[go: up one dir, main page]

WO2015043168A1 - Procédé, appareil et système de mise en œuvre de communication d'un réseau virtuel - Google Patents

Procédé, appareil et système de mise en œuvre de communication d'un réseau virtuel Download PDF

Info

Publication number
WO2015043168A1
WO2015043168A1 PCT/CN2014/075789 CN2014075789W WO2015043168A1 WO 2015043168 A1 WO2015043168 A1 WO 2015043168A1 CN 2014075789 W CN2014075789 W CN 2014075789W WO 2015043168 A1 WO2015043168 A1 WO 2015043168A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual
virtual network
vff
identifier
vnf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2014/075789
Other languages
English (en)
Chinese (zh)
Inventor
黄勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2015043168A1 publication Critical patent/WO2015043168A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40169Flexible bus arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Definitions

  • Embodiments of the present invention relate to the field of computer communications, and in particular, to a method, apparatus, and system for implementing virtual network communication. Background technique
  • NFV network function virtualization
  • VM virtual machine
  • vNF virtual network function
  • Network virtualization over layer 3 is a virtual network isolation technology that can build virtual network domains. Any two hosts/VMs in a virtual network domain can be directly reached, and hosts/VMs belonging to different virtual network domains cannot communicate.
  • VNID virtual network identifier
  • the NV03 technology can implement a data center (DC) environment of a detached multi-tenant (English: tenant).
  • the embodiment of the invention provides a method, a device and a system for implementing virtual network communication, which are used to solve the function virtualization of a network device, construct a virtual network topology between the vNFs of the network device, and implement a communication architecture to implement vNF in the virtual network. Physical network topology decoupling.
  • the present invention provides a method for implementing virtual network communication, including: a first virtual forwarding function VFF receives a first virtual network packet from a first virtual machine VM, where the first virtual network packet includes a virtual source information, where the first virtual source information includes an identifier of the first virtual network function vNF or an identifier of the virtual port of the first vNF, where the first vNF is located In the first VM, the first VM is attached to the first VFF; the first VFF is used to construct a virtual network topology and implement forwarding of a virtual network packet;
  • the second virtual network packet includes the first virtual source information and first virtual topology information; and the second virtual network packet Sending to the second VFF;
  • the first virtual topology information includes any one of the following: a virtual link identifier; a virtual shared bus identifier; a service path identifier; an interface identifier; a virtual link identifier and a service path identifier; and a virtual shared bus identifier And the business path identifier.
  • the obtaining, by the first virtual network packet, a second virtual network packet, and sending the second virtual network packet to a second VFF includes:
  • the address of the first virtual next hop includes the media access control MAC address of the second VFF;
  • the first virtual topology information includes a virtual link identifier or a virtual Shared bus ID.
  • the first virtual network packet further includes first virtual destination information, where the first virtual destination information includes An identifier of the second vNF, the second vNF is located in the second VM, and the second VM is attached to the second VFF;
  • the obtaining the first virtual topology information, the address of the first virtual next hop, and the first outgoing port specifically include:
  • the business path identifier is included.
  • the first virtual network packet further includes the first virtual topology information; Including the service path identifier or the interface identifier;
  • the obtaining the first virtual topology information, the address of the first virtual next hop, and the first egress port include:
  • the address of the first virtual next hop further includes the second VFF Internet Protocol IP address
  • the second virtual network packet further includes an IP address of the network virtualization overlay NV03 header and the second VFF, where the virtual network identifier VNID in the NV03 header is the first VFF receiving the first The VNID corresponding to the ingress port of a virtual network packet.
  • the method further includes: receiving the first according to the first VFF The inbound port of the virtual network packet obtains the virtual network identifier VNID.
  • the acquiring the first virtual topology information, the address of the first virtual next hop, and the first egress port includes: acquiring, according to the VNID, the first virtual topology information, the first virtual next The address of the hop and the first outgoing port.
  • the method further includes: the first VFF receiving a a third virtual network packet, where the third virtual network packet includes the second virtual source information, where the second virtual source information includes an identifier of the port of the network device, where the network device is attached to the On a VFF;
  • the fourth virtual network packet includes the second virtual source information and second virtual topology information; and the fourth virtual network packet is used Sending to the third VFF;
  • the second virtual topology information includes any one of the following: a virtual shared bus identifier; a virtual link identifier; a service path identifier; a virtual link identifier and a service path identifier; a virtual shared bus identifier And the business path identifier.
  • the fourth virtual network packet is obtained according to the third virtual network packet, and the fourth virtual The sending of the network message to the third VFF includes:
  • the address of the second virtual next hop includes the MAC address of the third VFF Encapsulating the third virtual network packet according to the second virtual source information, the second virtual topology information, and the address of the second virtual next hop, to obtain the fourth virtual network packet, where
  • the fourth virtual network packet further includes an address of the second virtual next hop;
  • the present invention provides a method for implementing virtual network communication, including: a first virtual forwarding function VFF receives a first virtual network packet from a second VFF, where the first virtual network packet includes a first virtual Source information and first virtual topology information, where the first virtual source information includes an identifier of the second virtual network function vNF or an identifier of the virtual port of the second vNF; wherein the second vNF is located in the second virtual machine VM
  • the second VM is attached to the second VFF, and the first virtual network packet is processed according to the first virtual source information and the first virtual topology information to obtain a second virtual network packet.
  • the first virtual network information includes the first virtual source information and the first virtual destination information, where the first virtual destination information includes an identifier of the first vNF or an identifier of the virtual port of the first vNF;
  • the second virtual network packet is sent to the first virtual machine VM; wherein the first vNF is located in the first VM, and the first VM is attached to the first VFF; the first VFF
  • the virtual network topology is configured to implement forwarding of the virtual network packet.
  • the first virtual topology information includes any one of the following: a virtual link identifier, a virtual shared bus identifier, a service path identifier, an interface identifier, a virtual link identifier, and Service path identifier; virtual shared bus identifier and service path identifier.
  • the processing by using the first virtual source information and the first virtual topology information, the first virtual network packet to obtain a second virtual And sending the second virtual network packet to the first VM, including:
  • the address of the first virtual next hop includes Place a media access control MAC address of the virtual network card vINC of the first VM;
  • the method further includes: obtaining a virtual network identifier VNID from the first virtual network packet;
  • the acquiring the first virtual destination information, the address of the first virtual next hop, and the first egress port according to the first virtual source information and the first virtual topology information including: according to the VNID
  • the first virtual source information and the first virtual topology information acquire the first virtual destination information, an address of the first virtual next hop, and the first egress port.
  • the first virtual topology information includes a service path identifier or an interface Identification
  • the second virtual network packet further includes the service path identifier or the interface identifier.
  • the method further includes:
  • the first VFF receives a third virtual network packet from the third VFF, where the third virtual network packet includes second virtual source information and second virtual topology information; and the second virtual source information includes the first An identifier of the virtual port of the third vNF; wherein the third vNF is located in the third virtual machine VM, and the third VM is attached to the third VFF;
  • the fourth virtual network packet includes the second virtual source information and the second virtual destination information, where the second virtual destination information includes an identifier of a port of the first network device, where the first The network device is attached to the first VFF; the second virtual topology information includes any one of the following: a virtual link identifier, a virtual shared bus identifier, a service path identifier, a virtual link identifier, and a service path identifier; Bus identification and service path identification.
  • the method further includes: The first VFF receives the fifth virtual network packet from the fourth VFF, where the fifth virtual network packet includes the third virtual source information and the third virtual topology information, where the third virtual source information includes the second network device. An identifier of the port; wherein the second network device is attached to the fourth VFF;
  • the sixth virtual network packet includes the third virtual source
  • the third virtual destination information includes an identifier of the virtual port of the first vNF
  • the sixth virtual network packet is sent to the first VM; the third virtual topology
  • the information includes any one of the following: virtual link identifier; virtual shared bus identifier; service path identifier; virtual link identifier and service path identifier; virtual shared bus identifier and service path identifier.
  • the method further includes:
  • the first VFF maintains virtual network topology information, where the virtual network topology information includes virtual source information, virtual destination information, virtual topology information, an address of an virtual next hop, and an egress port.
  • the virtual network topology information further includes an ingress port and a virtual network identifier.
  • the present invention provides a method for implementing virtual network communication, including: receiving, by a virtual container, a first service packet sent by a first virtual network function vNF;
  • the first virtual network packet includes the first virtual source information and the first service packet;
  • the first virtual source information includes the first An identifier of a vNF or an identifier of a virtual port of the first vNF;
  • the first vNF is located in the first virtual machine VM, and the first VM is attached to the first VFF.
  • the method includes: receiving an identifier of a third vNF that is sent by the first vNF;
  • the first virtual network message further includes first virtual destination information, and the first virtual mesh information includes an identifier of the third vNF.
  • the method further includes: receiving, by the first vNF, the first service path identifier or the first interface identifier;
  • the first virtual network packet further includes first virtual topology information, where the first virtual topology information includes the first service path identifier or the first interface identifier.
  • the method further includes:
  • the virtual container receives a second virtual network packet from the first VFF, where the second virtual network packet includes second virtual destination information;
  • the method further includes:
  • the second virtual network packet further includes second virtual topology information, where the second virtual topology information includes a second service path identifier or a second interface identifier.
  • the method further includes: sending the second service path identifier or the second interface identifier according to the second virtual destination information.
  • the virtual container is located in the first VM; or The virtual container is located in a hypervisor hypervisor of the device where the first VM is located; or the virtual container is located in the same device as the first VFF.
  • the second virtual destination information includes the identifier or the location of the first vNF The identifier of the virtual port of the first vNF.
  • the second virtual destination information includes an identifier of the second vNF or a virtual of the second vNF An identifier of the port; the second vNF is located in the first VM, and the virtual container is located in the first VM.
  • the method further includes:
  • the third virtual network packet includes a third virtual source information and the third service packet;
  • the third virtual source information includes an identifier of a port of the network device;
  • the network device is attached to the first VFF.
  • the virtual container is located in the network device.
  • the present invention provides a device for implementing a first virtual forwarding function VFF, which is used to construct a virtual network topology and implement forwarding of virtual network packets, including:
  • a receiving unit configured to receive a first virtual network packet from the first virtual machine VM, where the first virtual network packet includes first virtual source information, where the first virtual source information includes a first virtual network function vNF Identifying an identifier of the virtual port of the first vNF, where the first vNF is located in the first VM; the first VM is attached to a device that implements the first VFF;
  • a processing unit configured to obtain a second virtual network packet according to the first virtual network packet; the second virtual network packet includes the first virtual source information and first virtual topology information;
  • the virtual topology information includes any one of the following: a virtual link identifier; a virtual shared bus identifier; a service path identifier; an interface identifier; a virtual link identifier and a service path identifier; a virtual shared bus identifier and a service path identifier; Sending the second virtual network message to the second VFF.
  • the processing unit is configured to acquire the first virtual topology information, an address of the first virtual next hop, and a first egress port, where the first virtual port is The address of the first hop includes the media access control MAC address of the second VFF; and the first virtual source is encapsulated according to the first virtual source information, the first virtual topology information, and the address of the first virtual next hop Receiving, by the network packet, the second virtual network packet, where the second virtual network packet further includes an address of the first virtual next hop;
  • the sending unit is specifically configured to send the second virtual network packet from the first egress port to the second VFF.
  • the processing unit is configured to acquire the first virtual topology information according to the first virtual source information.
  • the first virtual network packet further includes first virtual destination information, where the first virtual destination information includes An identifier of the second vNF, the second vNF is located in the second VM, and the second VM is attached to the second VFF;
  • the processing unit is configured to acquire, according to the first virtual source information and the first virtual destination information, the first virtual topology information, an address of the first virtual next hop, and the a first outgoing port; the first virtual topology information includes a service path identifier.
  • the first virtual network packet further includes the first virtual topology information, and the first virtual topology information. Including the service path identifier or the interface identifier;
  • the processing unit is configured to obtain the first virtual topology information from the first virtual network packet, and obtain the foregoing according to the first virtual source information and the first virtual topology information.
  • the address of the first virtual next hop further includes the second VFF Internet Protocol IP address
  • the processing unit is further configured to encapsulate the first virtual virtual network identifier VNID corresponding to the ingress port of the first virtual network packet according to the IP address of the second VFF and the VFF.
  • the network packet receives the second virtual network packet, and the second virtual network packet further includes an IP address of the network virtualization overlay NV03 header and the second VFF, where the VNID in the NV03 header is The VFF receives the VNID corresponding to the ingress port of the first virtual network packet.
  • the VFF further includes: an acquiring unit, The VFF receives the ingress port of the first virtual network packet, and obtains a VNID;
  • the processing unit is further configured to acquire, according to the VNID acquired by the acquiring unit, the first virtual topology information, the address of the first virtual next hop, and the first egress port.
  • the receiver is further configured to receive a network device a third virtual network packet, where the third virtual network packet includes the second virtual source information, where the second virtual source information includes an identifier of the port of the network device, where the network device is attached to the implementation site.
  • the processing unit is further configured to obtain, according to the third virtual network packet, a fourth virtual network packet, where the fourth virtual network packet includes the second virtual source information and the second virtual topology information,
  • the second virtual topology information includes any one of the following: a virtual shared bus identifier; a virtual link identifier; a service path identifier; a virtual link identifier and a service path identifier; a virtual shared bus identifier and a service path identifier; And sending the fourth virtual network message to the third VFF.
  • the processing unit is configured to acquire the second virtual topology information according to the second virtual source information, An address of the second virtual next hop and a second egress port, where the address of the second virtual next hop includes a MAC address of the third VFF; according to the second virtual source information, the second virtual topology information, and The address of the second virtual next hop encapsulates the third virtual network packet, and the fourth virtual network packet is obtained, where the fourth virtual network packet further includes the second virtual next hop Address
  • the sending unit is specifically configured to send the fourth virtual network packet from the second egress port to the third VFF.
  • the present invention provides a device for implementing a first virtual forwarding function VFF, which is used to construct a virtual network topology and implement forwarding of virtual network packets, including:
  • a receiving unit configured to receive a first virtual network packet from the second VFF, where the first virtual network packet includes first virtual source information and first virtual topology information; and the first virtual source information includes a second virtual The identifier of the network function vNF or the identifier of the virtual port of the second vNF; wherein the second vNF is located in the second virtual machine VM; the second VM is attached to the second VFF;
  • a processing unit configured to process the first virtual network packet according to the first virtual source information and the first virtual topology information to obtain a second virtual network packet, where the second virtual network packet includes The first virtual source information and the first virtual destination information, where the first virtual destination information includes an identifier of the first vNF or an identifier of the virtual port of the first vNF;
  • the sending unit is configured to send the second virtual network packet to the first virtual machine VM, where the first vNF is located in the first VM, and the first VM is attached to implement the first
  • the first virtual topology information includes any one of the following: a virtual link identifier; a virtual shared bus identifier; a service path identifier; an interface identifier; a virtual link identifier and a service path identifier; and a virtual shared bus identifier And the business path identifier.
  • the processing unit is configured to acquire the first virtual destination information, the first virtual lower information, according to the first virtual source information and the first virtual topology information.
  • the address of the first virtual next hop includes a media access control MAC address of the virtual network card vINC of the first VM; according to the first virtual source information, the first The virtual destination information and the address of the first virtual next hop encapsulate the first virtual network packet to obtain the second virtual network packet, where the second virtual network packet further includes the first virtual network packet The address of the next hop;
  • the transmitter is specifically configured to send the second virtual network message from the first egress port to the first VM.
  • the VFF further includes: an acquiring unit, configured to obtain a virtual network identifier from the first virtual network packet VNID;
  • the processing unit is configured to acquire, according to the VNID acquired by the acquiring unit, the first virtual source information and the first virtual topology information, the first virtual destination information, The address of the first virtual next hop and the first outgoing port.
  • the first virtual topology information includes a service path identifier or an interface Identification
  • the second virtual network packet further includes the service path identifier or the interface identifier.
  • the receiver is further configured to receive the third VFF a third virtual network packet, where the third virtual network packet includes the second virtual source information and the second virtual topology information; the second virtual source information includes an identifier of the virtual port of the third vNF; The third vNF is located in the third virtual machine VM; the third VM is attached to the third VFF; the processing unit is further configured to use the second virtual source information and the second virtual topology Information processing the third virtual network packet to obtain a fourth virtual network packet; the fourth virtual network packet includes the second virtual source information and the second virtual destination information, and the second virtual destination information The identifier of the port of the first network device is included; wherein the first network device is attached to the third VFF; the second virtual topology information includes any one of the following: a virtual link identifier;
  • the transmitter is further configured to send the fourth virtual network packet to the first network device.
  • the receiver is further configured to receive the fourth VFF a fifth virtual network packet, where the fifth virtual network packet includes the third virtual source information and the third virtual topology information; the third virtual source information includes an identifier of a port of the second network device, where a second network device attached to the fourth VFF;
  • the processing unit is further configured to process the fifth virtual network packet according to the third virtual source information and the third virtual topology information to obtain a sixth virtual network packet; the sixth virtual network packet
  • the third virtual source information includes the identifier of the virtual port of the first vNF
  • the third virtual topology information includes any one of the following: Link identifier; virtual shared bus identifier; service path identifier; virtual link identifier and service path identifier; virtual shared bus identifier and service path identifier;
  • the transmitter is further configured to send the sixth virtual network packet to the first VM.
  • the VFF further includes: a topology maintenance unit, configured to maintain The virtual network topology information includes virtual source information, virtual destination information, virtual topology information, an address of an virtual next hop, and an egress port.
  • a topology maintenance unit configured to maintain The virtual network topology information includes virtual source information, virtual destination information, virtual topology information, an address of an virtual next hop, and an egress port.
  • the present invention provides an apparatus for implementing a virtual container, including:
  • a receiving module configured to receive a first service packet sent by the first virtual network function vNF
  • a processing module configured to obtain a first virtual network packet according to the first service packet, where the first virtual network packet includes The first virtual source information and the first service information; the first virtual source information includes an identifier of the first vNF or an identifier of a virtual port of the first vNF;
