CN102457586B - Expanding method for realizing double-layer network and expanded double-layer network - Google Patents
Expanding method for realizing double-layer network and expanded double-layer network Download PDFInfo
- Publication number
- CN102457586B CN102457586B CN201010521812.2A CN201010521812A CN102457586B CN 102457586 B CN102457586 B CN 102457586B CN 201010521812 A CN201010521812 A CN 201010521812A CN 102457586 B CN102457586 B CN 102457586B
- Authority
- CN
- China
- Prior art keywords
- address
- mac address
- virtual switch
- asr
- communication peer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000004891 communication Methods 0.000 claims abstract description 129
- 238000012546 transfer Methods 0.000 claims description 2
- 102100034003 FAU ubiquitin-like and ribosomal protein S30 Human genes 0.000 description 16
- 101000732045 Homo sapiens FAU ubiquitin-like and ribosomal protein S30 Proteins 0.000 description 16
- 230000004044 response Effects 0.000 description 12
- 101000643374 Homo sapiens Serrate RNA effector molecule homolog Proteins 0.000 description 10
- 102100035712 Serrate RNA effector molecule homolog Human genes 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 238000013507 mapping Methods 0.000 description 4
- 238000005538 encapsulation Methods 0.000 description 3
- 101100244969 Arabidopsis thaliana PRL1 gene Proteins 0.000 description 2
- 102100039558 Galectin-3 Human genes 0.000 description 2
- 101100454448 Homo sapiens LGALS3 gene Proteins 0.000 description 2
- 101150051246 MAC2 gene Proteins 0.000 description 2
- 230000032683 aging Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000005012 migration Effects 0.000 description 2
- 238000013508 migration Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
本发明公开了一种实现二层网络的扩展方法及扩展的二层网络,在运营商网络中设置地址解析服务器(ARS),在数据中心中的物理服务器上设置虚拟交换机;所述虚拟交换机在所述物理服务器中的虚拟机上电后,向所述ARS注册所述虚拟机的IP地址与自身MAC地址的对应关系;所述ARS记录所述虚拟交换机注册的虚拟机的IP地址与该虚拟交换机的MAC地址的对应关系,供其他虚拟机查询;所述物理服务器中的虚拟机根据通信对端的IP地址从所述ARS查询该IP地址对应的MAC地址,通过该MAC地址与所述通信对端进行报文交互。二层网络减少了地址解析协议的开销,避免了广播风暴的影响,因此可以极大地提高二层网络的可扩展性。
The invention discloses an extension method for implementing a two-layer network and an extended two-layer network. An address resolution server (ARS) is set in an operator network, and a virtual switch is set on a physical server in a data center; the virtual switch is in After the virtual machine in the physical server is powered on, it registers with the ARS the correspondence between the IP address of the virtual machine and its own MAC address; the ARS records the IP address of the virtual machine registered by the virtual switch and the virtual The corresponding relationship of the MAC address of the switch is for other virtual machines to query; the virtual machine in the physical server queries the MAC address corresponding to the IP address from the ARS according to the IP address of the communication peer, and communicates with the communication peer through the MAC address Terminals exchange messages. The Layer 2 network reduces the overhead of the Address Resolution Protocol and avoids the impact of broadcast storms, thus greatly improving the scalability of the Layer 2 network.
Description
技术领域 technical field
本发明涉及二层网络,尤其涉及一种实现二层网络的扩展方法及扩展的二层网络。The invention relates to a two-layer network, in particular to an extension method for realizing the two-layer network and the extended two-layer network.
背景技术 Background technique
目前的IP局域网络中,IPV4采用ARP(Address Resolution Protocol,地址解析协议),IPV6采用NDP(Neighbor Discovery Protocol,邻居发现协议)来获知二层网络的地址。两者在地址发现的机制上基本相同,都采用二层广播的方式来获知目的IP地址所对应的数据链路层地址。对于以太网,数据链路层地址对应于MAC(Media Access Control,媒体接入控制)地址。每个主机都维护有独立缓存,并预设老化定时时间,发送IP报文时,对于本机缓存中没有记录的目的IP地址,必须在局域网中广播一个ARP/NDP报文查询目的IP地址所对应的数据链路层地址。In the current IP local area network, IPV4 uses ARP (Address Resolution Protocol, Address Resolution Protocol), and IPV6 uses NDP (Neighbor Discovery Protocol, Neighbor Discovery Protocol) to obtain the address of the layer-2 network. The mechanism of address discovery is basically the same between the two, and both use Layer 2 broadcast to obtain the data link layer address corresponding to the destination IP address. For Ethernet, the data link layer address corresponds to the MAC (Media Access Control, Media Access Control) address. Each host maintains an independent cache and presets the aging timing time. When sending an IP message, for the destination IP address that is not recorded in the local cache, an ARP/NDP message must be broadcast in the LAN to query the address of the destination IP address. The corresponding data link layer address.
当局域网内主机数目非常多时,比如大型数据中心,甚至是采用L2VPN(二层虚拟专用网)技术连接起来的跨地域的L2VPN,其主机数目可以达到数千台乃至数万台,虚拟化技术的应用使得这一情况更加恶化,利用虚拟化技术,一台物理机可以支持数十个虚拟主机,未来可以支持多达数百个虚拟主机,每个虚拟主机有自己独立的IP地址和MAC地址。虽然可以采用VLAN(虚拟局域网)划分的方式来进行广播风暴的隔离(VLAN包含基于端口的VLAN和基于MAC的VLAN),但是由于虚拟化技术带来的虚拟机迁移技术要求主机本身、IP地址和MAC地址完全可浮动,导致基于端口的VLAN和基于MAC的VLAN均无法使用。When the number of hosts in the local area network is very large, such as a large data center, or even a cross-regional L2VPN connected by L2VPN (Layer 2 Virtual Private Network) technology, the number of hosts can reach thousands or even tens of thousands. Applications make this situation worse. Using virtualization technology, a physical machine can support dozens of virtual hosts, and in the future it can support up to hundreds of virtual hosts. Each virtual host has its own independent IP address and MAC address. Although VLAN (Virtual Local Area Network) division can be used to isolate broadcast storms (VLAN includes port-based VLAN and MAC-based VLAN), the virtual machine migration technology brought about by virtualization technology requires the host itself, IP address and The MAC address can be completely floated, so neither port-based VLAN nor MAC-based VLAN can be used.
OTV(Overlay Transport Virtualization,叠加网传输虚拟化)技术,相比较普通的L2VPN技术,其L2VPN不同站点间的广播风暴是隔离的,广播局限在同一个物理位置的数据中心内部。但是即使是一个数据中心内部,虚拟主机的数量仍然可以达到数万乃至数十万台,ARP/NDP广播仍然会极大影响网络的性能,同时每个二层交换机的MAC转发表的规模也有限,很难支持如此大规模的二层网络。OTV (Overlay Transport Virtualization, overlay network transmission virtualization) technology, compared with ordinary L2VPN technology, the broadcast storm between different L2VPN sites is isolated, and the broadcast is limited to the data center at the same physical location. But even in a data center, the number of virtual hosts can still reach tens of thousands or even hundreds of thousands, and ARP/NDP broadcasts will still greatly affect network performance, and the size of the MAC forwarding table of each layer 2 switch is also limited , it is difficult to support such a large-scale two-layer network.
发明内容 Contents of the invention
本发明要解决的技术问题是提供一种实现二层网络扩展的方法及扩展的二层网络,解决主机在获取目的IP地址对应的MAC地址的过程中,产生广播风暴的问题。The technical problem to be solved by the present invention is to provide a method for realizing the expansion of the two-layer network and the expanded two-layer network, and solve the problem of broadcast storm generated during the process of obtaining the MAC address corresponding to the destination IP address by the host.
为解决上述技术问题,本发明的一种实现二层网络扩展的方法,在运营商网络中设置地址解析服务器(ARS),在数据中心中的物理服务器上设置虚拟交换机;In order to solve the above-mentioned technical problems, a kind of method of realizing two-layer network extension of the present invention, address resolution server (ARS) is set in operator's network, and virtual exchange is set on the physical server in data center;
所述虚拟交换机在所述物理服务器中的虚拟机上电后,向所述ARS注册所述虚拟机的IP地址与自身MAC地址的对应关系;After the virtual machine in the physical server is powered on, the virtual switch registers with the ARS the correspondence between the IP address of the virtual machine and its own MAC address;
所述ARS记录所述虚拟交换机注册的虚拟机的IP地址与该虚拟交换机的MAC地址的对应关系,供其他虚拟机查询;The ARS records the corresponding relationship between the IP address of the virtual machine registered by the virtual switch and the MAC address of the virtual switch for other virtual machines to query;
所述物理服务器中的虚拟机根据通信对端的IP地址从所述ARS查询该IP地址对应的MAC地址,通过该MAC地址与所述通信对端进行报文交互。The virtual machine in the physical server queries the MAC address corresponding to the IP address from the ARS according to the IP address of the communication peer, and exchanges messages with the communication peer through the MAC address.
