[go: up one dir, main page]

WO2018032910A1 - Cross-network communication method and apparatus - Google Patents

Cross-network communication method and apparatus Download PDF

Info

Publication number
WO2018032910A1
WO2018032910A1 PCT/CN2017/092526 CN2017092526W WO2018032910A1 WO 2018032910 A1 WO2018032910 A1 WO 2018032910A1 CN 2017092526 W CN2017092526 W CN 2017092526W WO 2018032910 A1 WO2018032910 A1 WO 2018032910A1
Authority
WO
WIPO (PCT)
Prior art keywords
data packet
vlan
host
virtual machine
vni
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2017/092526
Other languages
French (fr)
Chinese (zh)
Inventor
王军
李太安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2018032910A1 publication Critical patent/WO2018032910A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/58Association of routers
    • H04L45/586Association of routers of virtual routers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/66Layer 2 routing, e.g. in Ethernet based MAN's

Definitions

  • the present invention relates to the field of wireless communication technologies, and in particular, to a method and device for communicating across a network.
  • Heterogeneous cloud network means that two or more private clouds use different access technologies, or private clouds that use the same wireless access technology but belong to different wireless carriers are intelligently integrated through inter-system convergence. Together, a variety of different types of private clouds are provided to provide users with wireless access anytime, anywhere, thereby forming a heterogeneous cloud network.
  • VMs virtual machines
  • VLAN Virtual Local Area Network
  • IP Internet Protocol
  • VXLAN Virtual eXtensible Local Area Network
  • GRE Generic Routing Encapsulation
  • VPN Virtual Private Network
  • the present invention provides a method and a device for communicating across a network, so as to solve the problem that the network security of the agent needs to be deployed in the VM and the additional network card is virtualized when the communication between different Layer 2 networks is implemented.
  • a method for communicating across a network is provided.
  • the method can be applied to communication between a first virtual machine VM and a second VM.
  • the first VM is located at the first host Host, and the second VM is located at the second host.
  • a routing virtual machine is created in a host, and the method may include:
  • the routing virtual machine receives the first vlan data packet sent by the first virtual switch in the first host, and the first vlan data packet is encapsulated by the Ethernet data packet sent by the first VM, where the first vlan data packet includes: The vlan identifier of the first vlan port corresponding to the VM and the address information of the second VM, and the first vlan data packet is encapsulated into a first VNI including a coverage domain for identifying a layer 2 network where the first VM is located After the VXLAN data packet, sending the first VXLAN data packet to the second Host, so that the second Host is based on the address information of the second VM, And the first VNI, the first VXLAN packet is processed and sent to the second VM.
  • routing virtual machine is an element capable of realizing communication across the network based on the description of the present invention, and is merely for convenience of describing the solution provided by the present invention, and does not indicate or imply that the component must be named thereby.
  • the routing switch may be named as an OVS-vAPP virtual machine, and may also be named as a virtual machine of another name, and thus cannot be construed as limiting the present invention.
  • the routing virtual machine intercepts the data packet sent by the VM, encapsulates the data packet sent by the VM into a three-layer VXLAN data packet, and sends the encapsulated VXLAN data packet to the VM in the other private cloud through the three-layer tunnel technology.
  • the interworking between different Layer 2 networks is realized, and the problem of reducing the security caused by deploying agents in the VM and virtualizing additional network cards is avoided.
  • the routing virtual machine can receive the first vlan packet sent by the first virtual switch by using the following implementation manner:
  • the second vlan port can be created on the first switch, the second vlan port and the first vlan port have the same vlan identifier, and the second vlan port and the route
  • the second virtual switch in the virtual machine is connected to the first virtual switch that is sent by the first virtual switch in the first host, and the routing virtual machine may include:
  • the second virtual switch in the routing virtual machine receives the first vlan data packet sent by the first virtual switch through the second vlan port;
  • the routing virtual machine encapsulating the first vlan data packet into the first VXLAN data packet may include:
  • the second virtual switch in the routing virtual machine encapsulates the first vlan data packet into the first VXLAN data packet.
  • a trunk trunk port may be created on the first switch, the routing virtual machine includes a second virtual switch, and the third virtual switch has a third vlan port.
  • the trunk port is connected to the third vlan port, and the third vlan port has the same vlan identifier as the first vlan port; the routing virtual machine receives the first vlan data packet sent by the first virtual switch in the first host, including:
  • the routing virtual machine receives the first vlan data packet sent by the first virtual switch in the first host through the trunk port;
  • the routing virtual machine sends the first vlan data packet to the second virtual switch by using the vlan identifier in the first vlan data packet through the third vlan port corresponding to the vlan identifier.
  • the routing virtual machine encapsulates the first vlan data packet into the first VXLAN data packet, including:
  • the second virtual switch in the routing virtual machine encapsulates the first vlan data packet into the first VXLAN data packet.
  • the routing virtual machine can intercept the traffic sent by the VM in the Host for subsequent processing and send it to the peer VM.
  • the first Host may be located in the first private cloud, and the second Host may be located in the second private cloud, the first The private cloud includes a first Layer 2 gateway, and the second private cloud includes a second Layer 2 gateway; the routing virtual machine sending the first VXLAN packet to the second Host may include:
  • the routing virtual machine sends the first VXLAN data packet to the first layer 2 gateway, and the first layer 2 gateway receives the first VNI in the first VXLAN data packet according to the preset correspondence between the first VNI and the second VNI. Modifying to the second VNI, and passing the first VXLAN packet including the second VNI through the first Layer 2 gateway and the second Layer 2 gateway The VXLAN tunnel is sent to the second layer 2 gateway, and the second layer 2 gateway changes the second VNI in the received first VXLAN packet to the first according to the preset correspondence between the first VNI and the second VNI. VNI, and sends the first VXLAN data packet to the second Host according to the first VNI.
  • the VXLAN packet encapsulated by the routing virtual machine can be sent to the Layer 2 gateway in the other private cloud through the tunnel technology through the Layer 2 gateway in the private cloud, and processed by the Layer 2 gateway in the other private cloud, and then sent to the Layer 2 gateway in the other private cloud.
  • the OVS-vApp virtual machine may be added only in one Host, and all VMs in any other Host may be implemented by the OVS-vApp virtual machine.
  • the communication between itself and other VMs that is, in another implementation manner of the first aspect, in combination with the first aspect or any one of the first aspects, the present invention can also implement the third method by the following method. Communication between the VM and the second VM, the third VM is located in the third host, the first Host and the third Host are located in the first private cloud, the first private cloud further includes: a physical switch, and the OVS-vApp is not deployed in the third Host virtual machine:
  • the routing virtual machine receives the third vlan data packet sent by the physical switch and sent by the virtual switch in the third host to the physical switch, and the third vlan data packet is encapsulated by the Ethernet data packet sent by the third VM, and the Ethernet data packet is formed.
  • the third vlan data packet includes: a vlan identifier of the fourth vlan port corresponding to the third VM, and address information of the second VM, and the routing virtual machine encapsulates the third vlan data packet into a second VXLAN packet, and sending a second VXLAN packet to the second host, so that the second Host processes the second VXLAN packet and sends the packet to the second VM according to the address information of the second VM and the second VNI.
  • the second VNI is used to identify the coverage area of the Layer 2 network where the third VM is located.
  • the routing virtual machine is not deployed in the host, the data packet sent by the VM in the host is encapsulated in the VXLAN by the routing virtual machine in the other host, and the encapsulated VXLAN data packet is sent by the routing virtual machine to the routing virtual machine.
  • a second aspect provides a routing virtual machine, including a sending unit, a packaging unit, and a receiving unit;
  • a receiving unit configured to receive a first vlan data packet sent by the first virtual switch in the first host
  • a packaging unit configured to encapsulate the first vlan data packet received by the receiving unit into a first VXLAN data packet
  • the sending unit is further configured to send, to the second host, the first VXLAN data package encapsulated by the unit.
  • the specific implementation manner of the second aspect may refer to the behavior of the virtual machine in the cross-network communication method provided by the first aspect or the possible implementation manner of the first aspect. Therefore, the routing virtual machine provided by the second aspect may reach The same benefits as the first aspect.
  • a route virtual machine including a processor and a transceiver;
  • a transceiver configured to receive a first vlan data packet sent by the first virtual switch in the first host
  • a processor configured to encapsulate the first vlan data packet received by the transceiver into a first VXLAN data packet
  • the processor is further configured to send the first VXLAN data package after the processor is encapsulated to the second host.
  • the specific implementation manner of the third aspect may refer to the behavior of the virtual machine in the method for cross-network communication provided by the first aspect or the possible implementation manner of the first aspect. Therefore, the routing virtual machine provided by the third aspect may reach The same benefits as the first aspect.
  • a non-transitory computer readable storage medium storing one or more programs, the instructions comprising instructions, when included in the second aspect or the third aspect or any of the above, Implementation When the routing virtual machine executes, the routing virtual machine performs the following events:
  • the specific implementation manner of the fourth aspect may refer to the behavior of the virtual machine in the cross-network communication method provided by the first aspect or the possible implementation manner of the first aspect. Therefore, the routing virtual machine provided by the fourth aspect may reach The same benefits as the first aspect.
  • FIG. 1 is a schematic diagram of an architecture of a heterogeneous cloud network
  • FIG. 2 is a schematic structural diagram of a heterogeneous cloud network according to an embodiment of the present invention.
  • FIG. 3 is a schematic structural diagram of a physical host according to an embodiment of the present disclosure.
  • FIG. 4 is a flowchart of a method for communicating across a network according to an embodiment of the present invention
  • FIG. 5 is a structural diagram of a host machine according to an embodiment of the present invention.
  • FIG. 5B is a structural diagram of still another host machine according to an embodiment of the present invention.
  • FIG. 6 is a schematic diagram of a process of communicating across a network according to an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a process of communicating across a network according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of an OVS-vAPP virtual machine according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram of an OVS-vAPP virtual machine according to an embodiment of the present invention.
  • the principle of the present invention is: adding a routing virtual machine in the host where the VM is located, the routing virtual machine intercepts the data packet sent by the VM, encapsulates the data packet sent by the VM into a VXLAN data packet, and encapsulates the VXLAN packet.
  • the data packets are sent to the VMs in other private clouds through the overlay network technology, so as to achieve interworking between different Layer 2 networks, avoiding the deployment of agents in the VM and virtualizing additional network cards.
  • the routing virtual machine is an element capable of realizing communication across the network based on the description of the present invention, and is merely for convenience of describing the solution provided by the present invention, and does not indicate or imply that the component must be named thereby. Therefore, the limitation of the present invention is not limited.
  • the routing switch may be named as an OVS-vAPP virtual machine, and may also be named as a virtual machine of another name.
  • the newly added “routing virtual machine” may be named “OVS-vAPP virtual machine” to describe the method and device for heterogeneous cloud network communication provided by the present invention.
  • the method for cross-network communication according to the present invention can be applied to a heterogeneous cloud network to implement communication between VMs in different Layer 2 networks in a heterogeneous cloud network.
  • the embodiment of the present invention uses only the heterogeneous cloud network shown in FIG. 1 as an example to describe the method and device for heterogeneous cloud network communication provided by the present invention.
  • the VMs in different Layer 2 networks refer to: A VM that is in a different virtual local area network.
  • the Layer 2 network can be a Layer 2 virtual network or a Layer 2 physical network.
  • the heterogeneous cloud network may include: a cloud manager, and at least one private cloud.
  • the cloud management system is composed of multiple servers, and is mainly used for uniformly managing resources (such as computing, network, and storage resources) in a private cloud in a heterogeneous cloud network, and can use IP addresses in the same subnet in different private groups.
  • VMs are deployed on the cloud, that is, VMs in different private clouds are assigned IP addresses in the same subnet.
  • Different private clouds can be in the same Layer 2 network or not in the same Layer 2 network.
  • the same private cloud (referred to as: Cloud) can include Network Server, Layer 2 Gateway (L2G), and Virtual Switch.
  • L2G Layer 2 Gateway
  • Virtual Switch Virtual Switch
  • vSwitch dynamic host configuration protocol
  • DCHP dynamic host configuration protocol
  • the vSwitch is used to implement data transmission between hosts. Different vlan ports can be deployed in the private network. The vlan ports can be used to isolate packets sent by different VMs through the vlan port.
  • the vSwitch and Host can run on the hardware layer of the physical host (not shown in Figure 1) in the private cloud. Each Host can contain multiple VMs. It should be noted that FIG.
  • FIG. 1 is only a schematic diagram, and the private cloud, the host machine, and the VM shown in FIG. 1 are only examples, and the number thereof does not limit the solution of the present invention.
  • the heterogeneous cloud network can be deployed. Different from the multiple components shown in Figure 1.
  • the present invention adds an OVS-vAPP virtual machine to the host of the private cloud, and the VSwitch (ovs) can also be deployed in the OVS-vAPP virtual machine.
  • a vlan port with the same function as the vlan port can be created on the OVS-vAPP virtual machine, and the vlan created in the OVS-vAPP virtual machine will be created.
  • the port is added to the ovs, so that the traffic sent by the VM passes through the vSwitch in the host, and then flows into the ovs in the OVS-vAPP virtual machine, and all traffic sent by the VM is intercepted by the OVS-vAPP virtual machine, and OVS-vAPP is used.
  • the virtual machine processes the intercepted traffic (for example, encapsulated into a VXLAN packet), it is sent to the VMs in other private clouds through the tunnel between the private clouds to implement VM interworking between different networks.
  • the OVS-vAPP virtual machine 1041 runs on the Host 104, which runs on the hardware layer of the physical host 10, and the hardware layer may include a Remote Direct Memory Access (RDMA) network card 103.
  • the hardware layer may further include at least one processor 102 and a memory 101, and the devices are connected and communicated with each other through a communication bus or a direct connection.
  • the Host 104 may further include a plurality of VMs 1042 and vSwitch 1043 in addition to the OVS-vAPP virtual machine 1041.
  • Host104 is used as the management layer to manage and allocate hardware resources, and presents a virtual hardware platform for the internal virtual machine.
  • the virtual hardware platform runs on each virtual machine (such as: OVS-vAPP virtual machine 1041, VM1042). And vSwitch1043) provides various hardware resources, such as providing virtual processors (VCPUs), virtual memory, virtual disks, virtual network cards, and so on.
  • VCPUs virtual processors
  • VCPUs virtual memory
  • virtual disks virtual disks
  • virtual network cards virtual network cards
  • the OVS-vAPP virtual machine 1041, VM1042, and vSwitch 1043 work like a real computer.
  • the OVS-vAPP virtual machine 1041, VM 1042, and vSwitch 1043 can be installed with operating systems and applications, the OVS-vAPP virtual machine 1041, VM 1042, and The vSwitch1043 also has access to network resources.
  • the RDMA network card 103 in the hardware layer may be various network cards supporting the RDMA function, for example, an InfiniBand card or an RDMA over Converged Ethernet (RoCE) card.
  • an InfiniBand card or an RDMA over Converged Ethernet (RoCE) card.
  • RoCE RDMA over Converged Ethernet
  • the processor 102 can be a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement embodiments of the present invention.
  • CPU Central Processing Unit
  • ASIC Application Specific Integrated Circuit
  • Memory 101 can include random access memory and provides instructions and data to processor 102.
  • the following embodiments show and describe in detail the process of cross-network communication provided by the present invention in the form of steps, wherein the steps shown may be performed in addition to being executed in the OVS-vAPP virtual machine. Executed in a computer system that executes instructions. Moreover, although logical sequences are shown in the figures, in some cases the steps shown or described may be performed in a different order than the ones described herein.
  • FIG. 4 is a flowchart of a method for communicating across a network according to an embodiment of the present invention, which may be executed by the OVS-vAPP virtual machine shown in FIG. 2 and FIG. 3, for implementing communication between a first VM and a second VM.
  • the first VM is located in the first Host
  • the second VM is located in the second Host
  • the OVS-vAPP virtual machine is located in the first Host.
  • the method may include the following steps:
  • the OVS-vAPP virtual machine receives the first vlan data packet sent by the first virtual switch in the first host, where the first vlan data packet is encapsulated by an Ethernet data packet sent by the first VM, and the Ethernet data packet is encapsulated.
  • the first vlan data packet includes: a vlan identifier of the first vlan port corresponding to the first VM, and address information of the second VM.
  • the first VM may be any VM in the first Host, and the Ethernet data packet sent by the first VM may include, but is not limited to, the following types of data packets: media access control for requesting acquisition of the first VM (Media) An Address Resolution Protocol (ARP) of an Access Control (MAC) address, a data packet for requesting acquisition of an IP address of a first VM, and a data packet for requesting service data.
  • media access control for requesting acquisition of the first VM
  • ARP Address Resolution Protocol
  • MAC Access Control
  • the vlan identifier is used to identify the first vlan port, and the first vlan port can be deployed on the first virtual switch and connected to the first VM.
