CN108173696B - Data packet processing method, apparatus, computer equipment and storage medium - Google Patents
Data packet processing method, apparatus, computer equipment and storage medium Download PDFInfo
- Publication number
- CN108173696B CN108173696B CN201810002734.1A CN201810002734A CN108173696B CN 108173696 B CN108173696 B CN 108173696B CN 201810002734 A CN201810002734 A CN 201810002734A CN 108173696 B CN108173696 B CN 108173696B
- Authority
- CN
- China
- Prior art keywords
- virtual
- data packet
- switch
- port
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本申请涉及一种数据包处理方法、装置、计算机设备和存储介质。方法包括:通过第一用户虚拟机发出针对第二用户虚拟机的上行数据包;创建与所述第一用户虚拟机对应的第一虚拟交换机,通过第一虚拟交换机的第一端口接收上行数据包;通过第一虚拟交换机,将与第一端口对应的虚拟子网标识添加到上行数据包中,得到更新的上行数据包,并发送更新的上行数据包;配置与所述第一虚拟交换机连接的第二虚拟交换机,通过第二虚拟交换机的第二端口接收更新的上行数据包;第二端口对应的虚拟子网标识范围包括虚拟子网标识;第一用户虚拟机、第一虚拟交换机和第二虚拟交换机部署在相同的宿主机;通过第一用户虚拟机所在宿主机的物理网卡,将更新的上行数据包转发至物理交换机。采用本方法能够简化对用户虚拟机对应的虚拟子网进行配置。
The present application relates to a data packet processing method, apparatus, computer equipment and storage medium. The method includes: sending an uplink data packet for a second user virtual machine through a first user virtual machine; creating a first virtual switch corresponding to the first user virtual machine, and receiving the uplink data packet through a first port of the first virtual switch ; By the first virtual switch, the virtual subnet identification corresponding to the first port is added to the upstream data packet, the updated upstream data packet is obtained, and the updated upstream data packet is sent; The configuration connected with the first virtual switch The second virtual switch receives the updated uplink data packet through the second port of the second virtual switch; the virtual subnet identifier range corresponding to the second port includes the virtual subnet identifier; the first user virtual machine, the first virtual switch and the second virtual switch The virtual switch is deployed on the same host; the updated uplink data packet is forwarded to the physical switch through the physical network card of the host where the first user virtual machine is located. Using this method can simplify the configuration of the virtual subnet corresponding to the user virtual machine.
Description
技术领域technical field
本申请涉及计算机技术领域,特别是涉及一种数据包处理方法、装置、计算机设备和存储介质。The present application relates to the field of computer technology, and in particular, to a data packet processing method, apparatus, computer device and storage medium.
背景技术Background technique
随着虚拟网络技术的发展,出现了软件定义网络(Software Defined Network,SDN)技术,SDN是网络虚拟化的一种实现方式,能够实现对网络流量的灵活控制。目前,SDN网络系统中各个节点通常是利用物理节点接入,为了节约资源,会使用虚拟机来代替物理节点。With the development of virtual network technology, Software Defined Network (SDN) technology has emerged. SDN is an implementation method of network virtualization, which can realize flexible control of network traffic. Currently, each node in an SDN network system is usually accessed by using a physical node. In order to save resources, a virtual machine is used to replace the physical node.
然而,在Linux系统中构建SDN网络时,Linux原生的网桥仅支持转发一个虚拟子网的数据包,不支持对处于不同虚拟子网的用户虚拟机的数据包进行转发,这就需要为每个用户虚拟机配置对应的虚拟子网端口,以接收、发送相应的数据包。显然,若在SDN网络系统中属于不同虚拟子网的用户虚拟机的超过一定数量时,为每个用户虚拟机配置相应虚拟子网端口的这种方式不仅十分浪费资源,还十分复杂。However, when building an SDN network in a Linux system, the native bridge of Linux only supports forwarding data packets of one virtual subnet, and does not support forwarding data packets of user virtual machines in different virtual subnets. Each user virtual machine is configured with a corresponding virtual subnet port to receive and send corresponding data packets. Obviously, if the number of user virtual machines belonging to different virtual subnets in the SDN network system exceeds a certain number, the method of configuring corresponding virtual subnet ports for each user virtual machine is not only very wasteful of resources, but also very complicated.
发明内容SUMMARY OF THE INVENTION
基于此,有必要针对上述技术问题,提供一种能够简化用户虚拟机对应的虚拟子网配置的数据包处理方法、装置、计算机设备和存储介质。Based on this, it is necessary to provide a data packet processing method, apparatus, computer device and storage medium that can simplify the virtual subnet configuration corresponding to the user virtual machine in response to the above technical problems.