进一步地,所述虚拟交换机向所述ARS注册所述虚拟机的IP地址与自身MAC地址的对应关系包括:Further, registering the correspondence between the IP address of the virtual machine and its own MAC address with the ARS by the virtual switch includes:
所述虚拟交换机在所述虚拟机上电后记录该虚拟机的IP地址与MAC地址的对应关系,并向该虚拟交换机归属的接入服务路由器(ASR)注册所述虚拟机的IP地址与该虚拟交换机的MAC地址的对应关系;After the virtual machine is powered on, the virtual switch records the correspondence between the virtual machine's IP address and the MAC address, and registers the virtual machine's IP address and the MAC address with the access service router (ASR) to which the virtual switch belongs. The correspondence between the MAC addresses of the virtual switches;
所述ASR记录所述虚拟机的IP地址与所述虚拟交换机的MAC地址的对应关系,并向所述ARS注册该对应关系以及该ASR的地址。The ASR records the correspondence between the IP address of the virtual machine and the MAC address of the virtual switch, and registers the correspondence and the address of the ASR with the ARS.
进一步地,所述ARS记录所述虚拟交换机注册的虚拟机的IP地址与该虚拟交换机的MAC地址的对应关系时,还对应地记录所述ASR的地址。Further, when the ARS records the correspondence between the IP address of the virtual machine registered by the virtual switch and the MAC address of the virtual switch, it also correspondingly records the address of the ASR.
进一步地,所述物理服务器中的虚拟机根据通信对端的IP地址从所述ARS查询该IP地址对应的MAC地址包括:Further, the virtual machine in the physical server querying the MAC address corresponding to the IP address from the ARS according to the IP address of the communication peer includes:
所述物理服务器中的虚拟机发送MAC地址解析广播请求,该物理服务器中的虚拟交换机将该广播请求转换为单播的查询请求,采用该单播的查询请求从所述ARS查询所述通信对端的IP地址对应的MAC地址。The virtual machine in the physical server sends a MAC address resolution broadcast request, the virtual switch in the physical server converts the broadcast request into a unicast query request, and uses the unicast query request to query the communication pair from the ARS The MAC address corresponding to the IP address of the client.
进一步地,所述虚拟交换机机采用该单播的查询请求从所述ARS查询所述通信对端的IP地址对应的MAC地址包括:Further, the virtual switch machine uses the unicast query request to query the MAC address corresponding to the IP address of the communication peer from the ARS, including:
所述虚拟交换机将所述单播的查询请求发送给该虚拟交换机归属的ASR,通过该ASR查询所述通信对端的IP地址对应的MAC地址;The virtual switch sends the unicast query request to the ASR to which the virtual switch belongs, and queries the MAC address corresponding to the IP address of the communication peer through the ASR;
所述虚拟交换机归属的ASR接收到所述查询请求后,向所述ARS查询所述通信对端的IP地址对应的MAC地址,所述ARS查询并返回查询到的MAC地址和所述通信对端归属的ASR的地址,所述虚拟交换机归属的ASR保存接收到的MAC地址和ASR的地址,在所接收到的ASR的地址非自身地址时,向所述虚拟交换机返回自身的MAC地址;After receiving the query request, the ASR to which the virtual switch belongs queries the ARS for the MAC address corresponding to the IP address of the communication peer, and the ARS queries and returns the queried MAC address and the attribution of the communication peer. The address of the ASR, the ASR to which the virtual switch belongs saves the received MAC address and the address of the ASR, and returns its own MAC address to the virtual switch when the received address of the ASR is not its own address;
所述虚拟交换机通知所述物理服务器中的虚拟机所述通信对端的IP地址对应的MAC地址为所述虚拟交换机归属的ASR的地址。The virtual switch notifies the virtual machine in the physical server that the MAC address corresponding to the IP address of the communication peer is the address of the ASR to which the virtual switch belongs.
进一步地,所述物理服务器中的虚拟机通过该MAC地址与所述通信对端进行报文交互包括:Further, the message exchange between the virtual machine in the physical server and the communication peer through the MAC address includes:
所述物理服务器中的虚拟机向所述通信对端发送报文,该报文的源MAC地址和目的MAC地址分别为该虚拟机的MAC地址和所述虚拟交换机归属的ASR的地址;The virtual machine in the physical server sends a message to the communication peer, and the source MAC address and destination MAC address of the message are respectively the MAC address of the virtual machine and the address of the ASR to which the virtual switch belongs;
所述虚拟交换机接收到报文后,将该报文的源MAC地址修改为该虚拟交换机的MAC地址,并根据目的MAC地址将该报文发送给该虚拟交换机归属的ASR;After receiving the message, the virtual switch modifies the source MAC address of the message to the MAC address of the virtual switch, and sends the message to the ASR to which the virtual switch belongs according to the destination MAC address;
所述虚拟交换机归属的ASR在本地查询所述通信对端的MAC地址和通信对端归属的ASR的地址,将所述报文的目的MAC地址修改为查询到通信对端的MAC地址,并将该报文封装到目的地址为所述通信对端归属的ASR的地址的隧道中通过运营商网络发送给所述通信对端归属的ASR。The ASR to which the virtual switch belongs locally queries the MAC address of the communication peer and the address of the ASR to which the communication peer belongs, modifies the destination MAC address of the message to the MAC address of the communication peer that has been queried, and sends the report The text is encapsulated into a tunnel whose destination address is the address of the ASR to which the communication peer belongs, and sent to the ASR to which the communication peer belongs through the operator network.
进一步地,该方法还包括:Further, the method also includes:
所述通信对端归属的ASR接收到报文后,解除隧道,根据报文的目的MAC地址将报文发送给所述通信对端所在物理服务器上的虚拟交换机,该虚拟交换机根据报文的目的IP地址查询所述通信对端的MAC地址,将该报文的目的MAC地址修改为所述通信对端的MAC地址,发送给所述通信对端。After receiving the message, the ASR belonging to the communication peer releases the tunnel, and sends the message to the virtual switch on the physical server where the communication peer is located according to the destination MAC address of the message. The IP address queries the MAC address of the communication peer, modifies the destination MAC address of the message to the MAC address of the communication peer, and sends it to the communication peer.
进一步地,所述物理服务器中的虚拟机根据通信对端的IP地址从所述ARS查询该IP地址对应的MAC地址包括:Further, the virtual machine in the physical server querying the MAC address corresponding to the IP address from the ARS according to the IP address of the communication peer includes:
所述虚拟交换机将所述单播的查询请求发送给该虚拟交换机归属的ASR,通过该ASR查询所述通信对端的IP地址对应的MAC地址;The virtual switch sends the unicast query request to the ASR to which the virtual switch belongs, and queries the MAC address corresponding to the IP address of the communication peer through the ASR;
所述虚拟交换机归属的ASR接收到所述查询请求后,向所述ARS查询所述通信对端的IP地址对应的MAC地址,所述ARS查询并返回查询到的MAC地址和所述通信对端归属的ASR的地址,所述虚拟交换机归属的ASR保存接收到的MAC地址和ASR的地址,在所接收到的ASR的地址为自身地址时,向所述虚拟交换机返回接收到的MAC地址;After receiving the query request, the ASR to which the virtual switch belongs queries the ARS for the MAC address corresponding to the IP address of the communication peer, and the ARS queries and returns the queried MAC address and the attribution of the communication peer. The address of the ASR, the ASR to which the virtual switch belongs saves the received MAC address and the address of the ASR, and returns the received MAC address to the virtual switch when the received address of the ASR is its own address;
所述虚拟交换机通知所述物理服务器中的虚拟机所述通信对端的IP地址对应的MAC地址为所述虚拟交换机归属的ASR接收到的MAC地址。The virtual switch notifies the virtual machine in the physical server that the MAC address corresponding to the IP address of the communication peer is the MAC address received by the ASR to which the virtual switch belongs.