  • the address information of the second VM may be the IP address of the second VM or the MAC address of the second VM.
  • the first VM may send the Ethernet packet sent by itself to the first virtual switch by using the first vlan port connected to the first VM, where the first virtual switch is from the first vlan.
  • the port After receiving the Ethernet data packet, the port generates the first vlan data packet by encapsulating the Ethernet data packet with the vlan identifier of the first vlan port according to the vlan identifier of the first vlan port, for example, the head of the Ethernet data packet. Add the vlan ID of the first vlan port. It should be noted that, in the process of generating the first vlan data packet, including but not limited to adding the vlan identifier only on the Ethernet data packet, in addition, you can add: Layer Ethernet header, inner IP header, and other payloads.
  • the OVS-vAPP virtual machine can receive the first vlan data packet sent by the first virtual switch in the following two manners:
  • Manner 1 The second vlan port is created on the first switch, the second vlan port has the same vlan identifier as the first vlan port, and the second vlan port is connected to the second virtual switch in the OVS-vAPP virtual machine.
  • the first virtual switch may search for the first vlan port after the first vlan port corresponding to the first vlan identifier according to the first vlan identifier in the encapsulated first vlan data packet, and the encapsulated first vlan data packet. Sended through the second vlan port;
  • the second virtual switch in the OVS-vAPP virtual machine can receive the first vlan packet sent by the first virtual switch from the second vlan port.
  • the second vlan port and the first vlan port have the same vlan identifier, and the second vlan port and the first vlan port have the same function, and the second vlan port supports transmitting the data packet sent from the first vlan port.
  • the first vlan port and the second vlan port may be named by the same name, or may be named by different names, which is not limited by the embodiment of the present invention.
  • VM1 and VM2 two virtual machines are included in Host1: VM1 and VM2, VM1 is connected to vlan1 port on vSwtich1, and VM2 is connected to vlan2 port on vSwtich1.
  • vlan1 can be added to vSwtich1.
  • a port with the same function as the vlan port and the vlan port with the same function as the vlan2 port, and the vlan port with the same function as the vlan1 port and the vlan port with the same function as the vlan2 port are connected to the ovs (as shown in the virtual box in Figure 5A).
  • vSwtich1 After receiving the Ethernet packet sent by VM1 through the vlan1 port, vSwtich1 encapsulates the Ethernet packet into a vlan packet and sends it to the ovs through the vlan port in the virtual box that has the same function as the vlan1 port. .
  • Manner 2 Create a trunk port on the first switch, create a third vlan port on the second virtual switch in the OVS-vAPP virtual machine, connect the trunk port to the third vlan port, and connect the third vlan port with The first vlan port has the same vlan identifier;
  • the first virtual switch can send the encapsulated first vlan packet through the trunk port;
  • the OVS-vAPP virtual machine can receive the first vlan data packet sent from the trunk port, according to the first vlan identifier in the first vlan data packet, and pass the first vlan data packet to the third vlan port with the first vlan identifier. Send to the second virtual switch in the OVS-vAPP virtual machine.
  • the third vlan port and the first vlan port have the same vlan identifier, and the third vlan port and the first vlan port have the same function, and the third vlan port supports transmitting the data packet sent from the first vlan port.
  • the first vlan port and the third vlan port may be named by the same name, or may be named by different names, which is not limited in this embodiment of the present invention.
  • VM1, VM2, VM1 and vSwtich1 are included in Host1: VM1, VM2, VM1 and vSwtich1.
  • the VM2 is connected to the vlan2 port on the vSwtich1, and the trunk port is created on the vSwtich1.
  • the vlan port with the same function as the vlan1 port and the vlan port with the same function as the vlan2 port are created on the ovs (as shown in Figure 5B).
  • the trunk port is connected to the vlan port on the ovs.
  • the vSwtich1 can encapsulate the Ethernet packet into the first vlan packet after receiving the Ethernet packet sent by the VM1 through the vlan1 port.
  • the OVS-vAPP virtual machine receives the first vlan data packet through the trunk port in the virtual box, and sends the first vlan data packet according to the vlan identifier in the first vlan data packet, and sends the vlan with the same function as the vlan1 port.
  • the OVS-vAPP virtual machine encapsulates the first vlan data packet into the first VXLAN data packet, and sends the first VXLAN data packet to the second host, so that the second host sends the first VXLAN data packet to the first The second VM, wherein the first VXLAN data packet includes: a first virtual extended local area network identifier VNI.
  • VNI VXLAN Network Identifier
  • the OVS-vAPP virtual machine encapsulates the first vlan data packet into the first VXLAN data packet, which may include:
  • the vlan identifier in the first vlan packet is removed, and the first VNI is encapsulated.
  • the original Ethernet data packet with the vlan identifier removed may be encapsulated: outer layer Ethernet header, outer IP header, User Datagram Protocol (UDP) header, VXLAN tag, and some reserved fields.
  • UDP User Datagram Protocol
  • the Layer 2 Ethernet data packet can be encapsulated by the Layer 3 protocol to implement the extension of the Layer 2 network in the Layer 3 network, and the VMs in different Layer 2 networks can communicate through the Layer 3 interworking technology.
  • the first host when the cross-network communication is performed in the heterogeneous cloud network, the first host may be located in the first private cloud, the second host may be located in the second private cloud, and the first private cloud may include the first second-layer gateway.
  • the second private cloud may include a second layer 2 gateway.
  • the OVS-vAPP virtual machine sends the first VXLAN data packet to the second host, which may include:
  • the OVS-vAPP virtual machine sends the first VXLAN data packet to the first layer 2 gateway;
  • the first layer 2 gateway modifies the first VNI in the received first VXLAN data packet to the second VNI according to the preset correspondence between the first VNI and the second VNI, and the first VXLAN including the second VNI
  • the data packet is sent to the second layer 2 gateway through the VXLAN tunnel between the first layer 2 gateway and the second layer 2 gateway.
  • the second layer 2 gateway modifies the received second VNI in the first VXLAN data packet to the first VNI according to the preset correspondence between the first VNI and the second VNI, and the first VXLAN according to the first VNI
  • the data packet is sent to the vSwitch in the second host where the second VM is located;
  • the vSwitch in the second Host After receiving the first VXLAN data packet, the vSwitch in the second Host converts the first VXLAN data packet into the second vlan data packet according to the address information of the second VM in the first VXLAN data packet, and removes the second vlan identifier.
  • the vlan port corresponding to the vlan identifier is sent to the second VM, where the second vlan data includes the second vlan identifier, and the second vlan identifier is used to identify the vlan port connected to the second VM.
  • the cloud management system in the heterogeneous cloud network may pre-configure the VNIs of the first VM and the second VM in different networks, configure the VNIs of the two as the first VNI, and pre-configure the first VNI and the second VNI.
  • the first layer 2 gateway and the second layer 2 gateway can obtain the correspondence between the first VNI and the second VNI from the cloud management system, and perform VNI modification according to the correspondence between the first VNI and the second VNI
  • Two VNI can Any VNI configured for the first Layer 2 gateway for the cloud management system.
  • the cloud management system can configure at least one VNI for the first Layer 2 gateway.
  • VM1 is in private cloud 1
  • VM2 is in private cloud 2
  • L2GW1 in private cloud 1 and L2GW2 in private cloud 2 are interoperable through VXLAN tunnel technology
  • VM1 and VM2 have VNIs of 5000
  • cloud management system is VNI configured for L2GW1.
  • the range is 7000 ⁇ 8999.
  • the cloud management system can select unused VNIs from 7000 to 8999, such as 7000, to map VMNIs to VM1 and VM2, and map them. It is delivered to L2GW1 and L2GW2.
  • L2GW1 receives the VXLAN packet containing 5000
  • the 5000 is modified to 7000
  • L2GW2 After receiving the VXLAN packet containing 7000, L2GW2 sends the 7000 modified 5000 to The vSwitch in the Host.
  • VM1 is in vlan1 in private cloud 1
  • VM2 is in vlan2 in private cloud 2.
  • Vlan1 and vlan2 are different virtual local area networks, where the IP addresses of VM1 and VM2 are 10.0.0.100 and 10.0.0.101, respectively:
  • 1VM1 finds that the IP address (10.0.0.101) of VM2 to be accessed is in the same network, and sends an ARP packet for obtaining the MAC address corresponding to 10.0.0.101 to vSwitch1 through vlan1.
  • the ARP packet contains : The IP address of VM2; after receiving the packet, vSwitch1 adds the identifier of vlan1 to the vlan packet. After that, vSwitch1 sends the vlan packet to the same vlan1 port as vlan1. At this time, the vlan packet enters the ovs in the OVS-vApp virtual switch. After receiving the vlan packet, ovs first removes the vlan identifier and corresponds to VM1. VNI, the vlan packet is converted to a VXLAN packet and forwarded to the L2GW1 in the private cloud 1 through the public port vlan0 of the vSwitch1.
  • L2GW1 in the private cloud 1 modifies the VNI in the received VXLAN packet, and the modified VXLAN packet arrives at the L2GW2 in the private cloud 2 through the VXLAN.
  • the L2GW2 in the private cloud 2 modifies the VNI in the received VXLAN packet to the VNI of the VM2, and sends the modified VXLAN packet to the vSwitch2 in the Host2 where the VM2 is located according to the VNI of the VM2, after which the vSwitch2 is based on VM2's IP address, remove the VNI in the received VXLAN packet, convert the vlan2 ID corresponding to VM2 into a vlan packet, and then remove the vlan flag to become an ARP packet and enter VM2 through vlan2.
  • VM2 receives the After the ARP packet, it will directly reply to VM1 with its own MAC address.
  • the foregoing describes only the communication between the VM in one Host and the VM in the other Host. If the VM of any other Host needs to communicate with the VM in the other Host, the The OVS-vApp virtual machine is added to the host, and the VMs are interoperable through the above methods. That is, the OVS-vApp virtual machine can be added to each Host, and the VM and other VMs in the Host can be realized by the OVS-vApp virtual machine. Communication between VMs in the Host.
  • the OVS-vApp virtual machine may be added only in one Host, and all VMs in any other Host may be implemented by the OVS-vApp virtual machine.
  • the communication between the third VM and the second VM is implemented in the embodiment of the present invention.
  • the third VM is located in the third host, and the third host is located in the first private cloud.
  • a private cloud further includes: a physical switch, and the OVS-vApp virtual machine is not deployed in the third host;
  • the OVS-vAPP virtual machine receives the third vlan sent by the physical switch through the virtual switch in the first Host.
  • a data packet the third vlan data packet is sent by the virtual switch in the third host to the physical switch, and the third vlan data packet is encapsulated by an Ethernet data packet sent by the third VM, and the Ethernet data packet is sent.
  • a data packet to the second VM the third vlan data packet includes: a vlan identifier of the fourth vlan port corresponding to the third VM, and address information of the second VM;
  • the OVS-vAPP virtual machine encapsulates the third vlan data packet into a second VXLAN data packet, and sends a second VXLAN data packet to the second host, so that the second host sends the second VXLAN data packet to the second VM.
  • the second VXLAN data packet includes: a second virtual VNI, where the second VNI is used to identify a coverage area of the Layer 2 network where the third VM is located.
  • the physical switch can be configured with a first trunk port corresponding to the third host and a second trunk port corresponding to the first host, and the virtual switch in the third host can use the trunk port to send the third vlan packet.
  • the physical switch can send the third vlan packet to the vSwitch in the first host through the second trunk port, and the vlan receives the received third vlan packet to the OVS-vAPP virtual machine, where OVS A vlan port with the same function as the vlan port connected to the third VM is created on the -vAPP virtual machine.
  • the process of sending the second VXLAN data packet to the second host by the OVS-vAPP virtual machine is the same as the process of sending the first VXLAN data packet to the second host by the OVS-vAPP virtual machine, and details are not described herein again.
  • VM3 is in vlan3 in private cloud 1
  • VM2 is in vlan2 in private cloud 2.
  • Vlan3 and vlan2 are different virtual local area networks, wherein the IP addresses of VM3 and VM2 are 10.0.0.102 and 10.0.0.101, respectively:
  • 1VM3 finds that the IP address (10.0.0.101) of VM2 to be accessed is in the same network, and sends an ARP packet for obtaining the MAC address corresponding to 10.0.0.101 to vSwitch3 through vlan3.
  • the ARP packet contains : The IP address of VM2; after receiving the packet, vSwitch3 adds the identifier of vlan3 to the vlan packet. After that, vSwitch3 sends the vlan packet to the physical switch through the trunk2 port. The physical switch sends the received vlan packet to vSwitch1 in Host1 through the trunk1 port. vSwitch1 sends the vlan packet through the same vlan port as vlan1.
  • the ovs When the vlan packet enters the ovs in the OVS-vApp virtual switch, the ovs first removes the vlan identifier after receiving the vlan packet, and puts the VNI corresponding to the VM3, and converts the vlan packet into a VXLAN packet through the public port of the vSwitch1. Vlan0 is forwarded to L2GW1 in private cloud 1.
  • L2GW1 in the private cloud 1 modifies the VNI in the received VXLAN packet, and the modified VXLAN packet arrives at the L2GW2 in the private cloud 2 through the VXLAN.
  • the L2GW2 in the private cloud 2 modifies the VNI in the received VXLAN packet to the VNI of the VM2, and sends the modified VXLAN packet to the vSwitch2 in the Host2 where the VM2 is located according to the VNI of the VM2, after which the vSwitch2 is based on VM2's IP address, remove the VNI in the received VXLAN packet, convert the vlan2 ID corresponding to VM2 into a vlan packet, and then remove the vlan flag and change the ARP packet to vm2 through vlan2.
  • vm2 receives the IP address. After the ARP packet, it will directly reply to VM3 with its own MAC address.
  • the embodiment of the present invention provides a method for communicating across a network.
  • the OVS-vAPP virtual machine receives the first vlan data packet sent by the first virtual switch in the first host, and encapsulates the first vlan data packet into the first packet. VXLAN And transmitting the first VXLAN data packet to the second host, so that the second host processes the first VXLAN data packet and sends the data to the second VM.
  • the communication between the VMs is realized by the OVS-vAPP virtual machine, and there is no need to deploy the agent in the VM and virtualize the additional network card, thereby avoiding the need to deploy the agent in the VM when implementing communication between different Layer 2 networks. And the problem of reduced network security caused by virtualizing additional network cards.
  • the above-mentioned scheme for cross-network communication provided by the embodiment of the present invention is mainly introduced from the perspective of the OVS-vAPP virtual machine.
  • the OVS-vAPP virtual machine includes corresponding hardware structures and/or software modules for performing various functions in order to implement the above functions.
  • the present invention can be implemented in a combination of hardware or hardware and computer software in combination with the elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
  • the embodiment of the present invention may divide the function module of the OVS-vAPP virtual machine according to the foregoing method example.
  • each function module may be divided according to each function, or two or more functions may be integrated into one processor.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of the module in the embodiment of the present invention is schematic, and is only a logical function division, and the actual implementation may have another division manner.
  • FIG. 8 is a schematic diagram showing a possible structure of the OVS-vAPP virtual machine involved in the foregoing embodiment.
  • the OVS-vAPP virtual machine is shown in FIG. 20 may include a receiving unit 201, a packaging unit 202, and a transmitting unit 203.
  • the receiving unit 201 is configured to support the OVS-vAPP virtual machine to execute the process S101 in FIG. 4, and the encapsulating unit 202 and the sending unit 203 are used to jointly support the OVS-vAPP virtual machine to execute the process S102 in FIG. 4. All the related content of the steps involved in the foregoing method embodiments may be referred to the functional descriptions of the corresponding functional modules, and details are not described herein again.
  • FIG. 9 shows a possible structural diagram of the OVS-vAPP virtual machine involved in the above embodiment.
  • the OVS-vAPP virtual machine 300 includes a processor 3011, a memory 3012, a transceiver 3013, and a communication bus 3014.
  • the processor 3011, the memory 3012, and the transceiver 3013 are connected to each other through a communication bus 3014.
  • the communication bus 3014 may be a peripheral component interconnection.
  • PCI Peripheral Component Interconnect
  • EISA Extended Industry Standard Architecture
  • the bus can be divided into an address bus, a data bus, a control bus, and the like.
  • the processor 3011 may be a processor or a controller, and may be, for example, a central processing unit (CPU), a general-purpose processor, a digital signal processor (DSP), and an application specific integrated circuit (Application-Specific). Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure.
  • CPU central processing unit
  • DSP digital signal processor
  • ASIC Application-Specific
  • FPGA Field Programmable Gate Array
  • the processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, etc., for controlling and managing the actions of the OVS-vAPP virtual machine, for example,
  • the processor 3011 is configured to support the encapsulation process in S102 in FIG. 4,
  • the transceiver 3013 may be a transceiver circuit or a communication interface or the like for performing the process S101 in FIG. 4 and the transmitting process in the process S102 in FIG.
  • the disclosed system, apparatus, and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some port, device or unit, and may be electrical or otherwise.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network devices. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each functional unit may exist independently, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
  • the above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium.
  • the software functional units described above are stored in a storage medium and include instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform portions of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: Universal Serial Bus (USB) flash drive (English: USB flash drive), mobile hard disk, read-only memory (English: read-only memory, ROM), random access

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to the technical field of wireless communications, and provided in the present invention are a cross-network communication method and apparatus, used for solving the existing problem of reduced network security caused by deploying an agent in a virtual machine (VM) and virtualizing an extra network card while implementing communication between different two-layer networks. The method comprises: a routing virtual machine receiving a first vlan data packet sent by a first virtual switch in a first host, encapsulating the first vlan data packet into a first VXLAN data packet, and sending the first VXLAN data packet to a second host, so that the second host sends the first VXLAN packet to a second VM after processing.

Description

一种跨网络通信的方法、设备Method and device for communicating across networks 技术领域Technical field

本发明涉及无线通信技术领域,尤其涉及一种跨网络通信的方法、设备。The present invention relates to the field of wireless communication technologies, and in particular, to a method and device for communicating across a network.