一种数据包处理方法,所述方法包括:A data packet processing method, the method comprising:
通过第一用户虚拟机发出针对第二用户虚拟机的上行数据包;所述第一用户虚拟机与所述第二用户虚拟机分别部署在不同的宿主机,且所述第一用户虚拟机与所述第二用户虚拟机对应相同的虚拟子网标识;Sending an uplink data packet for the second user virtual machine through the first user virtual machine; the first user virtual machine and the second user virtual machine are respectively deployed on different hosts, and the first user virtual machine and the second user virtual machine are respectively deployed on different hosts. The second user virtual machine corresponds to the same virtual subnet identifier;
创建与所述第一用户虚拟机对应的第一虚拟交换机,通过第一虚拟交换机的第一端口接收所述上行数据包;所述第一端口与所述第一用户虚拟机一一对应;Create a first virtual switch corresponding to the first user virtual machine, and receive the uplink data packet through a first port of the first virtual switch; the first port is in one-to-one correspondence with the first user virtual machine;
通过所述第一虚拟交换机,将与所述第一端口对应的虚拟子网标识添加到所述上行数据包中,得到更新的上行数据包,并发送所述更新的上行数据包;Through the first virtual switch, the virtual subnet identifier corresponding to the first port is added to the uplink data packet, an updated uplink data packet is obtained, and the updated uplink data packet is sent;
配置与第一虚拟交换机连接的第二虚拟交换机,通过第二虚拟交换机的第二端口接收所述更新的上行数据包;所述第二端口对应的虚拟子网标识范围包括所述虚拟子网标识;所述第一用户虚拟机、所述第一虚拟交换机和所述第二虚拟交换机部署在相同的宿主机;configuring a second virtual switch connected to the first virtual switch, and receiving the updated uplink data packet through a second port of the second virtual switch; the virtual subnet identifier range corresponding to the second port includes the virtual subnet identifier ; the first user virtual machine, the first virtual switch and the second virtual switch are deployed on the same host;
通过所述第一用户虚拟机所在宿主机的物理网卡,将更新的上行数据包转发至物理交换机;所述更新的上行数据包,用于指示所述物理交换机按照所述虚拟子网标识,将更新的上行数据包转发至所述第二用户虚拟机所在的宿主机。The updated uplink data packet is forwarded to the physical switch through the physical network card of the host where the first user virtual machine is located; the updated uplink data packet is used to instruct the physical switch to, according to the virtual subnet identifier, send The updated uplink data packet is forwarded to the host machine where the second user virtual machine is located.
上述数据包处理方法、装置、计算机设备和存储介质,在通过第一用户虚拟机发出针对第二用户虚拟机的上行数据包之后,就通过配置好的第一虚拟交换机的第一端口接收该上行数据包,并通过第一虚拟交换机,将与第一端口对应的虚拟子网标识添加到上行数据包中,得到更新的上行数据包,然后通过第二虚拟交换机的第二端口接收更新的上行数据包,最后通过第一用户虚拟机所在宿主机的物理网卡,将汇集到第二虚拟交换机的更新的上行数据包转发至物理交换机,由于第二端口对应的虚拟子网标识范围包括第一端口对应的虚拟子网标识,因此完全不需要为第一用户虚拟机来配置对应虚拟子网对应的端口,简化了用户虚拟机内部的网络配置,尤其在用户虚拟机数量达到一定数量时,可以节约资源。The above-mentioned data packet processing method, device, computer equipment and storage medium, after the first user virtual machine sends out the upstream data packet for the second user virtual machine, the upstream data packet is received through the configured first port of the first virtual switch. data packet, and through the first virtual switch, add the virtual subnet identifier corresponding to the first port to the uplink data packet to obtain an updated uplink data packet, and then receive the updated uplink data through the second port of the second virtual switch Finally, through the physical network card of the host where the first user virtual machine is located, the updated uplink data packets collected to the second virtual switch are forwarded to the physical switch, because the virtual subnet identification range corresponding to the second port includes the corresponding virtual subnet of the first port. Therefore, there is no need to configure the port corresponding to the virtual subnet for the first user virtual machine, which simplifies the network configuration inside the user virtual machine, especially when the number of user virtual machines reaches a certain number, it can save resources .
