[go: up one dir, main page]

CN103229489A - Virtual-machine control strategy configuration method and switch - Google Patents

Virtual-machine control strategy configuration method and switch Download PDF

Info

Publication number
CN103229489A
CN103229489A CN2012800029600A CN201280002960A CN103229489A CN 103229489 A CN103229489 A CN 103229489A CN 2012800029600 A CN2012800029600 A CN 2012800029600A CN 201280002960 A CN201280002960 A CN 201280002960A CN 103229489 A CN103229489 A CN 103229489A
Authority
CN
China
Prior art keywords
virtual machine
control
policy
mac address
control strategy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012800029600A
Other languages
Chinese (zh)
Other versions
CN103229489B (en
Inventor
张恒梁
宋哲炫
李金成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
XFusion Digital Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN103229489A publication Critical patent/CN103229489A/en
Application granted granted Critical
Publication of CN103229489B publication Critical patent/CN103229489B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

本发明涉及一种虚拟机控制策略的配置方法和交换机。该方法包括:接收针对虚拟机的第一控制策略;根据所述第一控制策略中的虚拟机标识,获取所述虚拟机的MAC地址;使用所述虚拟机的MAC地址替换所述第一控制策略中的所述虚拟机标识,得到第二控制策略。由此,本发明实施例实现了MAC地址级别的控制策略的配置和管理,使得MAC地址级别的策略控制更加容易实现。

Figure 201280002960

The invention relates to a virtual machine control policy configuration method and a switch. The method includes: receiving a first control policy for a virtual machine; acquiring a MAC address of the virtual machine according to a virtual machine identifier in the first control policy; replacing the first control policy with the MAC address of the virtual machine The virtual machine identifier in the policy is used to obtain a second control policy. Thus, the embodiment of the present invention realizes the configuration and management of the MAC address level control policy, making the MAC address level policy control easier to implement.

Figure 201280002960

Description

虚拟机控制策略的配置方法和交换机Virtual machine control policy configuration method and switch

技术领域technical field

本发明涉及通信领域,尤其涉及一种虚拟机控制策略的配置方法和交换机。The invention relates to the communication field, in particular to a method for configuring a virtual machine control policy and a switch.

背景技术Background technique

虚拟化是实现云计算最重要的技术基础,虚拟化技术可以提高资源的利用率,并能够根据用户业务需求的变化,快速、灵活地进行资源部署。服务器虚拟化使得分隔良好的工作负荷能够再次共用硬件,大幅减少了实体服务器对空间的占用以及在电力和散热方面的消耗,终止了服务器蔓延,而且还大大加快了服务器设置的速度。Virtualization is the most important technical basis for realizing cloud computing. Virtualization technology can improve the utilization rate of resources, and can quickly and flexibly deploy resources according to changes in user business needs. Server virtualization enables well-segregated workloads to share hardware again, dramatically reduces physical server footprint and power and cooling consumption, ends server sprawl, and dramatically speeds up server setup.

由于服务器应用场景的不同以及服务器类型的不同,因此要实现服务器虚拟化就要使用综合性虚拟化软件平台,而且也需要拥有多核心、高密度、可靠的内存,以及具有可扩展性的输入/输出(Input/Output,I/O)吞吐量的硬件平台。但是通用的服务器虚拟化技术无法在虚拟机级别进行保护和执行策略,也无法使策略随虚拟机移动。Due to different server application scenarios and different server types, it is necessary to use a comprehensive virtualization software platform to realize server virtualization, and it also needs to have multi-core, high-density, reliable memory, and scalable input/ Output (Input/Output, I/O) throughput hardware platform. However, common server virtualization technologies cannot protect and enforce policies at the virtual machine level, nor can the policies move with the virtual machines.

在现有技术下,支持虚拟网卡标记VN-Tag(用来标识虚拟机的虚拟网卡)的虚拟交换机建立很多的端口用来和虚拟机的虚拟网卡对应,当虚拟机的虚拟网卡有数据进入虚拟交换机时,虚拟交换机就会对该数据添加VN-Tag再转发,实现了虚拟机级别的策略控制。但是现有技术的缺点是该方案的实现需要虚拟交换机、接入交换机、甚至核心网交换机同时支持该技术,因此需要对不支持VNTag技术的设备进行升级,这就使得该技术方案的应用具有局限性,而且需要升级设备成本也高。Under the existing technology, the virtual switch that supports the virtual network card mark VN-Tag (used to identify the virtual network card of the virtual machine) establishes many ports to correspond to the virtual network card of the virtual machine. When the virtual network card of the virtual machine has data entering the virtual machine When switching, the virtual switch will add VN-Tag to the data and then forward it, realizing policy control at the virtual machine level. However, the disadvantage of the existing technology is that the implementation of this solution requires virtual switches, access switches, and even core network switches to support this technology at the same time, so it is necessary to upgrade devices that do not support VNTag technology, which limits the application of this technical solution Sex, and the cost of upgrading equipment is also high.

发明内容Contents of the invention

鉴于现有技术中利用VN-tag技术进行虚拟机控制策略配置的方法对设备要求高,成本大的问题,本发明实施例提供了一种虚拟机控制策略的配置方法和交换机。In view of the problems of high equipment requirements and high cost in the prior art method for configuring virtual machine control policies using VN-tag technology, embodiments of the present invention provide a method for configuring virtual machine control policies and a switch.

第一方面,本发明实施例提供了一种虚拟机控制策略的配置方法,所述方法包括:In a first aspect, an embodiment of the present invention provides a method for configuring a virtual machine control policy, the method including:

接收针对虚拟机的第一控制策略;receiving a first control policy for the virtual machine;

根据所述第一控制策略中的虚拟机标识,获取所述虚拟机的MAC地址;Obtain the MAC address of the virtual machine according to the virtual machine identifier in the first control policy;

使用所述虚拟机的MAC地址替换所述第一控制策略中的所述虚拟机标识,得到第二控制策略。Using the MAC address of the virtual machine to replace the virtual machine identifier in the first control policy to obtain a second control policy.

在第一种可能的实现方式中,所述得到第二控制策略之后,还包括:接收针对所述虚拟机的地址变更消息,所述地址变更消息携带更新MAC地址;使用所述更新MAC地址替换所述第二控制策略中的所述MAC地址,得到第三控制策略。In a first possible implementation manner, after obtaining the second control policy, it further includes: receiving an address change message for the virtual machine, where the address change message carries an updated MAC address; using the updated MAC address to replace The MAC address in the second control policy obtains a third control policy.

结合第一方面,在第二种可能的实现方式中,所述得到第二控制策略之后,还包括:接收针对所述虚拟机的第一更新控制策略,所述第一更新控制策略中包括所述虚拟机的所述虚拟机标识;获取所述虚拟机标识对应的所述MAC地址,使用所述MAC地址替换所述第一更新控制策略中的所述虚拟机标识,得到第二更新控制策略;使用所述第二更新控制策略替换所述第二控制策略。With reference to the first aspect, in a second possible implementation manner, after obtaining the second control policy, further include: receiving a first update control policy for the virtual machine, the first update control policy including the The virtual machine identifier of the virtual machine; obtain the MAC address corresponding to the virtual machine identifier, use the MAC address to replace the virtual machine identifier in the first update control strategy, and obtain a second update control strategy ; replacing the second control strategy with the second update control strategy.

结合第一方面,在第三种可能的实现方式中,所述根据所述第一控制策略中的虚拟机标识,获取所述虚拟机的MAC地址之前,还包括:接收所述虚拟机标识,以及所述虚拟机标识对应的N个MAC地址,其中,N大于或者等于1。With reference to the first aspect, in a third possible implementation manner, before acquiring the MAC address of the virtual machine according to the virtual machine identifier in the first control policy, the method further includes: receiving the virtual machine identifier, and N MAC addresses corresponding to the virtual machine identifier, where N is greater than or equal to 1.

结合第一方面的第三种可能的实现方式,在第四种可能的实现方式中,所述使用所述虚拟机的MAC地址替换所述第一控制策略中的所述虚拟机标识,得到第二控制策略具体为:使用所述N个MAC地址逐一替换所述第一控制策略中的所述虚拟机标识,得到N条第二控制策略,所述N条第二控制策略分别与所述N个MAC地址一一对应。With reference to the third possible implementation manner of the first aspect, in a fourth possible implementation manner, the virtual machine identifier in the first control policy is replaced by using the MAC address of the virtual machine to obtain the first The second control strategy is specifically: use the N MAC addresses to replace the virtual machine identifiers in the first control strategy one by one to obtain N second control strategies, and the N second control strategies are respectively related to the N There is a one-to-one correspondence between each MAC address.

结合第一方面,在第五种可能的实现方式中,所述得到第二控制策略之后,还包括:根据所述第二控制策略,对接收到的并且以所述MAC地址为目的地址或源地址的数据包进行处理。With reference to the first aspect, in a fifth possible implementation manner, after obtaining the second control policy, further include: according to the second control policy, for the received MAC address as the destination address or source address Addressed packets are processed.

结合第一方面的第五种可能的实现方式,在第六种可能的实现方式中,所述根据所述第二控制策略,对接收到的并且以所述MAC地址为目的地址或源地址的数据包进行处理具体包括:接收以所述MAC地址为目的地址或源地址的数据包;根据所述第二控制策略,转发所述数据包或拒绝转发所述数据包。With reference to the fifth possible implementation manner of the first aspect, in a sixth possible implementation manner, according to the second control policy, the received MAC address as the destination address or source address Processing the data packet specifically includes: receiving the data packet with the MAC address as the destination address or the source address; forwarding the data packet or refusing to forward the data packet according to the second control policy.