背景技术Background technique

异构云网络是指:两个或以上的私有云采用不同的接入技术、或者是采用相同的无线接入技术但属于不同的无线运营商的私有云通过系统间融合的方式智能地结合在一起,使多种不同类型的私有云共同为用户提供随时随地的无线接入,从而构成异构云网络。Heterogeneous cloud network means that two or more private clouds use different access technologies, or private clouds that use the same wireless access technology but belong to different wireless carriers are intelligently integrated through inter-system convergence. Together, a variety of different types of private clouds are provided to provide users with wireless access anytime, anywhere, thereby forming a heterogeneous cloud network.

在异构云网络中,若不同私有云内的虚拟机(Virtual Machine,VM)在同一个二层网络内,则可以通过使用相同的虚拟局域网(Virtual Local Area Network,VLAN)网络实现网络间的互通。但是,在实际应用中,不同私有云内的VM通常不在同一个二层网络内,此时,则需要通过在不同私有云中的VM内部署代理(agent)来实现相同的地址空间管理,云管理系统通过运行在VM中的agent虚拟出额外的网卡,给该网卡配置统一的因特网协议(Internet Protocol,IP)地址,不同私有云间的VM之间通过这个虚拟的、同一网络的IP地址相互访问,且在访问过程中需要借助叠加(overlay)网络技术(如:虚拟扩展局域网(Virtual eXtensible Local Area Network,VXLAN)、通用路由封装(Generic Routing Encapsulation,GRE)以及虚拟专用网络(Virtual Private Network,VPN)等技术)的封装、解封装,最终实现网络互通。In a heterogeneous cloud network, if virtual machines (VMs) in different private clouds are in the same Layer 2 network, you can use the same Virtual Local Area Network (VLAN) network to implement inter-network connectivity. Interoperability. However, in practical applications, VMs in different private clouds are usually not in the same Layer 2 network. In this case, the same address space management needs to be implemented by deploying agents in VMs in different private clouds. The management system virtualizes the extra network card through the agent running in the VM, and configures the network card with a unified Internet Protocol (IP) address. The VMs between different private clouds pass each other through the virtual IP address of the same network. Access, and need to rely on overlay network technology (such as: Virtual eXtensible Local Area Network (VXLAN), Generic Routing Encapsulation (GRE), and Virtual Private Network (Virtual Private Network) Encapsulation and decapsulation of technologies such as VPN), and finally achieve network interworking.

由上可知,在异构云网络中,若想要实现不同二层网络间的互通,则需要在VM中定制虚拟机镜像并事先安装好agent,并在VM上虚拟出额外的网卡。由于在VM内部署agent时,很可能需要和外界通信,此时,VM会面临被外界攻破的安全问题;此外,VM中新增多余的网卡,用户可以使用新增的网卡与外界通信,网络安全不好控制。It can be seen from the above that in a heterogeneous cloud network, if you want to implement interworking between different Layer 2 networks, you need to customize the VM image in the VM and install the agent in advance, and virtualize the extra network card on the VM. Because the agent is deployed in the VM, it is likely to need to communicate with the outside world. At this time, the VM will face security problems that are attacked by the outside world. In addition, redundant VM cards are added to the VM, and users can use the newly added network card to communicate with the outside world. Bad security control.

发明内容Summary of the invention

本发明提供一种跨网络通信的方法、设备,以解决现有在实现不同二层网络间通信时,需要在VM中部署agent以及虚拟出额外的网卡导致的网络安全性降低的问题。The present invention provides a method and a device for communicating across a network, so as to solve the problem that the network security of the agent needs to be deployed in the VM and the additional network card is virtualized when the communication between different Layer 2 networks is implemented.

为达到上述目的,本发明采用如下技术方案:In order to achieve the above object, the present invention adopts the following technical solutions:

第一方面,提供一种跨网络通信的方法,该方法可以应用于第一虚拟机VM与第二VM间的通信,第一VM位于第一宿主机Host,第二VM位于第二Host,第一宿主机内创建有路由虚拟机,该方法可以包括:In a first aspect, a method for communicating across a network is provided. The method can be applied to communication between a first virtual machine VM and a second VM. The first VM is located at the first host Host, and the second VM is located at the second host. A routing virtual machine is created in a host, and the method may include:

路由虚拟机接收第一Host内的第一虚拟交换机发送的第一vlan数据包,第一vlan数据包由第一VM发出的以太网数据包封装而成,第一vlan数据包包含:与第一VM对应的第一vlan端口的vlan标识、以及第二VM的地址信息,并将第一vlan数据包封装为包含用于标识第一VM所在的二层网络的覆盖域的第一VNI的第一VXLAN数据包后,向第二Host发送第一VXLAN数据包,以便第二Host根据第二VM的地址信息、 以及第一VNI,将第一VXLAN数据包处理后发送至第二VM。The routing virtual machine receives the first vlan data packet sent by the first virtual switch in the first host, and the first vlan data packet is encapsulated by the Ethernet data packet sent by the first VM, where the first vlan data packet includes: The vlan identifier of the first vlan port corresponding to the VM and the address information of the second VM, and the first vlan data packet is encapsulated into a first VNI including a coverage domain for identifying a layer 2 network where the first VM is located After the VXLAN data packet, sending the first VXLAN data packet to the second Host, so that the second Host is based on the address information of the second VM, And the first VNI, the first VXLAN packet is processed and sent to the second VM.

需要说明的是,本发明所述的路由虚拟机是基于本发明描述的能够实现跨网络通信的元件,仅是为了便于描述本发明所提供的方案,而不是指示或暗示该元件必须由此命名,除此之外,该路由交换机可以命名为OVS-vAPP虚拟机,还可以命名为其他名称的虚拟机,因此不能理解为对本发明的限制。It should be noted that the routing virtual machine according to the present invention is an element capable of realizing communication across the network based on the description of the present invention, and is merely for convenience of describing the solution provided by the present invention, and does not indicate or imply that the component must be named thereby. In addition, the routing switch may be named as an OVS-vAPP virtual machine, and may also be named as a virtual machine of another name, and thus cannot be construed as limiting the present invention.

如此,通过路由虚拟机截获VM发出的数据包,将VM发出的数据包封装为三层VXLAN数据包,并将封装后的VXLAN数据包通过三层隧道技术技术发往其他私有云内的VM,以此实现不同二层网络间的互通,避免了在VM内部署agent以及虚拟出额外的网卡带来的安全性降低的问题。In this way, the routing virtual machine intercepts the data packet sent by the VM, encapsulates the data packet sent by the VM into a three-layer VXLAN data packet, and sends the encapsulated VXLAN data packet to the VM in the other private cloud through the three-layer tunnel technology. In this way, the interworking between different Layer 2 networks is realized, and the problem of reducing the security caused by deploying agents in the VM and virtualizing additional network cards is avoided.

可选的,路由虚拟机可以通过下述可实现方式接收第一虚拟交换机发出的第一vlan数据包:Optionally, the routing virtual machine can receive the first vlan packet sent by the first virtual switch by using the following implementation manner:

在第一方面的一种可实现方式中,结合第一方面,第一交换机上可以创建第二vlan端口,第二vlan端口与第一vlan端口具有相同的vlan标识,且第二vlan端口与路由虚拟机内的第二虚拟交换机连接;路由虚拟机接收第一Host内的第一虚拟交换机发送的第一vlan数据包可以包括:In an implementation manner of the first aspect, in combination with the first aspect, the second vlan port can be created on the first switch, the second vlan port and the first vlan port have the same vlan identifier, and the second vlan port and the route The second virtual switch in the virtual machine is connected to the first virtual switch that is sent by the first virtual switch in the first host, and the routing virtual machine may include:

路由虚拟机内的第二虚拟交换机接收第一虚拟交换机通过第二vlan端口发送的第一vlan数据包;The second virtual switch in the routing virtual machine receives the first vlan data packet sent by the first virtual switch through the second vlan port;

路由虚拟机将第一vlan数据包封装为第一VXLAN数据包可以包括:The routing virtual machine encapsulating the first vlan data packet into the first VXLAN data packet may include:

路由虚拟机内的第二虚拟交换机将第一vlan数据包封装为第一VXLAN数据包。The second virtual switch in the routing virtual machine encapsulates the first vlan data packet into the first VXLAN data packet.

在第一方面的又一种可实现方式中,结合第一方面,第一交换机上可以创建有中继trunk端口,路由虚拟机包含第二虚拟交换机,第二虚拟交换机上创建有第三vlan端口,trunk端口与第三vlan端口连接,且第三vlan端口与第一vlan端口具有相同的vlan标识;路由虚拟机接收第一Host内的第一虚拟交换机发送的第一vlan数据包,包括:In a further implementation manner of the first aspect, in combination with the first aspect, a trunk trunk port may be created on the first switch, the routing virtual machine includes a second virtual switch, and the third virtual switch has a third vlan port. The trunk port is connected to the third vlan port, and the third vlan port has the same vlan identifier as the first vlan port; the routing virtual machine receives the first vlan data packet sent by the first virtual switch in the first host, including:

路由虚拟机接收第一Host内的第一虚拟交换机通过trunk端口发送的第一vlan数据包;The routing virtual machine receives the first vlan data packet sent by the first virtual switch in the first host through the trunk port;

路由虚拟机根据第一vlan数据包内的vlan标识,通过与vlan标识对应的第三vlan端口将第一vlan数据包发送至第二虚拟交换;The routing virtual machine sends the first vlan data packet to the second virtual switch by using the vlan identifier in the first vlan data packet through the third vlan port corresponding to the vlan identifier.

路由虚拟机将第一vlan数据包封装为第一VXLAN数据包,包括:The routing virtual machine encapsulates the first vlan data packet into the first VXLAN data packet, including:

路由虚拟机内的第二虚拟交换机将第一vlan数据包封装为第一VXLAN数据包。The second virtual switch in the routing virtual machine encapsulates the first vlan data packet into the first VXLAN data packet.

如此,路由虚拟机可以上述两种方式截获Host内的VM发出的流量进行后续处理,并发送至对端VM。In this way, the routing virtual machine can intercept the traffic sent by the VM in the Host for subsequent processing and send it to the peer VM.

在第一方面的又一种可实现方式中,结合第一方面或者第一方面的任一可实现方式,第一Host可以位于第一私有云,第二Host可以位于第二私有云,第一私有云包含第一二层网关,第二私有云包含第二二层网关;路由虚拟机向第二Host发送第一VXLAN数据包可以包括:In a further implementation manner of the first aspect, in combination with the first aspect or any implementation manner of the first aspect, the first Host may be located in the first private cloud, and the second Host may be located in the second private cloud, the first The private cloud includes a first Layer 2 gateway, and the second private cloud includes a second Layer 2 gateway; the routing virtual machine sending the first VXLAN packet to the second Host may include:

路由虚拟机向第一二层网关发送第一VXLAN数据包,第一二层网关根据预设的第一VNI与第二VNI的对应关系,将接收到的第一VXLAN数据包内的第一VNI修改为第二VNI,并将包含第二VNI的第一VXLAN数据包通过第一二层网关与第二二层网关之 间的VXLAN隧道发送至第二二层网关,第二二层网关根据预设的第一VNI与第二VNI的对应关系,将接收到的第一VXLAN数据包内的第二VNI修改为第一VNI,并根据第一VNI将第一VXLAN数据包发送至第二Host。The routing virtual machine sends the first VXLAN data packet to the first layer 2 gateway, and the first layer 2 gateway receives the first VNI in the first VXLAN data packet according to the preset correspondence between the first VNI and the second VNI. Modifying to the second VNI, and passing the first VXLAN packet including the second VNI through the first Layer 2 gateway and the second Layer 2 gateway The VXLAN tunnel is sent to the second layer 2 gateway, and the second layer 2 gateway changes the second VNI in the received first VXLAN packet to the first according to the preset correspondence between the first VNI and the second VNI. VNI, and sends the first VXLAN data packet to the second Host according to the first VNI.

如此,可以通过私有云内的二层网关将路由虚拟机封装后的VXLAN数据包通过隧道技术发送至其他私有云内的二层网关,并经过其他私有云内的二层网关处理后,发送至Host内的VM。In this way, the VXLAN packet encapsulated by the routing virtual machine can be sent to the Layer 2 gateway in the other private cloud through the tunnel technology through the Layer 2 gateway in the private cloud, and processed by the Layer 2 gateway in the other private cloud, and then sent to the Layer 2 gateway in the other private cloud. The VM inside the Host.

此外,为了减少部署成本,在本发明的另一可行性方案中,还可以仅在一个Host内新增OVS-vApp虚拟机,其他任一Host内的所有VM可以通过该OVS-vApp虚拟机实现自身与其他VM间的通信,即在在第一方面的再一种可实现方式中,结合第一方面或者第一方面的任一种可实现方式,本发明还可以通过下述方法实现第三VM与第二VM间的通信,第三VM位于第三Host,第一Host与第三Host位于第一私有云,第一私有云还包括:物理交换机,且第三Host内未部署OVS-vApp虚拟机:In addition, in order to reduce the deployment cost, in another feasible solution of the present invention, the OVS-vApp virtual machine may be added only in one Host, and all VMs in any other Host may be implemented by the OVS-vApp virtual machine. The communication between itself and other VMs, that is, in another implementation manner of the first aspect, in combination with the first aspect or any one of the first aspects, the present invention can also implement the third method by the following method. Communication between the VM and the second VM, the third VM is located in the third host, the first Host and the third Host are located in the first private cloud, the first private cloud further includes: a physical switch, and the OVS-vApp is not deployed in the third Host virtual machine:

路由虚拟机接收物理交换机发送的由第三Host内的虚拟交换机发送至物理交换机的第三vlan数据包,第三vlan数据包由第三VM发出的以太网数据包封装而成,以太网数据包为发往第二VM的数据包,第三vlan数据包包含:与第三VM对应的第四vlan端口的vlan标识、以及第二VM的地址信息,路由虚拟机将第三vlan数据包封装为第二VXLAN数据包,并向第二宿主机发送第二VXLAN数据包,以便第二Host根据第二VM的地址信息、以及第二VNI,将第二VXLAN数据包处理后发送至第二VM,第二VNI用于标识第三VM所在的二层网络的覆盖域。The routing virtual machine receives the third vlan data packet sent by the physical switch and sent by the virtual switch in the third host to the physical switch, and the third vlan data packet is encapsulated by the Ethernet data packet sent by the third VM, and the Ethernet data packet is formed. For the data packet sent to the second VM, the third vlan data packet includes: a vlan identifier of the fourth vlan port corresponding to the third VM, and address information of the second VM, and the routing virtual machine encapsulates the third vlan data packet into a second VXLAN packet, and sending a second VXLAN packet to the second host, so that the second Host processes the second VXLAN packet and sends the packet to the second VM according to the address information of the second VM and the second VNI. The second VNI is used to identify the coverage area of the Layer 2 network where the third VM is located.

如此,可以在Host内未部署路由虚拟机的情况下,将本Host内VM发出的数据包通过其他Host内的路由虚拟机进行VXLAN封装,并由路由虚拟机将封装后的VXLAN数据包发送至对端VM所在的Host。In this way, if the routing virtual machine is not deployed in the host, the data packet sent by the VM in the host is encapsulated in the VXLAN by the routing virtual machine in the other host, and the encapsulated VXLAN data packet is sent by the routing virtual machine to the routing virtual machine. Host where the peer VM is located.

第二方面,提供一种路由虚拟机,包括发送单元、封装单元、接收单元;A second aspect provides a routing virtual machine, including a sending unit, a packaging unit, and a receiving unit;

接收单元,用于接收第一Host内的第一虚拟交换机发送的第一vlan数据包;a receiving unit, configured to receive a first vlan data packet sent by the first virtual switch in the first host;

封装单元,用于将接收单元接收到的第一vlan数据包封装为第一VXLAN数据包;a packaging unit, configured to encapsulate the first vlan data packet received by the receiving unit into a first VXLAN data packet;

发送单元,还用于向第二宿主机发送封装单元封装后的第一VXLAN数据包。The sending unit is further configured to send, to the second host, the first VXLAN data package encapsulated by the unit.

其中,第二方面的具体实现方式可以参考第一方面或第一方面的可能的实现方式提供的跨网络通信的方法中路由虚拟机的行为功能,因此,第二方面提供的路由虚拟机可以达到与第一方面相同的有益效果。The specific implementation manner of the second aspect may refer to the behavior of the virtual machine in the cross-network communication method provided by the first aspect or the possible implementation manner of the first aspect. Therefore, the routing virtual machine provided by the second aspect may reach The same benefits as the first aspect.

第三方面,提供一种路由虚拟机,包括处理器、收发器;In a third aspect, a route virtual machine is provided, including a processor and a transceiver;

收发器,用于接收第一Host内的第一虚拟交换机发送的第一vlan数据包;a transceiver, configured to receive a first vlan data packet sent by the first virtual switch in the first host;

处理器,用于将收发器接收到的第一vlan数据包封装为第一VXLAN数据包;a processor, configured to encapsulate the first vlan data packet received by the transceiver into a first VXLAN data packet;

处理器,还用于向第二宿主机发送处理器封装后的第一VXLAN数据包。The processor is further configured to send the first VXLAN data package after the processor is encapsulated to the second host.

其中,第三方面的具体实现方式可以参考第一方面或第一方面的可能的实现方式提供的跨网络通信的方法中路由虚拟机的行为功能,因此,第三方面提供的路由虚拟机可以达到与第一方面相同的有益效果。The specific implementation manner of the third aspect may refer to the behavior of the virtual machine in the method for cross-network communication provided by the first aspect or the possible implementation manner of the first aspect. Therefore, the routing virtual machine provided by the third aspect may reach The same benefits as the first aspect.