一种数据包处理装置,所述装置包括:A data packet processing device, the device comprising:
上行数据包发送模块,用于通过第一用户虚拟机发出针对第二用户虚拟机的上行数据包;所述第一用户虚拟机与所述第二用户虚拟机分别部署在不同的宿主机,且所述第一用户虚拟机与所述第二用户虚拟机对应相同的虚拟子网标识;an uplink data packet sending module, configured to send an uplink data packet for the second user virtual machine through the first user virtual machine; the first user virtual machine and the second user virtual machine are respectively deployed on different hosts, and The first user virtual machine and the second user virtual machine correspond to the same virtual subnet identifier;
上行数据包接收模块,用于创建与所述第一用户虚拟机对应的第一虚拟交换机,通过第一虚拟交换机的第一端口接收所述上行数据包;所述第一端口与所述第一用户虚拟机一一对应;an uplink data packet receiving module, configured to create a first virtual switch corresponding to the first user virtual machine, and receive the uplink data packet through a first port of the first virtual switch; One-to-one correspondence between user virtual machines;
上行数据包更新模块,用于通过所述第一虚拟交换机,将与所述第一端口对应的虚拟子网标识添加到所述上行数据包中,得到更新的上行数据包,并发送所述更新的上行数据包;an uplink data packet update module, configured to add the virtual subnet identifier corresponding to the first port to the uplink data packet through the first virtual switch, obtain an updated uplink data packet, and send the updated uplink data packet the upstream data packets;
更新的上行数据包接收模块,用于配置与第一虚拟交换机连接的第二虚拟交换机,通过第二虚拟交换机的第二端口接收所述更新的上行数据包;所述第二端口对应的虚拟子网标识范围包括所述虚拟子网标识;所述第一用户虚拟机、所述第一虚拟交换机和所述第二虚拟交换机部署在相同的宿主机;The updated uplink data packet receiving module is configured to configure a second virtual switch connected to the first virtual switch to receive the updated uplink data packet through a second port of the second virtual switch; The network identifier range includes the virtual subnet identifier; the first user virtual machine, the first virtual switch and the second virtual switch are deployed on the same host;
更新的上行数据包发送模块,用于通过所述第一用户虚拟机所在宿主机的物理网卡,将更新的上行数据包转发至物理交换机;所述更新的上行数据包,用于指示所述物理交换机按照所述虚拟子网标识,将更新的上行数据包转发至所述第二用户虚拟机所在的宿主机。The updated uplink data packet sending module is used to forward the updated uplink data packet to the physical switch through the physical network card of the host where the first user virtual machine is located; the updated uplink data packet is used to indicate the physical The switch forwards the updated uplink data packet to the host machine where the second user virtual machine is located according to the virtual subnet identifier.
一种数据包处理方法,所述方法包括:A data packet processing method, the method comprising:
通过第二虚拟交换机接收物理交换机转发的针对第一用户虚拟机的下行数据包;所述下行数据包由第二用户虚拟机发起;所述第一用户虚拟机与所述第二用户虚拟机分别部署在不同的宿主机,且所述第一用户虚拟机与所述第二用户虚拟机对应相同的虚拟子网标识;The downlink data packet for the first user virtual machine forwarded by the physical switch is received through the second virtual switch; the downlink data packet is initiated by the second user virtual machine; the first user virtual machine and the second user virtual machine are respectively Deployed on different hosts, and the first user virtual machine and the second user virtual machine correspond to the same virtual subnet identifier;
按照所述下行数据包中的虚拟子网标识,通过所述第二虚拟交换机的第二端口,将所述下行数据包发送至第一虚拟交换机;所述第二端口对应的虚拟子网标识范围包括所述虚拟子网标识;所述第一用户虚拟机、所述第一虚拟交换机和所述第二虚拟交换机部署在相同的宿主机;According to the virtual subnet identifier in the downlink data packet, the downlink data packet is sent to the first virtual switch through the second port of the second virtual switch; the virtual subnet identifier range corresponding to the second port is Including the virtual subnet identifier; the first user virtual machine, the first virtual switch and the second virtual switch are deployed on the same host;
通过所述第一虚拟交换机从所述下行数据包中剔除所述虚拟子网标识;Remove the virtual subnet identifier from the downlink data packet by using the first virtual switch;
通过所述第一虚拟交换机的、与所述第一用户虚拟机一一对应的第一端口,将已剔除所述虚拟子网标识的下行数据包发送至所述第一用户虚拟机。The downlink data packet from which the virtual subnet identifier has been removed is sent to the first user virtual machine through the first port of the first virtual switch that is in one-to-one correspondence with the first user virtual machine.
上述数据包处理方法、装置、计算机设备和计算机可读存储介质,通过第二虚拟交换机接收物理交换机转发的针对第一用户虚拟机的下行数据包,并按照下行数据包中的虚拟子网标识,通过第二虚拟交换机的第二端口,将下行数据包发送至第一虚拟交换机,然后通过第一虚拟交换机从下行数据包中剔除虚拟子网标识,就可以将已剔除虚拟子网标识的下行数据包通过第一虚拟交换机的、与第一用户虚拟机一一对应的第一端口发送至第一用户虚拟机,由于最后到达第一用户虚拟机的数据包没有虚拟子网标识,就不需要为第一用户虚拟机来配置对应虚拟子网以在第一用户虚拟机内部来读取对应的虚拟子网标识,简化了用户虚拟机内部的网络配置。The above-mentioned data packet processing method, device, computer equipment and computer-readable storage medium, receive the downlink data packet for the first user virtual machine forwarded by the physical switch through the second virtual switch, and according to the virtual subnet identifier in the downlink data packet, The downlink data packet is sent to the first virtual switch through the second port of the second virtual switch, and then the virtual subnet identifier is removed from the downlink data packet by the first virtual switch, so that the downlink data from which the virtual subnet identifier has been removed can be removed. The packet is sent to the first user virtual machine through the first port of the first virtual switch that corresponds to the first user virtual machine one-to-one. Since the data packet that finally arrives at the first user virtual machine does not have a virtual subnet The first user virtual machine configures the corresponding virtual subnet to read the corresponding virtual subnet identifier inside the first user virtual machine, which simplifies the network configuration inside the user virtual machine.