  • the sending module sends the first virtual network packet to the first virtual forwarding function VFF.
  • the first vNF is located in the first virtual machine VM, and the first VM is attached to the first VFF.
  • the receiving module is further configured to receive an identifier of the third vNF sent by the first vNF;
  • the processing module is configured to process the first service packet according to the identifier of the third vNF, to obtain the first virtual network packet, where the first virtual network packet further includes One virtual
  • the first virtual destination information includes the identifier of the third vNF.
  • the receiving module is further configured to receive the first service path identifier or the first interface identifier sent by the first vNF;
  • the processing module is configured to process the first service packet according to the first service path identifier or the first interface identifier to obtain the first virtual network packet; the first virtual The network packet further includes first virtual topology information, where the first virtual topology information includes the first service path identifier or the interface identifier.
  • the receiving module is further configured to receive the a second virtual network packet of the VFF, the second virtual network packet includes the second virtual destination information, and the processing module is further configured to decapsulate the second virtual network packet to obtain the second service packet
  • the sending module is further configured to send the second service packet according to the second virtual destination information.
  • the second virtual network packet further includes second virtual topology information, where the second virtual topology information includes Two service path identifiers or second interface identifiers;
  • the processing module is specifically configured to decapsulate the second virtual network packet, obtain a second service packet, and the second service path identifier or the second interface identifier;
  • the sending module is further configured to send the second service path identifier or the second interface identifier according to the second virtual destination information.
  • the virtual container is located in the first VM; or, the virtual The container is located in a hypervisor hypervisor of the device where the first VM is located; or the virtual container is located in the same device as the first VFF.
  • the second virtual destination information includes the identifier or the location of the first vNF The identifier of the virtual port of the first vNF.
  • the second virtual destination information includes an identifier of the second vNF or a virtual of the second vNF An identifier of the port; the second vNF is located in the first VM, and the virtual container is located in the first VM.
  • the receiving module is further configured to receive a third service report sent by the network device And the identifier of the port of the network device;
  • the processing module is further configured to obtain a third virtual network packet according to the third service packet, where the third virtual network packet includes third virtual source information and the third service packet;
  • the three virtual source information includes an identifier of a port of the network device;
  • the sending module is further configured to send the third virtual network packet to the first VFF, where the network device is attached to the first VFF.
  • the virtual container is located in the network device.
  • the present invention provides a virtual network communication system, including: a first virtual machine VM and a first virtual forwarding function VFF, and a second VM and a second virtual forwarding function;
  • the first VM includes a first virtual network function vNF, the first VM is attached to the first VFF, the second VM includes a second vNF, and the second VM is attached to the second VFF.
  • the first VFF and the second VFF are used to construct a virtual network topology between the first VM and the second VM;
  • the first VFF is configured to receive a first virtual network packet from the first VM, where the first virtual network packet includes first virtual source information, and the first virtual source information includes the first vNF And the identifier of the virtual port of the first vNF; obtaining the second virtual network packet according to the first virtual network packet, where the second virtual network packet includes the first virtual source information and the The virtual topology information is sent to the second VFF; the first virtual topology information includes any one of the following: a virtual link identifier; a virtual shared bus identifier; a service path identifier; an interface identifier; Virtual link identifier and service path identifier; virtual shared bus identifier and service path identifier;
  • the second VFF is configured to receive the second virtual network packet from the first VFF, and process the first virtual network packet according to the second virtual source information and the first virtual topology information. Obtaining a third virtual network packet, where the third virtual network packet includes the first virtual source information and the first virtual destination information, where the first virtual destination information includes the identifier or location of the second vNF An identifier of the virtual port of the second vNF; sending the third virtual network packet to the second VM.
  • the first VM further includes a first virtual container;
  • the first vNF communicates with the first VFF through the first virtual container;
  • the first VFF is an independent device, or is located on the same device as the first VM.
  • the first VM further includes a third vNF
  • the third vNF communicates with the first VFF through the first virtual container
  • the system further includes a first virtual container, where the first virtual container is located in a hypervisor hypervisor of a device where the first VM is located,
  • the first VFF is an independent device or is located on the same device as the first VM; or the first virtual container, the first VM and the first VFF are located on the same device;
  • the vNF communicates with the first VFF through the first virtual container.
  • the system further includes a first network device, The first network device is attached to the first VFF;
  • the first VFF is further configured to receive a fourth virtual network packet from the first network device, where the second virtual network packet includes second virtual source information, where the second virtual source information includes The identifier of the port of the first network device is obtained, and the fifth virtual network packet is obtained according to the fourth virtual network packet, where the fifth virtual network packet includes the second virtual source information and the second virtual topology information.
  • Sending the fifth virtual network packet; the second virtual topology information includes any one of the following: a virtual shared bus identifier; a virtual link identifier; a service path identifier; a virtual link identifier and a service path identifier; and a virtual shared bus Identification and business path identification.
  • the system further includes a second network device and a third VFF, the second network device is attached to the third VFF;
  • the third VFF is configured to receive a sixth virtual network packet from the second network device, where the sixth virtual network packet includes third virtual source information, where the third virtual source information includes the And determining, by the sixth virtual network packet, the seventh virtual network packet, where the seventh virtual network packet includes the third virtual source information and the third virtual topology information; Sending the seventh virtual network packet; the third virtual topology information includes any one of the following: a virtual shared bus identifier; a virtual link identifier; a service path identifier; a virtual link identifier and a service path identifier; and a virtual shared bus identifier Identify the business path identifier.
  • the second VFF is further configured to receive the seventh virtual network packet from the third VFF
  • the seventh virtual network packet includes the third virtual source information and the third virtual topology information; and the seventh virtual network report is processed according to the third virtual source information and the third virtual topology information.
  • the identifier of the eighth virtual network is sent to the second VM.
  • the virtual forwarding function VFF and the virtual container can be used to construct a virtual network topology between the virtual network functions vNF after virtualizing the functions of the network device, thereby implementing communication between the vNFs, thereby enabling the virtual device to operate. And management is more convenient and flexible.
  • FIG. 1 is a schematic diagram of a format of a virtual network packet according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a virtual network communication system according to an embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of a VM and a VFF in a virtual network communication system according to an embodiment of the present invention
  • FIG. 4A and 4B are flowcharts of a method for implementing virtual network communication according to an embodiment of the present invention
  • FIG. 5A, FIG. 5B and FIG. 5C are flowcharts of another method for implementing virtual network communication according to an embodiment of the present invention
  • 6A, 6B, and 6C are flowcharts of still another method for implementing virtual network communication according to an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a network scenario of a virtual network communication according to an embodiment of the present invention
  • FIG. 8A is a flowchart of a virtual link communication method between vNFs according to an embodiment of the present invention
  • FIG. 8B is a vNF according to an embodiment of the present invention
  • FIG. 9A is a flowchart of a virtual shared bus communication method between vNFs according to an embodiment of the present invention
  • FIG. 9B is a schematic diagram of virtual network packet forwarding of virtual shared bus communication between vNFs according to an embodiment of the present invention
  • FIG. 10A is a flowchart of a method for communicating a service path between vNFs according to an embodiment of the present invention
  • FIG. 10B is a schematic diagram of virtual network packet forwarding according to the service path communication between vNFs according to an embodiment of the present invention
  • FIG. 10A is a flowchart of a method for communicating a service path between vNFs according to an embodiment of the present invention
  • FIG. 10B is a schematic diagram of virtual network packet forwarding according to the service path communication between vNFs according to an embodiment of the present invention
  • FIG. 11A is a flowchart of a method for implementing physical network to virtual network mapping interworking according to an embodiment of the present invention
  • FIG. 11B is a schematic diagram of virtual network packet forwarding of a physical network to virtual network mapping interworking according to an embodiment of the present invention
  • FIG. 12A is a flowchart of a method for performing an interface call between vNFs according to an embodiment of the present invention
  • FIG. 12B is a schematic diagram of a virtual network packet forwarding manner for an interface call between vNFs according to an embodiment of the present invention
  • FIG. 13A is a schematic structural diagram of an apparatus for implementing a first VFF according to an embodiment of the present invention
  • FIG. 13B is a schematic structural diagram of another apparatus for implementing a first VFF according to an embodiment of the present invention
  • FIG. 14B is a schematic diagram of a hardware structure of another device for implementing a first VFF according to an embodiment of the present invention
  • FIG. 15 is a device for implementing a virtual container according to an embodiment of the present invention
  • FIG. 16 is a schematic structural diagram of hardware of an apparatus for implementing a virtual container according to an embodiment of the present invention.
  • the invention discloses a virtual network communication method, device and system, and defines a virtual forward function (VFF) and a virtual container for virtual network function after virtualizing the function of the network device.
  • VFF virtual forward function
  • vNF virtual network function
  • a virtual machine (VM) can be connected to the VFF by means of attaching to the VFF.
  • VM virtual machine
  • a virtual link can be built between the vNFs (English: vnLine) or a virtual shared bus. : vnLAN), or business path (English: service chain), or virtual shared bus combined with service path, or virtual link combined with business path, or interface call.
  • the network device can also be attached to the VFF to implement the mapping between the physical network and the virtual network.
  • the port of the network device including the physical port or the logical port, to the vNF
  • the virtual port mapping can be used to build a virtual link, or virtual shared bus, or service path, or virtual shared bus and service path, or virtual link and service path, between the port of the network device and the virtual port of the vNF.
  • the VFF may be a stand-alone device, or may be located on a device, such as a server or a host, and may be deployed according to network requirements.
  • the virtual link (English: vnLine): is a virtual network line that is built between the two virtual network functions vNF, and the two vNFs are directly connected through the virtual link. Da.
  • Virtual Shared Bus (English: vnLAN): A virtual LAN segment that emulates a physical shared bus between multiple vNF virtual ports; all vNF virtual ports attached to the virtual shared bus can communicate with each other. Through the virtual shared bus built between the virtual ports of multiple vNFs, the packets sent from the virtual ports of a vNF attached to the virtual shared bus, the virtual ports of other vNFs attached to the virtual shared bus can be received. To.
  • Service chain is a series of service node links formed by vNF sequential processing messages; in the series of vNFs, each vNF implements different service node functions, such as firewall, network address translation (network address translation) , referred to as NAT) and so on.
  • service node functions such as firewall, network address translation (network address translation) , referred to as NAT) and so on.
  • NAT network address translation
  • a packet sent from vNFO to vNF3 must be processed by vNF1 located in virtual machine 1 and then processed by vNF2 located in virtual machine 2 to reach vNF3.
  • vNFO-vNFl - vNF2-vNF3 constitutes a business path.
  • Interface (English: interface) call: Implement a communication interface between one vNF and another vNF, so that two vNFs can work together, just like communication between different modules in the same physical host, or process communication across physical hosts. .
  • the physical port or logical port of the physical device is mapped to the virtual port of the vNF.
  • a virtual network message is also defined for implementing the virtual network communication of the present invention.
  • the virtual network packet includes the payload and the outer packet header.
  • the payload (English: payload) can be the service packet or service data sent by the vNF.
  • the outer packet header includes the virtual network routing information and the virtual network encapsulation information. Specifically, the virtual source information, the virtual destination information, the virtual path information, and the address of the virtual next hop are included.
  • the outer packet header is divided into a virtual layer header and a virtual network header.
  • the virtual layer header includes virtual source information, virtual destination information, and virtual path information, and is used to implement virtual network routing, including Routing between vNF and VFF, routing between two VFFs; virtual
  • the network header includes virtual network encapsulation information such as the address of the virtual next hop; the address of the virtual next hop includes a media address control (MAC) address, and may also include an Internet Protocol (IP) address.
  • MAC media address control
  • IP Internet Protocol
  • the format of the virtual network packet is specifically as shown in FIG. 1 , where the virtual cascading header includes:
  • the first flag in the flag defined in the present invention is a flag of 0, which is used to indicate whether the virtual cascading header includes an option (English: option), for example, the 0 flag is set to 1, and the indication includes an option. , 0 indicates that the option is not included; the remaining undefined flag bits are reserved, the extensible definition; the virtual source type (S-type): 4 bits, used to indicate the type of the virtual source information;
  • Virtual source information 32bits, including the identifier of the vNF, the identifier of the virtual port, the identifier of the physical port, or the identifier of the logical port;
  • Virtual destination information 32bits, including the identifier of the vNF, the identifier of the virtual port of the vNF, etc.; the identifier of the virtual port of the vNF may be globally unique or unique on the vNF. If the identifier of the virtual port of the vNF is unique on the vNF, the identifier of the virtual port of the vNF may be formed by the identifier of the vNF and the virtual port number;
  • Virtual topology information 32bits, including the service path identifier (pathID) 16bits, used to identify a service path; also includes the virtual network segment identifier (segID), 32bits, used to identify the virtual network segment, including the virtual link identifier, virtual share Bus identification, or interface identification, etc.;
  • Reserved (English: reserve): 8bits, currently reserved as a reserved field;
  • Protocol (English: protocol): 8bits, indicating the protocol type of the service packet in the payload, which can be Ethernet, Internet Protocol version 4 (abbreviated as IPv4), Internet Protocol version 6 (Internet protocol version 6) , referred to as IPv6), user datagram protocol (UDP), transmission control protocol (TCP).
  • IPv4 Internet Protocol version 4
  • IPv6 Internet Protocol version 6
  • UDP user datagram protocol
  • TCP transmission control protocol
  • Length (English: length): 16bits, indicating the total length (in bytes) of the packet except the basic header of the virtual network packet. Specifically, indicating the length of the payload and the option;
  • Optional (English: option): carries information in the form of a type-length-value (TLV).
  • the virtual network packet may include a processing result option, and the option type is indicated by type.
  • Processing results, vlaue includes business processing results.
  • the virtual network header includes: a source MAC address, a destination MAC address; optionally, a virtual office A virtual local area network (VLAN) identifier (ID) or an NV03 encapsulation header.
  • VLAN virtual local area network
  • ID virtual local area network
  • NV03 encapsulation header
  • Encapsulation format 1 Encapsulation of the Ethernet header, including source MAC address (sMAC), destination MAC address (dMAC);
  • Encapsulation format 2 Ethernet packet header with VLAN, including source MAC address (sMAC), destination MAC address (dMAC) and P VLAN ID.
  • sMAC source MAC address
  • dMAC destination MAC address
  • P VLAN ID P VLAN ID
  • Encapsulation format 3 Encapsulate the Ethernet header into the UDP/IP/Ethernet header and traverse the IP network using the NV03 technology.
  • an embodiment of the present invention provides a virtual network communication system, including a first VM and a first VFF, and a second VM and a second VFF;
  • the first VFF and the second VFF are used to construct a virtual network topology and implement forwarding of virtual network packets.
  • the first VM includes a first virtual network function vNF, the first VM is attached to the first VFF, and the second VM includes a second vNF, and the second VM is attached to On the second VFF;
  • the first VFF and the second VFF are used to construct a virtual network topology between the first VM and the second VM, including any one of the following: a virtual link (English: vnLine); a virtual shared bus (English: vnLAN); business path (English: service chain); virtual shared bus and service path; virtual link and service path; interface call. It can be understood that the present invention is not limited to the above network topology, and can be applied to the construction of more network topologies as the network virtualization technology develops.
  • the first VFF is configured to receive a first virtual network packet from the first VM, where the first virtual network packet includes first virtual source information, and the first virtual source information includes the first vNF And the identifier of the virtual port of the first vNF; obtaining the second virtual network packet according to the first virtual network packet, where the second virtual network packet includes the first virtual source information and the a virtual topology information; sending the second virtual network packet to the second VFF; the first virtual topology information includes Any one of the following: virtual link identifier; virtual shared bus identifier; service path identifier; interface identifier; virtual link identifier and service path identifier; virtual shared bus identifier and service path identifier;
  • the second VFF is configured to receive the second virtual network packet from the first VFF, and process the second virtual network packet according to the first virtual source information and the first virtual topology information. Obtaining a third virtual network packet, where the third virtual network packet includes the first virtual source information and the first virtual destination information, where the first virtual destination information includes the identifier or location of the second vNF An identifier of the virtual port of the second vNF; sending the third virtual network packet to the second VM;
  • the structure between the first VM and the first VFF may be as shown in FIG. 3a or 3b, where the first VM further includes a first virtual container, and the first vNF passes the first virtual container and the
  • the first VFF communication may be an independent device, or may be located on the same device as the first VM, for example, a server or a host.
  • the first vNF corresponds to the first VM.
  • the virtual port of the first vNF corresponds to a virtual network interface card (vNIC) of the first VM.
  • vNIC virtual network interface card
  • the vNF and the VM may have a many-to-one relationship.
  • the first VM may further include a second vNF.
  • the virtual port of the vNF has a many-to-one relationship with the vNIC. It can be understood that the structure of the second VM and the second VFF can also be as shown in Fig. 3a or 3b.
  • a socket (English: socket) interface is provided for the vNF, and the virtual port of the vNF is bound to the vNIC or the vNIC+VLAN;
  • the socket interface may be created by the vNF. It can also be created by a hypervisor in the VM.
  • the socket interface can be created based on vNF or it can be created based on the virtual port of vNF.
  • the vNF calls the socket interface to send the service packet to the virtual container.
  • the virtual container encapsulates the service packet into a virtual network packet and sends it to the VFF.
  • the virtual container decapsulates the virtual network packet to obtain a service packet, and finds a corresponding socket interface according to the virtual network packet, and sends the service packet to the vNF.
  • the socket management interface and the socket use interface are defined in the embodiment of the present invention; the management software in the vNF or the VM invokes the socket management interface to create a socket interface; after the socket interface is created, the vNF can use the socket to send and receive messages through the interface. .
  • the socket management interface can include:
  • unPlug(S) means to destroy a socket interface that has been created.
  • S.bind(nicDevice, vlanid) indicates that the socket interface is mapped to a vNIC, or vNIC+VLAN.
  • S.setQoS( ) indicates that the quality of service (QoS) information of the socket interface is set.
  • S.getInfo( ) indicates that the information of the socket interface is obtained.
  • the Socket interface can include:
  • S.Send( ) indicates that vNF calls the socket interface to send a message.
  • S.Receive( ) indicates that vNF calls the socket interface to receive the message.
  • S.connected( ) indicates whether the connection to the underlying network has been detected.
  • the structure between the first VM and the first VFF may also be as shown in FIG. 3c, the system further includes a first virtual container; the first virtual container is located in a device where the first VM is located, for example, a server or a host, The virtual machine management program (English: hypervisor); the first vNF communicates with the first VFF through the first virtual container; the first VFF may be an independent device, or may be located at the first The device where the VM is located.
  • the virtual port of the first vNF corresponds to the vNIC of the first VM.
  • the structure of the second VM and the second VFF may also be as shown in FIG. 3c, and further includes a second virtual container; the second virtual container is located in a hypervisor of the device where the second VM is located; The second vNF communicates with the second VFF through the second virtual container.
  • the first VM and the first VFF may be in the same device as shown in FIG. ,
  • the first vNF communicates with the first VFF through the first virtual container.
  • the virtual port of the first vNF corresponds to the vNIC of the first VM.
  • the structure of the second VM and the second VFF may also be as shown in FIG. 3d, and further includes a second virtual container; the second virtual container, the second VM and the second VFF are located in the same device.
  • the second vNF communicates with the second VFF through the second virtual container.
  • the virtual container in the structure shown in FIG. 3c or FIG. 3d simplifies the implementation, and does not need a complicated socket interface, and mainly encapsulates and decapsulates the packet.