进一步地,所述物理服务器中的虚拟机通过该MAC地址与所述通信对端进行报文交互包括:Further, the message exchange between the virtual machine in the physical server and the communication peer through the MAC address includes:
所述物理服务器中的虚拟机向所述通信对端发送报文,该报文的源MAC地址和目的MAC地址分别为该虚拟机的MAC地址和所述虚拟交换机归属的ASR接收到的MAC地址;The virtual machine in the physical server sends a message to the communication peer, and the source MAC address and destination MAC address of the message are respectively the MAC address of the virtual machine and the MAC address received by the ASR to which the virtual switch belongs ;
所述虚拟交换机接收到所述报文后,将该报文的源MAC地址修改为该虚拟交换机的MAC地址,并根据目的MAC地址,通过二层交换机将该报文发送给所述通信对端所在物理服务器上的虚拟交换机。After the virtual switch receives the message, it modifies the source MAC address of the message to the MAC address of the virtual switch, and sends the message to the communication peer through the layer-2 switch according to the destination MAC address Virtual switch on the same physical server.
进一步地,该方法还包括:Further, the method also includes:
所述通信对端所在物理服务器上的虚拟交换机查询所述通信对端的MAC地址,将该报文的目的MAC地址修改为查询到的通信对端的MAC地址,发送给所述通信对端。The virtual switch on the physical server where the communication peer is located queries the MAC address of the communication peer, modifies the destination MAC address of the message to the queried MAC address of the communication peer, and sends it to the communication peer.
进一步地,所述虚拟交换机设置在所述数据中心中的物理服务器的虚拟机管理器中。Further, the virtual switch is set in the virtual machine manager of the physical server in the data center.
进一步地,一种物理服务器,该物理服务器中安装有虚拟机,在该物理服务器上还设置有虚拟交换机;Further, a physical server, a virtual machine is installed in the physical server, and a virtual switch is also set on the physical server;
所述虚拟交换机,用于在所述物理服务器中的虚拟机上电后,向运营商网络中设置的地址解析服务器(ARS)注册所述虚拟机的IP地址与自身MAC地址的对应关系。The virtual switch is configured to, after the virtual machine in the physical server is powered on, register the correspondence between the IP address of the virtual machine and its own MAC address with an Address Resolution Server (ARS) set in the operator's network.
进一步地,所述虚拟交换机向所述ARS注册所述虚拟机的IP地址与自身MAC地址的对应关系包括:Further, registering the correspondence between the IP address of the virtual machine and its own MAC address with the ARS by the virtual switch includes:
所述虚拟交换机在所述虚拟机上电后记录该虚拟机的IP地址与MAC地址的对应关系,并向该虚拟交换机归属的接入服务路由器(ASR)注册所述虚拟机的IP地址与该虚拟交换机的MAC地址的对应关系。After the virtual machine is powered on, the virtual switch records the correspondence between the virtual machine's IP address and the MAC address, and registers the virtual machine's IP address and the MAC address with the access service router (ASR) to which the virtual switch belongs. Correspondence between MAC addresses of virtual switches.
进一步地,所述虚拟交换机,还用于在接收到所述物理服务器中的虚拟机发送MAC地址解析广播请求后,将该广播请求转换为单播的查询请求,采用该单播的查询请求从所述ARS查询通信对端的IP地址对应的MAC地址。Further, the virtual switch is also configured to convert the broadcast request into a unicast query request after receiving the MAC address resolution broadcast request sent by the virtual machine in the physical server, and use the unicast query request to convert the The ARS queries the MAC address corresponding to the IP address of the communication peer.
进一步地,所述虚拟交换机机采用该单播的查询请求从所述ARS查询通信对端的IP地址对应的MAC地址包括:Further, the virtual switch machine uses the unicast query request to query the MAC address corresponding to the IP address of the communication peer from the ARS, including:
所述虚拟交换机将所述单播的查询请求发送给该虚拟交换机归属的ASR,通过该ASR查询所述通信对端的IP地址对应的MAC地址,并在所述ASR返回该ASR的地址或所述通信对端所在物理服务器上的虚拟交换机的地址后,相应地通知所述物理服务器中的虚拟机所述通信对端的IP地址对应的MAC地址为虚拟交换机归属的ASR的地址或所述通信对端所在物理服务器上的虚拟交换机的地址。The virtual switch sends the unicast query request to the ASR to which the virtual switch belongs, through which the ASR queries the MAC address corresponding to the IP address of the communication peer, and the ASR returns the address of the ASR or the After the address of the virtual switch on the physical server where the communication peer is located, correspondingly notify the virtual machine in the physical server that the MAC address corresponding to the IP address of the communication peer is the address of the ASR to which the virtual switch belongs or the address of the communication peer The address of the virtual switch on the physical server where it resides.
进一步地,所述虚拟交换机,还用于接收虚拟机向所述通信对端发送的报文,该报文的源MAC地址为该虚拟机的MAC地址,目的MAC地址为所述虚拟交换机归属的ASR的地址或所述通信对端所在物理服务器上的虚拟交换机的地址,该虚拟交换机在接收到所述报文后,将该报文的源MAC地址修改为该虚拟交换机的MAC地址,并根据目的MAC地址将该报文发送给该虚拟交换机归属的ASR或所述通信对端所在物理服务器上的虚拟交换机。Further, the virtual switch is also used to receive a message sent by the virtual machine to the communication peer, the source MAC address of the message is the MAC address of the virtual machine, and the destination MAC address is the address to which the virtual switch belongs. The address of the ASR or the address of the virtual switch on the physical server where the communication peer is located. After receiving the message, the virtual switch modifies the source MAC address of the message to the MAC address of the virtual switch, and according to The destination MAC address sends the message to the ASR to which the virtual switch belongs or the virtual switch on the physical server where the communication peer is located.
进一步地,所述虚拟交换机,还用于在接收到归属的ASR发送的报文时,根据报文的目的IP地址查询对应的MAC地址,将该报文的目的MAC地址修改为查询到的MAC地址,并进行发送。Further, the virtual switch is also configured to query the corresponding MAC address according to the destination IP address of the packet when receiving the packet sent by the belonging ASR, and modify the destination MAC address of the packet to the queried MAC address. address and send it.
进一步地,一种接入服务路由器(ASR),包括:注册模块,其中:Further, an access service router (ASR), including: a registration module, wherein:
所述注册模块,用于记录虚拟交换机注册的虚拟机的IP地址与该虚拟交换机的MAC地址的对应关系,并向地址解析服务器(ARS)注册该对应关系以及该ASR的地址。The registration module is used to record the corresponding relationship between the IP address of the virtual machine registered by the virtual switch and the MAC address of the virtual switch, and register the corresponding relationship and the address of the ASR with an address resolution server (ARS).
进一步地,该ASR还包括地址查询模块,其中:Further, the ASR also includes an address query module, wherein:
所述地址查询模块,用于在接收到所述虚拟交换机的查询请求后,向所述ARS查询虚拟机的通信对端的IP地址对应的MAC地址,并保存接收到的MAC地址和ASR的地址,在所接收到的ASR的地址非该地址查询模块所在ASR的地址时,向所述虚拟交换机返回该地址查询模块所在ASR的地址;在所接收到的ASR的地址为该地址查询模块所在ASR的地址时,向所述虚拟交换机返回接收到的MAC地址。The address query module is configured to query the ARS for the MAC address corresponding to the IP address of the communication peer of the virtual machine after receiving the query request of the virtual switch, and store the received MAC address and the address of the ASR, When the address of the received ASR is not the address of the ASR where the address query module is located, return the address of the ASR where the address query module is located to the virtual switch; the address of the received ASR is the address of the ASR where the address query module is located address, return the received MAC address to the virtual switch.
进一步地,该ASR还包括报文转发模块,其中:Further, the ASR also includes a message forwarding module, wherein:
所述报文转发模块,用于在接收到所述虚拟交换机发送的报文时,在本地查询所述通信对端的MAC地址和通信对端归属的ASR的地址,将所述报文的目的MAC地址修改为查询到通信对端的MAC地址,并将该报文封装到目的地址为所述通信对端归属的ASR的地址的隧道中通过运营商网络发送给所述通信对端归属的ASR。The message forwarding module is configured to, when receiving a message sent by the virtual switch, locally query the MAC address of the communication peer and the address of the ASR to which the communication peer belongs, and transfer the destination MAC address of the message to The address is modified to query the MAC address of the communication peer, and the message is encapsulated into a tunnel whose destination address is the address of the ASR to which the communication peer belongs, and sent to the ASR to which the communication peer belongs via the operator network.
进一步地,所述报文转发模块,还用于在接收到通过所述运营商网络发送的报文后,解除隧道,根据报文的目的MAC地址将报文发送给物理服务器上的虚拟交换机。Further, the message forwarding module is further configured to release the tunnel after receiving the message sent through the operator network, and send the message to the virtual switch on the physical server according to the destination MAC address of the message.