一种数据包处理装置,所述装置包括:A data packet processing device, the device comprising:
下行数据包接收模块,用于通过第二虚拟交换机接收物理交换机转发的针对第一用户虚拟机的下行数据包;所述下行数据包由第二用户虚拟机发起;所述第一用户虚拟机与所述第二用户虚拟机分别部署在不同的宿主机,且所述第一用户虚拟机与所述第二用户虚拟机对应相同的虚拟子网标识。A downlink data packet receiving module is configured to receive, through the second virtual switch, a downlink data packet for the first user virtual machine forwarded by the physical switch; the downlink data packet is initiated by the second user virtual machine; the first user virtual machine is connected to The second user virtual machines are respectively deployed on different hosts, and the first user virtual machine and the second user virtual machine correspond to the same virtual subnet identifier.
下行数据包第一发送模块,用于按照所述下行数据包中的虚拟子网标识,通过所述第二虚拟交换机的第二端口,将所述下行数据包发送至第一虚拟交换机;所述第二端口对应的虚拟子网标识范围包括所述虚拟子网标识;所述第一用户虚拟机、所述第一虚拟交换机和所述第二虚拟交换机部署在相同的宿主机。a first sending module for downlink data packets, configured to send the downlink data packets to the first virtual switch through the second port of the second virtual switch according to the virtual subnet identifier in the downlink data packets; the The virtual subnet identifier range corresponding to the second port includes the virtual subnet identifier; the first user virtual machine, the first virtual switch, and the second virtual switch are deployed on the same host.
剔除模块,用于通过所述第一虚拟交换机从所述下行数据包中剔除所述虚拟子网标识。A culling module, configured to cull the virtual subnet identifier from the downlink data packet through the first virtual switch.
下行数据包第二发送模块,用于通过所述第一虚拟交换机的、与所述第一用户虚拟机一一对应的第一端口,将已剔除所述虚拟子网标识的下行数据包发送至所述第一用户虚拟机。A second sending module for downlink data packets, configured to send the downlink data packets from which the virtual subnet identifier has been removed to the first port of the first virtual switch that corresponds to the first user virtual machine one-to-one. the first user virtual machine.
一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述数据包处理方法。A computer device includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the above data packet processing method when the processor executes the computer program.
一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现上述数据包处理方法。A computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the above-mentioned data packet processing method.
附图说明Description of drawings
图1为一个实施例中数据包处理方法的应用场景图;1 is an application scenario diagram of a data packet processing method in an embodiment;
图2为一个实施例中数据包处理方法的流程示意图;2 is a schematic flowchart of a data packet processing method in one embodiment;
图3为另一个实施例中数据包处理方法的流程示意图;3 is a schematic flowchart of a data packet processing method in another embodiment;
图4为一个具体的实施例中数据包处理方法的流程示意图;4 is a schematic flowchart of a data packet processing method in a specific embodiment;
图5为一个具体的实施例中对第一用户虚拟机向第二用户虚拟机发送的数据包处理的框架示意图;5 is a schematic diagram of a framework for processing data packets sent by a first user virtual machine to a second user virtual machine in a specific embodiment;
图6为一个实施例中数据包处理装置的结构框图;6 is a structural block diagram of a data packet processing apparatus in one embodiment;
图7为另一个实施例中数据包处理装置的结构框图;7 is a structural block diagram of a data packet processing apparatus in another embodiment;
图8为一个实施例中数据包处理装置的结构框图;8 is a structural block diagram of a data packet processing apparatus in one embodiment;
图9为一个实施例中计算机设备的内部结构图。Figure 9 is a diagram of the internal structure of a computer device in one embodiment.
具体实施方式Detailed ways
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the purpose, technical solutions and advantages of the present application more clearly understood, the present application will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present application, but not to limit the present application.
本申请提供的数据包处理方法,可以应用于如图1所示的应用环境中。其中,第一用户虚拟机102与第一虚拟交换机104建立连接;第一虚拟交换机104与第二虚拟交换机106建立连接;第一用户虚拟机102、第一虚拟交换机104和第二虚拟交换机106部署在第一宿主机100上;第一宿主机100通过网络与物理交换机200连接,以将数据包发送至第二用户虚拟机302所在的第二宿主机300;第一用户虚拟机102与第二用户虚拟机302属于同一个虚拟子网(Virtual Local Area Network,VLAN)。第一宿主机100和第二宿主机300可以用独立的服务器或者是多个服务器组成的服务器集群来实现。The data packet processing method provided in this application can be applied to the application environment shown in FIG. 1 . The first user
在一个实施例中,如图2所示,提供了一种数据包处理方法,以该方法应用于图1中的第一宿主机100为例进行说明,包括以下步骤:In one embodiment, as shown in FIG. 2, a data packet processing method is provided, and the method is applied to the
S202,通过第一用户虚拟机发出针对第二用户虚拟机的上行数据包;第一用户虚拟机与第二用户虚拟机分别部署在不同的宿主机,且第一用户虚拟机与第二用户虚拟机对应相同的虚拟子网标识。S202, sending an uplink data packet for the second user virtual machine through the first user virtual machine; the first user virtual machine and the second user virtual machine are respectively deployed on different hosts, and the first user virtual machine and the second user virtual machine are The machines correspond to the same virtual subnet ID.