结合第一方面或者第一方面的第一种、第二种、第三种、第四种、第五种、第六种可能的实现方式,在第七种可能的实现方式中,所述第一控制策略包括以下控制策略中的至少一种:访问控制策略,资源预留策略,流量优先级策略,最大流量延时策略,最大流量丢包率策略,最大流量抖动策略。In combination with the first aspect or the first, second, third, fourth, fifth, and sixth possible implementations of the first aspect, in a seventh possible implementation, the first A control policy includes at least one of the following control policies: access control policy, resource reservation policy, traffic priority policy, maximum traffic delay policy, maximum traffic packet loss rate policy, and maximum traffic jitter policy.

第二方面,本发明实施例提供了一种交换机,包括控制模块,所述控制模块包括接收子模块、获取子模块、转化子模块;所述接收子模块,用于接收针对虚拟机的第一控制策略;所述获取子模块,用于根据所述第一控制策略中的虚拟机标识,获取所述虚拟机的MAC地址;所述转化子模块,用于使用所述虚拟机的MAC地址替换所述第一控制策略中的所述虚拟机标识,得到第二控制策略。In the second aspect, the embodiment of the present invention provides a switch, including a control module, the control module includes a receiving submodule, an acquisition submodule, and a conversion submodule; the receiving submodule is used to receive the first Control strategy; the obtaining submodule is configured to obtain the MAC address of the virtual machine according to the virtual machine identifier in the first control strategy; the conversion submodule is configured to replace the virtual machine with the MAC address of the virtual machine The virtual machine identifier in the first control policy is used to obtain a second control policy.

在第一种可能的实现方式中,所述接收子模块还用于,接收针对所述虚拟机的地址变更消息,所述地址变更消息携带更新MAC地址;所述转化子模块还用于,使用所述更新MAC地址替换所述第二控制策略中的所述MAC地址,得到第三控制策略。In a first possible implementation manner, the receiving submodule is further configured to receive an address change message for the virtual machine, where the address change message carries an updated MAC address; the conversion submodule is further configured to use The updated MAC address replaces the MAC address in the second control strategy to obtain a third control strategy.

结合第二方面,在第二种可能的实现方式中,所述交换机还包括替换子模块;所述接收子模块,还用于接收针对所述虚拟机的第一更新控制策略,所述第一更新控制策略中包括所述虚拟机的所述虚拟机标识;所述转化子模块,还用于获取所述虚拟机标识对应的所述MAC地址,使用所述MAC地址替换所述第一更新控制策略中的所述虚拟机标识,得到第二更新控制策略;所述替换子模块,用于使用所述第二更新控制策略替换所述第二控制策略。With reference to the second aspect, in a second possible implementation manner, the switch further includes a replacement submodule; the receiving submodule is further configured to receive a first update control policy for the virtual machine, the first The update control policy includes the virtual machine identifier of the virtual machine; the conversion submodule is further configured to obtain the MAC address corresponding to the virtual machine identifier, and use the MAC address to replace the first update control The virtual machine identifier in the policy obtains a second update control policy; the replacement submodule is configured to use the second update control policy to replace the second control policy.

结合第二方面,在第三种可能的实现方式中,所述接收子模块还用于,接收所述虚拟机标识,以及所述虚拟机标识对应的N个MAC地址,其中,N大于或者等于1。With reference to the second aspect, in a third possible implementation manner, the receiving submodule is further configured to receive the virtual machine identifier and N MAC addresses corresponding to the virtual machine identifier, where N is greater than or equal to 1.

结合第二方面的第三种可能的实现方式,在第四种可能的实现方式中,所述转化子模块具体用于,使用所述N个MAC地址逐一替换所述第一控制策略中的所述虚拟机标识,得到N条第二控制策略,所述N条第二控制策略分别与所述N个MAC地址一一对应。With reference to the third possible implementation manner of the second aspect, in a fourth possible implementation manner, the converting submodule is specifically configured to use the N MAC addresses to replace all the MAC addresses in the first control strategy one by one. The virtual machine identifier is used to obtain N second control strategies, and the N second control strategies correspond to the N MAC addresses respectively.

结合第二方面,在第五种可能的实现方式中,所述交换机还包括交换模块,所述交换模块与所述控制模块连接;所述交换模块,用于从所述控制模块接收所述第二控制策略,并且根据所述第二控制策略,对接收到的并且以所述MAC地址为目的地址或源地址的数据包进行转发或拒绝转发处理。With reference to the second aspect, in a fifth possible implementation manner, the switch further includes a switching module connected to the control module; the switching module is configured to receive the first Two control strategies, and according to the second control strategy, forward or refuse to forward the received data packets with the MAC address as the destination address or source address.

结合第二方面或者第二方面的第一种、第二种、第三种、第四种、第五种可能的实现方式,在第六种可能的实现方式中,所述控制策略包括但不限于下面一项或任意项的组合:访问控制策略,资源预留策略,流量优先级策略,最大流量延时策略,最大流量丢包率策略,最大流量抖动策略。In combination with the second aspect or the first, second, third, fourth, and fifth possible implementations of the second aspect, in a sixth possible implementation, the control strategy includes but not Limited to one or any combination of the following: access control policy, resource reservation policy, traffic priority policy, maximum traffic delay policy, maximum traffic packet loss rate policy, and maximum traffic jitter policy.

本发明实施例中,交换机从网络管理中心获取针对虚拟机的第一控制策略;根据所述第一控制策略中的虚拟机标识,获取所述虚拟机的MAC地址;使用所述虚拟机的MAC地址替换所述第一控制策略中的所述虚拟机标识,得到第二控制策略。由此,本发明实施例实现了MAC地址级别的控制策略的配置和管理,而且解决了现有技术中利用VN-tag技术进行虚拟机控制策略配置的方法对设备要求高,成本大的问题,节省了大量的经济成本,使得虚拟机级别的策略控制更加容易实现。In the embodiment of the present invention, the switch obtains the first control strategy for the virtual machine from the network management center; obtains the MAC address of the virtual machine according to the virtual machine identifier in the first control strategy; uses the MAC address of the virtual machine The address replaces the virtual machine identifier in the first control policy to obtain a second control policy. Thus, the embodiment of the present invention realizes the configuration and management of the control policy at the MAC address level, and solves the problem of high equipment requirements and high cost in the method of using the VN-tag technology to configure the virtual machine control policy in the prior art. It saves a lot of economic costs and makes it easier to implement policy control at the virtual machine level.

附图说明Description of drawings

图1为本发明实施例提供的一种虚拟机控制策略的配置方法的应用架构示意图;FIG. 1 is a schematic diagram of an application architecture of a method for configuring a virtual machine control strategy provided by an embodiment of the present invention;

图2为本发明实施例提供的一种虚拟机控制策略的配置方法流程图;FIG. 2 is a flow chart of a method for configuring a virtual machine control strategy provided by an embodiment of the present invention;

图3为本发明实施例提供的一种交换机示意图;FIG. 3 is a schematic diagram of a switch provided by an embodiment of the present invention;

图4为本发明实施例提供的另一交换机示意图。FIG. 4 is a schematic diagram of another switch provided by an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。针对本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. With respect to the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

图1为本发明实施例提供的一种虚拟机控制策略的配置方法的应用架构示意图。如图1所示,网络管理中心可以获得虚拟机的每个网口对应的虚拟MAC地址,并且可将虚拟机的虚拟网口的MAC地址和虚拟机的对应关系(该对应关系可通过虚拟机的虚拟机标识(本申请文件中的虚拟机标识指的是虚拟机的ID)和虚拟机的MAC地址的对应关系体现),以及针对虚拟机的控制策略发送到数据中心接入交换机的控制模块,其中该交换机可以为开放流OpenFlow交换机;控制模块在接收到虚拟网口的MAC地址和虚拟机的对应关系,以及针对虚拟机的控制策略后,可将该针对虚拟机的控制策略转换为针对MAC地址的控制策略;交换机在接收到来自虚拟机的某个MAC地址或者发送至虚拟机的某个MAC地址的数据包时,根据针对MAC地址的控制策略,可以对数据包进行相应处理,从而实现了针对该虚拟机的策略控制。FIG. 1 is a schematic diagram of an application architecture of a method for configuring a virtual machine control policy provided by an embodiment of the present invention. As shown in Figure 1, the network management center can obtain the virtual MAC address corresponding to each network port of the virtual machine, and can associate the MAC address of the virtual network port of the virtual machine with the virtual machine (the correspondence can be obtained through the virtual machine The virtual machine identification (the virtual machine identification in this application document refers to the virtual machine ID) and the corresponding relationship between the virtual machine's MAC address is reflected), and the control strategy for the virtual machine is sent to the control module of the data center access switch , wherein the switch can be an OpenFlow switch; after the control module receives the corresponding relationship between the MAC address of the virtual network port and the virtual machine, and the control strategy for the virtual machine, it can convert the control strategy for the virtual machine into MAC address control policy; when the switch receives a data packet from a certain MAC address of a virtual machine or is sent to a certain MAC address of a virtual machine, it can process the data packet accordingly according to the control policy for the MAC address, thereby Implemented policy control for the virtual machine.