进一步地,一种扩展的二层网络,包括运营商网络和数据中心,在所述运营商网络中设置地址解析服务器(ARS),在所述数据中心中的物理服务器上设置虚拟交换机,其中:Further, an extended two-layer network includes an operator network and a data center, an address resolution server (ARS) is set in the operator network, and a virtual switch is set on a physical server in the data center, wherein:
所述虚拟交换机,用于在所述物理服务器中的虚拟机上电后,向所述ARS注册所述虚拟机的IP地址与自身MAC地址的对应关系;The virtual switch is configured to register the correspondence between the IP address of the virtual machine and its own MAC address with the ARS after the virtual machine in the physical server is powered on;
所述ARS,用于记录所述虚拟交换机注册的虚拟机的IP地址与该虚拟交换机的MAC地址的对应关系,供其他虚拟机查询;The ARS is used to record the corresponding relationship between the IP address of the virtual machine registered with the virtual switch and the MAC address of the virtual switch for other virtual machines to query;
所述物理服务器中的虚拟机,用于根据通信对端的IP地址从所述ARS查询该IP地址对应的MAC地址,通过该MAC地址与所述目的虚拟机进行报文交互。The virtual machine in the physical server is configured to query the MAC address corresponding to the IP address from the ARS according to the IP address of the communication peer, and exchange messages with the destination virtual machine through the MAC address.
进一步地,该二层网络还包括:在所述用户数据中心与运营商网络之间建立互通的接入服务路由器(ASR),其中:Further, the layer-2 network further includes: an access service router (ASR) for establishing intercommunication between the user data center and the operator network, wherein:
所述虚拟交换机在所述虚拟交换机向ARS注册所述虚拟机的IP地址与自身MAC地址的对应关系时,接收到所述虚拟交换机的注册后,记录所述虚拟机的IP地址与虚拟交换机的MAC地址的对应关系,并向所述ARS注册该对应关系以及该ASR的地址。When the virtual switch registers the corresponding relationship between the IP address of the virtual machine and its own MAC address with the ARS, after receiving the registration of the virtual switch, record the IP address of the virtual machine and the address of the virtual switch. The corresponding relationship of the MAC address, and register the corresponding relationship and the address of the ASR with the ARS.
进一步地,所述ASR,还用于在接收到所述虚拟交换机发送的报文时,在本地查询所述通信对端的MAC地址和通信对端归属的ASR的地址,将所述报文的目的MAC地址修改为查询到通信对端的MAC地址,并将该报文封装到目的地址为所述通信对端归属的ASR的地址的隧道中通过运营商网络发送给所述通信对端归属的ASR。Further, the ASR is also used to locally query the MAC address of the communication peer and the address of the ASR to which the communication peer belongs when receiving the message sent by the virtual switch, and set the purpose of the message to The MAC address is modified to be the MAC address of the communication peer, and the message is encapsulated into a tunnel whose destination address is the address of the ASR to which the communication peer belongs, and sent to the ASR to which the communication peer belongs through the operator network.
进一步地,所述ARS,还用于在记录所述虚拟交换机注册的虚拟机的IP地址与该虚拟交换机的MAC地址的对应关系时,对应地记录所述归属ASR的地址。Further, the ARS is further configured to correspondingly record the address of the home ASR when recording the correspondence between the IP address of the virtual machine registered with the virtual switch and the MAC address of the virtual switch.
进一步地,所述物理服务器中的虚拟机根据通信对端的IP地址从所述ARS查询该IP地址对应的MAC地址包括:Further, the virtual machine in the physical server querying the MAC address corresponding to the IP address from the ARS according to the IP address of the communication peer includes:
所述物理服务器中的虚拟机发送MAC地址解析广播请求,该物理服务器中的虚拟交换机将所述广播请求转换为单播的查询请求,采用该单播的查询请求从所述ARS查询所述通信对端的IP地址对应的MAC地址。The virtual machine in the physical server sends a MAC address resolution broadcast request, the virtual switch in the physical server converts the broadcast request into a unicast query request, and uses the unicast query request to query the communication from the ARS MAC address corresponding to the peer IP address.
利用本发明,二层网络减少了地址解析协议的开销,避免了广播风暴的影响,因此可以极大地提高二层网络的可扩展性。Utilizing the invention, the two-layer network reduces the overhead of the address resolution protocol, avoids the influence of broadcast storms, and thus can greatly improve the scalability of the two-layer network.
附图说明 Description of drawings
图1是本实施方式的系统架构图;Fig. 1 is a system architecture diagram of the present embodiment;
图2是本实施方式二层网络中一个物理机内部的结构图;Fig. 2 is a structural diagram inside a physical machine in the two-layer network of the present embodiment;
图3是本实施方式的虚拟机MAC地址注册的流程图;Fig. 3 is the flow chart of the virtual machine MAC address registration of this embodiment;
图4是本实施方式的两个虚拟机跨数据中心建立通信的流程图;FIG. 4 is a flow chart of establishing communication between two virtual machines across data centers in this embodiment;
图5是本实施方式的两个虚拟机在同一个数据中心内建立通信的流程图;FIG. 5 is a flow chart of establishing communication between two virtual machines in the same data center in this embodiment;
图6为本实施方式的接入服务路由器的结构图。FIG. 6 is a structural diagram of the access service router in this embodiment.
具体实施方式 Detailed ways
下文中将结合附图对本发明的实施例进行详细说明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other.
本实施方式对ARP/NDP协议进行改进,结合L2VPN技术,实现一个可扩展、可支持海量虚拟机的二层网络。In this embodiment, the ARP/NDP protocol is improved, combined with the L2VPN technology, to implement a layer 2 network that is scalable and can support a large number of virtual machines.
图1所示为本实施方式的网络架构,包含由多个数据中心以及负责互连的运营商网络,数据中心和运营商网络通过ASR(Access Service Router,接入服务路由器)连接,每个数据中心包含若干物理服务器和二层交换机,每个物理服务器上安装有虚拟机管理器(VMM),负责物理服务器上若干虚拟机的管理。Figure 1 shows the network architecture of this embodiment, which includes multiple data centers and operator networks responsible for interconnection. The data centers and operator networks are connected through ASR (Access Service Router, Access Service Router). The center includes several physical servers and Layer 2 switches, and each physical server is equipped with a virtual machine manager (VMM), which is responsible for the management of several virtual machines on the physical server.
本实施方式中不修改数据中心中的二层交换机和虚拟机上现有的操作系统,在虚拟机管理器中增设虚拟交换机(vSwitch)、修改接入服务路由器(也称数据中心边界路由器),还引入ARS(Address Resolution Server,地址解析服务器,也称MAC地址解析数据库),负责接收二层地址的注册和查询。In this embodiment, the existing operating system on the Layer 2 switch and the virtual machine in the data center is not modified, a virtual switch (vSwitch) is added in the virtual machine manager, and the access service router (also called the data center border router) is modified. Also introduced ARS (Address Resolution Server, address resolution server, also known as MAC address resolution database), responsible for receiving the registration and query of the second layer address.
虚拟交换机在虚拟机上电后,记录下该虚拟机的IP地址与MAC地址的对应关系,并向ARS请求注册对应关系,虚拟交换机将对应关系中的MAC地址修改为自身MAC地址,也就是说向ARS注册虚拟机的IP地址和虚拟交换机自身的MAC地址的对应关系,此时,一个VMM所管理的物理服务器中所有的虚拟机对外只呈现一个MAC地址,这大大减少了网络中二层交换设备中的MAC转发表体积。After the virtual machine is powered on, the virtual switch records the correspondence between the virtual machine's IP address and the MAC address, and requests the ARS to register the correspondence, and the virtual switch modifies the MAC address in the correspondence to its own MAC address, that is to say Register the corresponding relationship between the IP address of the virtual machine and the MAC address of the virtual switch itself with ARS. At this time, all the virtual machines in the physical server managed by a VMM only present one MAC address to the outside, which greatly reduces the number of Layer 2 switching in the network. The size of the MAC forwarding table in the device.
ARS记录下注册的MAC地址、IP地址及虚拟机归属的ASR的IP地址,以备后续查询。ARS records the registered MAC address, IP address, and IP address of the ASR to which the virtual machine belongs for subsequent query.