其中,上行数据包是通过用户虚拟机所在的宿主机向网络发送的数据包。第一用户虚拟机和第二用户虚拟机分别为在不同的宿主机上创建的用于为用户提供计算资源和服务资源的虚拟机。第一用户虚拟机和第二用户虚拟机被配置为属于同一虚拟子网、且部署在不同的宿主机上。The uplink data packet is a data packet sent to the network by the host where the user virtual machine is located. The first user virtual machine and the second user virtual machine are virtual machines created on different host machines and used to provide computing resources and service resources for users. The first user virtual machine and the second user virtual machine are configured to belong to the same virtual subnet and are deployed on different hosts.
具体地,在宿主机上创建了第一用户虚拟机之后,为第一用户虚拟机配置对应的虚拟网卡,并配置该虚拟网卡所支持的虚拟子网,通过第一用户的虚拟网卡发出针对第二用户虚拟机的上行数据包。Specifically, after the first user virtual machine is created on the host machine, configure a corresponding virtual network card for the first user virtual machine, and configure a virtual subnet supported by the virtual network card, and send a message to the first user's virtual network card through the virtual network card of the first user. Two uplink data packets of user virtual machines.
S204,创建与第一用户虚拟机对应的第一虚拟交换机,通过第一虚拟交换机的第一端口接收上行数据包;第一端口与第一用户虚拟机一一对应。S204: Create a first virtual switch corresponding to the first user virtual machine, and receive an uplink data packet through a first port of the first virtual switch; the first port is in one-to-one correspondence with the first user virtual machine.
其中,第一虚拟交换机用于对所支持的虚拟子网内部的数据包进行转发。比如,第一虚拟交换机所支持的虚拟子网范围为VLAN1000~VLAN2000,那么第一虚拟交换机就能对接收到的该虚拟子网范围内的数据包进行转发。Wherein, the first virtual switch is used for forwarding the data packets inside the supported virtual subnet. For example, if the virtual subnet supported by the first virtual switch ranges from VLAN 1000 to VLAN 2000, the first virtual switch can forward the received data packets within the virtual subnet range.
具体地,通过创建第一用户虚拟机对应的虚拟交换机,并配置第一虚拟交换机的第一端口与第一用户虚拟机的虚拟网卡对应,通过第一虚拟交换机的第一端口来接收第一用户虚拟机发送的上行数据包,并通过该第一端口接管第一用户虚拟机的上、下行数据包。可通过执行ovs-vsctl add-br ovs-switch命令创建与第一用户虚拟机对应的虚拟交换机。Specifically, by creating a virtual switch corresponding to the first user virtual machine, and configuring the first port of the first virtual switch to correspond to the virtual network card of the first user virtual machine, the first user is received through the first port of the first virtual switch. The uplink data packets sent by the virtual machine take over the uplink and downlink data packets of the first user virtual machine through the first port. A virtual switch corresponding to the first user virtual machine may be created by executing the ovs-vsctl add-br ovs-switch command.
在一个实施例中,通过为第一虚拟交换机配置与各个用户虚拟机对应的端口,各个端口与各个用户虚拟机的虚拟网卡一一对应,这样就可以通过第一虚拟交换机接管与各个用户虚拟机相关的数据包。In one embodiment, ports corresponding to each user virtual machine are configured for the first virtual switch, and each port corresponds to the virtual network card of each user virtual machine one-to-one, so that the first virtual switch can take over and communicate with each user virtual machine through the first virtual switch. related packets.
S206,通过第一虚拟交换机,将与第一端口对应的虚拟子网标识添加到上行数据包中,得到更新的上行数据包,并发送更新的上行数据包。S206, through the first virtual switch, add the virtual subnet identifier corresponding to the first port into the uplink data packet, obtain an updated uplink data packet, and send the updated uplink data packet.
其中,虚拟子网标识用于唯一反映数据包所对应的虚拟子网的信息。具有相同的虚拟子网标识的数据包可以在同一个虚拟子网内传送,而具有不同的虚拟子网标识的数据包通常需要经过虚拟机交换机来实现传送。The virtual subnet identifier is used to uniquely reflect the information of the virtual subnet corresponding to the data packet. Data packets with the same virtual subnet ID can be transmitted in the same virtual subnet, while data packets with different virtual subnet IDs usually need to pass through a virtual machine switch to achieve transmission.
具体地,通过第一用户虚拟机发送的上行数据包并不携带子网标识,在第一虚拟交换机通过第一端口接收到第一用户虚拟机通过对应的虚拟网卡发送的上行数据包之后,由于第一端口与第一用户虚拟机的虚拟网卡一一对应,就可以将与该第一端口对应的虚拟子网标识添加至上行数据包中,得到更新的上行数据包,然后将更新的上行数据包发送至第二虚拟交换机。Specifically, the uplink data packet sent by the first user virtual machine does not carry the subnet identifier. After the first virtual switch receives the uplink data packet sent by the first user virtual machine through the corresponding virtual network card through the first port, because The first port is in one-to-one correspondence with the virtual network card of the first user virtual machine, and the virtual subnet identifier corresponding to the first port can be added to the uplink data packet to obtain an updated uplink data packet, and then the updated uplink data The packet is sent to the second virtual switch.
