud network and out-cloud network |
| CN113904986A (en) * | 2021-09-29 | 2022-01-07 | 烽火通信科技股份有限公司 | Two-layer intercommunication method and equipment for vxlan virtual network and vlan network |
| CN114978781A (en) * | 2022-08-02 | 2022-08-30 | 中国电子科技集团公司第三十研究所 | Tor network-oriented mixed anonymous link communication method and system |
| CN114978781B (en) * | 2022-08-02 | 2022-11-11 | 中国电子科技集团公司第三十研究所 | A Tor network-oriented hybrid anonymous link communication method and system |
| CN115987842A (en) * | 2022-12-15 | 2023-04-18 | 浪潮思科网络科技有限公司 | Fault positioning method, device, equipment and medium based on firewall side-hanging mode |
| CN115987842B (en) * | 2022-12-15 | 2024-03-26 | 浪潮思科网络科技有限公司 | Fault positioning method, device, equipment and medium based on firewall bypass mode |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017173952A1 (en) | 2017-10-12 |
| CN107276783B (en) | 2022-05-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107276783B (en) | Method, device and system for realizing unified management and intercommunication of virtual machines | |
| CN109660443B (en) | SDN-based physical device and virtual network communication method and system | |
| US8837476B2 (en) | Overlay network capable of supporting storage area network (SAN) traffic | |
| Bakshi | Considerations for software defined networking (SDN): Approaches and use cases | |
| US9178828B2 (en) | Architecture for agentless service insertion | |
| CN104717137B (en) | Manage the method and system of the data flow in overlay network | |
| CN104685500B (en) | The method and system of application security strategy in overlay network | |
| CN105284080B (en) | The virtual network management method and data center systems of data center | |
| US9350558B2 (en) | Systems and methods for providing multicast routing in an overlay network | |
| CN103546451B (en) | System and method for managing the flow in overlay network | |
| US8964600B2 (en) | Methods of forming virtual network overlays | |
| US9294349B2 (en) | Host traffic driven network orchestration within data center fabric | |
| WO2013170652A1 (en) | Overlay tunnel information exchange protocol | |
| CN105681191A (en) | SDN (Software Defined Network) platform based on router virtualization and implementation method | |
| CN102255903A (en) | Safety isolation method for virtual network and physical network of cloud computing | |
| US9590855B2 (en) | Configuration of transparent interconnection of lots of links (TRILL) protocol enabled device ports in edge virtual bridging (EVB) networks | |
| CN108337192B (en) | Method and device for message communication in cloud data center | |
| US9225631B2 (en) | Implementation of protocol in virtual link aggregate group | |
| CN107566237A (en) | A kind of data message processing method and device | |
| US9503278B2 (en) | Reflective relay processing on logical ports for channelized links in edge virtual bridging systems | |
| WO2023287596A1 (en) | Service chaining in fabric networks | |
| Jeuk et al. | Tenant-id: Tagging tenant assets in cloud environments | |
| CN116346536A (en) | Method, device, equipment and medium for virtual machine to access cloud platform management network | |
| US10601649B1 (en) | Stack switching detection and provisioning | |
| Kumar et al. | An Efficient Approach to Set Up High Performance Network Center in Academia |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20220520 |