  • the first VM may further include a third vNF; the third vNF communicates with the first VFF by using the first virtual container; the first virtual container, It is also used to maintain the correspondence between the virtual port of the vNF and the virtual network card vNIC.
  • the system further includes a first network device, where the first network device is attached to the first VFF, and the first VFF is further configured to receive a fourth virtual device from the first network device.
  • a network packet where the fourth virtual network packet includes the second virtual source information, where the second virtual source information includes an identifier of the port of the first network device, and the fourth virtual network packet is obtained according to the fourth virtual network packet.
  • the fifth virtual network packet includes the second virtual source information and the second virtual topology information; the fifth virtual network packet is sent; the second virtual topology information includes any of the following A virtual shared bus identifier; a virtual link identifier; a service path identifier, a virtual link identifier, and a service path identifier; a virtual shared bus identifier and a service path identifier.
  • the system further includes a second network device and a third VFF, the second network device is attached to the third VFF; the second network device may be connected to the first VM by using the The first VFF communicates with the third VFF; the second network device may also communicate with the second VM through the second VFF and the third VFF.
  • the second network device may be in communication with the second VM, and the second network device and the second VM may implement the foregoing by using the second VFF and the third VFF.
  • Mapping the port of the second network device to the virtual port of the second vNF including constructing a virtual link, or a virtual shared bus, or a service between a port of the second network device and a virtual port of the second vNF Path, or virtual shared bus and service path, or virtual link and service path.
  • the port of the second network device includes a physical port or a logical port.
  • the third VFF is configured to receive a sixth virtual network packet from the second network device, where the sixth virtual network packet includes third virtual source information, where the third virtual source information includes the An identifier of the port of the second network device, where the seventh virtual network packet is obtained according to the sixth virtual network packet,
  • the seventh virtual network packet includes the third virtual source information and the third virtual topology information; the seventh virtual network packet is sent to the second VFF; and
  • the third virtual topology information includes any one of the following : virtual shared bus identifier; virtual link identifier; service path identifier; virtual link identifier and service path identifier; virtual shared bus identifier and service path identifier.
  • the second VFF is configured to receive the seventh virtual network packet from the third VFF, and process the seventh virtual network packet according to the third virtual source information and the third virtual topology information. Obtaining an eighth virtual network packet, where the eighth virtual network packet includes the third virtual source information and the third virtual destination information, where the third virtual destination information includes the virtual port of the second vNF Identifying; sending the eighth virtual network message to the second VM.
  • the structure and function of the first VFF in the virtual network communication system may be as shown in any of FIG. 13A, 13B, 14A and 14B of the present invention; the first virtual container may be as shown in the present invention. 15 or 16. It can be understood that the structure and function of the second VFF or the third VFF are the same as or similar to the first VFF.
  • the virtual network communication system constructs a virtual network topology between the vNFs or between the network devices and the vNF, and implements communication between the vNFs or between the network devices and the vNF. Therefore, the network function (ie, vNF) virtualized by the NFV technology can be decoupled from the NFV topology, so that the operation and management of the virtual device virtualized by the NFV technology is more convenient and flexible.
  • a method for implementing virtual network communication includes:
  • the first VFF receives the first virtual network packet from the first VM, where the first virtual network packet includes first virtual source information, and the first virtual source information includes an identifier of the first vNF or the first The identifier of a virtual port of a vNF;
  • the first vNF is located in the first VM; the first VM is attached to the first VFF, and the first VFF is used to construct a virtual network topology and implement forwarding of virtual network packets.
  • the first VFF receives the virtual network packet from an ingress port.
  • the first virtual network packet further includes a first payload; specifically, the first virtual network packet encapsulates a virtual network header and a virtual layer header in an outer layer of the first payload, where The first virtual source information is included in the virtual cascading header. And obtaining, by the first virtual network packet, a second virtual network packet, where the second virtual network packet includes the first virtual source information and the first virtual topology information; the first virtual topology information. It includes any one of the following: virtual link identifier; virtual shared bus identifier; service path identifier; interface identifier; virtual link identifier and service path identifier; virtual shared bus identifier and service path identifier.
  • the second virtual network message further includes the first payload.
  • the first VFF acquires the first virtual topology information, the address of the first virtual next hop, and the first egress port, where the address of the first virtual next hop includes the MAC address of the second VFF;
  • the first virtual source information, the first virtual topology information, and the address of the first virtual next hop encapsulate the first virtual network packet, to obtain the second virtual network packet;
  • the network message further includes an address of the first virtual next hop.
  • the method further includes: obtaining, according to the first VFF, an ingress port of the first virtual network packet, and acquiring a virtual network identifier VNID.
  • the acquiring the first virtual topology information, the address of the first virtual next hop, and the first egress port includes: acquiring the first virtual topology information, the first virtual next, according to the VNID The address of the hop and the first outgoing port.
  • the first virtual network packet may further include a result option, which is used to deliver, to the first VFF, the effective payload of the first vNF to the virtual network packet, that is, The processing result of the first payload is performed; the first VFF may perform different processing on the first virtual network packet according to the processing result in the processing result option. For example, if the processing result indicates that filtering is required, the service chain with path ID 220 is selected, and the address and outgoing port of the virtual next hop are correspondingly corresponding; if the filtering is not required, the service chain or vnLinel with path ID 210 is selected, and correspondingly The address and outgoing port of the virtual next hop.
  • a result option which is used to deliver, to the first VFF, the effective payload of the first vNF to the virtual network packet, that is, The processing result of the first payload is performed; the first VFF may perform different processing on the first virtual network packet according to the processing result in the processing result option. For example, if the processing result indicates that filtering is required
  • the first VFF sends the second virtual network packet from the first egress port to the second VFF.
  • the first virtual topology information, the address of the first virtual next hop, and the first egress port including: acquiring, according to the first virtual source information, the first virtual topology information, the first virtual a first hop address and the first egress port; the first virtual topology information includes a virtual link identifier or a virtual shared bus identities.
  • the first virtual topology information, the address of the first virtual next hop, and the first egress port are obtained according to the VNID and the first virtual source information.
  • the first virtual network packet further includes first virtual topology information, where the first virtual topology information includes a service path identifier or an interface identifier.
  • the obtaining the first virtual topology information, the address of the first virtual next hop, and the first egress port include:
  • the address of the first virtual next hop and the first egress port are obtained according to the VNID, the first virtual source information, and the first virtual topology information.
  • the first virtual network packet further includes first virtual destination information, the first virtual destination information includes an identifier of the second vNF, and the second vNF is located in the second VM, where the second VM is Attached to the second VFF.
  • the obtaining the first virtual topology information, the address of the first virtual next hop, and the first egress port include:
  • the first virtual topology information Acquiring the first virtual topology information, the address of the first virtual next hop, and the first egress port according to the first virtual source information and the first virtual destination information; the first virtual topology
  • the information includes the service path identifier.
  • the first virtual topology information, the address of the first virtual next hop is obtained according to the VNID, the first virtual source information, and the first virtual destination information. And the first outgoing port.
  • the address of the first virtual next hop further includes an IP address of the second VFF; and the second virtual network packet further includes a network virtualization overlay NV03 header and the second VFF
  • the VNID in the NV03 header is the VNID corresponding to the ingress port of the first virtual network packet received by the first VFF.
  • the method may further include:
  • the first VFF receives a third virtual network packet from the network device, where the third virtual network packet includes second virtual source information, where the second virtual source information includes a port of the network device.
  • the network device is attached to the first VFF; the port of the network device includes a physical port or a logical port.
  • the third virtual network message further includes a second payload.
  • the first VFF obtains a fourth virtual network packet according to the third virtual network packet, where the fourth virtual network packet includes the second virtual source information and second virtual topology information.
  • the second virtual topology information includes any one of the following: a virtual shared bus identifier; a virtual link identifier; a service path identifier; a virtual link identifier and a service path identifier; a virtual shared bus identifier and a service path identifier.
  • the fourth virtual network message further includes the second payload.
  • the first VFF acquires the second virtual topology information, the address of the second virtual next hop, and the second egress port according to the second virtual source information, where the address of the second virtual next hop includes Encapsulating the third virtual network packet according to the second virtual source information, the second virtual topology information, and the address of the second virtual next hop, to obtain the first
  • the fourth virtual network packet further includes an address of the second virtual next hop.
  • the first VFF sends the fourth virtual network packet from the second egress port to the third VFF.
  • the network device uses the virtual network function (vNF) virtualized by the NFV technology to attach to the VFF, and receives and processes the virtual network packet communicated between the vNFs through the VFF, thereby constructing a flexible vNF.
  • the communication architecture makes the operation and management of the virtual device virtualized by the NFV technology more convenient and flexible; thereby solving the problem that the virtual network function (vNF) is coupled with the NFV topology, consumes VNID resources, cannot flexibly control the vNF, and realizes communication between the vNFs.
  • another method for implementing virtual network communication includes:
  • the first virtual forwarding function VFF receives the first virtual network packet from the second VFF, where the first virtual network packet includes first virtual source information and first virtual topology information; and the first virtual source information includes An identifier of the second virtual network function vNF or an identifier of the virtual port of the second vNF; wherein the second vNF is located in the second virtual machine VM, and the second VM is attached to the second VFF;
  • the first VFF receives the first virtual network packet from an ingress port.
  • the first virtual topology information includes any one of the following: a virtual link identifier; a virtual shared bus identifier; a service path identifier; an interface identifier; a virtual link identifier and a service path identifier; a virtual shared bus identifier and a service path identifier.
  • the first virtual network packet further includes a first payload; specifically, the first virtual network packet encapsulates a virtual network header and a virtual layer header in an outer layer of the first payload, where The first virtual source information and the first virtual topology information are included in the virtual cascading header.
  • 502. Process the first virtual network packet according to the first virtual source information and the first virtual topology information to obtain a second virtual network packet.
  • the first virtual network information includes the first virtual source information and the first virtual destination information, where the first virtual destination information includes an identifier of the first vNF or an identifier of the first virtual port of the first vNF.
  • the first vNF is located in the first VM, and the first VM is attached to the first VFF.
  • the first VFF and the second VFF are used to construct a virtual network topology and implement forwarding of virtual network packets.
  • the first VFF may process the first virtual network packet according to the virtual network topology information of the first VFF.
  • the virtual network topology information of the first VFF may be pre-configured on the first VFF, or may be dynamically obtained by the first VFF, for example, to a central topology manager requesting and acquiring topology information.
  • the virtual network topology information includes virtual source information, virtual destination information, virtual topology information, an address of an virtual next hop, and an egress port.
  • the virtual network topology information may further include an ingress port and a VNID.
  • the first VFF acquires the first virtual destination information, the address of the first virtual next hop, and the first egress port according to the first virtual source information and the first virtual topology information, where the first The address of a virtual next hop includes a MAC address of the first virtual network card vINC of the first VM; and according to the first virtual source information, the first virtual destination information, and the first virtual next hop The address encapsulates the first virtual network packet to obtain the second virtual network packet, and the second virtual network packet further includes an address of the first virtual next hop.
  • the second virtual network message further includes the first payload.
  • the method further includes: obtaining a first VNID from the first virtual network packet.
  • the acquiring the first virtual destination information, the address of the first virtual next hop, and the first egress port according to the first virtual source information and the first virtual topology information The first virtual destination information, the address of the first virtual next hop, and the first egress port are obtained by using a VNID, the first virtual source information, and the first virtual topology information.
  • the first VFF sends the second virtual network packet from the first egress port to the first VM; specifically, to the first vNF or the first vNF. Virtual port.
  • the second virtual network packet further includes the service path identifier or the interface identifier.
  • the virtual network topology is constructed between the vNFs through the VFF to implement communication between the vNFs, thereby making the operation and management of the virtual device more convenient and flexible.
  • the method may further include:
  • the first VFF receives a third virtual network packet from the third VFF, where the third virtual network packet includes second virtual source information and second virtual topology information.
  • the second virtual source information includes an identifier of the virtual port of the third vNF, and the second virtual topology information includes any one of the following: a virtual shared bus identifier, a virtual link identifier, a service path identifier, and a virtual link. Identification and service path identification; virtual shared bus identification and service path identification;
  • the third vNF is located in the third virtual machine VM, and the third VM is attached to the third VFF.
  • the third virtual network packet further includes a second payload.
  • the first VFF processes the third virtual network packet according to the second virtual source information and the second virtual topology information to obtain a fourth virtual network packet.
  • the fourth virtual network packet includes the second virtual source information and the second virtual destination information, where the second virtual destination information includes an identifier of a port of the first network device, where the first network device is attached. On the first VFF.
  • the fourth virtual network message further includes the second payload.
  • the first VFF acquires the second virtual destination information, the address of the second virtual next hop, and the second egress port according to the second virtual source information and the second virtual topology information, where the The address of the second virtual next hop includes the MAC address of the first network device, and encapsulates the first virtual source information, the second virtual destination information, and the address of the second virtual next hop. And obtaining, by the third virtual network packet, the fourth virtual network packet, where the fourth virtual network packet further includes an address of the first virtual next hop.
  • the method further includes: obtaining a second VNID from the third virtual network packet.
  • the acquiring the second virtual destination information, the address of the second virtual next hop, and the second egress port according to the second virtual source information and the second virtual topology information includes: Obtaining the second virtual destination information, the address of the second virtual next hop, and the second egress port according to the second VNID, the second virtual source information, and the second virtual topology information.
  • the first VFF sends the fourth virtual network packet to the first network device. Specifically, the first VFF sends the fourth virtual network packet from the second egress port to the first network device, and is specifically sent to the port of the first network device.
  • the method may further include:
  • the first VFF receives a fifth virtual network packet from the fourth VFF, where the fifth virtual network packet includes third virtual source information and third virtual topology information.
  • the third virtual source information includes an identifier of a port of the second network device, and the third virtual topology information includes any one of the following: a virtual shared bus identifier; a virtual link identifier; a service path identifier; a virtual link identifier and The service path identifier; the virtual shared bus identifier and the service path identifier; wherein the second network device is attached to the fourth VFF.
  • the fifth virtual network packet further includes a third payload.
  • the first VFF processes the fifth virtual network packet according to the third virtual source information and the third virtual topology information to obtain a sixth virtual network packet.
  • the sixth virtual network packet includes the third virtual source information and the third virtual destination information, where the third virtual destination information includes an identifier of the second virtual port of the first vNF.
  • the first VFF acquires the third virtual destination information, the address of the third virtual next hop, and the third egress port according to the third virtual source information and the third virtual topology information, where the The address of the third virtual next hop includes the MAC address of the second vNIC of the first VM; and is encapsulated according to the third virtual source information, the third virtual destination information, and the address of the third virtual next hop
  • the fifth virtual network packet is configured to obtain the sixth virtual network packet, where the sixth virtual network packet further includes an address of the third virtual next hop.
  • the third virtual network packet further includes the third payload.
  • the method further includes: obtaining a third VNID from the third virtual network packet.
  • the acquiring the third virtual destination information, the address of the third virtual next hop, and the third egress port according to the third virtual source information and the third virtual topology information includes: Acquiring the third virtual destination information, the address of the third virtual next hop, and the third egress port according to the third VNID, the third virtual source information, and the third virtual topology information.
  • the first VFF sends the sixth virtual network packet to the first VM.
  • the first VFF sends the sixth virtual network packet from the third egress port to the first VM, and specifically to the second virtuality of the first vNF of the first VM. port.
  • the network device can be directly attached to the VFF, and the VFF is at the end of the network device.
  • the virtual network topology is built between the virtual port of the port and the vNF. Just as the vNF is directly implemented on the port of the network device, mapping between the physical device and the virtual device can be implemented.
  • yet another method for implementing virtual network communication includes:
  • the virtual container receives the first service packet sent by the first virtual network function vNF.
  • the first vNF is located in the first virtual machine VM, and the first VM is attached to the first VFF.
  • the virtual container further receives an identifier of the third vNF sent by the first vNF.
  • the virtual container further receives the first service path identifier or the first interface identifier sent by the first vNF.
  • the first vNF may invoke a socket interface created for the first vNF or the first virtual port of the first vNF, and send the The first service packet, and the identifier of the first vNF or the identifier of the first virtual port of the first vNF is used as a parameter.
  • the identifier of the third vNF is used as a parameter.
  • the first service path identifier or the first interface identifier is used as a parameter.
  • the virtual container obtains a first virtual network packet according to the first service packet, where the first virtual network packet includes first virtual source information and the first service packet.
  • the first virtual source information includes an identifier of the first vNF or an identifier of a first virtual port of the first vNF;
  • the virtual container finds the first vNIC or a VLAN (vNIC+VLAN) of the first vNIC according to the socket interface that sends the first service packet; and then, identifies or identifies the first vNF.
  • the identifier of the first virtual port of the first vNF is used as the first virtual source information; the MAC address of the first vNIC, or the MAC address of the first VNIC + the VLAN ID is used as the source address of the virtual network header, The first VFF MAC address is used as the destination address of the virtual network header, and the first service packet is encapsulated to obtain the first virtual network packet.
  • the encapsulating the first service packet further includes: using the identifier of the third vNF as the first virtual destination information ,
  • the first virtual network message further includes the first virtual destination information.
  • the encapsulating the first service packet further includes: marking the first service path or The first interface identifier is included in the first virtual topology information, and the first virtual network packet further includes the first virtual topology information.
  • the virtual container sends the first virtual network packet to the first VFF.
  • the virtual container sends the first virtual network packet to the first VFF through the first vNIC, so that the first VFF processes the first virtual network packet.
  • communication between the vNF and the VFF is implemented through the virtual container, and the virtual network topology is constructed between the virtual container and the VFF to implement communication between the vNFs, thereby enabling operation and management of the virtual device. More convenient and flexible.
  • the method further includes:
  • the virtual container receives a second virtual network packet from the first VFF, where the second virtual network packet includes second virtual destination information.
  • the virtual container decapsulates the second virtual network packet to obtain a second service packet. Specifically, the virtual container removes a virtual layer header and a virtual network header of the second virtual network packet to obtain The second service packet.