图2为本发明实施例提供的一种虚拟机控制策略的配置方法流程图。该实施例的执行主体是交换机,其中详细描述了交换机从网络管理中心获取针对虚拟机的控制策略后,将针对虚拟机的控制策略转换为针对MAC地址的控制策略的方法。如图2所示,该实施例包括以下步骤:FIG. 2 is a flow chart of a method for configuring a virtual machine control policy provided by an embodiment of the present invention. The implementation subject of this embodiment is a switch, which describes in detail the method for the switch to convert the control policy for the virtual machine into the control policy for the MAC address after obtaining the control policy for the virtual machine from the network management center. As shown in Figure 2, this embodiment includes the following steps:

步骤201,接收针对虚拟机的第一控制策略。Step 201, receiving a first control policy for a virtual machine.

为了实现本发明的技术方案,交换机包括控制模块和交换模块,交换模块和控制模块通过接口进行信息交互。交换机与网络管理中心之间可以通过管理接口进行通信,网络管理中心可主动向控制器部件发送虚拟机的每个网口对应的虚拟MAC地址,以及针对虚拟机的控制策略。In order to realize the technical solution of the present invention, the switch includes a control module and a switch module, and the switch module and the control module perform information exchange through an interface. The switch and the network management center can communicate through the management interface, and the network management center can actively send the virtual MAC address corresponding to each network port of the virtual machine and the control strategy for the virtual machine to the controller component.

其中,交换机从网络管理中心获取的第一控制策略为针对虚拟机的控制策略,该控制策略包可以包括以下控制策略中的至少一种:访问控制策略,资源预留策略,流量优先级策略,最大流量延时策略,最大流量丢包率策略,最大流量抖动策略。Wherein, the first control strategy acquired by the switch from the network management center is a control strategy for virtual machines, and the control strategy package may include at least one of the following control strategies: access control strategy, resource reservation strategy, traffic priority strategy, Maximum traffic delay policy, maximum traffic packet loss rate policy, maximum traffic jitter policy.

例如,针对虚拟机的访问控制策略可以定义为拒绝转发发送至某台虚拟机的数据包。For example, an access control policy for a virtual machine can be defined to deny forwarding of packets destined for a particular virtual machine.

当然,用户可以通过网络管理中心更新虚拟机的控制策略,此时网络管理中心可以向交换机发送该更新后的控制策略;而虚拟机发生迁移后,虚拟机的MAC地址也会对应发生变化,网络管理中心获取到该迁移信息后,也可主动将更新后的更新MAC地址发送给交换机。Of course, the user can update the control policy of the virtual machine through the network management center. At this time, the network management center can send the updated control policy to the switch; after the virtual machine is migrated, the MAC address of the virtual machine will also change accordingly, and the network After obtaining the migration information, the management center may also actively send the updated updated MAC address to the switch.

步骤202,根据所述第一控制策略中的虚拟机标识,获取所述虚拟机的MAC地址。Step 202: Obtain the MAC address of the virtual machine according to the virtual machine identifier in the first control policy.

网络管理中心将虚拟机的虚拟机标识和该虚拟机标识对应的MAC地址发送给交换机后,交换机可在本地数据库中保存该虚拟机标识和虚拟机MAC地址。After the network management center sends the virtual machine ID of the virtual machine and the MAC address corresponding to the virtual machine ID to the switch, the switch can save the virtual machine ID and the virtual machine MAC address in a local database.

其中,一个虚拟机可以有一个或者多个网口,每个网口对应一个虚拟MAC地址,因此一台虚拟机可以有一个或者多个虚拟MAC地址,交换机可以从网络管理中心获取该一个或多个MAC地址。Among them, a virtual machine can have one or more network ports, and each network port corresponds to a virtual MAC address, so a virtual machine can have one or more virtual MAC addresses, and the switch can obtain the one or more virtual MAC addresses from the network management center. MAC address.

当网络管理中心接收到虚拟机的第一控制策略后,交换机从第一控制策略中提取到虚拟机的虚拟机标识后,可以根据该虚拟机标识,在本地数据库中查询对应的MAC地址。After the network management center receives the first control policy of the virtual machine, the switch extracts the virtual machine ID of the virtual machine from the first control policy, and can query the corresponding MAC address in the local database according to the virtual machine ID.

步骤203,使用所述虚拟机的MAC地址替换所述第一控制策略中的所述虚拟机标识,得到第二控制策略。Step 203, using the MAC address of the virtual machine to replace the virtual machine identifier in the first control policy to obtain a second control policy.

如果虚拟机只有一个网口,即只有一个MAC地址,则将针对虚拟机的第一控制策略中的虚拟机标识直接替换为该MAC地址,即可得到针对该MAC地址的第二控制策略。如果虚拟机有多个网口,即多个MAC地址MAC1、MAC2、MAC3......MACn,则将第一控制策略中的虚拟机标识替换为MAC1后,即可得到针对MAC1地址的第二控制策略;将第一控制策略中的虚拟机标识替换为MAC2后,即可得到针对MAC2地址的第二控制策略;使用n个MAC地址中的每个MAC地址替换第一控制策略中的虚拟机标识后,即可得到n条第二控制策略。If the virtual machine has only one network port, that is, only one MAC address, the virtual machine identifier in the first control strategy for the virtual machine is directly replaced with the MAC address, and the second control strategy for the MAC address can be obtained. If the virtual machine has multiple network ports, that is, multiple MAC addresses MAC1, MAC2, MAC3...MACn, after replacing the virtual machine ID in the first control strategy with MAC1, you can get the MAC1 address The second control strategy; after the virtual machine identifier in the first control strategy is replaced by MAC2, the second control strategy for the MAC2 address can be obtained; each MAC address in the n MAC addresses is used to replace the first control strategy After the virtual machine is identified, n second control strategies can be obtained.

例如,虚拟机1只有一网口,即只有一个MAC地址MAC1,如果第一控制策略为拒绝转发所有发送至虚拟机1的数据包,则第二控制策略为拒绝转发所有发送至MAC1的数据包。如果虚拟机有多个网口,即有多个MAC地址MAC1、MAC2、MAC3......MACn,则如果第一控制策略为拒绝转发所有发送至虚拟机1的数据包则第二控制策略为拒绝转发所有发送至MAC1、MAC2、MAC3......MACn的数据包。For example, virtual machine 1 has only one network port, that is, only one MAC address MAC1, if the first control policy is to refuse to forward all data packets sent to virtual machine 1, then the second control policy is to refuse to forward all data packets sent to MAC1 . If the virtual machine has multiple network ports, that is, there are multiple MAC addresses MAC1, MAC2, MAC3...MACn, then if the first control strategy is to refuse to forward all data packets sent to virtual machine 1, the second control The policy is to refuse to forward all data packets sent to MAC1, MAC2, MAC3...MACn.

当交换机中的控制模块将针对虚拟机的第一控制策略转换为针对MAC地址的第二控制策略后,即可将该第二控制策略发送至交换模块,用以交换模块根据该第二控制策略对源自或发送至该MAC地址的数据包进行处理。After the control module in the switch converts the first control strategy for the virtual machine into the second control strategy for the MAC address, the second control strategy can be sent to the switch module, so that the switch module can Process packets originating from or destined for this MAC address.

具体地,交换模块接收到以所述MAC地址为目的地址或源地址的数据包时,即可根据数据包的源MAC地址或者目的MAC地址在本地查询对应的第二控制策略,从而对该数据包进行相应的处理。Specifically, when the switch module receives a data packet with the MAC address as the destination address or source address, it can locally query the corresponding second control strategy according to the source MAC address or the destination MAC address of the data packet, so as to The package is processed accordingly.

当然,如果交换模块在接收到以所述MAC地址为目的地址或源地址的数据包后,在本地查询确定本地没有配置有对应第二控制策略,则控制模块可将该第二控制策略下发至交换机部件。如果控制模块内没有对应的第二控制策略,则可从网络管理中心获取该第二控制策略对应的针对虚拟机的第一控制策略以及对应的虚拟机MAC地址,并将该第一控制策略转化为第二控制策略后下发至交换模块。Of course, if the switch module receives the data packet with the MAC address as the destination address or source address, and determines locally that there is no corresponding second control strategy configured locally, the control module can issue the second control strategy. to the switch assembly. If there is no corresponding second control strategy in the control module, the first control strategy for the virtual machine corresponding to the second control strategy and the corresponding virtual machine MAC address can be obtained from the network management center, and the first control strategy can be converted After the second control policy is issued to the switch module.

在本发明实施例的一种可选的实现方式中,在得到第二控制策略后,还包括:接收针对所述虚拟机的地址变更消息,所述地址变更消息携带更新MAC地址;使用所述更新MAC地址替换所述第二控制策略中的所述MAC地址,得到第三控制策略。具体地,虚拟机发生迁移后,虚拟机的MAC地址也会对应发生变化,网络管理中心获取到该迁移信息后,也可主动通过地址变更消息将更新后的MAC地址发送至交换机,交换机可使用更新后的MAC地址来替换所保存的第二控制策略中的MAC地址,以得到第三控制策略。其中,如果更新后的MAC地址有m个,则使用m个MAC地址中的每个MAC地址替换第二控制策略中的原有的MAC地址,即可得到m条第三控制策略。In an optional implementation manner of the embodiment of the present invention, after obtaining the second control strategy, it further includes: receiving an address change message for the virtual machine, where the address change message carries an updated MAC address; using the Updating the MAC address to replace the MAC address in the second control strategy to obtain a third control strategy. Specifically, after the virtual machine is migrated, the MAC address of the virtual machine will also change accordingly. After the network management center obtains the migration information, it can also actively send the updated MAC address to the switch through an address change message, and the switch can use The updated MAC address is used to replace the saved MAC address in the second control strategy to obtain the third control strategy. Wherein, if there are m updated MAC addresses, each of the m MAC addresses is used to replace the original MAC address in the second control strategy to obtain m third control strategies.