S208,配置与第一虚拟交换机连接的第二虚拟交换机,通过第二虚拟交换机的第二端口接收更新的上行数据包;第二端口对应的虚拟子网标识范围包括虚拟子网标识;第一用户虚拟机、第一虚拟交换机和第二虚拟交换机部署在相同的宿主机。S208: Configure a second virtual switch connected to the first virtual switch, and receive the updated uplink data packet through the second port of the second virtual switch; the virtual subnet identifier range corresponding to the second port includes the virtual subnet identifier; the first user The virtual machine, the first virtual switch and the second virtual switch are deployed on the same host.
其中,第二虚拟交换机用于对第一虚拟交换机之间传送的数据包进行转发。第二虚拟交换机的第二端口所支持的虚拟子网范围为若干个第一虚拟交换机所支持的虚拟子网范围的合并范围。Wherein, the second virtual switch is used for forwarding the data packets transmitted between the first virtual switches. The virtual subnet range supported by the second port of the second virtual switch is a combined range of virtual subnet ranges supported by several first virtual switches.
具体地,通过配置第二虚拟交换机的第二端口所支持的虚拟子网范围,该范围包括添加的虚拟子网标识对应的虚拟子网。在第一虚拟机添加了虚拟子网标识的上行数据包之后,第一虚拟交换机检查到该数据包可以被继续下发,就发送至第二虚拟交换机,第二虚拟交换机就可以通过第二端口接收到更新的上行数据包。Specifically, by configuring the virtual subnet range supported by the second port of the second virtual switch, the range includes the virtual subnet corresponding to the added virtual subnet identifier. After the first virtual machine adds the uplink data packet identified by the virtual subnet, the first virtual switch detects that the data packet can be continued to be delivered, and sends it to the second virtual switch, and the second virtual switch can pass the second port through the second virtual switch. An updated upstream packet is received.
可以理解,宿主机上的所有用户虚拟机发送的上行数据包都可以汇集至第二虚拟交换机,由第二虚拟交换机转发至物理网卡或转发至第二虚拟交换机对应的其它端口。It can be understood that the uplink data packets sent by all user virtual machines on the host can be collected to the second virtual switch, and forwarded by the second virtual switch to the physical network card or to other ports corresponding to the second virtual switch.
比如,第一虚拟交换机的出端口支持的虚拟子网范围为:For example, the virtual subnet range supported by the egress port of the first virtual switch is:
VLAN1000-VLAN2000,那么第二虚拟交换机上的就有支持接收第一虚拟交换机从第一虚拟交换机的出端口发送的上行数据包的端口。VLAN1000-VLAN2000, then there is a port on the second virtual switch that supports receiving the uplink data packet sent by the first virtual switch from the egress port of the first virtual switch.
S210,通过第一用户虚拟机所在宿主机的物理网卡,将更新的上行数据包转发至物理交换机;更新的上行数据包,用于指示物理交换机按照虚拟子网标识,将更新的上行数据包转发至第二用户虚拟机所在的宿主机。S210, forward the updated uplink data packet to the physical switch through the physical network card of the host where the first user virtual machine is located; the updated uplink data packet is used to instruct the physical switch to forward the updated uplink data packet according to the virtual subnet identifier to the host computer where the virtual machine of the second user resides.
具体地,在第二虚拟交换机接收到添加了虚拟子网标识的更新的上行数据包之后,检查到该上行数据包可以继续被下发,就通过宿主机的物理网卡将更新的上行数据包发送出去,由物理交换机接收之后,按照更新的上行数据包中的虚拟子网标识,将其转发至第二用户虚拟机所在的宿主机。Specifically, after the second virtual switch receives the updated uplink data packet to which the virtual subnet identifier is added, and checks that the uplink data packet can continue to be delivered, it sends the updated uplink data packet through the physical network card of the host. After going out, the physical switch forwards the updated uplink data packet to the host where the virtual machine of the second user is located according to the virtual subnet identifier in the updated uplink data packet.
在一个实施例中,可通过执行brctl addif br1A指令把第一用户虚拟机所在的宿主机的物理网卡A添加到第二虚拟交换机中,以使第二用户虚拟机将接收到的更新的上行数据包发送通过宿主机的物理网卡转发至网络。In one embodiment, the physical network card A of the host machine where the first user virtual machine is located can be added to the second virtual switch by executing the brctl addif br1A instruction, so that the second user virtual machine will receive the updated uplink data Packets are sent to the network through the host's physical network card.