当VM需要和其它主机进行通信时,虚拟机现有操作系统仍然采用广播的ARP/NDP协议查询MAC地址,此广播请求被VMM中的虚拟交换机所截获,转化成到ARS的一个单播查询消息,该消息经过ASR,ASR可以对该消息进行格式转化并存储相关参数内容。ARS收到单播查询消息后返回目标虚拟机的IP地址所对应的MAC地址及归属的ASR的MAC地址。When the VM needs to communicate with other hosts, the existing operating system of the virtual machine still uses the broadcast ARP/NDP protocol to query the MAC address. This broadcast request is intercepted by the virtual switch in the VMM and converted into a unicast query message to the ARS. , the message passes through the ASR, and the ASR can convert the format of the message and store the relevant parameter content. After receiving the unicast query message, the ARS returns the MAC address corresponding to the IP address of the target virtual machine and the MAC address of the ASR to which it belongs.
由于在ARS中VM注册的MAC地址实际上是虚拟交换机的MAC地址,因此,查询方查询获得的也是虚拟交换机的地址,源虚拟机查询获得MAC地址后,将向目的虚拟机发送报文,该报文到达目的虚拟机所在的虚拟交换机,虚拟交换机查找本地数据库获得目的虚拟机的真实MAC地址,并将目的MAC地址修改为目标虚拟机的真实MAC地址,然后发送给虚拟机中的操作系统。Since the MAC address registered by the VM in ARS is actually the MAC address of the virtual switch, the address obtained by the query party is also the address of the virtual switch. After the source virtual machine obtains the MAC address from the query, it will send a packet to the destination virtual machine. When the message arrives at the virtual switch where the destination virtual machine is located, the virtual switch searches the local database to obtain the real MAC address of the destination virtual machine, modifies the destination MAC address to the real MAC address of the destination virtual machine, and then sends it to the operating system in the virtual machine.
当源虚拟机和目的虚拟机不属于同一个数据中心时,ASR将查询响应中的目标虚拟机的MAC地址改为该ASR的MAC地址,并记下目的虚拟机的IP地址和注册的MAC地址的对应关系,这样源虚拟机获得查询响应后,发送的报文的目的MAC地址是本数据中心归属的ASR的MAC地址,确保归属的ASR可以截获报文,当ASR收到目的MAC地址为自身MAC地址的报文后,取出报文中的目的IP地址,查询本地数据库,获得目的IP对应的注册MAC地址及归属ASR的MAC地址,将原始报文的目的MAC地址改为目的虚拟机对应的注册MAC地址,并封装在一个外层地址为目的虚拟机归属ASR(目的ASR)的MAC地址的IP in IP隧道中,该隧道也可以是一个GRE(Generic Routing Encapsulation,通用路由封装)形式的封装;当目的ASR收到该报文时,解除外层封装报头,取出原始数据报文,发给目的MAC地址对应的虚拟交换机。When the source virtual machine and the destination virtual machine do not belong to the same data center, ASR will change the MAC address of the target virtual machine in the query response to the MAC address of the ASR, and record the IP address and registered MAC address of the destination virtual machine In this way, after the source virtual machine obtains the query response, the destination MAC address of the message sent is the MAC address of the ASR to which the data center belongs, ensuring that the belonging ASR can intercept the message. When the ASR receives the destination MAC address as its own After the packet with the MAC address, take out the destination IP address in the packet, query the local database, obtain the registered MAC address corresponding to the destination IP and the MAC address belonging to the ASR, and change the destination MAC address of the original packet to the one corresponding to the destination virtual machine. Register the MAC address and encapsulate it in an IP in IP tunnel whose outer address is the MAC address of the destination virtual machine's ASR (destination ASR). The tunnel can also be a GRE (Generic Routing Encapsulation, general routing encapsulation) form ; When the destination ASR receives the message, it removes the outer encapsulation header, takes out the original data message, and sends it to the virtual switch corresponding to the destination MAC address.
ARS可以位于运营商网络之中集中式部署或采用分布式技术进行构建;也可以部署在数据中心内部,多个数据中心的ARS服务器构成一个逻辑上一体化的分布式服务器系统。ARS can be deployed centrally in the operator's network or built using distributed technology; it can also be deployed inside the data center, where ARS servers in multiple data centers form a logically integrated distributed server system.
为了维护MAC地址的有效性,虚拟交换机应替代虚拟机进行周期性地址注册刷新,ARS为每个地址维护一个老化定时器,当定时器周期内未收到刷新请求时,将释放该地址记录。In order to maintain the validity of the MAC address, the virtual switch should replace the virtual machine to perform periodic address registration refresh. ARS maintains an aging timer for each address. When no refresh request is received within the timer period, the address record will be released.
图1为本实施方式的系统架构图,系统中包括多个数据中心101,每个数据中心包括多个物理服务器102和多个二层交换机103;运营商网络104连接多个数据中心,其中包括核心路由器106以及处理二层地址注册、查询的ARS107;ASR105是连接数据中心和运营商网络的接入服务路由器。ASR和ARS之间运行单播地址映射协议(uMAP)。Figure 1 is a system architecture diagram of this embodiment, the system includes multiple data centers 101, each data center includes multiple physical servers 102 and multiple layer 2 switches 103; the operator network 104 connects multiple data centers, including Core router 106 and ARS 107 for handling layer 2 address registration and query; ASR 105 is an access service router connecting the data center and the carrier network. The Unicast Address Mapping Protocol (uMAP) runs between the ASR and the ARS.
图2是虚拟机池中一个物理服务器的内部架构,201是物理机器硬件;202是虚拟机管理器,负责本物理机器的虚拟机创建、撤销及调度;203是为了本实施方式所定义的虚拟交换机,负责代替虚拟机进行MAC地址的注册、将广播ARP请求转化为单播MAC查询等;204是VMM中的迁移管理器,本文不关注;205是由VMM管理的虚拟机;206是虚拟机中的操作系统;207是运行在虚拟机内操作系统之上的各种应用程序。Fig. 2 is the internal architecture of a physical server in the virtual machine pool, 201 is the physical machine hardware; 202 is the virtual machine manager, is responsible for the virtual machine creation, revocation and scheduling of the physical machine; 203 is for the virtual machine defined in this embodiment The switch is responsible for registering the MAC address instead of the virtual machine, converting the broadcast ARP request into a unicast MAC query, etc.; 204 is the migration manager in the VMM, which is not concerned in this article; 205 is the virtual machine managed by the VMM; 206 is the virtual machine The operating system in the virtual machine; 207 is various application programs running on the operating system in the virtual machine.
图3示出了本实施方式的MAC地址注册流程,包括:Fig. 3 shows the MAC address registration process of this embodiment, including:
步骤301:物理服务器中的虚拟机管理器控制虚拟机VM11上电;Step 301: the virtual machine manager in the physical server controls the virtual machine VM11 to be powered on;
步骤302:上电启动操作完成后,VM11发起获得IP地址配置的过程;Step 302: After the power-on operation is completed, VM11 initiates the process of obtaining the IP address configuration;
虚拟机VM11通过DHCP(动态主机设置协议)或其它方式获得IP地址。The virtual machine VM11 obtains an IP address through DHCP (Dynamic Host Configuration Protocol) or other methods.
步骤303:驻留在VMM中的vSwitch1通过查看IP地址自动配置报文获知VM11已经完成IP地址配置的过程,在本地记录下VM11的IP地址和MAC的对应关系,此处VM11的IP地址和MAC地址分别为IP11和MAC11,并向ARS发送MAC地址注册请求,注册IP11和vSwitch1自身MAC地址(MAC1)的对应关系,该请求经过归属ASR;Step 303: vSwitch1 residing in the VMM learns that VM11 has completed the IP address configuration process by checking the IP address automatic configuration message, and records the correspondence between the IP address and MAC of VM11 locally, where the IP address and MAC address of VM11 The addresses are IP11 and MAC11 respectively, and a MAC address registration request is sent to ARS to register the corresponding relationship between IP11 and vSwitch1's own MAC address (MAC1), and the request passes through the home ASR;
MAC地址注册请求的源IP地址和源MAC地址分别为IP11和MAC1。The source IP address and source MAC address of the MAC address registration request are IP11 and MAC1 respectively.
VM11的MAC地址MAC11为VM11上电时VMM所分配。The MAC address MAC11 of VM11 is allocated by the VMM when VM11 is powered on.
步骤304:中间的二层交换机通过查看MAC地址注册请求的源MAC地址,学习到MAC1,并记入MAC-端口转发表中;Step 304: the middle layer 2 switch learns MAC1 by checking the source MAC address of the MAC address registration request, and records it in the MAC-port forwarding table;
本步骤是二层交换机的标准行为。This step is standard behavior for Layer 2 switches.