  • the virtual container sends the second service packet according to the second virtual destination information. Specifically, the virtual container sends the second service packet to the virtual port of the destination vNF or the destination vNF indicated by the second virtual destination information.
  • the virtual port of the destination vNF or the destination vNF indicated by the second virtual destination information may include an identifier of the first vNF or an identifier of the first virtual port of the first vNF or the first The identifier of the second virtual port of the vNF.
  • the virtual container according to the identifier of the first vNF or the identifier of the first virtual port of the first vNF or the identifier of the second virtual port of the first vNF, The second service packet is sent to the first vNF or the first virtual port or the second virtual port of the first vNF.
  • the virtual container may be located in the first VM; or located in the hypervisor hypervisor of the device where the first VM is located; or located in the same device as the first VFF, as shown in FIG. 3a-3d. Shown.
  • the virtual port of the destination vNF or the destination vNF indicated by the second virtual destination information may also include an identifier of the second vNF or an identifier of the virtual port of the second vNF; the second vNF bit Within the first VM.
  • the virtual container invokes a corresponding socket interface according to the identifier of the second vNF or the identifier of the virtual port of the second vNF, and sends the second service packet to the second vNF or the The virtual port of the second vNF.
  • the virtual container can be located in the first VM, as shown in Figure 3b.
  • the second virtual network packet further includes second virtual topology information, where the second virtual topology information includes a second service path identifier or a second interface identifier.
  • the identifier or the second interface identifier may be the same as or different from the first service path identifier or the first interface identifier.
  • the method further includes:
  • the virtual container sends the second service path identifier or the second interface identifier according to the second virtual destination information. Specifically, the virtual container sends the second service path identifier or the second interface identifier to the virtual service of the destination vNF or the destination vNF indicated by the second virtual destination information together with the second service packet. port.
  • 604-606 can be performed before or after 601-603, or can be synchronized with 601-603.
  • the method may further include:
  • the virtual container receives a third service packet sent by the network device and an identifier of a port of the network device.
  • the port of the network device includes a physical port or a logical port.
  • the network device is attached to the first VFF.
  • the virtual container can be located within the network device.
  • the virtual container obtains a third virtual network packet according to the third service packet and the identifier of the port of the network device, where the third virtual network packet includes third virtual source information and the first The third virtual source information includes the identifier of the port of the network device;
  • the virtual container uses the identifier of the port of the network device as the third virtual source information; the MAC address of the network device is used as the source address of the third virtual network head, and the MAC address of the first VFF is used as the third The destination address of the virtual network header, the third service packet is encapsulated, and the third virtual network packet is obtained.
  • the virtual container sends the third virtual network packet to the first VFF.
  • the virtual container sends the third virtual network packet to the first VFF through a port connected to the first VFF by the network device, so that the first VFF processes the third Virtual Network message.
  • the virtual container further receives a fourth virtual network packet from the first VFF, where the fourth virtual network packet includes fourth virtual destination information, and the fourth virtual destination information includes the The ID of the port of the network device.
  • the virtual container decapsulates the fourth virtual network packet to obtain a fourth service packet, and sends the fourth service packet to the port of the network device according to the fourth virtual destination information.
  • the first VM, the network device is attached to the first VFF, and the virtual container communicates with the first VFF as an example.
  • the A VM and the network device may be configured with respective virtual containers, attached to the same VFF or respectively attached to different VFFs, which is not limited by the present invention.
  • the network device can be directly attached to the VFF, and communicates with the VFF through the virtual container, thereby constructing a virtual network topology between the port of the network device and the virtual port of the vNF through the virtual container and the VFF, just as the vNF is directly implemented in the network.
  • the mapping between the physical device and the virtual device is implemented.
  • the virtual container receives the first service packet from the first vNF in the first VM and encapsulates the first virtual network packet to be sent to the first VFF attached to the first VM, and receives the first VFF from the first VM.
  • the second virtual network packet of the VFF decapsulating the second virtual network packet to obtain a second service packet, and sending the second service packet to the first vNF, so that the first VFF can communicate with other vNFs.
  • FIG. 7 is a schematic diagram of a network scenario of virtual network communication according to an embodiment of the present invention.
  • the system includes VM1, VFF1, VM2, VFF2, VM3, and VFF3; wherein VM1 includes vNF1, and vNF1 includes two Virtual ports pll and pl2; VM2 includes vNF2, vNF2 includes two virtual ports p21 and p22; VM3 includes vNF3, and vNF3 includes two virtual ports p31 and p32.
  • vNF1, vNF2 and vNF3 form a virtual network
  • VM1 and VFF1, VM2 and VFF2 are in the same data center network
  • VM3 and VFF3 are located in another data center network
  • VM3 and VFF3 are through the three-layer network with VM1 and VFF1, VM2 and VFF2 communication.
  • VFF1, VFF2, and VFF3 respectively maintain respective virtual network topology information, and implement Communication between vNFl, vNF2, vNF3.
  • the virtual network topology information includes: virtual source information, virtual destination information, virtual topology information, new virtual destination information, virtual next hop address, and egress port;
  • the virtual network topology information further includes an ingress port and a VNID.
  • the VFF maintains the virtual network topology information through the topology forwarding table and the network address mapping table.
  • the VFF can be maintained through the topology forwarding table, the port-to-virtual network mapping table, and the network address mapping table.
  • the topology forwarding table includes mappings between virtual source information, virtual destination information, virtual topology information, and new virtual destination information.
  • the network address mapping table includes new virtual destination information, virtual topology information, virtual next hop address, and egress port. Correspondence relationship;
  • the port-to-virtual network mapping table includes the correspondence between the ingress port and the VNID.
  • the topology forwarding table and the network address mapping table may also be combined into one table.
  • VFF 1 network address mapping table
  • VFF3 topology forwarding table
  • FIG. 8A is a flowchart of a method for virtual link communication between vNFs according to an embodiment of the present invention.
  • FIG. 8B is a schematic diagram of the virtual network packet forwarding of the virtual link communication between the vNFs according to the embodiment of the present invention. 8A and 8B, the specific communication process is as follows:
  • the vNF1 sends a service packet from the virtual port pl2 to the virtual container of the VM1.
  • the 802 the virtual container of the VM1 obtains the virtual network card vNIC12 corresponding to the virtual port pl2, and then encapsulates the service packet to obtain the first virtual network packet.
  • the virtual container of the VM1 may obtain the virtual network card VNIC12 corresponding to the pl2 according to the corresponding relationship between the virtual port and the virtual network card; then the virtual container of the VM1 encapsulates the virtual cascading header and the virtual network header in the outer layer of the service packet.
  • the first virtual network packet is obtained.
  • the identifier of the virtual port pl2 of the vNF1 is encapsulated in the virtual cascading header as the virtual MAC address
  • the MAC address of the VNIC 12 is used as the source MAC address and the MAC address of the VFF1 is used as the destination MAC address.
  • the address is encapsulated in the virtual network header to obtain the first virtual network packet.
  • the virtual container of VM1 sends the first virtual network packet to VFF1.
  • the virtual container of VM1 sends the first virtual network message from VNIC 12 to VFF1.
  • the VFF1 receives the first virtual network packet, and processes the first virtual network packet according to the virtual network topology information of the VFF1 to obtain the second virtual network packet.
  • the VFF1 receives the first virtual network packet from the ingress port vpl02, and queries the virtual network topology information of the VFF1 according to the virtual source information to obtain virtual topology information, an address of the virtual virtual next hop, and an egress port.
  • VFF1 can support multi-tenancy, and the virtual network domain to which each tenant belongs can be distinguished by VNID. For details, see Table 12.
  • the VFF1 can learn the corresponding VNID from the port that receives the virtual network packet.
  • the vport identifies the port on which the VFF1 receives the virtual network packet, and the corresponding VNID identifies the virtual network domain to which the port that receives the virtual network packet belongs.
  • the VNID may be included in the VNID field of the NV03 encapsulation header in the virtual network message.
  • the VFF1 maintains a topology forwarding table (Table 11), a port and virtual network relationship table (Table 12), and a network address mapping table (Table 13) for maintaining virtual network topology information of the VFF1.
  • the VFF1 receives the first virtual network packet from the ingress port vpl02, and according to the virtual source information, that is, the identifier of the virtual port pl2 of the vNF1, the lookup table 11 obtains new virtual topology information, that is, the segID.
  • VNID 1000
  • P segID vnLinel
  • the VFF1 package generates a second virtual network packet, specifically, the vnLine1 is used as the virtual network segment identifier of the virtual topology information, and the virtual source information: the identifier of the virtual port pl2 of the vNF1 is encapsulated in the virtual cascading header;
  • the MAC address is used as the source MAC address
  • the MAC address of VFF2 is used as the destination MAC address
  • the VNID: 1000 is placed in the VNID field of the NV03 encapsulation header and encapsulated in the virtual network header.
  • the VFF1 sends the second virtual network packet.
  • the second virtual network packet is sent from the egress port vpl52 to the VFF2.
  • the VFF2 receives the second virtual network packet, and processes the second virtual network packet according to the virtual network topology information of the VFF2 to obtain a third virtual network packet.
  • the VFF2 maintains a topology forwarding table (Table 21), a port and virtual network relationship table (Table 22), and a network address mapping table (Table 23) for maintaining virtual network topology information of the VFF1.
  • Table 21 topology forwarding table
  • Table 22 port and virtual network relationship table
  • Table 23 network address mapping table
  • the VFF2 receives the second virtual network packet from the ingress port vp201, according to the virtual source information and the virtual topology information of the second virtual network packet, that is, the identifier of the virtual port pl2 of the vNF1 and the segID: vnLinel, the lookup table 21 Obtaining the identifier of the virtual port p21 of the new virtual destination information as the vNF2; and then searching the table 23 according to the VNID and the new virtual destination information, that is, the identifier of the virtual port p21 of the VNID: 1000 and vNF2,
  • the outbound port is vp251, and the address of the virtual next hop is the MAC address of the VNIC 21 of VM2.
  • the VFF2 package generates a third virtual network packet, specifically, the identifier of the virtual port p21 of the vNF2 is used as the virtual destination information, and the identifier of the virtual source information pl2 of the virtual source information: vNF1 is encapsulated in the virtual cascading header;
  • the MAC address of VFF2 is used as the source MAC address, and the MAC address of vNIC21 of VM2 is used as the destination MAC address, which is encapsulated in the virtual network header.
  • the VFF2 sends the third virtual network packet.
  • the third virtual network packet is sent from the egress port vp251 to the VM2.
  • the virtual container of the VM2 receives the third virtual network packet, decapsulates the third virtual network packet, obtains the service packet, and sends the message according to the virtual destination information included in the third virtual network packet.
  • Business message
  • the virtual container of the VM2 receives the third virtual network packet, and removes the virtual network header and the virtual layer header of the outer layer of the third virtual network packet to obtain the service packet. Then, VM2's virtual The container sends the service packet to the virtual port p21 of the vNF2 according to the virtual destination information included in the third virtual network packet, that is, the identifier of the virtual port p21 of the vNF2.
  • the vNF2 After receiving the service packet, the vNF2 processes the service packet.
  • FIG. 9A is a flowchart of a virtual shared bus communication method between vNFs according to an embodiment of the present invention. Specifically, in the virtual port p11 of vNF1, the virtual port p22 of vNF2, and the virtual port p31 of vNF3, the virtual shared bus vnLAN1 is implemented, and communicates through vnLAN1.
  • the packet sent from the virtual port pll of the vNF1, the virtual port p22 of the vNF2 attached to the vnLAN1, and the virtual port p31 of the vNF3 are received.
  • the packet sent from the virtual port p22 of the vNF2 is attached to the vnLAN1.
  • Both the virtual port pll of the vNF1 and the virtual port p31 of the vNF3 are received; the packet sent from the virtual port p31 of the vNF3, the virtual port pll of the vNF1 attached to the vnLAN1 and the virtual port p22 of the vNF2 are received.
  • FIG. 9B is a schematic diagram of virtual network packet forwarding for virtual shared bus communication between vNFs according to an embodiment of the present invention. Referring to FIG. 9A and FIG. 9B, the specific communication process is as follows:
  • the vNF1 sends a service packet from the virtual port p11 to the virtual container of the VM1.
  • the virtual container of the VM1 obtains the virtual network card vNIC11 corresponding to the virtual port pll, and then encapsulates the service packet to obtain the first virtual network packet.
  • the virtual container of the VM1 may obtain the virtual network card vNIC11 corresponding to the pll according to the corresponding relationship between the virtual port and the virtual network card; then the virtual container of the VM1 may encapsulate the virtual cascading head and the virtual network in the outer layer of the service packet.
  • the first virtual network packet is obtained.
  • the identifier of the virtual port p11 of the vNF1 is encapsulated in the virtual cascading header as the virtual source information; the MAC address of the VNIC 12 is used as the source MAC address, and the MAC address of the VFF1 is used as the destination.
  • the MAC address is encapsulated in the virtual network header to obtain the first virtual network packet.
  • the virtual container of VM1 sends the first virtual network packet to VFF1.
  • the virtual container of VM1 sends the first virtual network message from VNIC11 to VFF1.
  • the VFF1 receives the first virtual network packet, and processes the first virtual network packet according to the virtual network topology information of the VFF1 to obtain the second virtual network packet and the third virtual network packet. Specifically, the VFF1 receives the first virtual network packet from the inbound port vplO1, and queries the virtual network topology information of the VFF1 according to the virtual source information to obtain the virtual topology information, the virtual next hop address, and the egress port.
  • the VFF1 maintains a topology forwarding table (Table 11), a port and virtual network relationship table (Table 12), and a network address mapping table (Table 13) for maintaining virtual network topology information of the VFF1.
  • the VFF1 obtains the new virtual topology information according to the virtual source information, that is, the identifier of the virtual port p11 of the vNF1, and obtains the new virtual topology information, that is, the segID is vnLAN1; according to the ingress port vplOl, the lookup table 2, obtains the VNID of 1001; Then according to the VNID and the new virtual topology information, S ⁇ VNID: 1001 and segID: vnLANl, look up Table 3, and obtain two matching entries.
  • the first matching entry The outgoing port is vpl62, and the virtual next hop address is VFF2, including the MAC address of VFF2.
  • the second matching entry Outbound port vpl63, the virtual next hop address is VFF3, including the MAC address and IP address of VFF3.
  • the VFF1 generates a second virtual network packet according to the first matching entry, specifically, the vnLAN1 as the virtual network segment identifier of the virtual topology information, and the virtual source information: the identifier of the virtual port p11 of the vNF1, Encapsulated in the virtual cascading header; the MAC address of VFF1 is used as the source MAC address, and the MAC address of VFF2 is used as the destination MAC address, which is encapsulated in the virtual network header.
  • VFF1 generates the third virtual network packet according to the second matching entry.
  • the vnLAN1 is used as the virtual network segment identifier of the virtual topology information
  • the virtual source information the identifier of the virtual port p11 of the vNF1 is encapsulated in the virtual cascading header
  • the MAC address of the VFF1 is used as the source MAC address
  • the VFF3 is used.
  • the MAC address is used as the destination MAC address
  • VNID: 1001 is placed in the VNID field of the NV03 encapsulation header and encapsulated in the virtual network header.
  • VFF1 sends the second virtual network message and the third virtual network message; specifically, the VFF1 sends the second virtual network message from the egress port vpl62 to the VFF2, and continues to execute 906-908; VFF1 sends the third virtual network packet from the egress port vpl63 to VFF3, and continues to execute 909-911.
  • the VFF2 receives the second virtual network packet, and processes the second virtual network packet according to the virtual network topology information of the VFF2 to obtain a fourth virtual network packet.
  • the VFF2 maintains a topology forwarding table (Table 21), a port and virtual network relationship table (Table 22), and a network address mapping table (Table 23) for maintaining virtual network topology information of the VFF1.
  • the VFF2 receives the second virtual network packet from the ingress port vp211, according to the virtual source information and the virtual topology information of the second virtual network packet, that is, the identifier of the virtual port p11 of the vNF1 and the seplD: vnLAN1, the lookup table 21 Obtain the new virtual destination information as the identifier of the virtual port p22 of the vNF2; then, according to the VNID: 1001 and the identifier of the p22, look up the table 23, obtain the VNIC with the outbound port being vp252, and the virtual next hop address being VM2.
  • the VFF2 encapsulates the second virtual network packet to generate a fourth virtual network packet, specifically, the identifier of the virtual port p22 of the vNF2 is used as the virtual destination information, and the virtual source information: the identifier of the virtual port p11 of the vNF1, encapsulated In the virtual cascading header; the MAC address of the VFF2 is used as the source MAC address, and the MAC address of the VNIC 22 of the VM2 is used as the destination MAC address, and is encapsulated in the virtual network header.
  • the VFF2 sends the fourth virtual network packet.
  • the fourth virtual network packet is sent from the egress port vp252 to the VM2.
  • VFF2 is based on the principle of horizontal splitting and will no longer send messages to VFF3.
  • the principle of judging the horizontal split can be: If the source MAC address of the virtual network packet in the virtual network packet is the MAC address of the VFF, it is not forwarded to another VFF.
  • the virtual container of the VM2 receives the fourth virtual network packet, decapsulates the fourth virtual network packet, obtains the service packet, and sends the virtual destination information according to the fourth virtual network packet.
  • the virtual container of the VM2 receives the fourth virtual network packet, and removes the virtual network header and the virtual layer header of the outer layer of the fourth virtual network packet to obtain the service packet. Then, the virtual container of the VM2 sends the service packet to the virtual port p22 of the vNF2 according to the virtual destination information included in the fourth virtual network packet, that is, the identifier of the virtual port p22 of the vNF2. After receiving the service packet, the vNF2 processes the service packet.
  • the VFF3 receives the third virtual network packet, and processes the third virtual network packet according to the virtual network topology information of the VFF3 to obtain the fifth virtual network packet.
  • the VFF3 maintains a topology forwarding table (Table 31), a port and virtual network relationship table (Table 32), and a network address mapping table (Table 33) for maintaining virtual network topology information of the VFF3.
  • Table 31 topology forwarding table
  • Table 32 port and virtual network relationship table
  • Table 33 network address mapping table
  • the VFF3 is connected to the third virtual network packet from the ingress port vp301, according to the virtual source information and the virtual topology information of the third virtual network packet, that is, the identifier of the virtual port p11 of the vNF1 and the seplD: vnLAN1, the lookup table 31.
  • the new virtual destination information as the identifier of the virtual port p31 of the vNF3; then, according to the VNID and the new virtual destination, S ⁇ VNID: 1001 and the virtual port p31 of the vNF3
  • the identifier of the lookup table 33, the get-out port is vp351, and the virtual next hop address is the MAC address of the VNIC31 of VM3.
  • the VFF3 encapsulates the third virtual network packet to generate a fifth virtual network packet, specifically, the identifier of the virtual port p31 of the vNF3 is used as the virtual destination information, and the virtual source information: the identifier of the virtual port pll of the vNF1, encapsulated In the virtual cascading header; the MAC address of the VFF3 is used as the source MAC address, and the MAC address of the VNIC 31 of the VM3 is used as the destination MAC address, and is encapsulated in the virtual network header.
  • the VFF3 sends the fifth virtual network packet.
  • the VFF3 sends the fifth virtual network packet from the egress port vp351 to the VM3.
  • VFF3 is based on the principle of horizontal splitting and will no longer send messages to VFF2.
  • the principle of judging the horizontal splitting is that if the source MAC address of the virtual network packet in the virtual network packet is the MAC address of the VFF, it is not forwarded to another VFF.
  • the virtual container of the 911 and the VM3 receives the fifth virtual network packet, decapsulates the fifth virtual network packet, obtains the service packet, and sends the virtual destination information according to the fifth virtual network packet.
  • the virtual container of the VM3 receives the fifth virtual network packet, and removes the virtual network header and the virtual layer header of the outer layer of the fifth virtual network packet to obtain the service packet. Then, the virtual container of the VM3 sends the service packet to the virtual port p31 of the vNF3 according to the virtual destination information included in the fifth virtual network packet, that is, the identifier of the virtual port p31 of the vNF3. After receiving the service packet, the vNF3 processes the service packet.
  • the virtual shared bus is an act of simulating a physical shared bus.
  • the service packet sent from the virtual port of a vNF attached to the virtual shared bus is received by all other virtual ports attached to the virtual shared bus.
  • the service port of the virtual port pll of the vNF1 to the vNF3 is a unicast packet, and the service packet is also sent to the virtual port p22 of the vNF2, and then the vNF2 determines whether to discard the service packet. .
  • FIG. 10A is a flowchart of a method for communicating a service path between vNFs according to an embodiment of the present invention.
  • the policy requires that the communication from vNF1 to vNF3 must pass vNF2, that is, the service path of vNFl-vNF2-vNF3 (English: service chain).
  • FIG. 10B is a schematic diagram of virtual network packet forwarding according to the service path communication between vNFs according to an embodiment of the present invention. Referring to FIG. 10A and FIG. 10B, the specific communication process is as follows:
  • lOOK vNFl sends the service packet and the vNF3 identifier from the virtual port pl3 to the virtual container of VM1.
  • the virtual container of the VM1 obtains the virtual network card vNIC13 corresponding to the virtual port pl3, and then encapsulates the service packet to obtain the first virtual network packet.