可选的,在得到更新后的MAC地址后,也可以根据MAC地址对应的虚拟机标识从网络管理中心获取针对虚拟机的第一控制策略,并使用m个MAC地址中的每个MAC地址替换第一控制策略中的虚拟机标识,即可得到m条第二控制策略。Optionally, after the updated MAC address is obtained, the first control strategy for the virtual machine can also be obtained from the network management center according to the virtual machine identifier corresponding to the MAC address, and each of the m MAC addresses is used to replace The virtual machine identifier in the first control strategy can obtain m pieces of second control strategies.

这里需要说明的是,由于针对原有的MAC地址的第二控制策略也是从针对对应的虚拟机标识的第一控制策略转化而来,因此,在虚拟机的MAC地址发生更改后,便可将针对原有的MAC地址的第二控制策略删除,一方面可以节省空间,另一方面可防止在其他虚拟机的MAC地址变为该原有的MAC地址后,对相应的其他虚拟机产生错误的策略控制。What needs to be explained here is that since the second control strategy for the original MAC address is also transformed from the first control strategy for the corresponding virtual machine identifier, after the MAC address of the virtual machine is changed, the The deletion of the second control strategy for the original MAC address can save space on the one hand, and on the other hand can prevent the corresponding other virtual machines from generating wrong messages after the MAC addresses of other virtual machines change to the original MAC addresses. policy control.

相应地,在得到第二控制策略之后,还包括:接收针对所述虚拟机的第一更新控制策略,所述第一更新控制策略中包括所述虚拟机的所述虚拟机标识;获取所述虚拟机标识对应的所述MAC地址,使用所述MAC地址替换所述第一更新控制策略中的所述虚拟机标识,得到第二更新控制策略;使用所述第二更新控制策略替换所述第二控制策略。具体地,如果用户通过网络管理中心更新了针对虚拟机的控制策略,网络管理中心可以向交换机发送该更新后的控制策略,交换机接收到该更新后的控制策略后,可以将该更新后的控制策略转换为针对对应的MAC地址的控制策略,并使用该更新后的针对MAC地址的控制策略替换之前保存的第二控制策略,实现了动态控制策略的配置。Correspondingly, after obtaining the second control policy, it also includes: receiving a first updated control policy for the virtual machine, the first updated control policy including the virtual machine identifier of the virtual machine; acquiring the The MAC address corresponding to the virtual machine identifier, using the MAC address to replace the virtual machine identifier in the first update control strategy to obtain a second update control strategy; using the second update control strategy to replace the first update control strategy 2. Control strategy. Specifically, if the user updates the control policy for the virtual machine through the network management center, the network management center can send the updated control policy to the switch, and the switch can use the updated control policy after receiving the updated control policy The policy is converted into a control policy for the corresponding MAC address, and the updated control policy for the MAC address is used to replace the previously saved second control policy, thereby implementing dynamic control policy configuration.

本发明实施例中,交换机从网络管理中心获取针对虚拟机的第一控制策略;根据所述第一控制策略中的虚拟机标识,获取所述虚拟机的MAC地址;使用所述虚拟机的MAC地址替换所述第一控制策略中的所述虚拟机标识,得到第二控制策略。由此,本发明实施例实现了MAC地址级别的控制策略的配置和管理,而且解决了现有技术中利用VN-tag技术进行虚拟机控制策略配置的方法对设备要求高,成本大的问题,节省了大量的经济成本,使得虚拟机级别的策略控制更加容易实现。In the embodiment of the present invention, the switch obtains the first control strategy for the virtual machine from the network management center; obtains the MAC address of the virtual machine according to the virtual machine identifier in the first control strategy; uses the MAC address of the virtual machine The address replaces the virtual machine identifier in the first control policy to obtain a second control policy. Thus, the embodiment of the present invention realizes the configuration and management of the control policy at the MAC address level, and solves the problem of high equipment requirements and high cost in the method of using the VN-tag technology to configure the virtual machine control policy in the prior art. It saves a lot of economic costs and makes it easier to implement policy control at the virtual machine level.

需要说明的是,如果虚拟机所处的物理主机的的网络接口适配模块(物理网卡)支持混合模式(Promiscuous Mode),则需要将物理网卡的工作状态设置为该混合模式。在混合模式下,物理网卡不会对发送出去的数据包进行源MAC地址的修改,从而可以保证虚拟机的虚拟网口发送的数据包的源MAC地址不会被改变;并且在接收到发送给该网卡的数据包时,不会对目标MAC地址进行过滤操作。如果交换机的物理网卡不支持混合模式,则需要对物理网卡进行功能升级,使得物理网卡在转发来自虚拟机的数据包的时候,不修改源MAC地址,在接收到发送给该网卡的数据包时,不会对目标MAC地址进行过滤操作。It should be noted that if the network interface adaptation module (physical network card) of the physical host where the virtual machine is located supports the promiscuous mode (Promiscuous Mode), the working state of the physical network card needs to be set to the promiscuous mode. In mixed mode, the physical network card will not modify the source MAC address of the data packets sent out, so as to ensure that the source MAC address of the data packets sent by the virtual network port of the virtual machine will not be changed; The destination MAC address will not be filtered for the data packets of this network card. If the physical network card of the switch does not support hybrid mode, the function of the physical network card needs to be upgraded so that the physical network card does not modify the source MAC address when it forwards the data packets from the virtual machine. , the target MAC address will not be filtered.

相应地,本发明实施例还提供了一种交换机,该交换机可以为OpenFlow交换机。图3为本发明实施例提供的一种交换机示意图,如图3所示,交换机包括控制模块310,所述控制模块310包括接收子模块311、获取子模块312、转化子模块313;交换机还包括交换模块320。其中,交换模块320和控制模块310可以通过接口进行连接。例如对于OpenFlow交换机,控制模块310和交换模块320可以通过OpenFlow接口相连接。其中,Correspondingly, an embodiment of the present invention also provides a switch, which may be an OpenFlow switch. FIG. 3 is a schematic diagram of a switch provided by an embodiment of the present invention. As shown in FIG. 3 , the switch includes a control module 310, and the control module 310 includes a receiving submodule 311, an obtaining submodule 312, and a converting submodule 313; the switch also includes Switch module 320. Wherein, the switching module 320 and the control module 310 may be connected through an interface. For example, for an OpenFlow switch, the control module 310 and the switching module 320 may be connected through an OpenFlow interface. in,

接收子模块311,用于接收针对虚拟机的第一控制策略。The receiving submodule 311 is configured to receive the first control strategy for the virtual machine.

接收子模块312还用于,接收所述虚拟机标识,以及所述虚拟机标识对应的N个MAC地址,其中,N大于或者等于1。The receiving submodule 312 is further configured to receive the virtual machine ID and N MAC addresses corresponding to the virtual machine ID, where N is greater than or equal to 1.

其中,交换机从网络管理中心获取的第一控制策略为针对虚拟机的控制策略,该控制策略包可以包括以下控制策略中的至少一种:访问控制策略,资源预留策略,流量优先级策略,最大流量延时策略,最大流量丢包率策略,最大流量抖动策略。Wherein, the first control strategy acquired by the switch from the network management center is a control strategy for virtual machines, and the control strategy package may include at least one of the following control strategies: access control strategy, resource reservation strategy, traffic priority strategy, Maximum traffic delay policy, maximum traffic packet loss rate policy, maximum traffic jitter policy.

例如,针对虚拟机的访问控制策略可以定义为拒绝转发发送至某台虚拟机的数据包。For example, an access control policy for a virtual machine can be defined to deny forwarding of packets destined for a particular virtual machine.

获取子模块312,用于根据所述第一控制策略中的虚拟机标识,获取所述虚拟机的MAC地址。The acquiring submodule 312 is configured to acquire the MAC address of the virtual machine according to the virtual machine identifier in the first control policy.

网络管理中心将虚拟机的虚拟机标识和该虚拟机标识对应的MAC地址发送给交换机后,交换机可在本地数据库中保存该虚拟机标识和虚拟机MAC地址。After the network management center sends the virtual machine ID of the virtual machine and the MAC address corresponding to the virtual machine ID to the switch, the switch can save the virtual machine ID and the virtual machine MAC address in a local database.

其中,一个虚拟机可以有一个或者多个网口,每个网口对应一个虚拟MAC地址,因此一台虚拟机可以有一个或者多个虚拟MAC地址,交换机可以从网络管理中心获取该一个或多个MAC地址。Among them, a virtual machine can have one or more network ports, and each network port corresponds to a virtual MAC address, so a virtual machine can have one or more virtual MAC addresses, and the switch can obtain the one or more virtual MAC addresses from the network management center. MAC address.