上述数据包处理方法中,在通过第一用户虚拟机发出针对第二用户虚拟机的上行数据包之后,就通过配置好的第一虚拟交换机的第一端口接收上行数据包,并通过第一虚拟交换机,将与第一端口对应的虚拟子网标识添加到上行数据包中,得到更新的上行数据包,然后通过第二虚拟交换机的第二端口接收更新的上行数据包,最后通过第一用户虚拟机所在宿主机的物理网卡,将汇集到第二虚拟交换机的更新的上行数据包转发至物理交换机,由于第二端口对应的虚拟子网标识范围包括虚拟子网标识,因此完全不需要为第一用户虚拟机来配置对应虚拟子网对应的端口,简化了用户虚拟机内部的网络配置,尤其在用户虚拟机数量达到一定数量时,可以节约资源。In the above data packet processing method, after the first user virtual machine sends an uplink data packet for the second user virtual machine, the uplink data packet is received through the first port of the configured first virtual switch, and the uplink data packet is sent through the first virtual machine. The switch adds the virtual subnet identifier corresponding to the first port to the uplink data packet to obtain an updated uplink data packet, and then receives the updated uplink data packet through the second port of the second virtual switch, and finally passes the first user virtual switch. The physical network card of the host where the host is located, forwards the updated uplink data packets collected to the second virtual switch to the physical switch. Since the virtual subnet ID corresponding to the second port includes the virtual subnet ID, it does not need to be the first virtual switch at all. The user virtual machine configures the port corresponding to the corresponding virtual subnet, which simplifies the internal network configuration of the user virtual machine, and can save resources especially when the number of user virtual machines reaches a certain number.
在一个实施例中,发送更新的上行数据包的步骤具体包括:通过第一虚拟交换机查询相应的第一网络配置文件;按照第一网络配置文件,查询第一虚拟交换机的各端口各自对应的虚拟子网标识;当查询到与第一端口对应相同虚拟子网标识的端口时,通过查询到的端口发送更新的上行数据包。In one embodiment, the step of sending the updated uplink data packet specifically includes: querying the corresponding first network configuration file through the first virtual switch; querying the corresponding virtual network configuration file of each port of the first virtual switch according to the first network configuration file Subnet identifier; when a port corresponding to the same virtual subnet identifier as the first port is queried, an updated uplink data packet is sent through the queried port.
其中,第一网络配置文件是存储了与第一虚拟交换机对应的网络配置的文件。第一网络配置文件中存储了第一虚拟交换机上各端口所对应的虚拟子网标识。The first network configuration file is a file that stores the network configuration corresponding to the first virtual switch. The first network configuration file stores virtual subnet identifiers corresponding to each port on the first virtual switch.
具体地,在通过第一虚拟交换机对应的第一端口接收到第一用户虚拟机发送的上行数据包之后,为上行数据包添加第一端口对应的虚拟子网标识,查询相应的第一网络配置文件,查询到各个端口各自对应的虚拟子网标识,通过查询到的与第一端口对应相同虚拟子网标识的端口时,就通过查询到的该端口发送更新的上行数据包。Specifically, after receiving the uplink data packet sent by the first user virtual machine through the first port corresponding to the first virtual switch, add the virtual subnet identifier corresponding to the first port to the uplink data packet, and query the corresponding first network configuration file, the virtual subnet ID corresponding to each port is queried, and when the queried port corresponding to the same virtual subnet ID as the first port is passed, the updated uplink data packet is sent through the queried port.
比如,第一虚拟交换机查询到有A、B、C、D四个端口对应了与第一端口对应的虚拟子网标识,其中D端口还可以是支持一个虚拟子网范围的端口,该范围包含该虚拟子网标识,那么第一虚拟交换机就可以将更新的上行数据包转发至这个四个端口。For example, the first virtual switch finds that four ports A, B, C, and D correspond to the virtual subnet identifier corresponding to the first port, wherein the D port may also be a port that supports a virtual subnet range, and the range includes If the virtual subnet is identified, the first virtual switch can forward the updated uplink data packets to the four ports.
在一个实施例中,第一虚拟交换机在转发更新的上行数据包时,并不会将该数据包转发至第一虚拟交换机的第一端口。In one embodiment, when forwarding the updated uplink data packet, the first virtual switch does not forward the data packet to the first port of the first virtual switch.
在一个实施例中,第一用户虚拟机所在的宿主机至少有两个物理网卡。其中一个物理网卡用于对接收的上下行数据包进行转发,另一个物理网卡用于接收推送的网络配置文件,网络配置文件用于修改虚拟交换机和用户虚拟机对应的网络配置。第一虚拟交换机就可以通过用于接收推送的网络配置文件的物理网卡来接收对应的网络配置文件。In one embodiment, the host computer where the first user virtual machine is located has at least two physical network cards. One of the physical network cards is used to forward the received uplink and downlink data packets, and the other physical network card is used to receive the pushed network configuration file, and the network configuration file is used to modify the network configuration corresponding to the virtual switch and the user virtual machine. The first virtual switch may then receive the corresponding network configuration file through the physical network card for receiving the pushed network configuration file.
在本实施例中,第一虚拟交换机通过查询各个端口对应的虚拟子网标识,按照查询到与第一端口对应的虚拟子网标识对应的端口转发更新的上行数据包,以实现将第一用户虚拟机发送的上行数据包下发至第二虚拟交换机。In this embodiment, the first virtual switch forwards the updated uplink data packet according to the port corresponding to the virtual subnet identifier corresponding to the first port by querying the virtual subnet identifier corresponding to each port, so as to realize the first user The uplink data packet sent by the virtual machine is delivered to the second virtual switch.