  • the virtual container of the VM1 may obtain the virtual network card VNIC13 corresponding to the pl3 according to the corresponding relationship between the virtual port and the virtual network card; then the virtual container of the VM1 encapsulates the virtual cascading header and the virtual network header in the outer layer of the service packet.
  • the first virtual network packet is obtained.
  • the identifier of the vNF1 is used as the virtual source information, and the identifier of the vNF3 is encapsulated in the virtual layer header as the virtual destination information; the MAC address of the VNIC 13 is used as the source MAC address, and the VFF1 is used.
  • the MAC address is encapsulated in the virtual network header as the destination MAC address, and the first virtual network packet is obtained.
  • the virtual container of VM1 sends the first virtual network packet to VFF1.
  • the virtual container of VM1 sends the first virtual network message from VNIC 13 to VFF1.
  • the VFF1 receives the first virtual network packet, and processes the first virtual network packet according to the virtual network topology information of the VFF1 to obtain the second virtual network packet.
  • the VFF1 receives the first virtual network packet from the ingress port vpl03, and determines the service path as vNFl-vNF2-vNF3 based on the service policy according to the virtual source information and the virtual destination information included in the first virtual network packet.
  • the corresponding service path identifier has a path ID of 210.
  • the VFF1 queries the virtual network topology information of the VFF1 to obtain the address and the egress port of the virtual next hop.
  • the VFF1 obtains the egress port as vpl58 according to the virtual topology information, that is, the path ID: 210, and the virtual port is obtained.
  • the address of one hop is the MAC address of VFF2.
  • the VFF1 package generates a second virtual network packet, specifically, the pathID: 210 is used as the service path identifier in the virtual topology information, and the virtual source information: the identifier of the vNF1 is encapsulated in the virtual cascading header; the MAC of the VFF1 is The address is used as the source MAC address, and the MAC address of VFF2 is used as the destination MAC address, which is encapsulated in the virtual network header.
  • the pathID: 210 is used as the service path identifier in the virtual topology information
  • the virtual source information the identifier of the vNF1 is encapsulated in the virtual cascading header
  • the MAC of the VFF1 is The address is used as the source MAC address
  • the MAC address of VFF2 is used as the destination MAC address, which is encapsulated in the virtual network header.
  • VFF1 receives the first virtual network packet from the ingress port vpl03, and determines the service path as vNFl-vNF2-vNF3 based on the service policy. After the service path identifier path1D is 210), VFF1 obtains a new virtual destination, virtual next hop and egress port according to the virtual source information and the virtual topology information; specifically, VFF1 is based on the identifier of vNF1 and pathlD: 210, a lookup table. 11.
  • the new virtual destination information as the identifier of vNF2; according to the new virtual destination information: vNF2 identifier and pathlD: 210, lookup table 13, obtain the outgoing port as vpl58, and the virtual next hop address is VFF2 MAC address. Then, the VFF1 package generates a second virtual network packet, specifically, path1D: 210 is identified as a service path in the virtual path information, and the virtual source information: the identifier of the vNF1 is encapsulated in the virtual cascading header; the MAC address of the VFF1 is As the source MAC address, the MAC address of VFF2 is used as the destination MAC address and is encapsulated in the virtual network header.
  • VFF1 sends the second virtual network message from the egress port vpl58 to VFF2.
  • the VFF2 receives the second virtual network packet, and processes the second virtual network packet according to the virtual network topology information of the VFF2 to obtain the third virtual network packet.
  • the VFF2 receives the second virtual network packet from the ingress port vp253, and then the VFF2 queries the virtual network topology information of the VFF2 according to the virtual source information and the virtual topology information of the second virtual network packet to obtain a virtual The address and outgoing port of the next hop.
  • the VFF2 obtains the new virtual destination information as the identifier of the vNF2 according to the virtual source information and the virtual topology information of the second virtual network packet, that is, the identifier of the vNF1 and the path1D: 210, the lookup table 21; and then according to the identifier of the vNF2 and pathlD: 210, look up Table 23, obtain the outbound port as vp203, and the virtual next hop address is the MAC address of VNIC23.
  • the VFF2 package generates a third virtual network packet; specifically, the identifier of the vNF2 is used as the virtual destination information, the path1D: 210 is used as the service path identifier in the virtual topology information, and the virtual source information: the identifier of the vNF1 is encapsulated in the virtual In the cascading header; the MAC address of the VFF2 is used as the source MAC address, and the MAC address of the VNIC 23 is used as the destination MAC address, which is encapsulated in the virtual network header.
  • the VFF2 sends the third virtual network packet.
  • the third virtual network packet is sent from the egress port vp203 to the VM2.
  • the virtual container of the VM2 receives the third virtual network packet, decapsulates the third virtual network packet, obtains the service packet, and obtains the service path identifier path1D: 210, according to the third virtual network packet.
  • the virtual container of the VM2 receives the third virtual network packet, and strips the third virtual network.
  • the virtual network header and the virtual cascading header of the packet obtain the service packet, and obtain pathlD: 210;
  • the virtual container of the VM2 is based on the virtual destination information included in the third virtual network packet, that is, the identifier of the vNF2.
  • the service message and pathlD: 210 are sent to vNF2.
  • the vNF2 processes the service packet.
  • vNF2 according to the service packet, determining that it is not the destination of the service packet, sending the service packet and the path1D: 210 to the virtual container of the VM2;
  • the vNF2 determines, according to the service packet, that it is not the destination of the service packet, and sends the service packet and the path1D: 210 from the virtual port p24 to the virtual container of the VM2;
  • the virtual container of the VM2 obtains a fourth virtual network packet according to the service packet and the path1D: 210.
  • the virtual container of the VM2 can obtain the virtual network card vNIC24 corresponding to the virtual port p24 according to the corresponding relationship between the virtual port and the virtual network card, and then encapsulate the service packet to obtain the fourth virtual network packet.
  • the identifier of the vNF2 is used as the virtual source information
  • the path1D: 210 is used as the service path identifier in the virtual topology information, and is encapsulated in the virtual cascading header
  • the MAC address of the VNIC 24 is used as the source MAC address
  • the MAC address of the VFF 2 is used as the destination MAC address.
  • the address is encapsulated in the virtual network header;
  • VM2 sends the fourth virtual network packet to VFF2;
  • VM2 sends the fourth virtual network packet from VNIC 24 to VFF2.
  • the VFF2 receives the fourth virtual network packet, and processes the fourth virtual network packet according to the virtual network topology information of the VFF2 to obtain the fifth virtual network packet.
  • the VFF2 receives the fourth virtual network packet from the ingress port vp204, and according to the pathlD: 210, the lookup table 23, obtains the address that the outbound port is vp254, and the virtual next hop address is VFF3, including the IP address and the MAC address. . Then, the VFF2 package generates a fifth virtual network packet, and sends the fifth virtual network packet to the VFF3 from the egress port vp254.
  • the path1D: 210 is used as the service path identifier in the virtual topology information, and the virtual source information.
  • the identifier of vNF2 is encapsulated in the virtual cascading header.
  • the MAC address of VFF2 is used as the source MAC address
  • the MAC address of VFF3 is used as the destination MAC address
  • the VNID 1000 is encapsulated in the virtual network header as the VNID of the NV03 header.
  • the VFF2 after receiving the fourth virtual network packet from the ingress port vp204, the VFF2 obtains the virtual source information and the virtual topology according to the fourth virtual network packet.
  • the VFF2 package generates a fifth virtual network packet, and sends the fifth virtual network packet to the VFF3 from the egress port vp254.
  • the pathID: 210 is used as the service path identifier in the virtual topology information, and the virtual source information.
  • the identifier of vNF2 is encapsulated in the virtual cascading header.
  • the MAC address of VFF2 is used as the source MAC address
  • the MAC address of VFF3 is used as the destination MAC address
  • the VNID 1000 is encapsulated in the virtual network header as the VNID of the NV03 header.
  • the VFF2 sends the fifth virtual network packet.
  • the fifth virtual network packet is sent from the egress port vp254 to the VFF3.
  • the VFF3 receives the fifth virtual network packet, and processes the fifth virtual network packet according to the virtual network topology information of the VFF3 to obtain a sixth virtual network packet.
  • the VFF3 receives the fifth virtual network packet from the ingress port vp352, and the VFF3 queries the virtual network topology information of the VFF3 according to the virtual source information and the virtual topology information of the fifth virtual network packet, and acquires the virtual network topology information.
  • One hop address and out port is included in the VFF3
  • the VFF3 obtains the new virtual destination information as the identifier of the vNF3 according to the virtual source information and the virtual topology information of the fifth virtual network packet, that is, the identifier of the vNF2 and the path ID: 210, and the lookup table 31; pathID: 210, look up table 33, obtain the outbound port as vp303, and the virtual next hop address as the MAC address of VNIC33.
  • the VFF3 package generates a sixth virtual network packet; specifically, the pathID: 210 is used as the service path identifier in the virtual topology information, the virtual source information: the identifier of the vNF2, and the new virtual destination information: the identifier of the vNF3, encapsulated in the virtual In the cascading header; the MAC address of VFF2 is used as the source MAC address, and the MAC address of VNIC33 is used as the destination MAC address, which is encapsulated in the virtual network header.
  • the pathID: 210 is used as the service path identifier in the virtual topology information
  • the virtual source information the identifier of the vNF2
  • the new virtual destination information the identifier of the vNF3, encapsulated in the virtual In the cascading header
  • the MAC address of VFF2 is used as the source MAC address
  • the MAC address of VNIC33 is used as the destination MAC address, which is encapsulated in the virtual network header.
  • the VFF3 sends the sixth virtual network packet.
  • the sixth virtual network packet is sent from the egress port vp303 to the VM3.
  • the virtual container of the VM3 receives the sixth virtual network packet, decapsulates the sixth virtual network packet, obtains the service packet, and obtains a pathID: 210, according to the virtual in the sixth virtual network packet.
  • the destination information sends the service packet and pathID: 210;
  • the virtual container of the VM3 receives the sixth virtual network packet, strips the virtual network header and the virtual cascading header of the sixth virtual network packet, obtains the service packet, and obtains pathID: 210; After that, the virtual container of the VM3 sends the service packet and the pathID: 210 to the vNF3 according to the virtual destination information in the sixth virtual network packet, that is, the identifier of the vNF3.
  • vNF3 receives the service packet and pathID:
  • the service packet is processed. Based on the service packet, the vNF3 determines that it is the location of the service message, and the communication process of the entire service path ends.
  • FIG. 11A is a flowchart of a method for implementing physical network to virtual network mapping interworking according to an embodiment of the present invention. Specifically, the physical port port1 of the device 1 and the virtual port pl3 of the vNF1 are mapped to each other, and a virtual link vnLi n e3 is established between the physical port port1 of the device 1 and the virtual port pl3 of the vNF1 .
  • FIG. 11B is an implementation of the present invention. For example, the schematic diagram of the virtual network packet forwarding of the physical network to virtual network mapping is shown in FIG. 11A and FIG. 11B.
  • the specific communication process is as follows:
  • the virtual container of the device 1 receives the service packet sent by the device 1 and the identifier of the port port1, and encapsulates the service packet to obtain the first virtual network packet.
  • the device 1 receives the service packet from the port port1, the device 1 sends the service packet and the identifier of the port port1 to the virtual container.
  • the virtual container receives the service packet and the port port1 identifier, and encapsulates the service packet.
  • the first virtual network packet is obtained.
  • the virtual layer header and the network packet header may be encapsulated in the outer layer of the service packet, and the identifier of the physical port port1 is encapsulated as virtual source information in the virtual layer header.
  • the MAC address of device 1 is used as the source MAC address, and the MAC address of VFF3 is encapsulated in the virtual network header as the destination MAC address.
  • the virtual container may be located within the device 1; the device 1 is attached to the VFF 3.
  • the virtual container of the device 1 sends the first virtual network packet to the VFF3.
  • the VFF3 receives the first virtual network packet, and processes the first virtual network packet according to the virtual network topology information of the VFF3 to obtain the second virtual network packet.
  • the VFF3 receives the first virtual network packet from the ingress port vp300, and queries the virtual network topology information of the VFF3 according to the virtual source information of the first virtual network packet to obtain virtual topology information and a virtual next hop. Address and outgoing port.
  • the VFF3 obtains the virtual network segment identifier segID as vnLine3 according to the virtual source information of the first virtual network packet, that is, the identifier of the physical port port1, and obtains the VNID of 1003 according to the ingress port vp300.
  • VNID 1001 and segID: vnLine3 look up Table 33, and obtain the address where the outgoing port is vp350 and the virtual next hop address is VFF1.
  • the VFF3 package generates the second virtual network packet, specifically, the seglD: vnLine3 is encapsulated in the virtual layer segment identifier in the virtual network segment information in the virtual layer segment header; the MAC address of the VFF3 is used as the source MAC address, and the MAC address of the VFF1 is The address is used as the destination MAC address, and the VNID 1003 is encapsulated in the virtual network header as the VNID of the NV03 header.
  • the VFF3 sends the second virtual network packet.
  • the second virtual network packet is sent from the egress port vp350 to the VFF1.
  • the VFF1 receives the second virtual network packet, and processes the second virtual network packet according to the virtual network topology information of the VFF1 to obtain a third virtual network packet.
  • the VFF1 receives the second virtual network packet from the ingress port vpl03, and queries the virtual network topology information of the VFF1 according to the virtual source information and the virtual topology information of the second virtual network packet to obtain a virtual next hop. Address and outgoing port.
  • the VFF1 obtains the identifier of the virtual port pl3 of the vNF1 according to the virtual source information and the virtual topology information of the second virtual network packet, that is, the identifier of the port1 and the seglD: vnLine3, the lookup table 11, and the VNID according to the VNID. 1003 and the identifier of the virtual port pl3 of the vNF1, look up the table 13, obtain the outbound port as vpl53, and the virtual next hop address is the MAC address of the VNIC 13 of the VM1.
  • the VFF1 package generates the third virtual network packet, and uses the identifier of the virtual port pl3 of the vNF1 as the virtual destination information, and the virtual source information: the identifier of the portl is encapsulated in the virtual cascading header; and the MAC address of the VFF1 is used as the source MAC address.
  • the MAC address of vNIC 13 of VM1 is encapsulated in the virtual network header as the destination MAC address.
  • the VFF1 sends the third virtual network packet.
  • the third virtual network packet is sent from the egress port vpl53 to the VM1.
  • the virtual container of the VM1 receives the third virtual network packet, decapsulates the third virtual network packet, obtains the service packet, and sends the virtual destination information according to the third virtual network packet.
  • Business message
  • the virtual container of the VM1 receives the third virtual network packet, and strips the virtual network header and the virtual cascading header of the third virtual network packet to obtain the service packet. Then, the virtual object from a virtual container VM1 third virtual network information of the packet, i.e., P 13, identified, the traffic packets to the virtual port pl3 vNFl.
  • FIG. 12A is a flowchart of a method for performing an interface call between vNFs according to an embodiment of the present invention. Specifically, the vNF1 initiating the interface call is shown in FIG. 7.
  • FIG. 12B is a schematic diagram of the virtual network packet forwarding performed by the interface between the vNFs according to the embodiment of the present invention. Referring to FIG. 12A and FIG. 12B, the specific communication process is as follows:
  • vNFl sends the identifier and metadata of interface a to the virtual container of VM1;
  • the vNF1 initiates an interface a call, specifically, the vNF1 sends the identifier of the interface a, that is, intf_a, and metadata (English: metadata) to the virtual container of VM1; the metadata includes a call function, a callback function, and parameters thereof.
  • the virtual container of the VM1 obtains the virtual network card vNIC15 corresponding to the vNF1, and encapsulates and generates the first virtual network packet.
  • the virtual container of the VM1 may obtain the VNIC 15 corresponding to the vNF1 according to the corresponding relationship between the vNF and the virtual network card; then, the virtual container of the VM1 uses the metadata as a payload, and encapsulates the virtual cascading header and the virtual layer in the outer layer.
  • the network header is configured to generate the first virtual network packet.
  • the identifier of the vNF1 is used as the virtual source information
  • the identifier of the interface a that is, the intf_a is encapsulated in the virtual network segment identifier in the virtual topology information.
  • the MAC address of the VNIC 15 of the VM1 is used as the source MAC address
  • the MAC address of the VFF1 is encapsulated in the virtual network header as the destination MAC address;
  • the virtual container of VM1 sends the first virtual network packet to VFF1.
  • VM1 sends the first virtual network message from VNIC 15 to VFF1.
  • the VFF1 receives the first virtual network packet, and processes the first virtual network packet according to the virtual network topology information of the VFF1 to obtain the second virtual network packet.
  • the VFF1 receives the first virtual network packet from the ingress port vpl05, and the VFF1 queries the virtual network topology information of the VFF1 according to the virtual source information and the virtual topology information of the first virtual network packet to obtain a virtual next hop. Address and outgoing port.
  • the lookup table 3 obtains the address of the virtual next hop address VFF2, and the out port is vpl55.
  • VFF1 The encapsulation generates the second virtual network packet, and the virtual source information: the identifier of the vNF1, the identifier of the interface a, that is, intf_a is used as the virtual network segment identifier in the virtual topology information, and the virtual source information: the identifier of the vNF1, Encapsulated in the virtual cascading header; the MAC address of VFF1 is used as the source MAC address, and the MAC address of VFF2 is encapsulated in the virtual network header as the destination MAC address.
  • the VFF1 sends the second virtual network packet.
  • the second virtual network packet is sent from the egress port vpl55 to the VFF2.
  • the VFF2 receives the second virtual network packet, and processes the second virtual network packet according to the virtual network topology information of the VFF2 to obtain a third virtual network packet.
  • the VFF2 receives the second virtual network packet from the port vp205, and queries the virtual network topology information of the VFF2 according to the virtual source information and the virtual topology information of the second virtual network packet to obtain the address of the virtual next hop. And out port.
  • the VFF2 obtains the new virtual destination information as the identifier of the vNF2 according to the virtual source information and the virtual topology information of the second virtual network packet, that is, the identifier of the vNF1 and the segID: intf_a, and the identifier of the vNF2 and the segID. : intf_a, look up table 3, get the outbound port as vp255, and the virtual next hop address is the MAC address of VNIC25.
  • the VFF2 encapsulation generates the third virtual network packet, and the identifier of the interface a, that is, intf_a, is used as the virtual network segment identifier in the virtual topology information, the identifier of the vNF2 is used as the virtual destination information, and the virtual source information: the identifier of the vNF1.
  • the MAC address of the VFF2 is used as the source MAC address
  • the MAC address of the VNIC 25 is encapsulated in the virtual network header as the destination MAC address.
  • the VFF2 sends the third virtual network packet.
  • the third virtual network packet is sent from the egress port vp255 to the VM2.
  • the virtual container of the VM2 receives the third virtual network packet, decapsulates the third virtual network packet, obtains the metadata, and sends the content according to the virtual destination information in the third virtual network packet. Metadata
  • the virtual container of the VM2 receives the third virtual network packet, strips the virtual network header and the virtual cascading header of the third virtual network packet, and obtains the metadata; and then the virtual container of the VM2 is configured according to the third virtual
  • the virtual destination information in the network message that is, the identifier of vNF2, sends the metadata to vNF2.
  • vNF2 can execute the calling function and its parameters in the metadata to obtain the calling result. If vNF2 is to return a result, the similar process described above can be used to send the metadata including the callback function and the return parameter back to vNFl as a payload package.
  • vNFs by interfacing between vNFs, it is possible to implement communication between different modules in the same physical host or process communication across physical hosts. It should be noted that the foregoing various virtual network communication methods shown in FIG. 8 to FIG. 12 are only examples of implementing the virtual network communication method provided by the embodiments of the present invention, and any technical person skilled in the art may disclose the technical scope disclosed by the present invention.
  • FIG. 13A is a structural block diagram of an apparatus for implementing a first VFF according to an embodiment of the present invention, for implementing virtual network communication as shown in any of FIGS. 4A-4B, 8A, 9A, 10A, 11A, and 12A of the present invention.
  • Method construct a virtual network topology and implement forwarding of virtual network packets.
  • the apparatus includes a receiving unit 1301A, a processing unit 1302A, and a transmitting unit 1303A;
  • the receiving unit 1301A is configured to receive a first virtual network packet from the first virtual machine VM, where the first virtual network packet includes first virtual source information;
  • the first virtual source information includes an identifier of the first virtual network function vNF or an identifier of the virtual port of the first vNF, where the first vNF is located in the first VM; On the device.
  • the first VFF is VFF1 in FIG. 7, and the first virtual network message may be from VM1.
  • the first VFF further includes an ingress port, and the receiving unit 1301A is specifically configured to receive the first virtual network packet from the ingress port.
  • the first virtual network packet further includes a first payload; specifically, the first virtual network packet encapsulates a virtual network header and a virtual layer header in an outer layer of the first payload, where The first virtual source information is included in the virtual cascading header.
  • the processing unit 1302A is configured to obtain a second virtual network packet according to the first virtual network packet, where the second virtual network packet includes the first virtual source information and the first virtual topology information;
  • the first virtual topology information includes any one of the following:
  • Service path identifier Service path identifier; interface identifier;