步骤305:二层交换机转发MAC地址注册请求到ASR;Step 305: the Layer 2 switch forwards the MAC address registration request to the ASR;
步骤306:ASR收到MAC地址注册请求后,在本地记录下<MAC1、IP11>的对应关系,为后续报文转发做准备;Step 306: After the ASR receives the MAC address registration request, it records the corresponding relationship of <MAC1, IP11> locally to prepare for subsequent message forwarding;
步骤307:ASR向ARS发送地址映射注册请求,其中包括<MAC1、IP11>绑定关系以及ASR自身的IP地址;Step 307: The ASR sends an address mapping registration request to the ARS, which includes the <MAC1, IP11> binding relationship and the ASR's own IP address;
步骤308:ARS记录该地址映射注册请求中所携带的MAC、IP地址及虚拟机归属的ASR的IP地址等,以备后续查询使用;Step 308: ARS records the MAC, IP address and IP address of the ASR to which the virtual machine belongs, etc. carried in the address mapping registration request, for subsequent query use;
步骤309:ARS向ASR返回成功响应,该响应被转发给发起注册的vSwitch1。地址注册过程完成。Step 309: The ARS returns a successful response to the ASR, and the response is forwarded to the vSwitch1 that initiates the registration. The address registration process is complete.
图4示出了一种跨数据中心的两个虚拟机之间建立通信的实施例,具体流程如下:FIG. 4 shows an embodiment of establishing communication between two virtual machines across data centers, and the specific process is as follows:
步骤401:位于数据中心2内的虚拟机VM21需要和位于数据中心1内的虚拟机VM11通信,本地ARP缓存中没有VM11的IP地址对应的MAC记录,VM21发出一个普通的ARP广播请求;Step 401: The virtual machine VM21 located in the data center 2 needs to communicate with the virtual machine VM11 located in the data center 1. There is no MAC record corresponding to the IP address of VM11 in the local ARP cache, and VM21 sends a common ARP broadcast request;
此处VM11、VM21均已经上电成功,并且由其所在vSwitch代为向ARS正确注册了IP地址和MAC对应关系。Here, both VM11 and VM21 have been powered on successfully, and the vSwitch where they are located has correctly registered the correspondence between the IP address and the MAC address with the ARS.
步骤402:ARP广播请求被VM21所在物理机上的虚拟交换机vSWitch2截获,vSWitch2将其转换为一条单播的ARP查询请求通过二层交换机发给ASR2,该查询请求的查询标的为VM11的IP地址IP11;Step 402: The ARP broadcast request is intercepted by the virtual switch vSWitch2 on the physical machine where VM21 is located, and vSWitch2 converts it into a unicast ARP query request and sends it to ASR2 through the Layer 2 switch. The query target of the query request is the IP address IP11 of VM11;
步骤403:ASR2收到单播的ARP查询请求后,产生一条Map_Request(映射查询)请求发送给ARS,查询IP11对应的MAC地址;Step 403: After receiving the unicast ARP query request, ASR2 generates a Map_Request (mapping query) request and sends it to ARS to query the MAC address corresponding to IP11;
本实施例中假定ASR到ARS的查询协议不同于vSwitch的单播的ARP查询请求,实际协议定义也可以复用。In this embodiment, it is assumed that the query protocol from the ASR to the ARS is different from the unicast ARP query request of the vSwitch, and the actual protocol definition can also be reused.
步骤404:ARS查询本地数据库,获得IP11对应的MAC地址、归属ASR1的地址;Step 404: ARS queries the local database to obtain the MAC address corresponding to IP11 and the address belonging to ASR1;
步骤405:ARS将查询获得的MAC地址、ASR1的地址和IP11通过Map_Reply消息返回给ASR2;Step 405: ARS returns the MAC address, the address of ASR1 and IP11 obtained through the query to ASR2 through the Map_Reply message;
步骤406:ASR2收到Map_Reply消息后取出其中的IP、MAC和ASR1的地址,并在本地进行存储,同时构造一个ARP单播响应消息,其源MAC地址改为ASR2的MAC地址,目的MAC地址为vSWitch2的MAC地址;Step 406: ASR2 takes out IP, MAC and the address of ASR1 wherein after receiving the Map_Reply message, and stores it locally, and constructs an ARP unicast response message simultaneously, and its source MAC address is changed to the MAC address of ASR2, and the destination MAC address is MAC address of vSWitch2;
步骤406:ASR2将ARP单播响应发送给vSwitch2;Step 406: ASR2 sends the ARP unicast response to vSwitch2;
步骤407:vSwitch2根据收到的ARP单播响应构造一个普通的ARP响应,通知VM21其所查询的IP11对应的MAC地址为ASR2的MAC地址;Step 407: vSwitch2 constructs an ordinary ARP response according to the received ARP unicast response, and notifies VM21 that the MAC address corresponding to IP11 it inquires is the MAC address of ASR2;
步骤408:VM21根据查询获得的MAC地址,发送一个IP报文,源、目的IP地址、MAC地址分别为IP21、MAC21、IP11、MAC_ASR2;Step 408: VM21 sends an IP message according to the MAC address obtained from the query, and the source and destination IP addresses and MAC addresses are respectively IP21, MAC21, IP11, and MAC_ASR2;
步骤409:vSwitch2收到VM21的IP报文后,改写源MAC地址为本虚拟交换机的MAC地址MAC2,并且根据目的MAC地址为MAC_ASR2发送报文到ASR2;Step 409: vSwitch2 rewrites the source MAC address to the MAC address MAC2 of the virtual switch after receiving the IP message of VM21, and sends the message to ASR2 according to the destination MAC address of MAC_ASR2;
步骤410:ASR2取出报文中的目的IP地址,查找本地数据库,获得IP11对应的已经注册的MAC地址MAC1以及归属的ASR1的地址IP_ASR1;Step 410: ASR2 takes out the destination IP address in the message, searches the local database, and obtains the registered MAC address MAC1 corresponding to IP11 and the address IP_ASR1 of the assigned ASR1;
步骤411:ASR2根据上一步的数据得知目的IP地址位于另外一个数据中心内部,其将原始报文的目的MAC地址改为步骤406中获得的MAC1,并且将此报文封装在一个目的IP为ASR1的IP地址的隧道中发送给ASR1;Step 411: ASR2 knows that the destination IP address is located in another data center according to the data in the previous step, it changes the destination MAC address of the original message to the MAC1 obtained in step 406, and encapsulates the message in a destination IP address of Send to ASR1 in the tunnel of ASR1's IP address;
隧道可以是一个IP in IP的简单隧道,也可以是一个GRE隧道,或者是其它任何形式的隧道形式。The tunnel can be a simple IP in IP tunnel, a GRE tunnel, or any other form of tunnel.
步骤412:ASR1收到报文后,解除外层隧道报文头部,恢复原始报文;Step 412: After receiving the message, ASR1 removes the header of the outer tunnel message and restores the original message;
步骤413:ASR1根据报文的目的MAC地址将其发送给vSwitch1;Step 413: ASR1 sends the message to vSwitch1 according to the destination MAC address of the message;
步骤414:vSwitch1查找本地数据库,获知报文中目的IP地址IP11对应的真实MAC地址为MAC11,其改写二层报文头部为MAC11,并且将报文发送给VM11中操作系统的协议栈。至此,IP通信建立完成。Step 414: vSwitch1 searches the local database, learns that the real MAC address corresponding to the destination IP address IP11 in the message is MAC11, rewrites the layer 2 message header to MAC11, and sends the message to the protocol stack of the operating system in VM11. At this point, the establishment of IP communication is completed.
图5示出了一种在同一数据中心内的两个虚拟机之间建立通信的实施例,具体流程如下:FIG. 5 shows an embodiment of establishing communication between two virtual machines in the same data center, and the specific process is as follows:
步骤501:位于物理机2内的虚拟机VM21需要和位于物理机1内的虚拟机VM11通信,本地ARP缓存中没有VM11的IP地址对应的MAC记录,其发出一个普通的ARP广播请求;Step 501: The virtual machine VM21 located in the physical machine 2 needs to communicate with the virtual machine VM11 located in the physical machine 1. There is no MAC record corresponding to the IP address of VM11 in the local ARP cache, and it sends a common ARP broadcast request;
此处VM11、VM21均已经上电成功,并且由其所在vSwitch代为向ARS正确注册了自身的IP地址、MAC对应关系。Here, VM11 and VM21 have been powered on successfully, and the vSwitch where they are located has correctly registered their own IP addresses and MAC correspondences with the ARS.