第四方面,提供一种存储一个或多个程序的非易失性计算机可读存储介质,该一个或多个程序包括指令,指令当被包括第二方面或第三方面或上述任一种可能的实现方式所述路由虚拟机执行时,使路由虚拟机执行以下事件: In a fourth aspect, a non-transitory computer readable storage medium storing one or more programs, the instructions comprising instructions, when included in the second aspect or the third aspect or any of the above, Implementation When the routing virtual machine executes, the routing virtual machine performs the following events:

接收第一Host内的第一虚拟交换机发送的第一vlan数据包,将第一vlan数据包封装为第一VXLAN数据包,并向第二宿主机发送第一VXLAN数据包,以便第二宿主机将第一VXLAN数据包处理后发送至第二VM。Receiving a first vlan data packet sent by the first virtual switch in the first host, encapsulating the first vlan data packet into a first VXLAN data packet, and sending the first VXLAN data packet to the second host, so that the second host device The first VXLAN packet is processed and sent to the second VM.

其中,第四方面的具体实现方式可以参考第一方面或第一方面的可能的实现方式提供的跨网络通信的方法中路由虚拟机的行为功能,因此,第四方面提供的路由虚拟机可以达到与第一方面相同的有益效果。The specific implementation manner of the fourth aspect may refer to the behavior of the virtual machine in the cross-network communication method provided by the first aspect or the possible implementation manner of the first aspect. Therefore, the routing virtual machine provided by the fourth aspect may reach The same benefits as the first aspect.

附图说明DRAWINGS

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.

图1为异构云网络的架构示意图;1 is a schematic diagram of an architecture of a heterogeneous cloud network;

图2为本发明实施例提供的异构云网络的架构示意图;2 is a schematic structural diagram of a heterogeneous cloud network according to an embodiment of the present invention;

图3为本发明实施例提供的一种物理主机的结构示意图;FIG. 3 is a schematic structural diagram of a physical host according to an embodiment of the present disclosure;

图4为本发明实施例提供的一种跨网络通信的方法的流程图;FIG. 4 is a flowchart of a method for communicating across a network according to an embodiment of the present invention;

图5A为本发明实施例提供的一种宿主机的结构图;FIG. 5 is a structural diagram of a host machine according to an embodiment of the present invention; FIG.

图5B为本发明实施例提供的又一种宿主机的结构图;FIG. 5B is a structural diagram of still another host machine according to an embodiment of the present invention; FIG.

图6为本发明实施例提供的一种跨网络通信的过程示意图;FIG. 6 is a schematic diagram of a process of communicating across a network according to an embodiment of the present invention;

图7为本发明实施例提供的一种跨网络通信的过程示意图;FIG. 7 is a schematic diagram of a process of communicating across a network according to an embodiment of the present invention;

图8为本发明实施例提供的一种OVS-vAPP虚拟机的结构示意图;FIG. 8 is a schematic structural diagram of an OVS-vAPP virtual machine according to an embodiment of the present disclosure;

图9为本发明实施例提供的一种OVS-vAPP虚拟机的结构示意图。FIG. 9 is a schematic structural diagram of an OVS-vAPP virtual machine according to an embodiment of the present invention.

具体实施方式detailed description

本发明的原理是:在VM所在的宿主机内新增一个路由虚拟机,由该路由虚拟机截获VM发出的数据包,将VM发出的数据包封装为VXLAN数据包,并将封装后的VXLAN数据包通过overlay网络技术发往其他私有云内的VM,以此实现不同二层网络间的互通,避免了在VM内部署agent以及虚拟出额外的网卡。The principle of the present invention is: adding a routing virtual machine in the host where the VM is located, the routing virtual machine intercepts the data packet sent by the VM, encapsulates the data packet sent by the VM into a VXLAN data packet, and encapsulates the VXLAN packet. The data packets are sent to the VMs in other private clouds through the overlay network technology, so as to achieve interworking between different Layer 2 networks, avoiding the deployment of agents in the VM and virtualizing additional network cards.

需要说明的是,本发明所述的路由虚拟机是基于本发明描述的能够实现跨网络通信的元件,仅是为了便于描述本发明所提供的方案,而不是指示或暗示该元件必须由此命名,因此不能理解为对本发明的限制,如:该路由交换机可以命名为OVS-vAPP虚拟机,还可以命名为其他名称的虚拟机,本发明实施例对比不进行限定。可选的,在本发明下述的实施方式中,可以将新增的“路由虚拟机”命名为“OVS-vAPP虚拟机”对本发明提供的异构云网络通信的方法、设备进行描述。It should be noted that the routing virtual machine according to the present invention is an element capable of realizing communication across the network based on the description of the present invention, and is merely for convenience of describing the solution provided by the present invention, and does not indicate or imply that the component must be named thereby. Therefore, the limitation of the present invention is not limited. For example, the routing switch may be named as an OVS-vAPP virtual machine, and may also be named as a virtual machine of another name. Optionally, in the following embodiments of the present invention, the newly added “routing virtual machine” may be named “OVS-vAPP virtual machine” to describe the method and device for heterogeneous cloud network communication provided by the present invention.

下面结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整的描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.

需要说明的是,本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示 可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。It should be noted that the term "and/or" in this document is merely an association relationship describing the associated object, indicating There may be three relationships, for example, A and/or B, which may indicate that there are three cases where A exists separately, and A and B exist simultaneously, and B exists separately. In addition, the character "/" in this article generally indicates that the contextual object is an "or" relationship.

本发明所述的跨网络通信的方法可以应用于异构云网络,以实现异构云网络中处于不同二层网络的VM间的通信。为了便于描述,本发明实施例仅以图1所示的异构云网络为例,对本发明提供的异构云网络通信的方法、设备进行描述,其中,处于不同二层网络的VM是指:处于不同虚拟局域网的VM,该二层网络可以为二层虚拟网络,也可以为二层物理网络。The method for cross-network communication according to the present invention can be applied to a heterogeneous cloud network to implement communication between VMs in different Layer 2 networks in a heterogeneous cloud network. For the convenience of description, the embodiment of the present invention uses only the heterogeneous cloud network shown in FIG. 1 as an example to describe the method and device for heterogeneous cloud network communication provided by the present invention. The VMs in different Layer 2 networks refer to: A VM that is in a different virtual local area network. The Layer 2 network can be a Layer 2 virtual network or a Layer 2 physical network.

如图1所示,该异构云网络可以包括:云管理系统(cloud manager)、以及至少一个私有云。其中,云管理系统由多个服务器组成,主要用于统一管理异构云网络中私有云内的资源(如计算、网络、存储资源)分配,能够使用同一个子网内的IP地址在不同的私有云上部署VM,即为不同私有云内的VM分配同一个子网内的IP地址。不同私有云可以在同一个二层网络内,也可以不在同一个二层网络,同一私有云(简称:云)内部可以包含网络服务器(Network Server)、二层网关(Lay2Gateway,L2GW)、虚拟交换机(vSwitch)、以及多个宿主机(Host);网络服务器内部可以部署有动态主机配置协议(Dynamic Host Configuration Protocol,DCHP)服务器,该DCHP服务器可以用于存储各VM的I P地址;L2GW主要用于与其他私有云内的L2GW通过overlay网络技术实现网络互通;vSwitch用于实现Host间的数据传输,其内部可以部署有不同的vlan端口,可以用于通过vlan端口将不同VM发出的数据包隔离开来;vSwitch和Host可以运行在私有云中物理主机(图1中未画出)的硬件层之上,每个Host可以包含多个VM。需要说明的是,图1仅为示意图,图1所示私有云、宿主机、以及VM的只是示例,其数量对本发明所述方案不构成限制,在实际部署时,异构云网络内可以部署不同于图1所示的多个部件。As shown in FIG. 1, the heterogeneous cloud network may include: a cloud manager, and at least one private cloud. The cloud management system is composed of multiple servers, and is mainly used for uniformly managing resources (such as computing, network, and storage resources) in a private cloud in a heterogeneous cloud network, and can use IP addresses in the same subnet in different private groups. VMs are deployed on the cloud, that is, VMs in different private clouds are assigned IP addresses in the same subnet. Different private clouds can be in the same Layer 2 network or not in the same Layer 2 network. The same private cloud (referred to as: Cloud) can include Network Server, Layer 2 Gateway (L2G), and Virtual Switch. (vSwitch), and multiple hosts (Host); a dynamic host configuration protocol (DCHP) server can be deployed inside the network server, and the DCHP server can be used to store the IP address of each VM; the L2GW is mainly used. The L2GW in other private clouds can communicate with each other through the overlay network technology. The vSwitch is used to implement data transmission between hosts. Different vlan ports can be deployed in the private network. The vlan ports can be used to isolate packets sent by different VMs through the vlan port. The vSwitch and Host can run on the hardware layer of the physical host (not shown in Figure 1) in the private cloud. Each Host can contain multiple VMs. It should be noted that FIG. 1 is only a schematic diagram, and the private cloud, the host machine, and the VM shown in FIG. 1 are only examples, and the number thereof does not limit the solution of the present invention. In actual deployment, the heterogeneous cloud network can be deployed. Different from the multiple components shown in Figure 1.

此时,若要实现图1中私有云1内的VM与私有云2内的VM间的通信,现有技术人员则需要在VM内部署agent和虚拟出额外的网卡,但这样做会降低网络的安全性,为解决该问题,如图2所示,本发明在私有云的宿主机内新增OVS-vAPP虚拟机,该OVS-vAPP虚拟机内也可以部署有vSwitch(简称ovs),当宿主机内的VM接入到宿主机内vSwitch上的vlan端口后,可以在OVS-vAPP虚拟机上创建一个与该vlan端口功能相同的vlan端口,并在OVS-vAPP虚拟机内部将创建的vlan端口添加到ovs上,这样,VM发出的流量通过宿主机内的vSwitch后,流入OVS-vAPP虚拟机内的ovs上,通过该OVS-vAPP虚拟机截获VM发出的所有流量,并由OVS-vAPP虚拟机将截获到的流量经过处理(如封装成VXLAN数据包)后,通过私有云之间的隧道发送至其他私有云内的VM上,实现不同网络间VM的互通。At this time, if the communication between the VM in the private cloud 1 and the VM in the private cloud 2 in FIG. 1 is to be realized, the existing technician needs to deploy the agent and virtualize the extra network card in the VM, but this will reduce the network. Security, in order to solve the problem, as shown in FIG. 2, the present invention adds an OVS-vAPP virtual machine to the host of the private cloud, and the VSwitch (ovs) can also be deployed in the OVS-vAPP virtual machine. After the VM in the host accesses the vlan port on the vSwitch in the host, a vlan port with the same function as the vlan port can be created on the OVS-vAPP virtual machine, and the vlan created in the OVS-vAPP virtual machine will be created. The port is added to the ovs, so that the traffic sent by the VM passes through the vSwitch in the host, and then flows into the ovs in the OVS-vAPP virtual machine, and all traffic sent by the VM is intercepted by the OVS-vAPP virtual machine, and OVS-vAPP is used. After the virtual machine processes the intercepted traffic (for example, encapsulated into a VXLAN packet), it is sent to the VMs in other private clouds through the tunnel between the private clouds to implement VM interworking between different networks.

需要说明的是,为了将Host内独立于OVS-vAPP虚拟机之外的虚拟交换机、以及OVS-vAPP虚拟机内的虚拟交换机区分开来,在本发明所述方案中,将独立于OVS-vAPP虚拟机之外的虚拟交换机称之为:vSwitch,将OVS-vAPP虚拟机内的虚拟交换机称之为:ovs。It should be noted that, in order to distinguish the virtual switch in the Host from the virtual switch other than the OVS-vAPP virtual machine and the virtual switch in the OVS-vAPP virtual machine, in the solution of the present invention, it will be independent of the OVS-vAPP. The virtual switch outside the virtual machine is called: vSwitch, and the virtual switch in the OVS-vAPP virtual machine is called: ovs.

下面结合图3对OVS-vAPP虚拟机运行的硬件环境进行具体介绍:The hardware environment in which the OVS-vAPP virtual machine runs is described in detail below with reference to Figure 3:

如图3所示,OVS-vAPP虚拟机1041运行在Host104之上,该Host104运行在物理主机10的硬件层之上,该硬件层可以包括远程直接数据存储(Remote Direct Memory Access,RDMA)网卡103,可选的,如图3所示,该硬件层还可以至少一个处理器102和存储器101,这些装置之间通过通信总线或者直连方式进行连接和相互通信。其中,Host104还可以包括除OVS-vAPP虚拟机1041之外的多个VM1042、以及vSwitch1043。 As shown in FIG. 3, the OVS-vAPP virtual machine 1041 runs on the Host 104, which runs on the hardware layer of the physical host 10, and the hardware layer may include a Remote Direct Memory Access (RDMA) network card 103. Optionally, as shown in FIG. 3, the hardware layer may further include at least one processor 102 and a memory 101, and the devices are connected and communicated with each other through a communication bus or a direct connection. The Host 104 may further include a plurality of VMs 1042 and vSwitch 1043 in addition to the OVS-vAPP virtual machine 1041.

其中,Host104作为管理层,用以完成硬件资源的管理、分配,为其内虚拟机呈现虚拟硬件平台,虚拟硬件平台对其上运行的各个虚拟机(如:OVS-vAPP虚拟机1041、VM1042、以及vSwitch1043)提供各种硬件资源,如提供虚拟处理器(VCPU)、虚拟内存、虚拟磁盘、虚拟网卡等等。Host104 is used as the management layer to manage and allocate hardware resources, and presents a virtual hardware platform for the internal virtual machine. The virtual hardware platform runs on each virtual machine (such as: OVS-vAPP virtual machine 1041, VM1042). And vSwitch1043) provides various hardware resources, such as providing virtual processors (VCPUs), virtual memory, virtual disks, virtual network cards, and so on.

OVS-vAPP虚拟机1041、VM1042、以及vSwitch1043就像真正的计算机那样进行工作,OVS-vAPP虚拟机1041、VM1042、以及vSwitch1043上可以安装操作系统和应用程序,OVS-vAPP虚拟机1041、VM1042、以及vSwitch1043还可访问网络资源。The OVS-vAPP virtual machine 1041, VM1042, and vSwitch 1043 work like a real computer. The OVS-vAPP virtual machine 1041, VM 1042, and vSwitch 1043 can be installed with operating systems and applications, the OVS-vAPP virtual machine 1041, VM 1042, and The vSwitch1043 also has access to network resources.

硬件层内的RDMA网卡103可以为支持RDMA功能的各种网卡,例如,可以为无线宽带(InfiniBand)卡或以太网(RDMA over Converged Ethernet,RoCE)卡等。The RDMA network card 103 in the hardware layer may be various network cards supporting the RDMA function, for example, an InfiniBand card or an RDMA over Converged Ethernet (RoCE) card.

处理器102可以是一个中央处理器(Central Processing Unit,CPU),或者是特定集成电路(Application Specific Integrated Circuit,ASIC),或者是被配置成实施本发明实施例的一个或多个集成电路。The processor 102 can be a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement embodiments of the present invention.

存储器101可以包括随机存取存储器,并向处理器102提供指令和数据。Memory 101 can include random access memory and provides instructions and data to processor 102.

为便于描述,以下实施例以步骤的形式示出并详细描述了本发明提供的跨网络通信的过程,其中,示出的步骤除在OVS-vAPP虚拟机内执行之外,也可以在一组可执行指令的计算机系统中执行。此外,虽然在图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。For convenience of description, the following embodiments show and describe in detail the process of cross-network communication provided by the present invention in the form of steps, wherein the steps shown may be performed in addition to being executed in the OVS-vAPP virtual machine. Executed in a computer system that executes instructions. Moreover, although logical sequences are shown in the figures, in some cases the steps shown or described may be performed in a different order than the ones described herein.

实施例一Embodiment 1

图4为本发明实施例提供的一种跨网络通信的方法的流程图,可以由图2和图3所示的OVS-vAPP虚拟机执行,用于实现第一VM与第二VM间的通信,其中,第一VM位于第一Host,第二VM位于第二Host,OVS-vAPP虚拟机位于第一Host;如图4所示,所述方法可以包括以下步骤:FIG. 4 is a flowchart of a method for communicating across a network according to an embodiment of the present invention, which may be executed by the OVS-vAPP virtual machine shown in FIG. 2 and FIG. 3, for implementing communication between a first VM and a second VM. The first VM is located in the first Host, the second VM is located in the second Host, and the OVS-vAPP virtual machine is located in the first Host. As shown in FIG. 4, the method may include the following steps:

S101:OVS-vAPP虚拟机接收第一Host内的第一虚拟交换机发送的第一vlan数据包,该第一vlan数据包由第一VM发出的以太网数据包封装而成,该以太网数据包为发往第二VM的数据包,该第一vlan数据包包含:与第一VM对应的第一vlan端口的vlan标识、以及第二VM的地址信息。S101: The OVS-vAPP virtual machine receives the first vlan data packet sent by the first virtual switch in the first host, where the first vlan data packet is encapsulated by an Ethernet data packet sent by the first VM, and the Ethernet data packet is encapsulated. For the data packet sent to the second VM, the first vlan data packet includes: a vlan identifier of the first vlan port corresponding to the first VM, and address information of the second VM.