当网络管理中心接收到虚拟机的第一控制策略后,交换机从第一控制策略中提取到虚拟机的虚拟机标识后,可以根据该虚拟机标识,在本地数据库中查询对应的MAC地址。After the network management center receives the first control policy of the virtual machine, the switch extracts the virtual machine ID of the virtual machine from the first control policy, and can query the corresponding MAC address in the local database according to the virtual machine ID.

转化子模块313,用于使用所述虚拟机的MAC地址替换所述第一控制策略中的所述虚拟机标识,得到第二控制策略。The conversion submodule 313 is configured to use the MAC address of the virtual machine to replace the virtual machine identifier in the first control policy to obtain a second control policy.

转化子模块313具体用于,使用所述N个MAC地址逐一替换所述第一控制策略中的所述虚拟机标识,得到N条第二控制策略,所述N条第二控制策略分别与所述N个MAC地址一一对应。The conversion submodule 313 is specifically configured to replace the virtual machine identifiers in the first control strategy with the N MAC addresses one by one to obtain N second control strategies, and the N second control strategies are respectively related to the The N MAC addresses are in one-to-one correspondence.

如果虚拟机只有一个网口,即只有一个MAC地址,则将针对虚拟机的第一控制策略中的虚拟机标识直接替换为该MAC地址,即可得到针对该MAC地址的第二控制策略。如果虚拟机有多个网口,即多个MAC地址MAC1、MAC2、MAC3......MACn,则将第一控制策略中的虚拟机标识替换为MAC1后,即可得到针对MAC1地址的第二控制策略;将第一控制策略中的虚拟机标识替换为MAC2后,即可得到针对MAC2地址的第二控制策略;使用n个MAC地址中的每个MAC地址替换第一控制策略中的虚拟机标识后,即可得到n条第二控制策略。If the virtual machine has only one network port, that is, only one MAC address, the virtual machine identifier in the first control strategy for the virtual machine is directly replaced with the MAC address, and the second control strategy for the MAC address can be obtained. If the virtual machine has multiple network ports, that is, multiple MAC addresses MAC1, MAC2, MAC3...MACn, after replacing the virtual machine ID in the first control strategy with MAC1, you can get the MAC1 address The second control strategy; after the virtual machine identifier in the first control strategy is replaced by MAC2, the second control strategy for the MAC2 address can be obtained; each MAC address in the n MAC addresses is used to replace the first control strategy After the virtual machine is identified, n second control strategies can be obtained.

当交换机中的控制模块310将针对虚拟机的第一控制策略转换为针对MAC地址的第二控制策略后,即可将该第二控制策略发送至交换模块,用以交换模块320根据该第二控制策略对源自或发送至该MAC地址的数据包进行处理。After the control module 310 in the switch converts the first control strategy for the virtual machine into the second control strategy for the MAC address, the second control strategy can be sent to the switch module for the switch module 320 to The control policy acts on packets originating from or destined for that MAC address.

交换模块320用于从所述控制模块接收所述第二控制策略,并且根据所述第二控制策略,对接收到的并且以所述MAC地址为目的地址或源地址的数据包进行转发或拒绝转发处理。The switching module 320 is configured to receive the second control strategy from the control module, and forward or reject the received data packet with the MAC address as the destination address or the source address according to the second control strategy Forward processing.

当然,如果交换模块320在接收到以所述MAC地址为目的地址或源地址的数据包后,在本地查询确定本地没有配置有对应第二控制策略,则控制模块310可将该第二控制策略下发至交换模块320。如果控制模块310内没有对应的第二控制策略,则可从网络管理中心获取该第二控制策略对应的针对虚拟机的第一控制策略以及对应的虚拟机MAC地址,并将该第一控制策略转化为第二控制策略后下发至交换模块320。Of course, if the switch module 320 receives the data packet with the MAC address as the destination address or source address, and determines locally that there is no corresponding second control strategy configured locally, the control module 310 can set the second control strategy Send it to the switching module 320. If there is no corresponding second control strategy in the control module 310, the first control strategy for the virtual machine corresponding to the second control strategy and the corresponding virtual machine MAC address can be obtained from the network management center, and the first control strategy After being transformed into the second control strategy, it is sent to the switching module 320 .

优选地,在虚拟机的地址发生变更时,接收子模块311还用于,接收针对所述虚拟机的地址变更消息,所述地址变更消息携带更新MAC地址;转化子模块313还用于,使用所述更新MAC地址替换所述第二控制策略中的所述MAC地址,得到第三控制策略。具体地,虚拟机发生迁移后,虚拟机的MAC地址也会对应发生变化,网络管理中心获取到该迁移信息后,也可主动通过地址变更消息将更新后的MAC地址发送至交换机,交换机可使用更新后的MAC地址来替换所保存的第二控制策略中的MAC地址,以得到第三控制策略。其中,如果更新后的MAC地址有m个,则使用m个MAC地址中的每个MAC地址替换第二控制策略中的原有的MAC地址,即可得到m条第三控制策略。Preferably, when the address of the virtual machine is changed, the receiving submodule 311 is also used to receive an address change message for the virtual machine, and the address change message carries an updated MAC address; the conversion submodule 313 is also used to use The updated MAC address replaces the MAC address in the second control strategy to obtain a third control strategy. Specifically, after the virtual machine is migrated, the MAC address of the virtual machine will also change accordingly. After the network management center obtains the migration information, it can also actively send the updated MAC address to the switch through an address change message, and the switch can use The updated MAC address is used to replace the saved MAC address in the second control strategy to obtain the third control strategy. Wherein, if there are m updated MAC addresses, each of the m MAC addresses is used to replace the original MAC address in the second control strategy to obtain m third control strategies.

可选的,在得到更新后的MAC地址后,也可以根据MAC地址对应的虚拟机标识从网络管理中心获取针对虚拟机的第一控制策略,并使用m个MAC地址中的每个MAC地址替换第一控制策略中的虚拟机标识,即可得到m条第二控制策略。Optionally, after the updated MAC address is obtained, the first control strategy for the virtual machine can also be obtained from the network management center according to the virtual machine identifier corresponding to the MAC address, and each of the m MAC addresses is used to replace The virtual machine identifier in the first control strategy can obtain m pieces of second control strategies.

这里需要说明的是,由于针对原有的MAC地址的第二控制策略也是从针对对应的虚拟机标识的第一控制策略转化而来,因此,在虚拟机的MAC地址发生更改后,便可将针对原有的MAC地址的第二控制策略删除,一方面可以节省空间,另一方面可防止在其他虚拟机的MAC地址变为该原有的MAC地址后,对相应的其他虚拟机产生错误的策略控制。What needs to be explained here is that since the second control strategy for the original MAC address is also transformed from the first control strategy for the corresponding virtual machine identifier, after the MAC address of the virtual machine is changed, the The deletion of the second control strategy for the original MAC address can save space on the one hand, and on the other hand can prevent the corresponding other virtual machines from generating wrong messages after the MAC addresses of other virtual machines change to the original MAC addresses. policy control.

优选地,交换机还包括替换子模块314,在针对虚拟机的控制策略发生变更后,接收子模块311,还用于接收针对所述虚拟机的第一更新控制策略,所述第一更新控制策略中包括所述虚拟机的所述虚拟机标识;转化子模块313,还用于获取所述虚拟机标识对应的所述MAC地址,使用所述MAC地址替换所述第一更新控制策略中的所述虚拟机标识,得到第二更新控制策略;替换子模块314,用于使用所述第二更新控制策略替换所述第二控制策略。具体地,如果用户通过网络管理中心更新了针对虚拟机的控制策略,网络管理中心可以向交换机发送该更新后的控制策略,交换机接收到该更新后的控制策略后,可以将该更新后的控制策略转换为针对对应的MAC地址的控制策略,并使用该更新后的针对MAC地址的控制策略替换之前保存的第二控制策略,实现了动态控制策略的配置。Preferably, the switch further includes a replacement sub-module 314, after the control policy for the virtual machine is changed, the receiving sub-module 311 is also used for receiving the first update control policy for the virtual machine, the first update control policy The virtual machine identifier of the virtual machine is included in the virtual machine; the conversion submodule 313 is further configured to obtain the MAC address corresponding to the virtual machine identifier, and use the MAC address to replace all the The virtual machine identifier is used to obtain a second update control policy; the replacement submodule 314 is configured to use the second update control policy to replace the second control policy. Specifically, if the user updates the control policy for the virtual machine through the network management center, the network management center can send the updated control policy to the switch, and the switch can use the updated control policy after receiving the updated control policy The policy is converted into a control policy for the corresponding MAC address, and the updated control policy for the MAC address is used to replace the previously saved second control policy, thereby implementing dynamic control policy configuration.

由此,本发明实施例实现了MAC地址级别的控制策略的配置和管理,而且解决了现有技术中利用VN-tag技术进行虚拟机控制策略配置的方法对设备要求高,成本大的问题,节省了大量的经济成本,使得虚拟机级别的策略控制更加容易实现。Thus, the embodiment of the present invention realizes the configuration and management of the control policy at the MAC address level, and solves the problem of high equipment requirements and high cost in the method of using the VN-tag technology to configure the virtual machine control policy in the prior art. It saves a lot of economic costs and makes it easier to implement policy control at the virtual machine level.