  • Virtual shared bus identifier and service path identifier are Virtual shared bus identifier and service path identifier.
  • the sending unit 1303A is configured to send the second virtual network packet to the second VFF.
  • the processing unit 1302A may process the virtual network packet according to the virtual network topology information of the first VFF.
  • the virtual network topology information of the first VFF may be pre-configured on the device, or may be dynamically acquired, for example, to a central topology manager to request and obtain topology information.
  • the virtual network topology information includes virtual source information, virtual destination information, virtual topology information, an address of an virtual next hop, and an egress port;
  • the device further includes: an obtaining unit, configured to: according to the receiving unit 1301A, receive an ingress port of the first virtual network packet, and obtain a VNID; correspondingly, the processing unit 1302A And the first virtual topology information, the address of the first virtual next hop, and the first egress port are obtained according to the VNID acquired by the acquiring unit.
  • an obtaining unit configured to: according to the receiving unit 1301A, receive an ingress port of the first virtual network packet, and obtain a VNID; correspondingly, the processing unit 1302A And the first virtual topology information, the address of the first virtual next hop, and the first egress port are obtained according to the VNID acquired by the acquiring unit.
  • the virtual network topology information may also include an ingress port and a VNID.
  • the processing unit 1302A is specifically configured to acquire the first virtual topology information, an address of the first virtual next hop, and a first egress port, where the address of the first virtual next hop includes the media of the second VFF Accessing the control MAC address; encapsulating the first virtual network packet according to the first virtual source information, the first virtual topology information, and the address of the first virtual next hop, to obtain the second virtual network report
  • the second virtual network packet further includes an address of the first virtual next hop;
  • the second virtual network message further includes the first payload.
  • the sending unit 1303A is specifically configured to send the second virtual network packet from the first egress port to the second VFF.
  • the processing unit 1302A is specifically configured to acquire, according to the first virtual source information, the first virtual topology information, an address of the first virtual next hop, and the first The first virtual topology information includes a virtual link identifier or a virtual shared bus identifier.
  • the processing unit 1302A is specifically configured to acquire, according to the VNID and the first virtual source information, the first virtual topology information, an address of the first virtual next hop, and the In another possible implementation manner of the first egress port, the first virtual network packet further includes first virtual destination information, the first virtual destination information includes an identifier of the second vNF, and the second vNF is located in the second In the VM, the second VM is attached to the second VFF; correspondingly, the processing unit 1302A is configured to acquire the first part according to the first virtual source information and the first virtual destination information. a virtual topology information, an address of the first virtual next hop, and the first egress port; the first virtual topology information includes a service path identifier. In the multi-tenant scenario, the processing unit 1302A is configured to acquire the first virtual topology information according to the VNID, the first virtual source information, and the first virtual destination information, The address of the first virtual next hop and the first outgoing port.
  • the first virtual network packet further includes the first virtual topology information; the first virtual topology information includes a service path identifier or an interface identifier; and correspondingly, the processing unit 1302A, Specifically, the first virtual topology information is obtained from the first virtual network packet, and the address of the first virtual next hop is obtained according to the first virtual source information and the first virtual topology information. And the first outgoing port.
  • the processing unit 1302A is configured to acquire, according to the VNID, the first virtual source information, and the first virtual topology information, an address of the first virtual next hop and the The first outgoing port.
  • the address of the first virtual next hop further includes an Internet Protocol IP address of the second VFF; correspondingly, the processing unit 1302A is further configured to use, according to the IP address of the second VFF,
  • the receiving unit 1301A receives the VNID corresponding to the ingress port of the first virtual network packet, and encapsulates the first virtual network packet to obtain the second virtual network packet, where the second virtual network packet is included.
  • the network virtualization superimposes the NV03 header and the IP address of the second VFF, where the VNID in the NV03 header is the VNID corresponding to the ingress port of the first virtual network packet.
  • the first virtual network packet may further include a result option, which is used to deliver the payload of the first vNF to the first virtual network packet to the first VFF, that is,
  • the processing result of the first payload is that the VFF can perform different processing on the first virtual network packet according to the processing result in the processing result option, for example, selecting a different service path.
  • the receiver 1301A is further configured to receive a third virtual network packet from the network device, where the third virtual network packet includes second virtual source information, where the second virtual source information includes the An identifier of a port of the network device; wherein the network device is attached to the VFF;
  • the third virtual network packet further includes a second payload.
  • the processing unit 1302A is further configured to process the third virtual network packet, to obtain a fourth virtual network packet, where the fourth virtual network packet includes the second virtual source information and the second virtual topology information.
  • the second virtual topology information includes a virtual shared bus identifier or a virtual link identifier.
  • the processing unit 1302A acquires the second virtual topology information, the address of the second virtual next hop, and the second egress port according to the second virtual source information, and the address of the second virtual next hop Include the MAC address of the third VFF, and encapsulate the third virtual network packet according to the second virtual source information, the second virtual topology information, and the address of the second virtual next hop, to obtain the And the fourth virtual network packet further includes an address of the second virtual next hop. Similarly, the fourth virtual network packet further includes the second payload.
  • FIG. 13B is a structural block diagram of another apparatus for implementing a first VFF according to an embodiment of the present invention, for implementing a virtual network as shown in any of FIGS. 5A-5C, 8A, 9A, 10A, 11A, and 12A of the present invention.
  • the communication method constructs a virtual network topology and implements forwarding of virtual network packets.
  • the apparatus includes a receiving unit 1301B, a processing unit 1302B, and a transmitting unit 1303B;
  • the receiving unit 1301B is configured to receive a first virtual network packet from the second VFF, where the first virtual network packet includes first virtual source information and first virtual topology information; and the first virtual source information includes An identifier of the second virtual network function vNF or an identifier of the virtual port of the second vNF; wherein the second vNF is located in the second virtual machine VM; the second VM is attached to the second VFF;
  • the first virtual topology information includes any one of a virtual link identifier, a virtual shared bus identifier, a service path identifier, an interface identifier, a virtual link identifier and a service path identifier, a virtual shared bus identifier, and a service path identifier.
  • the processing unit 1302B is configured to process the first virtual network packet according to the first virtual source information and the first virtual topology information to obtain a second virtual network packet, where the second virtual network packet is The first virtual source information and the first virtual destination information, where the first virtual destination information includes an identifier of the first vNF or an identifier of the first virtual port of the first vNF;
  • the transmitter 1303B is configured to send the second virtual network packet to the first virtual machine VM, where the first vNF is located in the first VM, and the first VM is attached to the device on.
  • the first virtual network packet further includes a first payload.
  • the processing unit 1302B may process the first virtual network packet according to the virtual network topology information of the first VFF.
  • the virtual network topology information of the first VFF may be pre-configured on the device, or may be dynamically obtained, for example, to a central topology manager requesting and acquiring topology information.
  • the virtual network topology information includes virtual source information, virtual destination information, virtual topology information, an address of an virtual next hop, and an egress port;
  • the device further includes: an acquiring unit, configured to acquire, according to the first virtual network packet, a first VNID; correspondingly, the processing unit is further configured to acquire according to the acquiring Obtaining the first virtual destination information, the first virtual next information by the first VNID obtained by the unit The address of the hop and the first outgoing port.
  • the virtual network topology information may also include a VNID.
  • the device may further include: a topology maintenance unit, configured to maintain the virtual network topology information.
  • the processing unit 1302B is configured to acquire the first virtual destination information, the address of the first virtual next hop, and the first egress port according to the first virtual source information and the first virtual topology information, where The address of the first virtual next hop includes the MAC address of the first vINC of the first VM; and the address encapsulation according to the first virtual source information, the first virtual destination information, and the address of the first virtual next hop
  • the first virtual network packet is configured to obtain the second virtual network packet, where the second virtual network packet further includes an address of the first virtual next hop; in the multi-tenant scenario, the processing The unit 1302B is configured to acquire, according to the first VNID that is obtained by the acquiring unit, the first virtual source information and the first virtual topology information, the first virtual destination information, the first virtual The address of the next hop and the first outgoing port.
  • the transmitter 1303B is specifically configured to send the second virtual network packet from the first
  • the first virtual topology information includes a service path identifier or an interface identifier.
  • the second virtual network packet further includes the service path identifier or the interface identifier.
  • the receiver 1301B is further configured to receive a third virtual network packet from the third VFF, where the third virtual network packet includes second virtual source information and second virtual topology information;
  • the virtual source information includes an identifier of the virtual port of the third vNF, where the third vNF is located in the third virtual machine VM; the third VM is attached to the third VFF;
  • the second virtual topology information includes any one of the following: a virtual shared bus identifier; a virtual link identifier service path identifier; a virtual link identifier and a service path identifier; a virtual shared bus identifier and a service path identifier.
  • the acquiring unit is further configured to acquire a second VNID according to the third virtual network packet
  • the processing unit 1302B is further configured to process the third virtual network packet according to the second virtual source information and the second virtual topology information to obtain a fourth virtual network packet; the fourth virtual network packet The second virtual source information and the second virtual destination information, where the second virtual destination information includes an identifier of a port of the first network device, where the first network device is attached to the third VFF Specifically, the processing unit 1302B acquires the second virtual destination information, the address of the second virtual next hop, and the second egress port according to the second virtual source information and the second virtual topology information, where The address of the second virtual next hop includes the MAC address of the first network device, and encapsulates the first virtual source information, the second virtual destination information, and the address of the second virtual next hop.
  • the processing unit 1302B Obtaining the second virtual destination information and the address of the second virtual next hop according to the second VNID acquired by the acquiring unit, and the second virtual source information and the second virtual topology information. And the second outgoing port.
  • the transmitter 1303B is further configured to send the fourth virtual network packet to the first network device; specifically, send the fourth virtual network packet from the second egress port to the The first network device.
  • the receiver 1301B is further configured to receive a fifth virtual network packet from the fourth VFF, where the fifth virtual network packet includes third virtual source information and third virtual topology information;
  • the third virtual source information includes an identifier of a port of the second network device, where the second network device is attached to the fourth VFF;
  • the third virtual topology information includes any one of the following: a virtual shared bus identifier; a virtual link identifier; a service path identifier; a virtual link identifier and a service path identifier; a virtual shared bus identifier and a service path identifier.
  • the acquiring unit is further configured to acquire a third VNID according to the fifth virtual network packet;
  • the processing unit 1302B is further configured to process the fifth virtual network packet according to the third virtual source information and the third virtual topology information to obtain a sixth virtual network packet; the sixth virtual network packet The third virtual source information and the third virtual destination information, where the third virtual destination information includes an identifier of the second virtual port of the first vNF;
  • the processing unit 1302B acquires the third virtual destination information, the address of the third virtual next hop, and the third egress port according to the third virtual source information and the third virtual topology information, where the The address of the third virtual next hop includes the MAC address of the second vNIC of the first VM; and the address encapsulation according to the third virtual source information, the third virtual destination information, and the address of the third virtual next hop
  • the fifth virtual network packet is configured to obtain the sixth virtual network packet, where the sixth virtual network packet further includes an address of the third virtual next hop; in the multi-tenant scenario, the processing unit
  • the third virtual destination information and the third virtual next hop are obtained according to the third VNID that is obtained by the acquiring unit, and the third virtual source information and the third virtual topology information. Address and the third Out port.
  • the transmitter 1303B is further configured to send the sixth virtual network packet to the first VM, where the sixth virtual network packet is sent from the third egress port to the first VM.
  • the second virtual port of the first vNF is further configured to send the sixth virtual network packet to the first VM, where the sixth virtual network packet is sent from the third egress port to the first VM.
  • FIG. 14A is a schematic structural diagram of hardware of an apparatus for implementing a first VFF according to an embodiment of the present invention, for implementing a virtual network as shown in any of FIG. 4A-4B, FIG. 8A, 9A, 10A, 11A, and 12A of the present invention.
  • the communication method constructs a virtual network topology and implements forwarding of the virtual network message. As shown in FIG.
  • the device includes: a processor 1401A, a memory 1402A, a communication port 1403A and a bus 1404A; a processor 1401A, a memory 1402A, and a communication port.
  • 1403A are connected to one another via a bus 1404A; the bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 14A, but it does not mean that there is only one bus or one type of bus.
  • the memory 1402A is used to store the program.
  • the program can include program code, the program code including computer operating instructions.
  • the processor 1401A includes a central processing unit (CPU), a network processor (NP), a digital signal processor (DSP), and an application specific integrated circuit. , referred to as ASIC), a field programmable gate array (FPGA), a microprocessor, etc.; the memory 1402A includes a high speed random access memory (RAM) memory, a nonvolatile memory (non -volatile memory (referred to as NVM), such as electrically erasable and programmable read only memory (EEPROM), flash (Flash).
  • CPU central processing unit
  • NP network processor
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the memory 1402A includes a high speed random access memory (RAM) memory, a nonvolatile memory (non -volatile memory (referred to as NVM), such as electrically erasable and programmable read only memory (EEPROM), flash (Flash).
  • the communication port 1403 A is used to connect other devices and communicate with other devices.
  • the processor 1401A executes the program stored in the memory 1402A, and performs the method for implementing virtual network communication provided by the embodiment of the present invention, including:
  • the first virtual network packet includes first virtual source information;
  • the first virtual source information includes an identifier or a location of the first virtual network function vNF An identifier of the virtual port of the first vNF, where the first vNF is located in the first VM, and the first VM is attached to the device;
  • the first virtual topology information includes any one of the following: a virtual link identifier; a virtual shared bus identifier; a service path identifier; an interface identifier; a virtual link identifier and a service path identifier; a virtual shared bus identifier and a service path identifier.
  • the first VFF is VFF1 in FIG. 7, and the first virtual network packet is from VM1.
  • the receiving the first virtual network packet specifically includes: receiving the first virtual network packet from an ingress port; and the communication port 1403 A includes the ingress port.
  • the first virtual network packet may be processed according to the virtual network topology information of the first VFF.
  • the virtual network topology information of the first VFF may be pre-configured on the device, or may be dynamically acquired, for example, to a central topology manager requesting and acquiring topology information.
  • the virtual network topology information includes virtual source information, virtual destination information, virtual topology information, an address of an virtual next hop, and an egress port.
  • the memory 1402A is further configured to save virtual network topology information of the first VFF.
  • the obtaining the second virtual network packet according to the first virtual network packet includes: acquiring the first virtual topology information, the address of the first virtual next hop, and the first egress port, where the first virtual The one-hop address includes the media access control MAC address of the second VFF; and the first virtual source is encapsulated according to the first virtual source information, the first virtual topology information, and the address of the first virtual next hop Receiving, by the network packet, the second virtual network packet, where the second virtual network packet further includes an address of the first virtual next hop;
  • the method further includes: obtaining a VNID according to the ingress port that receives the first virtual network packet.
  • the virtual network topology information may also include an ingress port and a VNID.
  • the acquiring the first virtual topology information, the address of the first virtual next hop, and the first egress port includes: acquiring, according to the VNID, the first virtual topology information, the first virtual next The address of the hop and the first outgoing port.
  • the first virtual network packet may further include a result option, and correspondingly, the first virtual topology information, the address of the first virtual next hop, and the first egress port are acquired.
  • the method includes: obtaining, according to the processing result option, the first virtual topology information, an address of a first virtual next hop, and a first egress port.
  • the obtaining the first virtual topology information, the address of the first virtual next hop, and the first egress port specifically includes: acquiring the first virtual topology information according to the first virtual source information.
  • the first virtual network packet further includes first virtual destination information
  • the first virtual destination information includes an identifier of the second vNF
  • the second vNF is located in the second VM.
  • the second VM is attached to the second VFF.
  • the acquiring the first virtual topology information, the address of the first virtual next hop, and the first egress port specifically include: according to the first virtual source And the first virtual destination information, the address of the first virtual next hop and the first egress port; the first virtual topology information includes a service path identifier; in the multi-tenant scenario And acquiring, according to the VNID, the first virtual source information, and the first virtual destination information, the first virtual topology information, the address of the first virtual next hop, and the first egress port.
  • the first virtual network packet further includes the first virtual topology information; the first virtual topology information includes a service path identifier or an interface identifier; and correspondingly, the acquiring the The virtual topology information, the address of the first virtual next hop, and the first egress port specifically include: acquiring the first virtual topology information according to the first virtual network packet; and further, according to the first virtual source information, Determining, by the first virtual topology information, an address of the first virtual next hop and a first egress port; in the multi-tenancy scenario, specifically, according to the VNID, the first virtual source information, and the first virtual topology information Obtaining an address of the first virtual next hop and the first egress port.
  • the communication port 1403A further includes the first egress port.
  • the address of the first virtual next hop further includes an Internet Protocol IP address of the second VFF.
  • the method further includes: receiving, according to the IP address of the second VFF, a VNID corresponding to the inbound port of the virtual network packet, the first virtual network packet is encapsulated, and the second virtual network packet is obtained, where the second virtual network packet further includes an NV03 header and the first An IP address of the second VFF, where the VNID in the NV03 header is a VNIDo corresponding to the ingress port that receives the first virtual network packet. Further, the method further includes:
  • the third virtual network packet includes second virtual source information, where the second virtual source information includes an identifier of a port of the network device, where the network The device is attached to the device;
  • the second virtual topology information includes any one of the following: a virtual shared bus identifier; a virtual link identifier; a service path identifier; a virtual link identifier and a service path identifier; a virtual shared bus identifier and a service path identifier.
  • the third virtual network message further includes a second payload.
  • the obtaining the fourth virtual network packet according to the third virtual network packet includes: acquiring the second virtual topology information, the address of the second virtual next hop, and the second output according to the second virtual source information a port, the address of the second virtual next hop includes a MAC address of the third VFF, and is encapsulated according to the second virtual source information, the second virtual topology information, and the address of the second virtual next hop.
  • the third virtual network packet is obtained by the fourth virtual network packet, and the fourth virtual network packet further includes an address of the second virtual next hop.
  • the fourth virtual network message further includes the second payload.
  • the communication port 1403A further includes the second egress port.
  • FIG. 14B is a schematic diagram of a hardware structure of another apparatus for implementing a first VFF according to an embodiment of the present invention, for implementing virtuality as shown in any of FIGS. 5A-5C, 8A, 9A, 10A, 11A, and 12A of the present invention.
  • the network communication method constructs a virtual network topology and implements forwarding of the virtual network message; as shown in FIG.
  • the device includes: a processor 1401B, a memory 1402B, a communication port 1403B and a bus 1404B; a processor 1401B, a memory 1402B, and a communication
  • the ports 1403B are connected to each other through a bus 1404B; the buses may be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 14B, but it does not mean that there is only one bus or one type of bus.