其中,第一VM可以为第一Host内的任一VM,第一VM发出的以太网数据包可以包括但不限于下述几类数据包:用于请求获取第一VM的媒体访问控制(Media Access Control,MAC)地址的地址解析协议(Address Resolution Protocol,ARP)、用于请求获取第一VM的IP地址的数据包、用于请求业务数据的数据包。The first VM may be any VM in the first Host, and the Ethernet data packet sent by the first VM may include, but is not limited to, the following types of data packets: media access control for requesting acquisition of the first VM (Media) An Address Resolution Protocol (ARP) of an Access Control (MAC) address, a data packet for requesting acquisition of an IP address of a first VM, and a data packet for requesting service data.

vlan标识用于标识第一vlan端口,该第一vlan端口可以部署在第一虚拟交换机上,且与第一VM连接。The vlan identifier is used to identify the first vlan port, and the first vlan port can be deployed on the first virtual switch and connected to the first VM.

第二VM的地址信息可以为第二VM的IP地址或者第二VM的MAC地址。The address information of the second VM may be the IP address of the second VM or the MAC address of the second VM.

可选的,在第一VM启动之后,第一VM可以将自身发出的以太网数据包通过与该第一VM连接的第一vlan端口发送至第一虚拟交换机,第一虚拟交换机从第一vlan端口接收到以太网数据包之后,根据第一vlan端口的vlan标识,将该以太网数据包封装上第一vlan端口的vlan标识生成第一vlan数据包,如:可以在以太网数据包的头部添加第一vlan端口的vlan标识。需要说明的是,在生成第一vlan数据包的过程中,包括但不限于仅在以太网数据包上添加vlan标识,除此之外,还可以添加上:内 层以太网头部、内层IP头部、以及其他有效内容。Optionally, after the first VM is started, the first VM may send the Ethernet packet sent by itself to the first virtual switch by using the first vlan port connected to the first VM, where the first virtual switch is from the first vlan. After receiving the Ethernet data packet, the port generates the first vlan data packet by encapsulating the Ethernet data packet with the vlan identifier of the first vlan port according to the vlan identifier of the first vlan port, for example, the head of the Ethernet data packet. Add the vlan ID of the first vlan port. It should be noted that, in the process of generating the first vlan data packet, including but not limited to adding the vlan identifier only on the Ethernet data packet, in addition, you can add: Layer Ethernet header, inner IP header, and other payloads.

可选的,在第一虚拟交换机生成第一vlan数据包后,OVS-vAPP虚拟机可以通过下述两种方式接收第一虚拟交换机发出的第一vlan数据包:Optionally, after the first virtual switch generates the first vlan data packet, the OVS-vAPP virtual machine can receive the first vlan data packet sent by the first virtual switch in the following two manners:

方式一:在第一交换机上创建第二vlan端口,第二vlan端口与第一vlan端口具有相同的vlan标识,且第二vlan端口与OVS-vAPP虚拟机内的第二虚拟交换机连接;Manner 1: The second vlan port is created on the first switch, the second vlan port has the same vlan identifier as the first vlan port, and the second vlan port is connected to the second virtual switch in the OVS-vAPP virtual machine.

第一虚拟交换机可以根据封装后的第一vlan数据包中的第一vlan标识,查找与第一vlan标识对应的除第一vlan端口之外的其他vlan端口,将封装后的第一vlan数据包通过第二vlan端口发送出去;The first virtual switch may search for the first vlan port after the first vlan port corresponding to the first vlan identifier according to the first vlan identifier in the encapsulated first vlan data packet, and the encapsulated first vlan data packet. Sended through the second vlan port;

OVS-vAPP虚拟机内的第二虚拟交换机可以从第二vlan端口接收第一虚拟交换机发出的第一vlan数据包。The second virtual switch in the OVS-vAPP virtual machine can receive the first vlan packet sent by the first virtual switch from the second vlan port.

其中,上述第二vlan端口与第一vlan端口具有相同的vlan标识可以指:第二vlan端口和第一vlan端口具有相同功能,第二vlan端口支持传输从第一vlan端口发出的数据包。需要说明的是,在实际部署时,第一vlan端口和第二vlan端口可以采用相同名称进行命名,也可以采用不同名称命名,本发明实施例对此不进行限定。The second vlan port and the first vlan port have the same vlan identifier, and the second vlan port and the first vlan port have the same function, and the second vlan port supports transmitting the data packet sent from the first vlan port. It should be noted that, in actual deployment, the first vlan port and the second vlan port may be named by the same name, or may be named by different names, which is not limited by the embodiment of the present invention.

例如,如图5A所示,在Host1内包含两个虚拟机:VM1、VM2,VM1与vSwtich1上的vlan1端口连接,VM2与vSwtich1上的vlan2端口连接,此时,可以在vSwtich1上新增与vlan1端口具有相同功能的vlan端口、与vlan2端口具有相同功能的vlan端口,且与vlan1端口具有相同功能的vlan端口、与vlan2端口具有相同功能的vlan端口与ovs连接(如图5A虚框内所示),如此,vSwtich1可以在接收到VM1通过vlan1端口发送的以太网数据包之后,将该以太网数据包封装成vlan数据包,并通过虚框内与vlan1端口具有相同功能的vlan端口发送至ovs。For example, as shown in FIG. 5A, two virtual machines are included in Host1: VM1 and VM2, VM1 is connected to vlan1 port on vSwtich1, and VM2 is connected to vlan2 port on vSwtich1. At this time, vlan1 can be added to vSwtich1. A port with the same function as the vlan port and the vlan port with the same function as the vlan2 port, and the vlan port with the same function as the vlan1 port and the vlan port with the same function as the vlan2 port are connected to the ovs (as shown in the virtual box in Figure 5A). So, after receiving the Ethernet packet sent by VM1 through the vlan1 port, vSwtich1 encapsulates the Ethernet packet into a vlan packet and sends it to the ovs through the vlan port in the virtual box that has the same function as the vlan1 port. .

方式二:在第一交换机上创建中继(trunk)端口,在OVS-vAPP虚拟机内的第二虚拟交换机上创建第三vlan端口,trunk端口与第三vlan端口连接,且第三vlan端口与第一vlan端口具有相同的vlan标识;Manner 2: Create a trunk port on the first switch, create a third vlan port on the second virtual switch in the OVS-vAPP virtual machine, connect the trunk port to the third vlan port, and connect the third vlan port with The first vlan port has the same vlan identifier;

第一虚拟交换机可以将封装后的第一vlan数据包通过trunk端口发送出去;The first virtual switch can send the encapsulated first vlan packet through the trunk port;

OVS-vAPP虚拟机可以接收从trunk端口发出的第一vlan数据包,根据第一vlan数据包内的第一vlan标识,并将该第一vlan数据包通过具有第一vlan标识的第三vlan端口发送至OVS-vAPP虚拟机内的第二虚拟交换机。The OVS-vAPP virtual machine can receive the first vlan data packet sent from the trunk port, according to the first vlan identifier in the first vlan data packet, and pass the first vlan data packet to the third vlan port with the first vlan identifier. Send to the second virtual switch in the OVS-vAPP virtual machine.

如此,在实际部署时,不需要每次创建VM时都要在Host内的vSwtich上挂载与该VM连接的vlan端口具有相同功能的端口,而是一开始就在vSwtich上创建好一个trunk端口,并规划好其对应的vlan端口,将该trunk端口对应的vlan端口创建在ovs,后续,Host内有新的VM创建时,则需要在ovs上创建与与该新的VM连接的vlan端口具有相同功能的端口,并将新创建的vlan端口连接到trunk端口即可,以此减少Host内vSwtich上创建的vlan端口的数量,降低vSwtich的负载。Therefore, in actual deployment, it is not necessary to mount a port with the same function as the vlan port connected to the VM on the vSwtich in the host every time the VM is created, but to create a trunk port on the vSwtich from the beginning. And the corresponding vlan port is planned, and the vlan port corresponding to the trunk port is created in ovs. Subsequently, when a new VM is created in the host, the vlan port connected to the new VM needs to be created on the ovs. You can connect the newly created vlan port to the trunk port to reduce the number of vlan ports created on vSwtich in the host and reduce the load of vSwtich.

其中,上述第三vlan端口与第一vlan端口具有相同的vlan标识可以指:第三vlan端口和第一vlan端口具有相同功能,第三vlan端口支持传输从第一vlan端口发出的数据包。需要说明的是,在实际部署时,第一vlan端口和第三vlan端口可以采用相同名称进行命名,也可以采用不同名称命名,本发明实施例对此不进行限定。The third vlan port and the first vlan port have the same vlan identifier, and the third vlan port and the first vlan port have the same function, and the third vlan port supports transmitting the data packet sent from the first vlan port. It should be noted that, in actual deployment, the first vlan port and the third vlan port may be named by the same name, or may be named by different names, which is not limited in this embodiment of the present invention.

例如,如图5B所示,在Host1内包含两个虚拟机:VM1、VM2,VM1与vSwtich1 上的vlan1端口连接,VM2与vSwtich1上的vlan2端口连接,vSwtich1上创建有trunk端口,ovs上创建有与vlan1端口具有相同功能的vlan端口、与vlan2端口具有相同功能的vlan端口(如图5B虚框内所示),trunk端口与ovs上的vlan端口连接,如此,vSwtich1可以在接收到VM1通过vlan1端口发送的以太网数据包之后,将该以太网数据包封装成第一vlan数据包,并通过虚框内的trunk端口发送至OVS-vAPP虚拟机,OVS-vAPP虚拟机接收到该第一vlan数据包,根据第一vlan数据包内的vlan标识,通过与vlan1端口具有相同功能的vlan发送至ovs。For example, as shown in FIG. 5B, two virtual machines are included in Host1: VM1, VM2, VM1 and vSwtich1. On the vlan1 port, the VM2 is connected to the vlan2 port on the vSwtich1, and the trunk port is created on the vSwtich1. The vlan port with the same function as the vlan1 port and the vlan port with the same function as the vlan2 port are created on the ovs (as shown in Figure 5B). As shown in the box, the trunk port is connected to the vlan port on the ovs. Thus, the vSwtich1 can encapsulate the Ethernet packet into the first vlan packet after receiving the Ethernet packet sent by the VM1 through the vlan1 port. The OVS-vAPP virtual machine receives the first vlan data packet through the trunk port in the virtual box, and sends the first vlan data packet according to the vlan identifier in the first vlan data packet, and sends the vlan with the same function as the vlan1 port. To ovs.

S102:OVS-vAPP虚拟机将第一vlan数据包封装为第一VXLAN数据包,并向第二宿主机发送第一VXLAN数据包,以便第二宿主机将第一VXLAN数据包处理后发送至第二VM,其中,第一VXLAN数据包包含:第一虚拟扩展局域网标识VNI。S102: The OVS-vAPP virtual machine encapsulates the first vlan data packet into the first VXLAN data packet, and sends the first VXLAN data packet to the second host, so that the second host sends the first VXLAN data packet to the first The second VM, wherein the first VXLAN data packet includes: a first virtual extended local area network identifier VNI.

其中,第一虚拟扩展局域网标识(VXLAN Network Identifier,VNI)用于标识第一VM所在的二层网络的覆盖域(又称为VXLAN段(VXLAN segment))。The VXLAN Network Identifier (VNI) is used to identify a coverage area (also referred to as a VXLAN segment) of the Layer 2 network where the first VM is located.

可选的,OVS-vAPP虚拟机将第一vlan数据包封装为第一VXLAN数据包可以包括:Optionally, the OVS-vAPP virtual machine encapsulates the first vlan data packet into the first VXLAN data packet, which may include:

去掉第一vlan数据包内的vlan标识,封装上第一VNI。需要说明的是,在封装为第一VXLAN数据包的过程中,包括但不限于仅封装上VNI,除此之外,还可以就在去掉vlan标识的原始以太网数据包上封装上:外层以太网头部、外层IP头部、外层用户数据报协议(User Datagram Protocol,UDP)头部、VXLAN标记、以及一些保留字段。The vlan identifier in the first vlan packet is removed, and the first VNI is encapsulated. It should be noted that, in the process of being encapsulated into the first VXLAN data packet, including but not limited to only encapsulating the VNI, in addition, the original Ethernet data packet with the vlan identifier removed may be encapsulated: outer layer Ethernet header, outer IP header, User Datagram Protocol (UDP) header, VXLAN tag, and some reserved fields.

如此,可以将二层以太网数据包用三层协议进行封装,以实现对二层网络在三层范围内的扩展,满足处于不同二层网络内的VM通过三层互通技术实现通信。In this way, the Layer 2 Ethernet data packet can be encapsulated by the Layer 3 protocol to implement the extension of the Layer 2 network in the Layer 3 network, and the VMs in different Layer 2 networks can communicate through the Layer 3 interworking technology.

可选的,在异构云网络中进行跨网络通信时,第一宿主机可以位于第一私有云,第二宿主机可以位于第二私有云,第一私有云可以包含第一二层网关,第二私有云可以包含第二二层网关,相应的,OVS-vAPP虚拟机向第二宿主机发送第一VXLAN数据包,可以包括:Optionally, when the cross-network communication is performed in the heterogeneous cloud network, the first host may be located in the first private cloud, the second host may be located in the second private cloud, and the first private cloud may include the first second-layer gateway. The second private cloud may include a second layer 2 gateway. Correspondingly, the OVS-vAPP virtual machine sends the first VXLAN data packet to the second host, which may include:

OVS-vAPP虚拟机向第一二层网关发送第一VXLAN数据包;The OVS-vAPP virtual machine sends the first VXLAN data packet to the first layer 2 gateway;

第一二层网关根据预设的第一VNI与第二VNI的对应关系,将接收到的第一VXLAN数据包内的第一VNI修改为第二VNI,并将包含第二VNI的第一VXLAN数据包通过第一二层网关与第二二层网关之间的VXLAN隧道发送至第二二层网关,The first layer 2 gateway modifies the first VNI in the received first VXLAN data packet to the second VNI according to the preset correspondence between the first VNI and the second VNI, and the first VXLAN including the second VNI The data packet is sent to the second layer 2 gateway through the VXLAN tunnel between the first layer 2 gateway and the second layer 2 gateway.

第二二层网关根据预设的第一VNI与第二VNI的对应关系,将接收到的第一VXLAN数据包内的第二VNI修改为第一VNI,并根据第一VNI将该第一VXLAN数据包发送至第二VM所在的第二Host内的vSwitch;The second layer 2 gateway modifies the received second VNI in the first VXLAN data packet to the first VNI according to the preset correspondence between the first VNI and the second VNI, and the first VXLAN according to the first VNI The data packet is sent to the vSwitch in the second host where the second VM is located;

第二Host内的vSwitch接收到第一VXLAN数据包后,根据第一VXLAN数据包内第二VM的地址信息,将第一VXLAN数据包转换为第二vlan数据包,并去掉第二vlan标识后通过与该vlan标识对应的vlan端口发送至第二VM,第二vlan数据包含第二vlan标识,第二vlan标识用于标识与第二VM连接的vlan端口。After receiving the first VXLAN data packet, the vSwitch in the second Host converts the first VXLAN data packet into the second vlan data packet according to the address information of the second VM in the first VXLAN data packet, and removes the second vlan identifier. The vlan port corresponding to the vlan identifier is sent to the second VM, where the second vlan data includes the second vlan identifier, and the second vlan identifier is used to identify the vlan port connected to the second VM.

其中,异构云网络中的云管理系统可以预先配置处于不同网络的第一VM和第二VM的VNI,将二者的VNI均配置为第一VNI,并且预先配置第一VNI与第二VNI的对应关系,以便第一二层网关、第二二层网关可以从云管理系统处获取第一VNI与第二VNI的对应关系,根据第一VNI与第二VNI的对应关系进行VNI修改,第二VNI可以 为云管理系统为第一二层网关配置的任一VNI。可选的,云管理系统可以为第一二层网关配置至少一个VNI。The cloud management system in the heterogeneous cloud network may pre-configure the VNIs of the first VM and the second VM in different networks, configure the VNIs of the two as the first VNI, and pre-configure the first VNI and the second VNI. Corresponding relationship, so that the first layer 2 gateway and the second layer 2 gateway can obtain the correspondence between the first VNI and the second VNI from the cloud management system, and perform VNI modification according to the correspondence between the first VNI and the second VNI, Two VNI can Any VNI configured for the first Layer 2 gateway for the cloud management system. Optionally, the cloud management system can configure at least one VNI for the first Layer 2 gateway.

例如,VM1处于私有云1,VM2处于私有云2,私有云1内的L2GW1与私有云2内的L2GW2通过VXLAN隧道技术互通,VM1、VM2的VNI均为5000,云管理系统为L2GW1配置的VNI的范围是7000~8999,当VM1与VM2之间进行通信,云管理系统可以从7000~8999内选出未使用的VNI,如:7000,来映射VM1、VM2所属的VNI 5000,并将映射关系下发至L2GW1和L2GW2,如此,当L2GW1接收到包含5000的VXLAN数据包,将5000修改为7000,再发送至L2GW2,L2GW2接收到包含7000的VXLAN数据包后,将7000修改后5000下发至Host内的vSwitch。For example, VM1 is in private cloud 1, VM2 is in private cloud 2, L2GW1 in private cloud 1 and L2GW2 in private cloud 2 are interoperable through VXLAN tunnel technology, VM1 and VM2 have VNIs of 5000, and cloud management system is VNI configured for L2GW1. The range is 7000 ~ 8999. When VM1 and VM2 communicate, the cloud management system can select unused VNIs from 7000 to 8999, such as 7000, to map VMNIs to VM1 and VM2, and map them. It is delivered to L2GW1 and L2GW2. In this way, when L2GW1 receives the VXLAN packet containing 5000, the 5000 is modified to 7000, and then sent to L2GW2. After receiving the VXLAN packet containing 7000, L2GW2 sends the 7000 modified 5000 to The vSwitch in the Host.