相应地,本发明实施例还提供了一种交换机,图4为本发明实施例提供的另一交换机示意图。如图4所示,本实施例提供的交换机包括网络接口401、处理器402和存储器403。系统总线404用于连接网络接口401、处理器402和存储器403。Correspondingly, the embodiment of the present invention also provides a switch, and FIG. 4 is a schematic diagram of another switch provided by the embodiment of the present invention. As shown in FIG. 4 , the switch provided in this embodiment includes a network interface 401 , a processor 402 and a memory 403 . The system bus 404 is used to connect the network interface 401 , the processor 402 and the memory 403 .

网络接口401可分别用于与网络管理中心和虚拟机所在的物理主机通信。The network interface 401 can be used to communicate with the network management center and the physical host where the virtual machine is located respectively.

存储器403可以是永久存储器,例如硬盘驱动器和闪存,存储器403中具有软件模块和设备驱动程序,还还可以保存有用来存储控制策略的数据库。软件模块能够执行本发明上述方法的各种功能模块;设备驱动程序可以是网络和接口驱动程序。The memory 403 can be a permanent memory, such as a hard disk drive and a flash memory, and the memory 403 has software modules and device drivers, and can also store a database for storing control strategies. The software modules can execute various functional modules of the above method of the present invention; the device driver can be a network and interface driver.

在启动时,这些软件组件被加载到存储器403中,然后被处理器402访问并执行如下指令:At startup, these software components are loaded into memory 403, then accessed by processor 402 and execute the following instructions:

接收针对虚拟机的第一控制策略;receiving a first control policy for the virtual machine;

根据所述第一控制策略中的虚拟机标识,获取所述虚拟机的MAC地址;Obtain the MAC address of the virtual machine according to the virtual machine identifier in the first control policy;

使用所述虚拟机的MAC地址替换所述第一控制策略中的所述虚拟机标识,得到第二控制策略。Using the MAC address of the virtual machine to replace the virtual machine identifier in the first control policy to obtain a second control policy.

其中,第一控制策略包括以下控制策略中的至少一种:访问控制策略,资源预留策略,流量优先级策略,最大流量延时策略,最大流量丢包率策略,最大流量抖动策略。Wherein, the first control policy includes at least one of the following control policies: access control policy, resource reservation policy, traffic priority policy, maximum traffic delay policy, maximum traffic packet loss rate policy, and maximum traffic jitter policy.

网络管理中心将虚拟机的虚拟机标识和该虚拟机标识对应的MAC地址发送给交换机后,交换机可在本地数据库中保存该虚拟机标识和虚拟机MAC地址。After the network management center sends the virtual machine ID of the virtual machine and the MAC address corresponding to the virtual machine ID to the switch, the switch can save the virtual machine ID and the virtual machine MAC address in a local database.

其中,一个虚拟机可以有一个或者多个网口,每个网口对应一个虚拟MAC地址,因此一台虚拟机可以有一个或者多个虚拟MAC地址,交换机可以从网络管理中心获取该一个或多个MAC地址。Among them, a virtual machine can have one or more network ports, and each network port corresponds to a virtual MAC address, so a virtual machine can have one or more virtual MAC addresses, and the switch can obtain the one or more virtual MAC addresses from the network management center. MAC address.

当网络管理中心接收到虚拟机的第一控制策略后,交换机从第一控制策略中提取到虚拟机的虚拟机标识后,可以根据该虚拟机标识,在本地数据库中查询对应的MAC地址。After the network management center receives the first control policy of the virtual machine, the switch extracts the virtual machine ID of the virtual machine from the first control policy, and can query the corresponding MAC address in the local database according to the virtual machine ID.

进一步的,在得到第二控制策略后,所述处理器402访问存储器403的软件组件后,执行以下过程的指令:Further, after obtaining the second control strategy, the processor 402 accesses the software components of the memory 403, and executes the instructions of the following process:

接收针对所述虚拟机的地址变更消息,所述地址变更消息携带更新MAC地址;receiving an address change message for the virtual machine, where the address change message carries an updated MAC address;

使用所述更新MAC地址替换所述第二控制策略中的所述MAC地址,得到第三控制策略。Using the updated MAC address to replace the MAC address in the second control strategy to obtain a third control strategy.

具体地,虚拟机发生迁移后,虚拟机的MAC地址也会对应发生变化,网络管理中心获取到该迁移信息后,也可主动通过地址变更消息将更新后的MAC地址发送至交换机,交换机可使用更新后的MAC地址来替换所保存的第二控制策略中的MAC地址,以得到第三控制策略。其中,如果更新后的MAC地址有m个,则使用m个MAC地址中的每个MAC地址替换第二控制策略中的原有的MAC地址,即可得到m条第三控制策略。Specifically, after the virtual machine is migrated, the MAC address of the virtual machine will also change accordingly. After the network management center obtains the migration information, it can also actively send the updated MAC address to the switch through an address change message, and the switch can use The updated MAC address is used to replace the saved MAC address in the second control strategy to obtain the third control strategy. Wherein, if there are m updated MAC addresses, each of the m MAC addresses is used to replace the original MAC address in the second control strategy to obtain m third control strategies.

可选的,在得到更新后的MAC地址后,也可以根据MAC地址对应的虚拟机标识从网络管理中心获取针对虚拟机的第一控制策略,并使用m个MAC地址中的每个MAC地址替换第一控制策略中的虚拟机标识,即可得到m条第二控制策略。Optionally, after the updated MAC address is obtained, the first control strategy for the virtual machine can also be obtained from the network management center according to the virtual machine identifier corresponding to the MAC address, and each of the m MAC addresses is used to replace The virtual machine identifier in the first control strategy can obtain m pieces of second control strategies.

这里需要说明的是,由于针对原有的MAC地址的第二控制策略也是从针对对应的虚拟机标识的第一控制策略转化而来,因此,在虚拟机的MAC地址发生更改后,便可将针对原有的MAC地址的第二控制策略删除,一方面可以节省空间,另一方面可防止在其他虚拟机的MAC地址变为该原有的MAC地址后,对相应的其他虚拟机产生错误的策略控制。What needs to be explained here is that since the second control strategy for the original MAC address is also transformed from the first control strategy for the corresponding virtual machine identifier, after the MAC address of the virtual machine is changed, the The deletion of the second control strategy for the original MAC address can save space on the one hand, and on the other hand can prevent the corresponding other virtual machines from generating wrong messages after the MAC addresses of other virtual machines change to the original MAC addresses. policy control.

进一步的,在得到第二控制策略后,所述处理器402访问存储器403的软件组件后,执行以下过程的指令:Further, after obtaining the second control strategy, the processor 402 accesses the software components of the memory 403, and executes the instructions of the following process:

接收针对所述虚拟机的第一更新控制策略,所述第一更新控制策略中包括所述虚拟机的所述虚拟机标识;Receive a first update control policy for the virtual machine, where the first update control policy includes the virtual machine identifier of the virtual machine;

获取所述虚拟机标识对应的所述MAC地址,使用所述MAC地址替换所述第一更新控制策略中的所述虚拟机标识,得到第二更新控制策略;Obtain the MAC address corresponding to the virtual machine identifier, and use the MAC address to replace the virtual machine identifier in the first update control strategy to obtain a second update control strategy;

使用所述第二更新控制策略替换所述第二控制策略。The second control strategy is replaced with the second update control strategy.

具体地,如果用户通过网络管理中心更新了针对虚拟机的控制策略,网络管理中心可以向交换机发送该更新后的控制策略,交换机接收到该更新后的控制策略后,可以将该更新后的控制策略转换为针对对应的MAC地址的控制策略,并使用该更新后的针对MAC地址的控制策略替换之前保存的第二控制策略,实现了动态控制策略的配置。Specifically, if the user updates the control policy for the virtual machine through the network management center, the network management center can send the updated control policy to the switch, and the switch can use the updated control policy after receiving the updated control policy The policy is converted into a control policy for the corresponding MAC address, and the updated control policy for the MAC address is used to replace the previously saved second control policy, thereby implementing dynamic control policy configuration.

进一步的,在所述根据所述第一控制策略中的虚拟机标识,查询所述虚拟机的MAC地址之前,所述处理器402访问存储器403的软件组件后,执行以下过程的指令:接收所述虚拟机标识,以及所述虚拟机标识对应的N个MAC地址,其中,N大于或者等于1。Further, before the MAC address of the virtual machine is queried according to the virtual machine identifier in the first control policy, after the processor 402 accesses the software components of the memory 403, the following process is executed: receiving the The virtual machine identifier, and N MAC addresses corresponding to the virtual machine identifier, where N is greater than or equal to 1.

其中,处理器402执行使用所述虚拟机的MAC地址替换所述第一控制策略中的所述虚拟机标识,得到第二控制策略的过程具体为:使用所述N个MAC地址逐一替换所述第一控制策略中的所述虚拟机标识,得到N条第二控制策略,所述N条第二控制策略分别与所述N个MAC地址一一对应。Wherein, the processor 402 executes using the MAC address of the virtual machine to replace the virtual machine identifier in the first control policy, and the process of obtaining the second control policy is specifically: using the N MAC addresses one by one to replace the The virtual machine identifier in the first control policy obtains N second control policies, and the N second control policies correspond to the N MAC addresses respectively.