  • the memory 1402B is used to store the program.
  • the program may include program code, the program The code includes computer operating instructions.
  • the processor includes a CPU, an NP, a DSP, an ASIC, an FPGA, a microprocessor, etc.; the memory includes a RAM, an NVM, such as an EEPROM, a Flash, and the like.
  • the communication port 1403B is used to connect other devices and communicate with other devices.
  • the processor 1401B executes the program stored in the memory 1402B, and performs the method for implementing virtual network communication provided by the embodiment of the present invention, including:
  • the first virtual network packet includes first virtual source information and first virtual topology information; and the first virtual source information includes an identifier of the second virtual network function vNF Or the identifier of the virtual port of the second vNF; wherein, the second vNF is located in the second virtual machine VM; the second VM is attached to the second VFF;
  • the first virtual topology information includes any one of the following: a virtual link identifier; a virtual shared bus identifier; a service path identifier; an interface identifier; a virtual link identifier and a service path identifier; a virtual shared bus identifier and a service path identifier;
  • the first virtual network packet may be processed according to the virtual network topology information of the first VFF to obtain the second virtual network packet.
  • the virtual network topology information of the first VFF may be pre-configured on the device, or may be dynamically acquired, for example, to a central topology manager to request and obtain topology information.
  • the virtual network topology information includes virtual source information, virtual destination information, virtual topology information, an address of an virtual next hop, and an egress port;
  • the memory 1402B is further configured to save virtual network topology information of the first VFF.
  • the method further includes: acquiring the first VNID according to the first virtual network packet; the virtual network topology information may further include an ingress port and a VNID.
  • the processing the first virtual network packet according to the first virtual source information and the first virtual topology information to obtain the second virtual network packet includes: according to the first VNID, the first virtual source The first virtual network packet is processed by the information and the first virtual topology information to obtain a second virtual network packet.
  • the processing the first virtual network packet according to the first virtual source information and the first virtual topology information to obtain the second virtual network packet specifically includes: according to the first virtual source information and the Obtaining, by the virtual topology information, the first virtual destination information, the address of the first virtual next hop, and the first egress port, where the address of the first virtual next hop includes the MAC address of the first vINC of the first VM Encapsulating the first virtual network packet according to the first virtual source information, the first virtual destination information, and the address of the first virtual next hop, to obtain the second virtual network packet, where The second virtual network packet further includes an address of the first virtual next hop; in the multi-tenant scenario, specifically according to the first VNID, and the first virtual source information and the first virtual topology information Obtaining the first virtual destination information, an address of the first virtual next hop, and the first egress port.
  • the first virtual topology information includes a service path identifier or an interface identifier.
  • the second virtual network packet further includes the service path identifier or the interface identifier.
  • the method further includes:
  • the third virtual network packet includes second virtual source information and second virtual topology information;
  • the second virtual source information includes a virtual port of the third vNF
  • the third vNF is located in the third virtual machine VM;
  • the third VM is attached to the third VFF;
  • the fourth virtual network packet includes the second virtual source And the second virtual destination information, where the second virtual destination information includes an identifier of a port of the first network device, where the first network device is attached to the third VFF;
  • the second virtual topology information includes any one of the following: a virtual shared bus identifier; a virtual link identifier; a service path identifier; a virtual link identifier and a service path identifier; a virtual shared bus identifier and a service path identifier.
  • the method further includes: obtaining a second VNID from the third virtual network packet;
  • the processing the third virtual network packet according to the second virtual source information and the second virtual topology information to obtain the fourth virtual network packet specifically includes: according to the second virtual source information and the The second virtual destination information, the address of the second virtual next hop, and the second egress port, where the address of the second virtual next hop includes the MAC address of the first network device; Description Encapsulating the third virtual network packet by the second virtual source information, the second virtual destination information, and the address of the second virtual next hop, to obtain the fourth virtual network packet, where the fourth virtual network The packet further includes an address of the second virtual next hop; in the multi-tenant scenario, the acquiring the the second VNID, the second virtual source information, and the second virtual topology information, The second virtual destination information, the address of the second virtual next hop, and the second egress port.
  • the method further includes:
  • the fifth virtual network packet includes third virtual source information and third virtual topology information;
  • the third virtual source information includes an identifier of a port of the second network device The second network device is attached to the fourth VFF;
  • the sixth virtual network packet includes the third virtual source Information and third virtual destination information, where the third virtual destination information includes an identifier of the second virtual port of the first vNF;
  • the third virtual topology information includes any one of the following: a virtual shared bus identifier; a virtual link identifier; a service path identifier; a virtual link identifier and a service path identifier; a virtual shared bus identifier and a service path identifier.
  • the method further includes: obtaining a third VNID from the fifth virtual network packet;
  • the processing the fifth virtual network packet according to the third virtual source information and the third virtual topology information to obtain the sixth virtual network packet specifically includes: according to the third virtual source information and the The third virtual topology information acquires the third virtual destination information, the address of the third virtual next hop, and the third egress port, where the address of the third virtual next hop includes the MAC address of the second vNIC of the first VM Encapsulating the fifth virtual network packet according to the third virtual source information, the third virtual destination information, and the address of the third virtual next hop, to obtain the sixth virtual network packet, where The sixth virtual network packet further includes an address of the third virtual next hop; in the multi-tenant scenario, specifically according to the third VNID, and the third virtual source information and the third virtual topology information And acquiring the third virtual destination information, the address of the third virtual next hop, and the third egress port.
  • the device for implementing the first VFF can receive and process a virtual network packet between the vNF or the vNF and the network device, and can construct a flexible vNF communication architecture to solve the network.
  • the device uses the virtual network function (vNF) virtualized by the NFV technology to couple with the NFV topology, consumes VNID resources, cannot flexibly control the vNF, and realizes the communication between the vNFs.
  • FIG. 15 is a schematic structural diagram of an apparatus for implementing a virtual container according to an embodiment of the present invention, for implementing a virtual network communication method as shown in any of FIG. 6A, FIG. 6B and FIG. 8-12 of the present invention.
  • the VFF includes a receiving module 1501, a processing module 1502, and a sending module 1503.
  • the receiving module 1501 is configured to receive a first service packet sent by the first virtual network function vNF, where the first vNF is located in the first virtual machine VM, and the first VM is attached to the first VFF.
  • the processing module 1502 is configured to obtain, according to the first service packet, a first virtual network packet, where the first virtual network packet includes first virtual source information and the first service packet;
  • a virtual source information includes an identifier of the first vNF or an identifier of a first virtual port of the first vNF;
  • the sending module 1503 is configured to send the first virtual network packet to the first VFF.
  • the first vNF may invoke a socket interface created for the first vNF or the first virtual port of the first vNF, and send the The first service packet, and the identifier of the first vNF or the identifier of the first virtual port of the first vNF is used as a parameter.
  • the identifier of the third vNF is used as a parameter.
  • the first service path identifier or the first interface identifier is used as a parameter.
  • the processing module 1502 is specifically configured to acquire the first vNIC corresponding to the first vNF or the first virtual port of the first vNF; specifically, in the structure shown in FIG. 3a and 3b, according to the sending
  • the socket interface of the first service packet, the corresponding vNIC port, or a VLAN (vNIC+VLAN) of the vNIC port encapsulates the first service packet, and obtains the first virtual network packet; specifically, The identifier of the first vNF or the identifier of the first virtual port of the first vNF as the first virtual source information; the MAC address of the vNIC, or the MAC address of the VNIC + the VLAN ID as the virtual network header
  • the source address, the MAC address of the first VFF is used as the destination address of the virtual network header, and the first service packet is encapsulated to obtain the first virtual network packet.
  • the receiving module 1501 is further configured to receive an identifier of the third vNF sent by the first vNF.
  • the processing module 1502 is further configured to: when the first service packet is encapsulated, the identifier of the third vNF received by the receiving module 1501 is used as the first virtual destination information, where the first The virtual network message further includes first virtual destination information.
  • the receiving module 1501 is further configured to receive the first service path identifier or the first interface identifier sent by the first vNF.
  • the processing module 1502 is further configured to: when the first service packet is encapsulated, the first service path identifier or the first interface identifier received by the receiving module 1501 as the first virtual topology.
  • the first virtual network packet further includes the first virtual topology from the sending module 1503, specifically configured to send the first virtual network packet to the first VFF by using the first vNIC So that the first VFF processes the first virtual network message.
  • the receiving module 1501 is further configured to receive a second virtual network packet from the first VFF, where the second virtual network packet includes second virtual destination information;
  • the processing module 1502 is further configured to decapsulate the second virtual network packet to obtain a second service packet.
  • the sending module 1503 is further configured to send the second service packet according to the second virtual destination information.
  • the processing module 1502 is specifically configured to remove the virtual cascading header and the virtual network header of the second virtual network packet to obtain the second service packet.
  • the sending module 1503 sends the second service packet to the virtual port of the destination vNF or the destination vNF indicated by the virtual destination information.
  • the virtual port of the destination vNF or the destination vNF indicated by the second virtual destination information may include an identifier of the first vNF or an identifier of the first virtual port of the first vNF or the first vNF The identifier of the second virtual port.
  • the sending module 1503 is specifically configured to send the second service packet to the first virtual port or the second virtual port of the first vNF or the first vNF.
  • the virtual container may be located in the first VM; or may be located in a hypervisor of the device where the first VM is located; or may be located in the same device as the first VFF, such as Figures 3a-3d.
  • the virtual port of the destination vNF or the destination vNF indicated by the second virtual destination information may also include an identifier of the second vNF or an identifier of the virtual port of the second vNF; the second vNF is located in the first Within a VM.
  • the sending module 1503 is specifically configured to: invoke the corresponding socket interface according to the identifier of the second vNF or the identifier of the virtual port of the second vNF, and send the second service packet to the second vNF or virtual port of the second vNF.
  • the virtual container can be in place In the first VM, as shown in FIG. 3b.
  • the second virtual network packet may further include second virtual topology information, where the second virtual topology information includes a second service path identifier or a second interface identifier.
  • the identifier or the second interface identifier may be the same as or different from the first service path identifier or the first interface identifier.
  • the sending module 1503 is further configured to send the service path identifier or the interface identifier according to the second virtual destination information. Specifically, the sending module 1503 is specifically configured to send the service path identifier or the interface identifier to the virtual port of the destination vNF or the destination vNF together with the second service packet.
  • the receiving module 1501 is further configured to receive a third service packet sent by the network device and an identifier of a port of the network device, where the network device is attached to the first VFF.
  • the processing module 1502 is further configured to obtain, according to the third service packet and the identifier of the port of the network device, a third virtual network packet, where the third virtual network packet includes third virtual source information and The third virtual source information includes the identifier of the port of the network device; specifically, the processing module 1502 uses the identifier of the port of the network device as the third virtual source information; The MAC address of the network device is used as the source address of the third virtual network header, and the MAC address of the first VFF is used as the destination address of the third virtual network header, and the third service packet is encapsulated to obtain the third Virtual network message.
  • the sending module 1501 is further configured to send the third virtual network packet to the first VFF.
  • the port of the network device includes a physical port or a logical port.
  • the virtual container can be located within the network device.
  • the network device is directly attached to the VFF, and communicates with the VFF through the virtual container, thereby constructing a virtual network topology between the port of the network device and the virtual port of the vNF through the virtual container and the VFF, just as the vNF is directly implemented in the network device.
  • the mapping between the physical device and the virtual device is implemented.
  • the first VM, the network device is attached to the first VFF, and the virtual container communicates with the first VFF as an example.
  • the A VM and the network device may be configured with respective virtual containers, attached to the same VFF or respectively attached to different VFFs, which is not limited by the present invention.
  • the vNF or the network device communicates with the VFF through the virtual container, and the virtual container and the VFF are constructed between the vNF or the vNF and the network device.
  • the virtual network topology implements communication between vNFs, which makes the operation and management of virtual devices more convenient and flexible.
  • An embodiment of the present invention further provides an apparatus for implementing a virtual container. As shown in FIG. 16, the method includes: a processor 1601, a memory 1602, a communication port 1603, and a bus 1604.
  • the processor 1601, the memory 1602, and the communication port 1603 are mutually connected by a bus 1604. Connection;
  • the bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 16, but it does not mean that there is only one bus or one type of bus.
  • the memory 1602 is configured to store a program.
  • the program can include program code, the program code including computer operating instructions.
  • the processor 1601 includes a CPU, an NP, a DSP, an ASIC, an FPGA, a microprocessor, etc.
  • the memory 1602 includes a RAM, an NVM, such as an EEPROM, a Flash, and the like.
  • the communication port 1603 is used to connect other devices and communicate with other devices.
  • the processor 1601 executes the program stored in the memory 1602, and the method for implementing the virtual network communication provided by the embodiment of the present invention includes:
  • the first virtual network packet includes the first virtual source information and the first service packet;
  • the first virtual source information includes the first An identifier of a vNF or an identifier of the first virtual port of the first vNF;
  • the method further includes: receiving an identifier of the third vNF sent by the first vNF.
  • the method further includes: receiving a first service path identifier or a first interface identifier sent by the first vNF.
  • the first vNF may invoke a socket interface created for the first vNF or the first virtual port of the first vNF, and send the The first service packet, and the identifier of the first vNF or the identifier of the first virtual port of the first vNF is used as a parameter.
  • the identifier of the third vNF is used as a parameter.
  • the first service path identifier or the first interface identifier is used as a parameter.
  • the obtaining the first virtual network packet according to the first service packet includes: acquiring the first vNIC of the first vNF or the first virtual port of the first vNF or a VLAN of the first vNIC Specifically, in the structure shown in FIG. 3a and 3b, the first vNIC or a VLAN (vNIC+VLAN) of the first vNIC port is found according to the socket interface that sends the first service packet, Encapsulating the first service packet to obtain the first virtual network packet.
  • the identifier of the first vNF or the identifier of the first virtual port of the first vNF is used as the first virtual source information; the MAC address of the vNIC, or the MAC address of the VNIC + the VLAN ID is taken as The source address of the virtual network header, the MAC address of the first VFF is used as the destination address of the virtual network header, and the first service packet is encapsulated to obtain the first virtual network packet.
  • the identifier of the third vNF is used as the first virtual destination information, and the first virtual network packet further includes the first virtual destination information.
  • the first service path identifier or the first interface identifier is used as the first virtual topology information, where the first virtual network packet further includes the first A virtual topology information.
  • the method further includes:
  • the virtual port of the destination vNF or the destination vNF indicated by the second virtual destination information may include an identifier of the first vNF or an identifier of the first virtual port of the first vNF or the first The identifier of the second virtual port of the vNF.
  • the sending the second service packet according to the virtual destination information includes: sending the second service packet to the first vNF or the first virtual port of the first vNF Or the second virtual port.
  • the virtual container may be located in the first VM; or located in the hypervisor hypervisor of the device where the first VM is located; or located in the same device as the first VFF, as shown in FIG. 3a-3d. Shown.
  • the virtual port of the destination vNF or the destination vNF indicated by the second virtual destination information may also include an identifier of the second vNF or an identifier of the virtual port of the second vNF; the second vNF is located in the first Within a VM.
  • the sending the second service packet according to the virtual destination information comprises: invoking a corresponding socket interface according to the identifier of the second vNF or the identifier of the virtual port of the second vNF, Sending a second service message to the second vNF or the second vNF Quasi-port.
  • the virtual container may be located in the first VM, as shown in FIG. 3b.
  • the second virtual network packet further includes second virtual topology information, where the second virtual topology information includes a second service path identifier or a second interface identifier.
  • the identifier or the second interface identifier may be the same as or different from the first service path identifier or the first interface identifier.
  • the method further includes: sending the second service path identifier or the second interface identifier according to the second virtual destination information. Specifically, the second service path identifier or the second interface identifier is sent to the virtual port of the destination vNF or the destination vNF indicated by the second virtual destination information together with the second service packet.
  • the method further includes:
  • the third virtual source information includes an identifier of a port of the network device;
  • the third virtual network packet obtained, according to the third service packet and the identifier of the port of the network device, the third virtual network packet, where: the identifier of the port of the network device is used as the third virtual source information; The MAC address is used as the source address of the third virtual network header, and the MAC address of the first VFF is used as the destination address of the third virtual network header, and the third service packet is encapsulated to obtain the third virtual network packet.
  • the port of the network device includes a physical port or a logical port.
  • the virtual container can be located within the network device.
  • the method further includes: receiving a fourth virtual network packet from the first VFF, where the fourth virtual network packet includes fourth virtual destination information; and the fourth virtual destination information includes the network device The identity of the port. And decapsulating the fourth virtual network packet to obtain a fourth service packet; and sending the fourth service packet to the port of the network device according to the fourth virtual destination information.
  • the first VM, the network device is attached to the first VFF, and the virtual container communicates with the first VFF as an example.
  • the A VM and the network device may be configured with respective virtual containers, attached to the same VFF or respectively attached to different VFFs, which is not limited by the present invention.
  • the network device can be directly attached to the VFF, and communicates with the VFF through the virtual container, thereby constructing a virtual network topology between the port of the network device and the virtual port of the vNF through the virtual container and the VFF, just as the vNF is directly implemented in the network. On the port of the device, the mapping between the physical device and the virtual device is implemented.
  • the virtual container receives the first service packet from the first vNF in the first VM and encapsulates the first virtual network packet to be sent to the first VFF attached to the first VM, and receives the first VFF from the first VM.
  • the second virtual network packet of the VFF decapsulating the second virtual network packet to obtain a second service packet, and sending the second service packet to the first vNF, so that the first VFF can communicate with other vNFs.
  • Build a virtual topology between vNFs to solve the problem of vNF and topology coupling in the virtual network, consuming VNID resources, incapable of flexibly controlling vNF, and realizing communication between vNFs.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne un procédé, un appareil et un système permettant de mettre en œuvre une communication d'un réseau virtuel. Le procédé comprend les étapes suivantes : un premier VFF reçoit un paquet de réseau virtuel d'une première machine virtuelle (VM) ou d'un dispositif réseau et traite le paquet de réseau virtuel puis envoie le paquet de réseau virtuel à un second VFF, le paquet de réseau virtuel comprenant des informations de topologie virtuelle ; et le second VFF traite le paquet de réseau virtuel et l'envoie à une seconde VM. De cette manière, une fois qu'une fonction du dispositif réseau est virtualisée, une topologie de réseau virtuel peut être construite entre des vNF pour mettre en œuvre une communication parmi les vNF, de sorte que l'exploitation et la gestion d'un dispositif virtuel soient plus pratiques et flexibles.
PCT/CN2014/075789 2013-09-27 2014-04-21 Procédé, appareil et système de mise en œuvre de communication d'un réseau virtuel Ceased WO2015043168A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310452313.6 2013-09-27
CN201310452313.6A CN104518935B (zh) 2013-09-27 2013-09-27 实现虚拟网络通信的方法、装置和系统