为使本发明的目的、技术方案和优点更加清楚,下面结合图6对VM1获取VM2的MAC地址的通信过程进行详细说明,VM1处于私有云1内的vlan1,VM2处于私有云2内的vlan2,vlan1与vlan2为不同的虚拟局域网,其中,VM1、VM2的IP地址分别是10.0.0.100和10.0.0.101,:In order to make the purpose, technical solution and advantages of the present invention clearer, the communication process of VM1 acquiring the MAC address of VM2 is described in detail below with reference to FIG. 6, VM1 is in vlan1 in private cloud 1, and VM2 is in vlan2 in private cloud 2. Vlan1 and vlan2 are different virtual local area networks, where the IP addresses of VM1 and VM2 are 10.0.0.100 and 10.0.0.101, respectively:

①VM1发现其要访问的VM2的IP(10.0.0.101)地址和自己是在同一个网络内,直接通过vlan1向vSwitch1发送用于获取10.0.0.101对应的MAC地址的ARP数据包,该ARP数据包包含:VM2的IP地址;vSwitch1接收到该数据包后,将该数据包添加vlan1的标识,变为vlan数据包。之后,vSwitch1将该vlan数据包发送到与vlan1相同vlan1端口,这个时候该vlan数据包进入OVS-vApp虚拟交换机内的ovs,ovs收到该vlan数据包后首先会去掉vlan标识,打上VM1对应的VNI,将该vlan数据包转换为VXLAN数据包通过vSwitch1的公共端口vlan0转发给私有云1中的L2GW1。1VM1 finds that the IP address (10.0.0.101) of VM2 to be accessed is in the same network, and sends an ARP packet for obtaining the MAC address corresponding to 10.0.0.101 to vSwitch1 through vlan1. The ARP packet contains : The IP address of VM2; after receiving the packet, vSwitch1 adds the identifier of vlan1 to the vlan packet. After that, vSwitch1 sends the vlan packet to the same vlan1 port as vlan1. At this time, the vlan packet enters the ovs in the OVS-vApp virtual switch. After receiving the vlan packet, ovs first removes the vlan identifier and corresponds to VM1. VNI, the vlan packet is converted to a VXLAN packet and forwarded to the L2GW1 in the private cloud 1 through the public port vlan0 of the vSwitch1.

②私有云1中的L2GW1修改接收到的VXLAN数据包中的VNI,修改后的VXLAN数据包通过VXLAN到达私有云2中的L2GW2。2 L2GW1 in the private cloud 1 modifies the VNI in the received VXLAN packet, and the modified VXLAN packet arrives at the L2GW2 in the private cloud 2 through the VXLAN.

③私有云2中的L2GW2将接收到的VXLAN数据包中的VNI修改为VM2的VNI,根据VM2的VNI,将修改后的VXLAN数据包发送至VM2所在的Host2内的vSwitch2,之后,vSwitch2会根据VM2的IP地址,去掉接收到的VXLAN数据包中的VNI,打上与VM2对应的vlan2的标识转换为vlan数据包,进而去掉vlan标识变为ARP数据包通过vlan2进入到VM2中,VM2收到该ARP数据包后就会向VM1直接回复自己的MAC地址。3 The L2GW2 in the private cloud 2 modifies the VNI in the received VXLAN packet to the VNI of the VM2, and sends the modified VXLAN packet to the vSwitch2 in the Host2 where the VM2 is located according to the VNI of the VM2, after which the vSwitch2 is based on VM2's IP address, remove the VNI in the received VXLAN packet, convert the vlan2 ID corresponding to VM2 into a vlan packet, and then remove the vlan flag to become an ARP packet and enter VM2 through vlan2. VM2 receives the After the ARP packet, it will directly reply to VM1 with its own MAC address.

可理解的是,上述仅对一个Host内的VM与其他Host内的VM间的通信进行了说明,对于其他任一Host的VM,若需要与其他Host内的VM进行通信,则也可以在该Host内新增OVS-vApp虚拟机,通过上述方法实现VM间的互通,即可以在每个Host内新增OVS-vApp虚拟机,通过该OVS-vApp虚拟机实现自身所在Host内的VM与其他Host内的VM间的通信。It can be understood that the foregoing describes only the communication between the VM in one Host and the VM in the other Host. If the VM of any other Host needs to communicate with the VM in the other Host, the The OVS-vApp virtual machine is added to the host, and the VMs are interoperable through the above methods. That is, the OVS-vApp virtual machine can be added to each Host, and the VM and other VMs in the Host can be realized by the OVS-vApp virtual machine. Communication between VMs in the Host.

然而,为了减少部署成本,在本发明的另一可行性方案中,还可以仅在一个Host内新增OVS-vApp虚拟机,其他任一Host内的所有VM可以通过该OVS-vApp虚拟机实现自身与其他VM间的通信,即在本发明实施例中还通过下述方法实现第三VM与第二VM间的通信,第三VM位于第三Host,第三Host位于第一私有云,第一私有云还包括:物理交换机,且第三Host内未部署OVS-vApp虚拟机;However, in order to reduce the deployment cost, in another feasible solution of the present invention, the OVS-vApp virtual machine may be added only in one Host, and all VMs in any other Host may be implemented by the OVS-vApp virtual machine. The communication between the third VM and the second VM is implemented in the embodiment of the present invention. The third VM is located in the third host, and the third host is located in the first private cloud. A private cloud further includes: a physical switch, and the OVS-vApp virtual machine is not deployed in the third host;

OVS-vAPP虚拟机接收物理交换机通过第一Host内的虚拟交换机发送的第三vlan 数据包,该第三vlan数据包由第三Host内的虚拟交换机发送至物理交换机,且该第三vlan数据包由第三VM发出的以太网数据包封装而成,该以太网数据包为发往第二VM的数据包,该第三vlan数据包包含:与第三VM对应的第四vlan端口的vlan标识、以及第二VM的地址信息;The OVS-vAPP virtual machine receives the third vlan sent by the physical switch through the virtual switch in the first Host. a data packet, the third vlan data packet is sent by the virtual switch in the third host to the physical switch, and the third vlan data packet is encapsulated by an Ethernet data packet sent by the third VM, and the Ethernet data packet is sent. a data packet to the second VM, the third vlan data packet includes: a vlan identifier of the fourth vlan port corresponding to the third VM, and address information of the second VM;

OVS-vAPP虚拟机将第三vlan数据包封装为第二VXLAN数据包,并向第二宿主机发送第二VXLAN数据包,以便第二宿主机将第二VXLAN数据包处理后发送至第二VM,其中,第二VXLAN数据包包含:第二虚VNI,第二VNI用于标识第三VM所在的二层网络的覆盖域。The OVS-vAPP virtual machine encapsulates the third vlan data packet into a second VXLAN data packet, and sends a second VXLAN data packet to the second host, so that the second host sends the second VXLAN data packet to the second VM. The second VXLAN data packet includes: a second virtual VNI, where the second VNI is used to identify a coverage area of the Layer 2 network where the third VM is located.

可选的,物理交换机上可以创建有与第三Host对应的第一trunk端口、以及与第一Host对应的第二trunk端口,第三Host内的虚拟交换机可以通过trunk端口将第三vlan数据包发送至物理交换机,物理交换机可以通过第二trunk端口将第三vlan数据包发送至第一Host内的vSwitch,由vSwitch将接收到的第三vlan数据包发送至OVS-vAPP虚拟机,其中,OVS-vAPP虚拟机上创建有与第三VM连接的vlan端口功能相同的vlan端口。Optionally, the physical switch can be configured with a first trunk port corresponding to the third host and a second trunk port corresponding to the first host, and the virtual switch in the third host can use the trunk port to send the third vlan packet. Sending to the physical switch, the physical switch can send the third vlan packet to the vSwitch in the first host through the second trunk port, and the vlan receives the received third vlan packet to the OVS-vAPP virtual machine, where OVS A vlan port with the same function as the vlan port connected to the third VM is created on the -vAPP virtual machine.

其中,OVS-vAPP虚拟机向第二宿主机发送第二VXLAN数据包的过程与上述OVS-vAPP虚拟机向第二宿主机发送第一VXLAN数据包的过程雷同,在此不再详细赘述。The process of sending the second VXLAN data packet to the second host by the OVS-vAPP virtual machine is the same as the process of sending the first VXLAN data packet to the second host by the OVS-vAPP virtual machine, and details are not described herein again.

为使本发明的目的、技术方案和优点更加清楚,下面结合图7对VM3获取VM2的MAC地址的通信过程进行详细说明,VM3处于私有云1内的vlan3,VM2处于私有云2内的vlan2,vlan3与vlan2为不同的虚拟局域网,其中,VM3、VM2的IP地址分别是10.0.0.102和10.0.0.101,:In order to make the purpose, technical solution and advantages of the present invention clearer, the communication process of acquiring the MAC address of VM2 by VM3 is described in detail below with reference to FIG. 7, VM3 is in vlan3 in private cloud 1, and VM2 is in vlan2 in private cloud 2. Vlan3 and vlan2 are different virtual local area networks, wherein the IP addresses of VM3 and VM2 are 10.0.0.102 and 10.0.0.101, respectively:

①VM3发现其要访问的VM2的IP(10.0.0.101)地址和自己是在同一个网络内,直接通过vlan3向vSwitch3发送用于获取10.0.0.101对应的MAC地址的ARP数据包,该ARP数据包包含:VM2的IP地址;vSwitch3接收到该数据包后,将该数据包添加vlan3的标识,变为vlan数据包。之后,vSwitch3将该vlan数据包通过trunk2端口发送到物理交换机,物理交换机将接收到的vlan数据包通过trunk1端口发送至Host1内的vSwitch1,vSwitch1通过与vlan1相同的vlan端口发送该vlan数据包,这个时候该vlan数据包进入OVS-vApp虚拟交换机内的ovs,ovs收到该vlan数据包后首先会去掉vlan标识,打上VM3对应的VNI,将该vlan数据包转换为VXLAN数据包通过vSwitch1的公共端口vlan0转发给私有云1中的L2GW1。1VM3 finds that the IP address (10.0.0.101) of VM2 to be accessed is in the same network, and sends an ARP packet for obtaining the MAC address corresponding to 10.0.0.101 to vSwitch3 through vlan3. The ARP packet contains : The IP address of VM2; after receiving the packet, vSwitch3 adds the identifier of vlan3 to the vlan packet. After that, vSwitch3 sends the vlan packet to the physical switch through the trunk2 port. The physical switch sends the received vlan packet to vSwitch1 in Host1 through the trunk1 port. vSwitch1 sends the vlan packet through the same vlan port as vlan1. When the vlan packet enters the ovs in the OVS-vApp virtual switch, the ovs first removes the vlan identifier after receiving the vlan packet, and puts the VNI corresponding to the VM3, and converts the vlan packet into a VXLAN packet through the public port of the vSwitch1. Vlan0 is forwarded to L2GW1 in private cloud 1.

②私有云1中的L2GW1修改接收到的VXLAN数据包中的VNI,修改后的VXLAN数据包通过VXLAN到达私有云2中的L2GW2。2 L2GW1 in the private cloud 1 modifies the VNI in the received VXLAN packet, and the modified VXLAN packet arrives at the L2GW2 in the private cloud 2 through the VXLAN.

③私有云2中的L2GW2将接收到的VXLAN数据包中的VNI修改为VM2的VNI,根据VM2的VNI,将修改后的VXLAN数据包发送至VM2所在的Host2内的vSwitch2,之后,vSwitch2会根据VM2的IP地址,去掉接收到的VXLAN数据包中的VNI,打上与VM2对应的vlan2的标识转换为vlan数据包,进而去掉vlan标识变为ARP数据包通过vlan2进入到vm2中,vm2收到该ARP数据包后就会向VM3直接回复自己的MAC地址。3 The L2GW2 in the private cloud 2 modifies the VNI in the received VXLAN packet to the VNI of the VM2, and sends the modified VXLAN packet to the vSwitch2 in the Host2 where the VM2 is located according to the VNI of the VM2, after which the vSwitch2 is based on VM2's IP address, remove the VNI in the received VXLAN packet, convert the vlan2 ID corresponding to VM2 into a vlan packet, and then remove the vlan flag and change the ARP packet to vm2 through vlan2. vm2 receives the IP address. After the ARP packet, it will directly reply to VM3 with its own MAC address.

由上可知,本发明实施例提供一种跨网络通信的方法,OVS-vAPP虚拟机接收第一Host内的第一虚拟交换机发送的第一vlan数据包,将第一vlan数据包封装为第一VXLAN 数据包,并向第二宿主机发送第一VXLAN数据包,以便第二宿主机将第一VXLAN数据包处理后发送至第二VM。如此,通过OVS-vAPP虚拟机来实现VM之间的通信,不需要在VM内部署agent以及虚拟出额外的网卡,避免了现有在实现不同二层网络间通信时,需要在VM中部署agent以及虚拟出额外的网卡导致的网络安全性降低的问题。As can be seen from the above, the embodiment of the present invention provides a method for communicating across a network. The OVS-vAPP virtual machine receives the first vlan data packet sent by the first virtual switch in the first host, and encapsulates the first vlan data packet into the first packet. VXLAN And transmitting the first VXLAN data packet to the second host, so that the second host processes the first VXLAN data packet and sends the data to the second VM. In this way, the communication between the VMs is realized by the OVS-vAPP virtual machine, and there is no need to deploy the agent in the VM and virtualize the additional network card, thereby avoiding the need to deploy the agent in the VM when implementing communication between different Layer 2 networks. And the problem of reduced network security caused by virtualizing additional network cards.

上述主要从OVS-vAPP虚拟机的角度对本发明实施例提供的跨网络通信的方案进行了介绍。可以理解的是,OVS-vAPP虚拟机为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,本发明能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。The above-mentioned scheme for cross-network communication provided by the embodiment of the present invention is mainly introduced from the perspective of the OVS-vAPP virtual machine. It can be understood that the OVS-vAPP virtual machine includes corresponding hardware structures and/or software modules for performing various functions in order to implement the above functions. Those skilled in the art will readily appreciate that the present invention can be implemented in a combination of hardware or hardware and computer software in combination with the elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.

本发明实施例可以根据上述方法示例对OVS-vAPP虚拟机进行功能模块的划分,例如,可以对应各个功能划分各个功能模块,也可以将两个或两个以上的功能集成在一个处理器中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。需要说明的是,本发明实施例中对模块的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。The embodiment of the present invention may divide the function module of the OVS-vAPP virtual machine according to the foregoing method example. For example, each function module may be divided according to each function, or two or more functions may be integrated into one processor. The above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of the module in the embodiment of the present invention is schematic, and is only a logical function division, and the actual implementation may have another division manner.

在采用对应各个功能划分各个功能模块的情况下,图8示出了上述实施例中所涉及的OVS-vAPP虚拟机的一种可能的结构示意图,如图8所示,该OVS-vAPP虚拟机20可以包括:接收单元201、封装单元202、发送单元203。接收单元201用于支持OVS-vAPP虚拟机执行图4中的过程S101,封装单元202、发送单元203用于共同支持OVS-vAPP虚拟机执行图4中的过程S102。其中,上述方法实施例涉及的各步骤的所有相关内容均可以援引到对应功能模块的功能描述,在此不再赘述。FIG. 8 is a schematic diagram showing a possible structure of the OVS-vAPP virtual machine involved in the foregoing embodiment. As shown in FIG. 8, the OVS-vAPP virtual machine is shown in FIG. 20 may include a receiving unit 201, a packaging unit 202, and a transmitting unit 203. The receiving unit 201 is configured to support the OVS-vAPP virtual machine to execute the process S101 in FIG. 4, and the encapsulating unit 202 and the sending unit 203 are used to jointly support the OVS-vAPP virtual machine to execute the process S102 in FIG. 4. All the related content of the steps involved in the foregoing method embodiments may be referred to the functional descriptions of the corresponding functional modules, and details are not described herein again.

在采用集成的单元的情况下,图9示出了上述实施例中所涉及的OVS-vAPP虚拟机的一种可能的结构示意图。OVS-vAPP虚拟机300包括:处理器3011、存储器3012、收发器3013以及通信总线3014,处理器3011、存储器3012、收发器3013通过通信总线3014相互连接;通信总线3014可以是外设部件互连标准(Peripheral Component Interconnect,PCI)总线或扩展工业标准结构(Extended Industry Standard Architecture,EISA)总线等。所述总线可以分为地址总线、数据总线、控制总线等。In the case of employing an integrated unit, FIG. 9 shows a possible structural diagram of the OVS-vAPP virtual machine involved in the above embodiment. The OVS-vAPP virtual machine 300 includes a processor 3011, a memory 3012, a transceiver 3013, and a communication bus 3014. The processor 3011, the memory 3012, and the transceiver 3013 are connected to each other through a communication bus 3014. The communication bus 3014 may be a peripheral component interconnection. A Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The bus can be divided into an address bus, a data bus, a control bus, and the like.