进一步的,在交换机通过网络接口401接收到数据包后,处理器402访问存储器403的软件组件后,执行以下过程的指令:根据所述第二控制策略,对接收到的并且以所述MAC地址为目的地址或源地址的数据包进行处理。具体地,接收以所述MAC地址为目的地址或源地址的数据包;根据所述第二控制策略,转发所述数据包或拒绝转发所述数据包。Further, after the switch receives the data packet through the network interface 401, the processor 402 accesses the software components of the memory 403, and executes the instructions of the following process: Process packets for destination or source addresses. Specifically, receiving a data packet with the MAC address as a destination address or a source address; forwarding the data packet or refusing to forward the data packet according to the second control strategy.

由此,本发明实施例实现了MAC地址级别的控制策略的配置和管理,而且解决了现有技术中利用VN-tag技术进行虚拟机控制策略配置的方法对设备要求高,成本大的问题,节省了大量的经济成本,使得虚拟机级别的策略控制更加容易实现。Thus, the embodiment of the present invention realizes the configuration and management of the control policy at the MAC address level, and solves the problem of high equipment requirements and high cost in the method of using the VN-tag technology to configure the virtual machine control policy in the prior art. It saves a lot of economic costs and makes it easier to implement policy control at the virtual machine level.

专业人员应该还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Professionals should further realize that the units and algorithm steps described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software, or a combination of the two. In order to clearly illustrate the relationship between hardware and software Interchangeability. In the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.

结合本文中所公开的实施例描述的方法或算法的步骤可以用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of the methods or algorithms described in connection with the embodiments disclosed herein may be implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.

以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已,并不用于限定本发明的保护范围,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The specific embodiments described above have further described the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention and are not intended to limit the scope of the present invention. Protection scope, within the spirit and principles of the present invention, any modification, equivalent replacement, improvement, etc., shall be included in the protection scope of the present invention.

Claims (15)

1.一种虚拟机控制策略的配置方法,其特征在于,所述方法包括:1. A method for configuring a virtual machine control strategy, characterized in that the method comprises: 接收针对虚拟机的第一控制策略;receiving a first control policy for the virtual machine; 根据所述第一控制策略中的虚拟机标识,获取所述虚拟机的MAC地址;Obtain the MAC address of the virtual machine according to the virtual machine identifier in the first control policy; 使用所述虚拟机的MAC地址替换所述第一控制策略中的所述虚拟机标识,得到第二控制策略。Using the MAC address of the virtual machine to replace the virtual machine identifier in the first control policy to obtain a second control policy. 2.根据权利要求1所述的虚拟机控制策略的配置方法,其特征在于,所述得到第二控制策略之后,还包括:2. The method for configuring a virtual machine control strategy according to claim 1, further comprising: after said obtaining the second control strategy: 接收针对所述虚拟机的地址变更消息,所述地址变更消息携带更新MAC地址;receiving an address change message for the virtual machine, where the address change message carries an updated MAC address; 使用所述更新MAC地址替换所述第二控制策略中的所述MAC地址,得到第三控制策略。Using the updated MAC address to replace the MAC address in the second control strategy to obtain a third control strategy. 3.根据权利要求1所述的虚拟机控制策略的配置方法,其特征在于,所述得到第二控制策略之后,还包括:3. The method for configuring a virtual machine control strategy according to claim 1, further comprising: after said obtaining the second control strategy: 接收针对所述虚拟机的第一更新控制策略,所述第一更新控制策略中包括所述虚拟机的所述虚拟机标识;Receive a first update control policy for the virtual machine, where the first update control policy includes the virtual machine identifier of the virtual machine; 获取所述虚拟机标识对应的所述MAC地址,使用所述MAC地址替换所述第一更新控制策略中的所述虚拟机标识,得到第二更新控制策略;Obtain the MAC address corresponding to the virtual machine identifier, and use the MAC address to replace the virtual machine identifier in the first update control strategy to obtain a second update control strategy; 使用所述第二更新控制策略替换所述第二控制策略。The second control strategy is replaced with the second update control strategy. 4.根据权利要求1所述的虚拟机控制策略的配置方法,其特征在于,所述根据所述第一控制策略中的虚拟机标识,获取所述虚拟机的MAC地址之前,还包括:接收所述虚拟机标识,以及所述虚拟机标识对应的N个MAC地址,其中,N大于或者等于1。4. The method for configuring a virtual machine control strategy according to claim 1, wherein, before obtaining the MAC address of the virtual machine according to the virtual machine identifier in the first control strategy, further comprising: receiving The virtual machine identifier and N MAC addresses corresponding to the virtual machine identifier, where N is greater than or equal to 1. 5.根据权利要求4所述的虚拟机控制策略的配置方法,其特征在于,所述使用所述虚拟机的MAC地址替换所述第一控制策略中的所述虚拟机标识,得到第二控制策略具体为:5. The method for configuring a virtual machine control policy according to claim 4, wherein the virtual machine identifier in the first control policy is replaced by the MAC address of the virtual machine to obtain a second control policy. The strategy is specifically: 使用所述N个MAC地址逐一替换所述第一控制策略中的所述虚拟机标识,得到N条第二控制策略,所述N条第二控制策略分别与所述N个MAC地址一一对应。Using the N MAC addresses to replace the virtual machine identifiers in the first control policy one by one to obtain N second control policies, the N second control policies corresponding to the N MAC addresses respectively. . 6.根据权利要求1所述的虚拟机控制策略的配置方法,其特征在于,所述得到第二控制策略之后,还包括:根据所述第二控制策略,对接收到的并且以所述MAC地址为目的地址或源地址的数据包进行处理。6. The method for configuring a virtual machine control policy according to claim 1, further comprising: after the second control policy is obtained, according to the second control policy, the received MAC The packets whose address is the destination address or the source address are processed. 7.根据权利要求6所述的虚拟机控制策略的配置方法,其特征在于,所述根据所述第二控制策略,对接收到的并且以所述MAC地址为目的地址或源地址的数据包进行处理具体包括:7. The method for configuring a virtual machine control policy according to claim 6, characterized in that, according to the second control policy, for the received data packet with the MAC address as the destination address or source address The processing specifically includes: 接收以所述MAC地址为目的地址或源地址的数据包;receiving a data packet with the MAC address as the destination address or source address; 根据所述第二控制策略,转发所述数据包或拒绝转发所述数据包。According to the second control strategy, forward the data packet or refuse to forward the data packet. 8.根据权利要求1-7任一项所述的虚拟机控制策略的配置方法,其特征在于,所述第一控制策略包括以下控制策略中的至少一种:访问控制策略,资源预留策略,流量优先级策略,最大流量延时策略,最大流量丢包率策略,最大流量抖动策略。8. The method for configuring a virtual machine control policy according to any one of claims 1-7, wherein the first control policy includes at least one of the following control policies: access control policy, resource reservation policy , traffic priority policy, maximum traffic delay policy, maximum traffic packet loss rate policy, maximum traffic jitter policy. 9.一种交换机,其特征在于,所述交换机包括控制模块,所述控制模块包括接收子模块、获取子模块、转化子模块;9. A switch, characterized in that the switch includes a control module, and the control module includes a receiving submodule, an obtaining submodule, and a converting submodule; 所述接收子模块,用于接收针对虚拟机的第一控制策略;The receiving submodule is configured to receive the first control strategy for the virtual machine; 所述获取子模块,用于根据所述第一控制策略中的虚拟机标识,获取所述虚拟机的MAC地址;The acquiring submodule is configured to acquire the MAC address of the virtual machine according to the virtual machine identifier in the first control policy; 所述转化子模块,用于使用所述虚拟机的MAC地址替换所述第一控制策略中的所述虚拟机标识,得到第二控制策略。The converting submodule is configured to use the MAC address of the virtual machine to replace the virtual machine identifier in the first control policy to obtain a second control policy. 10.根据权利要求9所述的交换机,其特征在于,所述接收子模块还用于,接收针对所述虚拟机的地址变更消息,所述地址变更消息携带更新MAC地址;10. The switch according to claim 9, wherein the receiving submodule is further configured to receive an address change message for the virtual machine, the address change message carrying an updated MAC address; 所述转化子模块还用于,使用所述更新MAC地址替换所述第二控制策略中的所述MAC地址,得到第三控制策略。The converting submodule is further configured to use the updated MAC address to replace the MAC address in the second control strategy to obtain a third control strategy. 11.根据权利要求9所述的交换机,其特征在于,所述交换机还包括替换子模块;11. The switch according to claim 9, further comprising a replacement submodule; 所述接收子模块,还用于接收针对所述虚拟机的第一更新控制策略,所述第一更新控制策略中包括所述虚拟机的所述虚拟机标识;The receiving submodule is further configured to receive a first update control policy for the virtual machine, where the first update control policy includes the virtual machine identifier of the virtual machine; 所述转化子模块,还用于获取所述虚拟机标识对应的所述MAC地址,使用所述MAC地址替换所述第一更新控制策略中的所述虚拟机标识,得到第二更新控制策略;The converting submodule is further configured to obtain the MAC address corresponding to the virtual machine identifier, and use the MAC address to replace the virtual machine identifier in the first update control strategy to obtain a second update control strategy; 所述替换子模块,用于使用所述第二更新控制策略替换所述第二控制策略。The replacement submodule is configured to use the second update control strategy to replace the second control strategy. 12.根据权利要求9所述的交换机,其特征在于,所述接收子模块还用于,接收所述虚拟机标识,以及所述虚拟机标识对应的N个MAC地址,其中,N大于或者等于1。12. The switch according to claim 9, wherein the receiving submodule is further configured to receive the virtual machine identifier and N MAC addresses corresponding to the virtual machine identifier, wherein N is greater than or equal to 1. 13.根据权利要求12所述的交换机,其特征在于,所述转化子模块具体用于,使用所述N个MAC地址逐一替换所述第一控制策略中的所述虚拟机标识,得到N条第二控制策略,所述N条第二控制策略分别与所述N个MAC地址一一对应。13. The switch according to claim 12, wherein the conversion sub-module is specifically configured to use the N MAC addresses to replace the virtual machine identifiers in the first control strategy one by one to obtain N The second control strategy, the N pieces of second control strategies are in one-to-one correspondence with the N MAC addresses respectively. 14.根据权利要求9所述的交换机,其特征在于,所述交换机还包括交换模块,所述交换模块与所述控制模块连接;14. The switch according to claim 9, wherein the switch further comprises a switch module, and the switch module is connected to the control module; 所述交换模块,用于从所述控制模块接收所述第二控制策略,并且根据所述第二控制策略,对接收到的并且以所述MAC地址为目的地址或源地址的数据包进行转发或拒绝转发处理。The switching module is configured to receive the second control strategy from the control module, and forward the received data packet with the MAC address as the destination address or source address according to the second control strategy Or refuse forwarding processing. 15.根据权利要求9-14任一项所述的交换机,其特征在于,所述控制策略包括但不限于下面一项或任意项的组合:访问控制策略,资源预留策略,流量优先级策略,最大流量延时策略,最大流量丢包率策略,最大流量抖动策略。15. The switch according to any one of claims 9-14, wherein the control policy includes but not limited to one or any combination of the following: access control policy, resource reservation policy, traffic priority policy , maximum traffic delay policy, maximum traffic packet loss rate policy, maximum traffic jitter policy.
CN201280002960.0A 2012-12-21 2012-12-21 The collocation method of virtual machine control strategy and switch Active CN103229489B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2012/087123 WO2014094287A1 (en) 2012-12-21 2012-12-21 Configuration method of virtual machine control policy and exchange