步骤502:ARP广播请求被其所在物理机上的虚拟交换机vSwitch2所截获,vSwitch2将其转换为一条单播的ARP查询请求发给ASR1,该查询请求的查询标的为VM11的IP地址IP11;Step 502: The ARP broadcast request is intercepted by the virtual switch vSwitch2 on the physical machine where it is located, and vSwitch2 converts it into a unicast ARP query request and sends it to ASR1. The target of the query request is the IP address IP11 of VM11;
步骤503:ASR1收到单播的ARP查询请求后,产生一条Map_Request请求发送给ARS,查询IP11对应的MAC地址;Step 503: After receiving the unicast ARP query request, ASR1 generates a Map_Request request and sends it to ARS to query the MAC address corresponding to IP11;
本实施例中假定ASR到ARS的查询协议不同于vSwitch的ARP单播查询请求,实际协议定义也可以复用。In this embodiment, it is assumed that the query protocol from the ASR to the ARS is different from the ARP unicast query request of the vSwitch, and the actual protocol definition can also be reused.
步骤504:ARS查询本地数据库,获得IP11对应的MAC地址和归属ASR1地址。Step 504: ARS queries the local database to obtain the MAC address corresponding to IP11 and the address of ASR1.
步骤505:ARS将查询获得的MAC地址、ASR1地址和IP11通过Map_Reply消息返回给ASR1;Step 505: ARS returns the obtained MAC address, ASR1 address and IP11 to ASR1 through a Map_Reply message;
步骤506:ASR1收到Map_Reply消息后取出其中的IP、MAC和ASR1地址,并在本地进行存储,同时构造一个ARP单播响应消息,ASR1注意到该目的虚拟机的归属ASR就是自己本身,因此ARP单播响应消息的IP、MAC地址均取自于Map_Reply消息,不做修改;Step 506: After receiving the Map_Reply message, ASR1 takes out the IP, MAC and ASR1 address, stores them locally, and constructs an ARP unicast response message at the same time. ASR1 notices that the destination ASR of the virtual machine is itself, so the ARP The IP and MAC addresses of the unicast response message are taken from the Map_Reply message and will not be modified;
步骤507:vSwitch根据单播响应构造一个普通的ARP响应,通知VM21其所查询的IP11对应的MAC地址为MAC1;Step 507: vSwitch constructs an ordinary ARP response according to the unicast response, and notifies VM21 that the MAC address corresponding to IP11 it inquires is MAC1;
步骤508:VM21根据上一步查询获得的MAC地址,发送一个IP报文,源、目的IP地址、MAC地址分别为IP21、MAC21、IP11和MAC1;Step 508: VM21 sends an IP packet according to the MAC address obtained in the previous query, and the source and destination IP addresses and MAC addresses are respectively IP21, MAC21, IP11 and MAC1;
步骤509:vSwitch2收到VM21的IP报文后,改写源MAC地址为本虚拟交换机的地址MAC2,并且二层交换机根据目的MAC地址为MAC1发送报文到物理机1;Step 509: vSwitch2 rewrites the source MAC address to the address MAC2 of the virtual switch after receiving the IP message of VM21, and the Layer 2 switch sends the message to physical machine 1 according to the destination MAC address of MAC1;
步骤510:物理机1上的vSwitch1收到此报文,查找本地数据库,获知报文中目的IP地址IP11对应的真实MAC地址为MAC11,其改写二层报文头部为MAC11,并且将报文发送给VM11中操作系统的协议栈。至此,IP通信建立完成。Step 510: vSwitch1 on physical machine 1 receives the message, searches the local database, and learns that the real MAC address corresponding to the destination IP address IP11 in the message is MAC11, rewrites the header of the layer-2 message to MAC11, and converts the message to Sent to the protocol stack of the operating system in VM11. So far, the establishment of IP communication is completed.
图6为本实施方式的ASR的结构图,包括:注册模块、地址查询模块和报文转发模块,其中:Fig. 6 is the structural diagram of the ASR of this embodiment, including: registration module, address query module and message forwarding module, wherein:
注册模块,用于记录虚拟交换机注册的虚拟机的IP地址与该虚拟交换机的MAC地址的对应关系,并向地址解析服务器(ARS)注册该对应关系以及该ASR的地址。The registration module is used to record the corresponding relationship between the IP address of the virtual machine registered by the virtual switch and the MAC address of the virtual switch, and register the corresponding relationship and the address of the ASR with the address resolution server (ARS).
地址查询模块,用于在接收到虚拟交换机的查询请求后,向ARS查询虚拟机的通信对端的IP地址对应的MAC地址,并保存接收到的MAC地址和ASR的地址,在所接收到的ASR的地址非该地址查询模块所在ASR的地址时,向虚拟交换机返回该地址查询模块所在ASR的地址;在所接收到的ASR的地址为该地址查询模块所在ASR的地址时,向虚拟交换机返回接收到的MAC地址。The address query module is used to query the ARS for the MAC address corresponding to the IP address of the communication peer of the virtual machine after receiving the query request of the virtual switch, and save the received MAC address and the address of the ASR, and then in the received ASR When the address of the address query module is not the address of the ASR where the address query module is located, return the address of the ASR where the address query module is located to the virtual switch; to the MAC address.
报文转发模块,用于在接收到虚拟交换机发送的报文时,在本地查询通信对端的MAC地址和通信对端归属的ASR的地址,将报文的目的MAC地址修改为查询到通信对端的MAC地址,并将该报文封装到目的地址为通信对端归属的ASR的地址的隧道中通过运营商网络发送给通信对端归属的ASR,并且在接收到通过运营商网络发送的报文后,解除隧道,根据报文的目的MAC地址将报文发送给物理服务器上的虚拟交换机。The message forwarding module is used to locally query the MAC address of the communication peer and the address of the ASR to which the communication peer belongs when receiving a message sent by the virtual switch, and modify the destination MAC address of the message to the address of the query to the communication peer. MAC address, and encapsulate the message into a tunnel whose destination address is the address of the ASR of the communication peer, and send it to the ASR of the communication peer through the operator network, and after receiving the message sent through the operator network , release the tunnel, and send the packet to the virtual switch on the physical server according to the destination MAC address of the packet.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序来指令相关硬件完成,程序可以存储于计算机可读存储介质中,如只读存储器、磁盘或光盘等。可选地,上述实施例的全部或部分步骤也可以使用一个或多个集成电路来实现。相应地,上述实施例中的各模块可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。本发明不限制于任何特定形式的硬件和软件的结合。Those of ordinary skill in the art can understand that all or part of the steps in the above method can be completed by instructing related hardware through a program, and the program can be stored in a computer-readable storage medium, such as a read-only memory, a magnetic disk, or an optical disk. Optionally, all or part of the steps in the foregoing embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module in the foregoing embodiments may be implemented in the form of hardware, or may be implemented in the form of software function modules. The present invention is not limited to any specific combination of hardware and software.
当然,本发明还可有多种实施方式,在不背离本发明精神及其实质的情况,熟悉本领域的技术人员当可根据本发明做出各种相应的更改或变化,但凡在本发明的精神和原则之内所作的任何修改、等同替换、改进,均应包含在本发明的保护范围之内。Certainly, the present invention can also have multiple implementation modes, without departing from the spirit and essence of the present invention, those skilled in the art can make various corresponding changes or changes according to the present invention, but all Any modifications, equivalent replacements, and improvements made within the spirit and principles shall be included within the protection scope of the present invention.