其中,处理器3011可以是处理器或控制器,例如可以是中央处理器(Central Processing Unit,CPU),通用处理器,数字信号处理器(Digital Signal Processor,DSP),专用集成电路(Application-Specific Integrated Circuit,ASIC),现场可编程门阵列(Field Programmable Gate Array,FPGA)或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本发明公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,DSP和微处理器的组合等等,用于对OVS-vAPP虚拟机的动作进行控制管理,例如,处理器3011用于支持图4中S102中的封装过程,The processor 3011 may be a processor or a controller, and may be, for example, a central processing unit (CPU), a general-purpose processor, a digital signal processor (DSP), and an application specific integrated circuit (Application-Specific). Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure. The processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, etc., for controlling and managing the actions of the OVS-vAPP virtual machine, for example, The processor 3011 is configured to support the encapsulation process in S102 in FIG. 4,

收发器3013可以是收发电路或通信接口等,用于执行图4中的过程S101、以及图4中过程S102中的发送过程。The transceiver 3013 may be a transceiver circuit or a communication interface or the like for performing the process S101 in FIG. 4 and the transmitting process in the process S102 in FIG.

所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统, 装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。It will be apparent to those skilled in the art that, for the convenience and brevity of the description, the system described above, For a specific working process of the device and the unit, refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.

在本发明所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些端口,装置或单元的间接耦合或通信连接,可以是电性或其它的形式。In the several embodiments provided by the present invention, it should be understood that the disclosed system, apparatus, and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some port, device or unit, and may be electrical or otherwise.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络设备上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network devices. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.

另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个功能单元独立存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each functional unit may exist independently, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.

上述以软件功能单元的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。上述软件功能单元存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的部分步骤。而前述的存储介质包括:通用串行总线(英文:Universal Serial Bus,USB)闪存驱动器(英文:USB flash drive)、移动硬盘、只读存储器(英文:read-only memory,ROM)、随机存取存储器(英文:random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium. The software functional units described above are stored in a storage medium and include instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform portions of the steps of the methods described in various embodiments of the present invention. The foregoing storage medium includes: Universal Serial Bus (USB) flash drive (English: USB flash drive), mobile hard disk, read-only memory (English: read-only memory, ROM), random access A medium that can store program code, such as a random access memory (RAM), a magnetic disk, or an optical disk.

最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案脱离权利要求的范围。 It should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and are not limited thereto; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that Modifications to the technical solutions described in the foregoing embodiments, or equivalents to some of the technical features, are not included in the scope of the claims.

Claims (15)

一种跨网络通信的方法,该方法应用于第一虚拟机VM与第二VM间的通信,所述第一VM位于第一宿主机Host,所述第二VM位于第二Host,其特征在于,所述第一宿主机内创建有路由虚拟机,所述方法包括:A method for communicating across a network, the method being applied to communication between a first virtual machine VM and a second VM, wherein the first VM is located at a first host Host, and the second VM is located at a second Host, wherein a routing virtual machine is created in the first host, and the method includes: 所述路由虚拟机接收所述第一Host内的第一虚拟交换机发送的第一虚拟局域网vlan数据包,所述第一vlan数据包由所述第一VM发出的以太网数据包封装而成,所述第一vlan数据包包含:与所述第一VM对应的第一vlan端口的vlan标识、以及所述第二VM的地址信息;The routing virtual machine receives a first virtual local area network vlan data packet sent by the first virtual switch in the first host, where the first vlan data packet is encapsulated by an Ethernet data packet sent by the first VM. The first vlan data packet includes: a vlan identifier of the first vlan port corresponding to the first VM, and address information of the second VM; 所述路由虚拟机将所述第一vlan数据包封装为第一虚拟扩展局域网VXLAN数据包,并向所述第二Host发送所述第一VXLAN数据包,以便所述第二Host根据所述第二VM的地址信息、以及第一虚拟扩展局域网标识VNI,将所述第一VXLAN数据包处理后发送至所述第二VM,所述第一VXLAN数据包包含所述第一VNI,所述第一VNI用于标识第一VM所在的二层网络的覆盖域。The routing virtual machine encapsulates the first vlan data packet into a first virtual extended local area network VXLAN data packet, and sends the first VXLAN data packet to the second host, so that the second host is according to the first Address information of the second VM and the first virtual extended local area network identifier VNI, which are processed and sent to the second VM, where the first VXLAN data packet includes the first VNI, the first A VNI is used to identify the coverage area of the Layer 2 network where the first VM is located. 根据权利要求1所述的方法,其特征在于,所述第一交换机上创建第二vlan端口,所述第二vlan端口与所述第一vlan端口具有相同的vlan标识,且所述第二vlan端口与所述路由虚拟机内的第二虚拟交换机连接;所述路由虚拟机接收所述第一Host内的第一虚拟交换机发送的第一vlan数据包,包括:The method of claim 1, wherein the second switch creates a second vlan port, the second vlan port has the same vlan identifier as the first vlan port, and the second vlan The port is connected to the second virtual switch in the routing virtual machine; the routing virtual machine receives the first vlan data packet sent by the first virtual switch in the first host, including: 所述路由虚拟机内的第二虚拟交换机接收所述第一虚拟交换机通过所述第二vlan端口发送的所述第一vlan数据包;The second virtual switch in the routing virtual machine receives the first vlan data packet sent by the first virtual switch by using the second vlan port; 所述路由虚拟机将所述第一vlan数据包封装为第一VXLAN数据包,包括:The routing virtual machine encapsulates the first vlan data packet into a first VXLAN data packet, including: 所述路由虚拟机内的第二虚拟交换机将所述第一vlan数据包封装为第一VXLAN数据包。The second virtual switch in the routing virtual machine encapsulates the first vlan data packet into a first VXLAN data packet. 根据权利要求1所述的方法,其特征在于,所述第一交换机上创建有中继trunk端口,所述路由虚拟机包含第二虚拟交换机,所述第二虚拟交换机上创建有第三vlan端口,所述trunk端口与第三vlan端口连接,且所述第三vlan端口与所述第一vlan端口具有相同的vlan标识;所述路由虚拟机接收所述第一Host内的第一虚拟交换机发送的第一vlan数据包,包括:The method according to claim 1, wherein a trunk port is created on the first switch, the route virtual machine includes a second virtual switch, and a third vlan port is created on the second virtual switch. The trunk port is connected to the third vlan port, and the third vlan port has the same vlan identifier as the first vlan port; the routing virtual machine receives the first virtual switch in the first host to send The first vlan packet includes: 所述路由虚拟机接收所述第一Host内的第一虚拟交换机通过所述trunk端口发送的第一vlan数据包;The routing virtual machine receives a first vlan data packet sent by the first virtual switch in the first host through the trunk port; 所述路由虚拟机根据所述第一vlan数据包内的vlan标识,通过与所述vlan标识对应的第三vlan端口将所述第一vlan数据包发送至第二虚拟交换;Sending, by the routing virtual machine, the first vlan data packet to the second virtual switch by using a third vlan port corresponding to the vlan identifier according to the vlan identifier in the first vlan data packet; 所述路由虚拟机将所述第一vlan数据包封装为第一VXLAN数据包,包括:The routing virtual machine encapsulates the first vlan data packet into a first VXLAN data packet, including: 所述路由虚拟机内的第二虚拟交换机将所述第一vlan数据包封装为第一VXLAN数据包。The second virtual switch in the routing virtual machine encapsulates the first vlan data packet into a first VXLAN data packet. 根据权利要求1-3任一项所述的方法,其特征在于,所述第一Host位于第一私有云,所述第二Host位于第二私有云,所述第一私有云包含第一二层网关,所述第二私有云包含第二二层网关;所述路由虚拟机向所述第二Host发送所述第一VXLAN数据包,包括:The method according to any one of claims 1-3, wherein the first Host is located in a first private cloud, the second Host is located in a second private cloud, and the first private cloud includes a first second a layer gateway, the second private cloud includes a second layer 2 gateway, and the routing virtual machine sends the first VXLAN data packet to the second host, including: 所述路由虚拟机向所述第一二层网关发送所述第一VXLAN数据包,以便所述第一二层 网关根据预设的所述第一VNI与第二VNI的对应关系,将接收到的所述第一VXLAN数据包内的所述第一VNI修改为所述第二VNI,并将包含所述第二VNI的第一VXLAN数据包通过所述第一二层网关与所述第二二层网关之间的VXLAN隧道发送至所述第二二层网关,所述第二二层网关根据所述预设的第一VNI与第二VNI的对应关系,将接收到的所述第一VXLAN数据包内的所述第二VNI修改为所述第一VNI,并根据所述第一VNI将所述第一VXLAN数据包发送至所述第二Host。Transmitting, by the routing virtual machine, the first VXLAN data packet to the first Layer 2 gateway, so that the first layer 2 The gateway modifies the received first VNI in the first VXLAN data packet to the second VNI according to a preset correspondence between the first VNI and the second VNI, and includes the foregoing The first VXLAN packet of the second VNI is sent to the second Layer 2 gateway through a VXLAN tunnel between the first Layer 2 gateway and the second Layer 2 gateway, and the second Layer 2 gateway is configured according to the Corresponding relationship between the first VNI and the second VNI, modifying the received second VNI in the first VXLAN data packet to the first VNI, and according to the first VNI A VXLAN packet is sent to the second Host. 根据权利要求1-3任一项所述的方法,其特征在于,所述方法还用于实现第三VM与所述第二VM间的通信,所述第三VM位于第三Host,所述第一Host与所述第三Host与同一个物理交换机连接,且所述第三Host内未部署路由虚拟机;所述方法还包括:The method according to any one of claims 1-3, wherein the method is further configured to implement communication between a third VM and the second VM, where the third VM is located at a third Host, The first host is connected to the third host and is connected to the same physical switch, and the routing virtual machine is not deployed in the third host. The method further includes: 所述路由虚拟机接收所述物理交换机发送的第三vlan数据包,所述第三vlan数据包由所述第三Host内的虚拟交换机发送至所述物理交换机,且所述第三vlan数据包由第三VM发出的以太网数据包封装而成,所述以太网数据包为发往第二VM的数据包,所述第三vlan数据包包含:与所述第三VM对应的第四vlan端口的vlan标识、以及所述第二VM的地址信息;Receiving, by the routing virtual machine, a third vlan data packet sent by the physical switch, where the third vlan data packet is sent by the virtual switch in the third host to the physical switch, and the third vlan data packet The Ethernet data packet sent by the third VM is encapsulated, the Ethernet data packet is a data packet sent to the second VM, and the third VLAN data packet includes: a fourth vlan corresponding to the third VM a vlan identifier of the port, and address information of the second VM; 所述路由虚拟机将所述第三vlan数据包封装为第二VXLAN数据包,并向所述第二宿主机发送所述第二VXLAN数据包,以便所述第二Host根据所述第二VM的地址信息、以及第二VNI,将所述第二VXLAN数据包处理后发送至所述第二VM,所述第二VNI用于标识第三VM所在的二层网络的覆盖域。The routing virtual machine encapsulates the third vlan data packet into a second VXLAN data packet, and sends the second VXLAN data packet to the second host, so that the second host is according to the second VM The address information, and the second VNI, the second VXLAN packet is processed and sent to the second VM, where the second VNI is used to identify a coverage area of a Layer 2 network where the third VM is located. 一种路由虚拟机,所述路由虚拟机用于执行第一虚拟机VM与第二VM间的通信,所述第一VM位于第一宿主机Host,所述第二VM位于第二Host,其特征在于,所述第一宿主机内创建有路由虚拟机,所述路由虚拟机包括:A routing virtual machine, the routing virtual machine is configured to perform communication between a first virtual machine VM and a second VM, the first VM is located at a first host Host, and the second VM is located at a second host, The routing virtual machine is created in the first host, and the routing virtual machine includes: 接收单元,用于接收所述第一Host内的第一虚拟交换机发送的第一虚拟局域网vlan数据包,所述第一vlan数据包由所述第一VM发出的以太网数据包封装而成,所述第一vlan数据包包含:与所述第一VM对应的第一vlan端口的vlan标识、以及所述第二VM的地址信息;a receiving unit, configured to receive a first virtual local area network vlan data packet sent by the first virtual switch in the first host, where the first vlan data packet is encapsulated by an Ethernet data packet sent by the first VM, The first vlan data packet includes: a vlan identifier of the first vlan port corresponding to the first VM, and address information of the second VM; 封装单元,用于将接收单元接收到的所述第一vlan数据包封装为第一虚拟扩展局域网VXLAN数据包;a packaging unit, configured to encapsulate the first vlan data packet received by the receiving unit into a first virtual extended local area network VXLAN data packet; 发送单元,用于向所述第二Host发送所述将封装单元封装后的第一VXLAN数据包,以便所述第二Host根据所述第二VM的地址信息、以及第一虚拟扩展局域网标识VNI,将所述第一VXLAN数据包处理后发送至所述第二VM,所述第一VXLAN数据包包含所述第一VNI,所述第一VNI用于标识第一VM所在的二层网络的覆盖域。a sending unit, configured to send, to the second Host, the first VXLAN data packet encapsulated by the encapsulating unit, so that the second Host is based on the address information of the second VM, and the first virtual extended local area network identifier (VNI) Transmitting the first VXLAN data packet to the second VM, where the first VXLAN data packet includes the first VNI, and the first VNI is used to identify a Layer 2 network where the first VM is located. Cover the domain. 根据权利要求6所述的路由虚拟机,其特征在于,所述第一交换机上创建第二vlan端口,所述第二vlan端口与所述第一vlan端口具有相同的vlan标识,且所述第二vlan端口与所述路由虚拟机连接;The routing virtual machine according to claim 6, wherein the second vlan port is created on the first switch, the second vlan port and the first vlan port have the same vlan identifier, and the The second vlan port is connected to the routing virtual machine; 所述接收单元,具体用于接收所述第一虚拟交换机通过所述第二vlan端口发送的第一vlan数据包;The receiving unit is configured to receive a first vlan data packet that is sent by the first virtual switch by using the second vlan port; 所述封装单元,具体用于将所述第一vlan数据包封装为第一VXLAN数据包。The encapsulating unit is specifically configured to encapsulate the first vlan data packet into a first VXLAN data packet. 根据权利要求6所述的路由虚拟机,其特征在于,所述第一交换机上创建有中继trunk端口,所述路由虚拟机上创建有第三vlan端口,所述trunk端口与第三vlan端口 连接,且所述第三vlan端口与所述第一vlan端口具有相同的vlan标识;The routing virtual machine according to claim 6, wherein a trunk port is created on the first switch, and a third vlan port is created on the routing virtual machine, and the trunk port and the third vlan port are created. Connecting, and the third vlan port has the same vlan identifier as the first vlan port; 所述接收单元,具体用于接收所述第一Host内的第一虚拟交换机通过所述trunk端口、与所述vlan标识对应的第三vlan端口发送的第一vlan数据包;The receiving unit is configured to receive, by the first virtual switch in the first host, the first vlan data packet sent by the trunk port and the third vlan port corresponding to the vlan identifier; 所述封装单元,具体用于将所述第一vlan数据包封装为第一VXLAN数据包。The encapsulating unit is specifically configured to encapsulate the first vlan data packet into a first VXLAN data packet. 根据权利要求6-8任一项所述的路由虚拟机,其特征在于,所述第一Host位于第一私有云,所述第二Host位于第二私有云,所述第一私有云包含第一二层网关,所述第二私有云包含第二二层网关;The routing virtual machine according to any one of claims 6-8, wherein the first host is located in a first private cloud, the second host is located in a second private cloud, and the first private cloud includes a first a layer 2 gateway, the second private cloud includes a second layer 2 gateway; 所述发送单元,具体用于向所述第一二层网关发送所述第一VXLAN数据包,以便所述第一二层网关根据预设的所述第一VNI与第二VNI的对应关系,将接收到的所述第一VXLAN数据包内的所述第一VNI修改为所述第二VNI,并将包含所述第二VNI的第一VXLAN数据包通过所述第一二层网关与所述第二二层网关之间的VXLAN隧道发送至所述第二二层网关,所述第二二层网关根据所述预设的第一VNI与第二VNI的对应关系,将接收到的所述第一VXLAN数据包内的所述第二VNI修改为所述第一VNI,并根据所述第一VNI将所述第一VXLAN数据包发送至所述第二Host。The sending unit is configured to send the first VXLAN data packet to the first Layer 2 gateway, so that the first Layer 2 gateway is configured according to a preset correspondence between the first VNI and the second VNI. Modifying the received first VNI in the first VXLAN data packet to the second VNI, and passing the first VXLAN data packet including the second VNI through the first Layer 2 gateway and the The VXLAN tunnel between the second layer 2 gateways is sent to the second layer 2 gateway, and the second layer 2 gateway receives the received location according to the preset correspondence between the first VNI and the second VNI. The second VNI in the first VXLAN data packet is modified to the first VNI, and the first VXLAN data packet is sent to the second Host according to the first VNI. 根据权利要求6-8任一项所述的路由虚拟机,其特征在于,所述路由虚拟机还用于执行第三VM与所述第二VM间的通信,所述第三VM位于第三Host,所述第一Host与所述第三Host与同一个物理交换机连接,且所述第三Host内未部署路由虚拟机;The routing virtual machine according to any one of claims 6-8, wherein the routing virtual machine is further configured to perform communication between the third VM and the second VM, and the third VM is located in the third The first host and the third host are connected to the same physical switch, and the routing virtual machine is not deployed in the third host; 所述接收单元,还用于接收所述物理交换机发送的第三vlan数据包,所述第三vlan数据包由所述第三Host内的虚拟交换机发送至所述物理交换机,且所述第三vlan数据包由第三VM发出的以太网数据包封装而成,所述以太网数据包为发往第二VM的数据包,所述第三vlan数据包包含:与所述第三VM对应的第四vlan端口的vlan标识、以及所述第二VM的地址信息;The receiving unit is further configured to receive a third vlan data packet sent by the physical switch, where the third vlan data packet is sent by the virtual switch in the third host to the physical switch, and the third The vlan data packet is encapsulated by an Ethernet data packet sent by the third VM, where the Ethernet data packet is a data packet sent to the second VM, and the third VLAN data packet includes: corresponding to the third VM. a vlan identifier of the fourth vlan port, and address information of the second VM; 所述封装单元,还用于将所述第三vlan数据包封装为第二VXLAN数据包;The encapsulating unit is further configured to encapsulate the third vlan data packet into a second VXLAN data packet; 所述发送单元,还用于向所述第二宿主机发送所述第二VXLAN数据包,以便所述第二Host根据所述第二VM的地址信息、以及第二VNI,将所述第二VXLAN数据包处理后发送至所述第二VM,所述第二VNI用于标识第三VM所在的二层网络的覆盖域。The sending unit is further configured to send the second VXLAN data packet to the second host, so that the second host performs the second according to the address information of the second VM and the second VNI. The VXLAN packet is processed and sent to the second VM, where the second VNI is used to identify the coverage domain of the Layer 2 network where the third VM is located. 一种路由虚拟机,所述路由虚拟机用于执行第一虚拟机VM与第二VM间的通信,所述第一VM位于第一宿主机Host,所述第二VM位于第二Host,其特征在于,所述第一宿主机内创建有路由虚拟机,所述路由虚拟机包括:A routing virtual machine, the routing virtual machine is configured to perform communication between a first virtual machine VM and a second VM, the first VM is located at a first host Host, and the second VM is located at a second host, The routing virtual machine is created in the first host, and the routing virtual machine includes: 收发器,用于接收所述第一Host内的第一虚拟交换机发送的第一虚拟局域网vlan数据包,所述第一vlan数据包由所述第一VM发出的以太网数据包封装而成,所述第一vlan数据包包含:与所述第一VM对应的第一vlan端口的vlan标识、以及所述第二VM的地址信息;a transceiver, configured to receive a first virtual local area network vlan data packet sent by the first virtual switch in the first host, where the first vlan data packet is encapsulated by an Ethernet data packet sent by the first VM, The first vlan data packet includes: a vlan identifier of the first vlan port corresponding to the first VM, and address information of the second VM; 处理器,用于将收发器接收到的所述第一vlan数据包封装为第一虚拟扩展局域网VXLAN数据包;a processor, configured to encapsulate the first vlan data packet received by the transceiver into a first virtual extended local area network VXLAN data packet; 所述收发器,还用于向所述第二Host发送所述将处理器封装后的第一VXLAN数据包,以便所述第二Host根据所述第二VM的地址信息、以及第一虚拟扩展局域网标识VNI,将所述第一VXLAN数据包处理后发送至所述第二VM,所述第一VNI用于标识第一VM所在的二层网络的覆盖域。 The transceiver is further configured to send, to the second Host, the first VXLAN data packet encapsulated by the processor, so that the second Host is based on address information of the second VM, and the first virtual extension The local area network identifies the VNI, and the first VXLAN data packet is processed and sent to the second VM, where the first VNI is used to identify a coverage area of the layer 2 network where the first VM is located. 根据权利要求11所述的路由虚拟机,其特征在于,所述第一交换机上创建第二vlan端口,所述第二vlan端口与所述第一vlan端口具有相同的vlan标识,且所述第二vlan端口与所述路由虚拟机连接;The routing virtual machine according to claim 11, wherein a second vlan port is created on the first switch, and the second vlan port has the same vlan identifier as the first vlan port, and the The second vlan port is connected to the routing virtual machine; 所述收发器,具体用于接收所述第一虚拟交换机通过所述第二vlan端口发送的第一vlan数据包;The transceiver is specifically configured to receive a first vlan data packet that is sent by the first virtual switch by using the second vlan port; 所述处理器,具体用于将所述第一vlan数据包封装为第一VXLAN数据包。The processor is specifically configured to encapsulate the first vlan data packet into a first VXLAN data packet. 根据权利要求11所述的路由虚拟机,其特征在于,所述第一交换机上创建有中继trunk端口,所述路由虚拟机上创建有第三vlan端口,所述trunk端口与第三vlan端口连接,且所述第三vlan端口与所述第一vlan端口具有相同的vlan标识;The routing virtual machine according to claim 11, wherein a trunk port is created on the first switch, and a third vlan port is created on the routing virtual machine, and the trunk port and the third vlan port are created. Connecting, and the third vlan port has the same vlan identifier as the first vlan port; 所述收发器,具体用于接收所述第一Host内的第一虚拟交换机通过所述trunk端口、与所述vlan标识对应的第三vlan端口发送的第一vlan数据包;The transceiver is configured to receive a first vlan data packet sent by the first virtual switch in the first host by using the trunk port and a third vlan port corresponding to the vlan identifier; 所述处理器,具体用于将所述第一vlan数据包封装为第一VXLAN数据包。The processor is specifically configured to encapsulate the first vlan data packet into a first VXLAN data packet. 根据权利要求11-13任一项所述的路由虚拟机,其特征在于,所述第一Host位于第一私有云,所述第二Host位于第二私有云,所述第一私有云包含第一二层网关,所述第二私有云包含第二二层网关;The routing virtual machine according to any one of claims 11 to 13, wherein the first host is located in a first private cloud, the second host is located in a second private cloud, and the first private cloud includes a first a layer 2 gateway, the second private cloud includes a second layer 2 gateway; 所述收发器,具体用于向所述第一二层网关发送所述第一VXLAN数据包,以便所述第一二层网关根据预设的所述第一VNI与第二VNI的对应关系,将接收到的所述第一VXLAN数据包内的所述第一VNI修改为所述第二VNI,并将包含所述第二VNI的第一VXLAN数据包通过所述第一二层网关与所述第二二层网关之间的VXLAN隧道发送至所述第二二层网关,所述第二二层网关根据所述预设的第一VNI与第二VNI的对应关系,将接收到的所述第一VXLAN数据包内的所述第二VNI修改为所述第一VNI,并根据所述第一VNI将所述第一VXLAN数据包发送至所述第二Host。The transceiver is specifically configured to send the first VXLAN data packet to the first Layer 2 gateway, so that the first Layer 2 gateway is configured according to a preset correspondence between the first VNI and the second VNI. Modifying the received first VNI in the first VXLAN data packet to the second VNI, and passing the first VXLAN data packet including the second VNI through the first Layer 2 gateway and the The VXLAN tunnel between the second layer 2 gateways is sent to the second layer 2 gateway, and the second layer 2 gateway receives the received location according to the preset correspondence between the first VNI and the second VNI. The second VNI in the first VXLAN data packet is modified to the first VNI, and the first VXLAN data packet is sent to the second Host according to the first VNI. 根据权利要求11-13任一项所述的路由虚拟机,其特征在于,所述路由虚拟机还用于执行第三VM与所述第二VM间的通信,所述第三VM位于第三Host,所述第一Host与所述第三Host与同一个物理交换机连接,且所述第三Host内未部署路由虚拟机;The routing virtual machine according to any one of claims 11 to 13, wherein the routing virtual machine is further configured to perform communication between the third VM and the second VM, and the third VM is located in the third The first host and the third host are connected to the same physical switch, and the routing virtual machine is not deployed in the third host; 所述收发器,还用于接收所述物理交换机发送的第三vlan数据包,所述第三vlan数据包由所述第三Host内的虚拟交换机发送至所述物理交换机,且所述第三vlan数据包由第三VM发出的以太网数据包封装而成,所述以太网数据包为发往第二VM的数据包,所述第三vlan数据包包含:与所述第三VM对应的第四vlan端口的vlan标识、以及所述第二VM的地址信息;The transceiver is further configured to receive a third vlan data packet sent by the physical switch, where the third vlan data packet is sent by the virtual switch in the third host to the physical switch, and the third The vlan data packet is encapsulated by an Ethernet data packet sent by the third VM, where the Ethernet data packet is a data packet sent to the second VM, and the third VLAN data packet includes: corresponding to the third VM. a vlan identifier of the fourth vlan port, and address information of the second VM; 所述处理器,还用于将所述第三vlan数据包封装为第二VXLAN数据包;The processor is further configured to encapsulate the third vlan data packet into a second VXLAN data packet; 所述收发器,还用于向所述第二宿主机发送所述第二VXLAN数据包,以便所述第二Host根据所述第二VM的地址信息、以及第二VNI,将所述第二VXLAN数据包处理后发送至所述第二VM,所述第二VNI用于标识第三VM所在的二层网络的覆盖域。 The transceiver is further configured to send the second VXLAN data packet to the second host, so that the second host, according to the address information of the second VM, and the second VNI, the second The VXLAN packet is processed and sent to the second VM, where the second VNI is used to identify the coverage domain of the Layer 2 network where the third VM is located.
PCT/CN2017/092526 2016-08-19 2017-07-11 Cross-network communication method and apparatus Ceased WO2018032910A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610698154.1A CN107770064A (en) 2016-08-19 2016-08-19 A kind of method of internetwork communication, equipment
CN201610698154.1 2016-08-19