Publications (1)

Publication Number Publication Date
WO2015043168A1 true WO2015043168A1 (fr) 2015-04-02

Family

ID=52741941

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/075789 Ceased WO2015043168A1 (fr) 2013-09-27 2014-04-21 Procédé, appareil et système de mise en œuvre de communication d'un réseau virtuel

Country Status (2)

Country Link
CN (1) CN104518935B (fr)
WO (1) WO2015043168A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105430110A (zh) * 2015-10-30 2016-03-23 浪潮(北京)电子信息产业有限公司 一种虚拟网络系统的容器配置方法及网络传输装置
CN106301829A (zh) * 2015-05-21 2017-01-04 华为技术有限公司 一种网络业务扩容的方法和装置
CN114338606A (zh) * 2020-09-25 2022-04-12 华为云计算技术有限公司 一种公有云的网络配置方法及相关设备
CN114844787A (zh) * 2022-04-11 2022-08-02 电子科技大学 一种支持灵活高效动态实验的网络模拟系统
CN119316345A (zh) * 2024-09-06 2025-01-14 新华三网络信息安全软件有限公司 报文传输方法及装置

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105812221B (zh) * 2014-12-31 2019-07-12 华为技术有限公司 虚拟可扩展本地区域网络中数据传输的设备和方法
WO2017000221A1 (fr) * 2015-06-30 2017-01-05 华为技术有限公司 Procédé et dispositif destinés à une communication par un port d'élément de réseau d'extrémité éloignée
CN106712988B (zh) * 2015-08-25 2019-11-12 新华三技术有限公司 一种虚拟网络管理方法及装置
US9729441B2 (en) * 2015-10-09 2017-08-08 Futurewei Technologies, Inc. Service function bundling for service function chains
CN107733801B (zh) * 2016-08-11 2021-01-29 华为技术有限公司 接收和发送报文的方法及设备
CN109218158B (zh) * 2017-07-05 2021-05-11 中国电信股份有限公司 基于VxLAN的数据传输方法、控制方法及控制器、网关、中间网元和系统
CN114205844B (zh) 2017-11-16 2024-05-14 华为技术有限公司 网络业务的管理方法、设备及系统
CN108418705B (zh) * 2018-01-29 2021-01-08 浪潮云信息技术股份公司 虚拟机与容器混合嵌套架构的虚拟网络管理方法及系统
CN110719237B (zh) * 2018-07-13 2022-01-07 华为技术有限公司 传输报文的方法、装置、设备及存储介质
CN109309634A (zh) * 2018-09-25 2019-02-05 新华三技术有限公司 一种报文处理系统及网络设备
CN111628921B (zh) 2019-02-27 2021-07-20 华为技术有限公司 一种报文的处理方法、报文转发装置以及报文处理装置
CN113162785B (zh) * 2020-01-23 2025-05-27 华为技术有限公司 一种网络接口的建立方法、装置及系统
AU2021268768B2 (en) * 2020-05-06 2023-11-23 PrimeWan Limited Virtual network device
CN111580936B (zh) * 2020-05-19 2024-02-09 超越科技股份有限公司 虚拟化数据处理方法和系统
CN113746749A (zh) * 2020-05-29 2021-12-03 阿里巴巴集团控股有限公司 网络连接设备
WO2022183927A1 (fr) * 2021-03-02 2022-09-09 华为技术有限公司 Procédé et appareil de transmission de paquets
CN116248590B (zh) * 2022-12-16 2024-05-10 中国联合网络通信集团有限公司 数据转发方法、装置、设备及存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101459534A (zh) * 2008-12-03 2009-06-17 福建星网锐捷网络有限公司 一种树状网络的网络拓扑收集方法和网络设备
CN101505227A (zh) * 2009-03-11 2009-08-12 华为技术有限公司 一种实现点到多点伪线的方法、设备和系统
CN102437967A (zh) * 2012-02-01 2012-05-02 杭州华三通信技术有限公司 报文转发方法和装置

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7596629B2 (en) * 2002-11-21 2009-09-29 Cisco Technology, Inc. System and method for interconnecting heterogeneous layer 2 VPN applications
WO2007022640A1 (fr) * 2005-08-26 2007-03-01 Nortel Networks Limited Procede d'etablissement d'un pseudo-fil multisegment au niveau de domaines ayant des protocoles de signalisation de pseudo-fil differents

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101459534A (zh) * 2008-12-03 2009-06-17 福建星网锐捷网络有限公司 一种树状网络的网络拓扑收集方法和网络设备
CN101505227A (zh) * 2009-03-11 2009-08-12 华为技术有限公司 一种实现点到多点伪线的方法、设备和系统
CN102437967A (zh) * 2012-02-01 2012-05-02 杭州华三通信技术有限公司 报文转发方法和装置

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106301829A (zh) * 2015-05-21 2017-01-04 华为技术有限公司 一种网络业务扩容的方法和装置
CN106301829B (zh) * 2015-05-21 2019-08-09 华为技术有限公司 一种网络业务扩容的方法和装置
US10432460B2 (en) 2015-05-21 2019-10-01 Huawei Technologies Co., Ltd. Network service scaling method and apparatus
CN105430110A (zh) * 2015-10-30 2016-03-23 浪潮(北京)电子信息产业有限公司 一种虚拟网络系统的容器配置方法及网络传输装置
CN114338606A (zh) * 2020-09-25 2022-04-12 华为云计算技术有限公司 一种公有云的网络配置方法及相关设备
CN114338606B (zh) * 2020-09-25 2023-07-18 华为云计算技术有限公司 一种公有云的网络配置方法及相关设备
CN114844787A (zh) * 2022-04-11 2022-08-02 电子科技大学 一种支持灵活高效动态实验的网络模拟系统
CN114844787B (zh) * 2022-04-11 2024-01-26 电子科技大学 一种支持灵活高效动态实验的网络模拟系统
CN119316345A (zh) * 2024-09-06 2025-01-14 新华三网络信息安全软件有限公司 报文传输方法及装置

Also Published As

Publication number Publication date
CN104518935B (zh) 2018-05-25
CN104518935A (zh) 2015-04-15

Similar Documents

Publication Publication Date Title
WO2015043168A1 (fr) Procédé, appareil et système de mise en œuvre de communication d'un réseau virtuel
US11765000B2 (en) Method and system for virtual and physical network integration
US11546288B2 (en) Techniques for managing software defined networking controller in-band communications in a data center network
CN104221332B (zh) 局域网复用装置
CN103200069B (zh) 一种报文处理的方法和设备
CN104869042B (zh) 报文转发方法和装置
CN106101023B (zh) 一种vpls报文处理方法及设备
CN106936777B (zh) 基于OpenFlow的云计算分布式网络实现方法、系统
CN104335532B (zh) 将分组路由到虚拟转发实例的远端地址的方法和装置
EP2853066B1 (fr) Passerelles de superposition de couche 3
US10616108B2 (en) Scalable MAC address virtualization
CN111937358B (zh) 用于结构边缘设备的多vrf通用设备互联网协议地址
Narten et al. Problem statement: Overlays for network virtualization
CN103905283B (zh) 基于可扩展虚拟局域网的通信方法及装置
CN105591916B (zh) 一种报文传输方法及装置
CN103404084B (zh) Mac地址强制转发装置及方法
CN105591982B (zh) 一种报文传输的方法和装置
WO2016173271A1 (fr) Procédé, dispositif et système de traitement de messages
GB2497202A (en) Transmitting frames between, possibly different, local VLANs by encapsulating frames for global VLAN tunnel
WO2015149253A1 (fr) Système de centre de données et procédé de gestion de réseau virtuel d'un centre de données
CN110999265A (zh) 管理云计算服务端点和虚拟机之间的网络连接性
CN107770064A (zh) 一种跨网络通信的方法、设备
US20180270084A1 (en) Technique for exchanging datagrams between application modules
WO2022116895A1 (fr) Procédé, dispositif et système de transfert de paquets bier
CN118631609A (zh) 一种基于隧道技术的报文处理方法以及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14849065

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14849065

Country of ref document: EP

Kind code of ref document: A1