Claims (19)
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010521812.2A CN102457586B (en) | 2010-10-18 | 2010-10-18 | Expanding method for realizing double-layer network and expanded double-layer network |
| PCT/CN2011/077332 WO2012051872A1 (en) | 2010-10-18 | 2011-07-19 | Method for expanding layer 2 network and expanded layer 2 network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010521812.2A CN102457586B (en) | 2010-10-18 | 2010-10-18 | Expanding method for realizing double-layer network and expanded double-layer network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102457586A CN102457586A (en) | 2012-05-16 |
| CN102457586B true CN102457586B (en) | 2015-06-03 |
Family
ID=45974666
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010521812.2A Active CN102457586B (en) | 2010-10-18 | 2010-10-18 | Expanding method for realizing double-layer network and expanded double-layer network |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102457586B (en) |
| WO (1) | WO2012051872A1 (en) |
Families Citing this family (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710509B (en) * | 2012-05-18 | 2015-04-15 | 杭州华三通信技术有限公司 | Automatic data center configuration method and method |
| CN102868642B (en) * | 2012-10-09 | 2015-11-18 | 盛科网络(苏州)有限公司 | The method and apparatus of NVGRE message repeating is realized in ASIC |
| CN102932498B (en) * | 2012-10-24 | 2016-08-03 | 广州杰赛科技股份有限公司 | A kind of virtual machine IP method for managing resource of cloud computing platform |
| US8976792B2 (en) * | 2012-10-31 | 2015-03-10 | Cisco Technology, Inc. | OTV scaling: site virtual MAC address |
| CN103067270B (en) * | 2013-01-08 | 2016-12-28 | 杭州华三通信技术有限公司 | A kind of virtual machine exchange visit safety control method and device |
| US9282033B2 (en) * | 2013-08-06 | 2016-03-08 | Cisco Technology, Inc. | Intelligent handling of virtual machine mobility in large data center environments |
| CN104426816B (en) * | 2013-08-19 | 2018-08-21 | 华为技术有限公司 | A kind of virtual machine communication method and device |
| EP2854377B1 (en) * | 2013-09-27 | 2016-07-13 | Alcatel Lucent | A method for centralized address resolution |
| CN103684966B (en) * | 2013-12-10 | 2017-04-05 | 华为技术有限公司 | A kind of dynamic host configuration protocol message processing method and processing device |
| CN103731353B (en) * | 2013-12-26 | 2017-07-14 | 华为技术有限公司 | The physical address acquisition methods of virtual machine |
| CN105657078B (en) * | 2015-12-29 | 2019-05-31 | 联想(北京)有限公司 | A kind of data transmission method, device and multitiered network manager |
| CN106254508B (en) * | 2016-08-29 | 2019-04-19 | 优刻得科技股份有限公司 | A kind of multi-case data packet communication method, device and system |
| CN106550059A (en) * | 2016-10-27 | 2017-03-29 | 曙光信息产业(北京)有限公司 | A method and device for responding to an ARP request |
| EP3343881B1 (en) | 2016-11-09 | 2019-08-14 | Huawei Technologies Co., Ltd. | Packet processing method in cloud computing system, host, and system |
| CN107278359B (en) * | 2016-11-09 | 2020-09-18 | 华为技术有限公司 | Method, host and system for processing message in cloud computing system |
| CN108092923B (en) * | 2016-11-23 | 2021-06-18 | 阿里巴巴集团控股有限公司 | Message processing method and device based on SR-IOV |
| CN107370841B (en) * | 2017-08-20 | 2020-11-27 | 中国人民解放军理工大学 | A method for efficient address resolution on multi-hop wireless networks |
| CN109672633A (en) * | 2018-12-27 | 2019-04-23 | 南京极域信息科技有限公司 | A kind of virtual switch method |
| CN109889623A (en) * | 2019-02-26 | 2019-06-14 | 湖南省星岳天璇科技有限公司 | Big two layer stackups Ethernet ARP broadcast removing method and device |
| CN112187500A (en) * | 2019-07-04 | 2021-01-05 | 中兴通讯股份有限公司 | Network element management device and message processing method |
| CN111404843A (en) * | 2020-03-05 | 2020-07-10 | 广东睿江云计算股份有限公司 | Optimization method and system for processing ARP data packet under IASS network platform |
| CN114124867B (en) * | 2021-11-18 | 2023-07-04 | 大连九锁网络有限公司 | Group-sending instant message transmission method under two-layer and three-layer mixed network structure |
| CN114338397B (en) * | 2021-12-27 | 2023-11-03 | 中国联合网络通信集团有限公司 | Cloud platform network configuration method, device, server, storage medium and system |
| CN114760263B (en) * | 2022-03-29 | 2024-05-03 | 浪潮云信息技术股份公司 | Address resolution method, cloud platform and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1613023A2 (en) * | 2004-07-01 | 2006-01-04 | Fujitsu Limited | Network system, network bridge device, network management apparatus, network address assignment method and network address resolution method |
| CN1968184A (en) * | 2005-11-18 | 2007-05-23 | 杭州华为三康技术有限公司 | Link layer communication method in LAN and network device thereof |
| CN101494536A (en) * | 2009-02-20 | 2009-07-29 | 华为技术有限公司 | Method, apparatus and system for preventing ARP aggression |
| CN101808107A (en) * | 2009-02-17 | 2010-08-18 | 华为技术有限公司 | Storage device and user communication method, device and system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7289463B2 (en) * | 2002-04-30 | 2007-10-30 | Alcatel Lucent | Hierarchical wireless network and an associated method for delivering IP packets to mobile stations |
| CN1251109C (en) * | 2002-11-05 | 2006-04-12 | 联想(北京)有限公司 | A kind of Internet communication method and implementing system |
| CN101340293B (en) * | 2008-08-12 | 2010-10-27 | 杭州华三通信技术有限公司 | Packet safety detection method and device |
-
2010
- 2010-10-18 CN CN201010521812.2A patent/CN102457586B/en active Active
-
2011
- 2011-07-19 WO PCT/CN2011/077332 patent/WO2012051872A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1613023A2 (en) * | 2004-07-01 | 2006-01-04 | Fujitsu Limited | Network system, network bridge device, network management apparatus, network address assignment method and network address resolution method |
| CN1968184A (en) * | 2005-11-18 | 2007-05-23 | 杭州华为三康技术有限公司 | Link layer communication method in LAN and network device thereof |
| CN101808107A (en) * | 2009-02-17 | 2010-08-18 | 华为技术有限公司 | Storage device and user communication method, device and system |
| CN101494536A (en) * | 2009-02-20 | 2009-07-29 | 华为技术有限公司 | Method, apparatus and system for preventing ARP aggression |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2012051872A1 (en) | 2012-04-26 |
| CN102457586A (en) | 2012-05-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102457586B (en) | Expanding method for realizing double-layer network and expanded double-layer network | |
| US9448821B2 (en) | Method and system for realizing virtual machine mobility | |
| CN102859973B (en) | Method, apparatus and system for address resolution | |
| CN102025589B (en) | Method and system for realizing virtual private network | |
| CN108200225B (en) | Asymmetric network address encapsulation | |
| EP2897347B1 (en) | Method for transmitting addresses correspondence relationship in second-layer protocol using link status routing | |
| US9515930B2 (en) | Intelligent handling of virtual machine mobility in large data center environments | |
| CN102025591B (en) | Method and system for implementing virtual private network | |
| CN103841028B (en) | Method and device for forwarding messages | |
| CN102577331B (en) | Virtual 2nd layer and make its extendible mechanism | |
| CN102710509B (en) | Automatic data center configuration method and method | |
| CN113872845B (en) | Method for establishing VXLAN tunnel and related equipment | |
| US20140019621A1 (en) | Hierarchical system for managing a plurality of virtual machines, method and computer program | |
| WO2011113393A2 (en) | Virtual local area network identity transformation method and apparatus | |
| JP2016536840A (en) | Centralized address resolution method | |
| EP2584742B1 (en) | Method and switch for sending packet | |
| CN106209616B (en) | Flooding inhibition method and device | |
| WO2011069399A1 (en) | Address mapping method and access service node | |
| WO2015085788A1 (en) | Method and apparatus for processing dynamic host configuration protocol message | |
| CN103108056A (en) | Device and method capable of achieving subscriber identifier and locator separation network | |
| CN112929284A (en) | ND message identification method and system under IPv6VXLAN scene | |
| CN110620715B (en) | Virtual extended local area network communication method, tunnel endpoint and controller | |
| CN102546372B (en) | A kind of method and system improving mapping routing table service efficiency | |
| WO2012083685A1 (en) | Method and system for improving use efficiency of mapping and routing table | |
| WO2019123630A1 (en) | Communication device and communication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201221 Address after: Room 705, 7 / F, room 9, 1699, Zuchongzhi South Road, Kunshan City, Suzhou City, Jiangsu Province Patentee after: Kunshan chuangzhihui Intellectual Property Operation Co.,Ltd. Address before: 518057 Ministry of justice, Zhongxing building, South Science and technology road, Nanshan District hi tech Industrial Park, Shenzhen, Guangdong Patentee before: ZTE Corp. |
|
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 215300 rooms 107 and 108, area C, 55 Xiaxi street, Kunshan Development Zone, Suzhou City, Jiangsu Province Patentee after: Kunshan chuangzhihui Intellectual Property Operation Co.,Ltd. Address before: Room 705, 7 / F, room 9, 1699, Zuchongzhi South Road, Kunshan City, Suzhou City, Jiangsu Province Patentee before: Kunshan chuangzhihui Intellectual Property Operation Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20241106 Address after: Room 2212, Building 3, No.1 Hongfeng Road, Enterprise Science and Technology Park, Qianjin East Road, Kunshan Development Zone, Suzhou City, Jiangsu Province, 215300 (cluster registration) Patentee after: Suzhou group control robot intelligent technology Co.,Ltd. Country or region after: China Address before: 215300 rooms 107 and 108, area C, 55 Xiaxi street, Kunshan Development Zone, Suzhou City, Jiangsu Province Patentee before: Kunshan chuangzhihui Intellectual Property Operation Co.,Ltd. Country or region before: China |