Publications (1)

Publication Number Publication Date
WO2018032910A1 true WO2018032910A1 (en) 2018-02-22

Family

ID=61196278

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/092526 Ceased WO2018032910A1 (en) 2016-08-19 2017-07-11 Cross-network communication method and apparatus

Country Status (2)

Country Link
CN (1) CN107770064A (en)
WO (1) WO2018032910A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111225071A (en) * 2018-11-23 2020-06-02 深信服科技股份有限公司 Cloud platform and cross-cloud platform network intercommunication system and method
CN113381920A (en) * 2020-03-09 2021-09-10 中国移动通信有限公司研究院 Data transmission method, node and storage medium
CN113783765A (en) * 2021-08-10 2021-12-10 济南浪潮数据技术有限公司 Method, system, equipment and medium for realizing intercommunication between cloud internal network and cloud external network
CN114285661A (en) * 2021-12-28 2022-04-05 中国银联股份有限公司 A kind of private network access method, device, equipment and storage medium
CN114356493A (en) * 2021-11-26 2022-04-15 阿里巴巴新加坡控股有限公司 Communication method and device between virtual machine instances of cross-cloud server and processor
CN114500162A (en) * 2020-10-23 2022-05-13 中国移动通信有限公司研究院 SD-WAN (secure digital-to-Wide area network) system and data forwarding method
CN116132221A (en) * 2023-04-04 2023-05-16 鹏城实验室 Virtual and real interconnection method, device, equipment and storage medium of network shooting range platform
CN116800486A (en) * 2023-06-13 2023-09-22 中科驭数(北京)科技有限公司 Cloud network communication method and system

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833545A (en) * 2018-06-19 2018-11-16 福建江夏学院 A method to solve the three-layer mutual access of hosts between smooth migration centers across OVERLAY
CN109194640A (en) * 2018-08-27 2019-01-11 北京安数云信息技术有限公司 A kind of virtual platform East and West direction flow isolating and protecting method
CN109525477A (en) * 2018-09-30 2019-03-26 华为技术有限公司 Communication means, device and system in data center between virtual machine
CN111262771B (en) * 2018-11-30 2021-06-22 北京金山云网络技术有限公司 Virtual private cloud communication system, system configuration method and controller
CN110233750B (en) * 2019-05-15 2023-04-07 咪咕文化科技有限公司 Private cloud management system and method
CN113176928B (en) * 2021-04-27 2022-08-30 深圳市研唐科技有限公司 Running method and device of heterogeneous virtual machine
CN113630275B (en) * 2021-08-13 2024-03-19 华云数据控股集团有限公司 Network interconnection method, computing equipment and storage media of virtual machine manager cluster
CN114051246B (en) * 2021-11-16 2024-02-20 酒泉钢铁(集团)有限责任公司 SDN+VXLAN network and enterprise 5G network fusion-based method
CN115189920A (en) * 2022-06-16 2022-10-14 阿里巴巴(中国)有限公司 Cross-network domain communication method and related device
CN115208888B (en) * 2022-09-13 2022-12-27 杭州优云科技有限公司 Communication method and device for cloud instance to cross available areas and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103095546A (en) * 2013-01-28 2013-05-08 华为技术有限公司 Method, device and data center network for processing messages
US20140201733A1 (en) * 2013-01-15 2014-07-17 International Business Machines Corporation Scalable network overlay virtualization using conventional virtual switches
CN104486192A (en) * 2014-12-05 2015-04-01 国云科技股份有限公司 VLAN (Virtual Local Area Network) isolation method
WO2016127909A1 (en) * 2015-02-11 2016-08-18 Hangzhou H3C Technologies Co., Ltd. Packets forwarding

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9210079B2 (en) * 2012-08-14 2015-12-08 Vmware, Inc. Method and system for virtual and physical network integration
WO2015180084A1 (en) * 2014-05-29 2015-12-03 华为技术有限公司 Packet forwarding method and vxlan gateway

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140201733A1 (en) * 2013-01-15 2014-07-17 International Business Machines Corporation Scalable network overlay virtualization using conventional virtual switches
CN103095546A (en) * 2013-01-28 2013-05-08 华为技术有限公司 Method, device and data center network for processing messages
CN104486192A (en) * 2014-12-05 2015-04-01 国云科技股份有限公司 VLAN (Virtual Local Area Network) isolation method
WO2016127909A1 (en) * 2015-02-11 2016-08-18 Hangzhou H3C Technologies Co., Ltd. Packets forwarding

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111225071B (en) * 2018-11-23 2022-11-22 深信服科技股份有限公司 Cloud platform and cross-cloud platform network intercommunication system and method
CN111225071A (en) * 2018-11-23 2020-06-02 深信服科技股份有限公司 Cloud platform and cross-cloud platform network intercommunication system and method
CN113381920A (en) * 2020-03-09 2021-09-10 中国移动通信有限公司研究院 Data transmission method, node and storage medium
CN113381920B (en) * 2020-03-09 2022-11-22 中国移动通信有限公司研究院 A data transmission method, node and storage medium
CN114500162A (en) * 2020-10-23 2022-05-13 中国移动通信有限公司研究院 SD-WAN (secure digital-to-Wide area network) system and data forwarding method
CN113783765A (en) * 2021-08-10 2021-12-10 济南浪潮数据技术有限公司 Method, system, equipment and medium for realizing intercommunication between cloud internal network and cloud external network
CN114356493A (en) * 2021-11-26 2022-04-15 阿里巴巴新加坡控股有限公司 Communication method and device between virtual machine instances of cross-cloud server and processor
CN114285661A (en) * 2021-12-28 2022-04-05 中国银联股份有限公司 A kind of private network access method, device, equipment and storage medium
CN114285661B (en) * 2021-12-28 2023-06-30 中国银联股份有限公司 Private network access method, device, equipment and storage medium
CN116132221A (en) * 2023-04-04 2023-05-16 鹏城实验室 Virtual and real interconnection method, device, equipment and storage medium of network shooting range platform
CN116132221B (en) * 2023-04-04 2023-08-25 鹏城实验室 Virtual-real interconnection method, device, equipment and storage medium of network target range platform
CN116800486A (en) * 2023-06-13 2023-09-22 中科驭数(北京)科技有限公司 Cloud network communication method and system
CN116800486B (en) * 2023-06-13 2024-06-07 中科驭数(北京)科技有限公司 Cloud network communication method and system

Also Published As

Publication number Publication date
CN107770064A (en) 2018-03-06

Similar Documents

Publication Publication Date Title
WO2018032910A1 (en) Cross-network communication method and apparatus
US12143353B2 (en) Dynamically learning media access control and internet protocol addresses
CN111885075B (en) Container communication method, device, network equipment and storage medium
US11171830B2 (en) Multiple networks for virtual execution elements
CN112702252B (en) Message processing method, system and related equipment
US10778532B2 (en) Overlay network movement operations
US10708082B1 (en) Unified control plane for nested clusters in a virtualized computing infrastructure
US9042384B2 (en) Distributed routing domains in multi-tenant datacenter virtual networks
EP4307115A1 (en) Multiple virtual network interface support for virtual execution elements
CN114338606B (en) A public cloud network configuration method and related equipment
US8725898B1 (en) Scalable port address translations
CN103369027B (en) Location aware Virtual Service in mixing cloud environment is equipped with
US20150124823A1 (en) Tenant dhcp in an overlay network
JP2022541381A (en) COMMUNICATION METHOD, GATEWAY, AND MANAGEMENT METHOD AND APPARATUS IN HYBRID CLOUD ENVIRONMENT
US11671358B2 (en) Disambiguating traffic in networking environments with multiple virtual routing and forwarding (VRF) logical routers
WO2020135542A1 (en) Cloud computing data center system, gateway, server, and message processing method
WO2018137369A1 (en) Hybrid cloud management method, device, and computing apparatus
WO2016173271A1 (en) Message processing method, device and system
CN105591820A (en) A highly scalable container network management system and method
CN111404797B (en) Control method, SDN controller, SDN access point, SDN gateway and CE
CN104579898A (en) Tenant isolating method and system
WO2015113410A1 (en) Data packet processing method and apparatus
CN113726915B (en) Network system and message transmission method and related device therein
US11469958B1 (en) Network controller deployment
CN111294268B (en) Method and device for avoiding IP address conflict

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17840885

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17840885

Country of ref document: EP

Kind code of ref document: A1