Publications (2)

Publication Number Publication Date
CN103229489A true CN103229489A (en) 2013-07-31
CN103229489B CN103229489B (en) 2016-05-25

Family

ID=48838364

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201280002960.0A Active CN103229489B (en) 2012-12-21 2012-12-21 The collocation method of virtual machine control strategy and switch

Country Status (2)

Country Link
CN (1) CN103229489B (en)
WO (1) WO2014094287A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014180363A1 (en) * 2013-12-23 2014-11-13 中兴通讯股份有限公司 Openflow signaling control method and device
WO2015024412A1 (en) * 2013-08-23 2015-02-26 中兴通讯股份有限公司 Stream mapping processing method and apparatus
CN104699522A (en) * 2015-03-17 2015-06-10 成都艺辰德迅科技有限公司 Virtual machine dynamic migration method
CN104717181A (en) * 2013-12-13 2015-06-17 中国电信股份有限公司 Security policy configuration system and method for virtual security gateway
CN105577548A (en) * 2014-10-10 2016-05-11 杭州华三通信技术有限公司 Software definition network message processing method and device
CN107566319A (en) * 2016-06-30 2018-01-09 中央大学 Virtual machine instant transfer method

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3468236B1 (en) * 2017-10-09 2021-04-28 Comcast Cable Communications, LLC Policy control for ethernet packet data
CA3021658A1 (en) 2017-10-20 2019-04-20 Comcast Cable Communications, Llc Non-access stratum capability information

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101909054A (en) * 2010-07-15 2010-12-08 华中科技大学 A Method for Aggregating Multiple Network Interface Cards in a Virtualization Environment
CN101916207A (en) * 2010-08-28 2010-12-15 华为技术有限公司 Energy saving method, device and system in desktop virtualization environment
CN102137169A (en) * 2011-01-30 2011-07-27 华为技术有限公司 Method, network card and communication system for binding physical internet ports
CN102136931A (en) * 2010-09-20 2011-07-27 华为技术有限公司 Method for configuring virtual port network strategies, network management center and related equipment
CN102202049A (en) * 2010-03-23 2011-09-28 思杰系统有限公司 Network policy implementation for multi-virtual machine appliance
CN102413183A (en) * 2011-11-22 2012-04-11 中国联合网络通信集团有限公司 Cloud smart switch and its processing method and system
CN102571698A (en) * 2010-12-17 2012-07-11 中国移动通信集团公司 Access authority control method, system and device for virtual machine
CN102739645A (en) * 2012-04-23 2012-10-17 杭州华三通信技术有限公司 Method and device for migrating virtual machine safety policy

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102202049A (en) * 2010-03-23 2011-09-28 思杰系统有限公司 Network policy implementation for multi-virtual machine appliance
CN101909054A (en) * 2010-07-15 2010-12-08 华中科技大学 A Method for Aggregating Multiple Network Interface Cards in a Virtualization Environment
CN101916207A (en) * 2010-08-28 2010-12-15 华为技术有限公司 Energy saving method, device and system in desktop virtualization environment
CN102136931A (en) * 2010-09-20 2011-07-27 华为技术有限公司 Method for configuring virtual port network strategies, network management center and related equipment
CN102571698A (en) * 2010-12-17 2012-07-11 中国移动通信集团公司 Access authority control method, system and device for virtual machine
CN102137169A (en) * 2011-01-30 2011-07-27 华为技术有限公司 Method, network card and communication system for binding physical internet ports
CN102413183A (en) * 2011-11-22 2012-04-11 中国联合网络通信集团有限公司 Cloud smart switch and its processing method and system
CN102739645A (en) * 2012-04-23 2012-10-17 杭州华三通信技术有限公司 Method and device for migrating virtual machine safety policy

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015024412A1 (en) * 2013-08-23 2015-02-26 中兴通讯股份有限公司 Stream mapping processing method and apparatus
CN104717181A (en) * 2013-12-13 2015-06-17 中国电信股份有限公司 Security policy configuration system and method for virtual security gateway
CN104717181B (en) * 2013-12-13 2018-10-23 中国电信股份有限公司 The security strategy of Virtual Security Gateway configures System and method for
WO2014180363A1 (en) * 2013-12-23 2014-11-13 中兴通讯股份有限公司 Openflow signaling control method and device
CN105577548A (en) * 2014-10-10 2016-05-11 杭州华三通信技术有限公司 Software definition network message processing method and device
CN105577548B (en) * 2014-10-10 2018-10-09 新华三技术有限公司 Message processing method and device in a kind of software defined network
US10541913B2 (en) 2014-10-10 2020-01-21 Hewlett Packard Enterprise Development Lp Table entry in software defined network
CN104699522A (en) * 2015-03-17 2015-06-10 成都艺辰德迅科技有限公司 Virtual machine dynamic migration method
CN104699522B (en) * 2015-03-17 2017-10-13 成都麦进斗科技有限公司 A kind of dynamic migration of virtual machine method
CN107566319A (en) * 2016-06-30 2018-01-09 中央大学 Virtual machine instant transfer method
CN107566319B (en) * 2016-06-30 2021-01-26 中央大学 Virtual machine instant transfer method

Also Published As

Publication number Publication date
WO2014094287A1 (en) 2014-06-26
CN103229489B (en) 2016-05-25

Similar Documents

Publication Publication Date Title
CN103229489B (en) The collocation method of virtual machine control strategy and switch
US10491517B2 (en) Packet processing method in cloud computing system, host, and system
US11005755B2 (en) Packet processing method in cloud computing system, host, and system
EP3386157B1 (en) Packet transmission method, device and system
CN109428749B (en) Network management method and related equipment
CN104243265B (en) A kind of gateway control method, apparatus and system based on virtual machine (vm) migration
US9413554B2 (en) Virtual network overlays
US9432304B2 (en) System and method for supporting live migration of virtual machines based on an extended host channel adaptor (HCA) model
EP2831730B1 (en) System and method for providing a scalable signaling mechanism for virtual machine migration in a middleware machine environment
US9548890B2 (en) Flexible remote direct memory access resource configuration in a network environment
CN102594660B (en) A kind of virtual interface exchange method, Apparatus and system
WO2015019530A1 (en) Switch clusters having layer-3 distributed router functionality
US10572291B2 (en) Virtual network management
CN109981493B (en) Method and device for configuring virtual machine network
CN108322325A (en) A kind of virtual machine management method and device
US10951438B1 (en) Acceleration proxy device, acceleration proxy method, and content management system
CN112583655B (en) Data transmission method, device, electronic device and readable storage medium
CN113472624A (en) Method for realizing virtual network data packet forwarding based on vDPA and application
US20140279885A1 (en) Data replication for a virtual networking system
CN102316043A (en) Port virtualization method, switch and communication system
CN101778050A (en) Load balancing method, device and system
CN104883302A (en) Method, device and system for forwarding data packet
WO2024093064A1 (en) Identifier management and forwarding optimization method and apparatus in large-scale multi-modal network
CN105554176A (en) Method and device for sending message and communication system
CN112242952A (en) A data forwarding method, a top-of-cabinet switch and a storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20211221

Address after: 450046 Floor 9, building 1, Zhengshang Boya Plaza, Longzihu wisdom Island, Zhengdong New Area, Zhengzhou City, Henan Province

Patentee after: xFusion Digital Technologies Co., Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right