在一个实施例中,通过第二虚拟交换机的第二端口接收更新的上行数据包,具体包括:查询第二虚拟交换机的各端口各自对应的虚拟子网标识范围;确定更新的上行数据包中的虚拟子网标识所在的虚拟子网标识范围;通过确定的虚拟子网标识范围所对应的第二端口,接收更新的上行数据包。In one embodiment, receiving the updated uplink data packet through the second port of the second virtual switch specifically includes: querying the virtual subnet identification range corresponding to each port of the second virtual switch; The virtual subnet ID range where the virtual subnet ID is located; the updated uplink data packet is received through the second port corresponding to the determined virtual subnet ID range.
其中,第二虚拟交换机的各端口都对应了一个虚拟子网标识范围。比如,第二虚拟交换机的端口tap0用于接收OpenStack环境中的计算节点中所有用户虚拟机发送的上行数据包,该计算节点对应的虚拟子网标识范围是VLAN100~VLAN200;第二虚拟交换机的端口tap1用于接收OpenStack环境中的控制节点中所有虚拟控制器发送的上行数据包,该控制节点对应的虚拟子网标识范围是VLAN300~VLAN500。Wherein, each port of the second virtual switch corresponds to a virtual subnet identification range. For example, the port tap0 of the second virtual switch is used to receive uplink data packets sent by all user virtual machines in the computing node in the OpenStack environment, and the virtual subnet ID corresponding to the computing node ranges from VLAN100 to VLAN200; the port of the second virtual switch The tap1 is used to receive uplink data packets sent by all virtual controllers in the control node in the OpenStack environment, and the virtual subnet identifier corresponding to the control node ranges from VLAN300 to VLAN500.
具体地,通过为第二虚拟交换机的各个端口配置对应的虚拟子网标识范围,在第一虚拟交换机发送了更新的上行数据包之后,就查询第二虚拟交换机的各个端口各自第一的虚拟子网标识范围,确定更新的上行数据包中添加的虚拟子网标识所在的虚拟子网标识范围,查找到确定的虚拟子网标识范围对应的第二端口,就可以通过第二端口来接收到该数据包。Specifically, by configuring the corresponding virtual subnet identification range for each port of the second virtual switch, after the first virtual switch sends the updated uplink data packet, the first virtual subnet of each port of the second virtual switch is queried. network identification range, determine the virtual subnet identification range where the virtual subnet identification added in the updated uplink data packet is located, find the second port corresponding to the determined virtual subnet identification range, and then receive the virtual subnet identification through the second port. data pack.
在一个实施例中,第二虚拟交换机的各个端口在接收到各个更新的上行数据包之后,按照接收的顺序将更新的上行数据包转发出去。比如,对于同一个端口先接收到的更新的数据包就先转发;对于不同端口同时接收到的更新的数据包按照各个端口预设优先级进行转发。In an embodiment, after receiving each updated uplink data packet, each port of the second virtual switch forwards the updated uplink data packet out according to the received sequence. For example, the updated data packets received first by the same port are forwarded first; the updated data packets received simultaneously by different ports are forwarded according to the preset priority of each port.
在本实施例中,通过查询第二虚拟交换机的各端口对应的虚拟子网标识范围,并确定更新的上行数据包中虚拟子网标识所在的虚拟子网标识范围,就可以确定第二虚拟交换机上用于接收更新的上行数据包的端口,对应了一个虚拟子网标识范围的端口能够实现属于同一个虚拟子网、且部署在不同宿主机的用户虚拟机之间的通信。In this embodiment, the second virtual switch can be determined by querying the virtual subnet identifier range corresponding to each port of the second virtual switch, and determining the virtual subnet identifier range where the virtual subnet identifier in the updated uplink data packet is located. The port used to receive the updated uplink data packet, and the port corresponding to a virtual subnet identification range can implement communication between user virtual machines belonging to the same virtual subnet and deployed on different hosts.
如图3所示,在一个实施例中,数据包处理方法还包括以下步骤:As shown in Figure 3, in one embodiment, the data packet processing method further includes the following steps:
S302,通过第二虚拟交换机接收物理交换机转发的针对第一用户虚拟机的下行数据包;下行数据包由第二用户虚拟机发起。S302: Receive, through the second virtual switch, a downlink data packet directed to the virtual machine of the first user and forwarded by the physical switch; the downlink data packet is initiated by the virtual machine of the second user.
其中,下行数据包是由网络发送至第一用户虚拟机所在的宿主机的数据包。针对第一用户虚拟机的下行数据包是携带了第一用户虚拟机所对应的虚拟子网标识的数据包。具体地,通过将第一用户虚拟机所在的宿主机的物理网卡添加第二虚拟交换机,以使到达宿主机的物理网卡的数据包可以由第二虚拟交换机接收,并转发至第一虚拟交换机。The downlink data packet is a data packet sent by the network to the host computer where the first user virtual machine is located. The downlink data packet for the first user virtual machine is a data packet carrying the virtual subnet identifier corresponding to the first user virtual machine. Specifically, by adding a second virtual switch to the physical network card of the host where the first user virtual machine is located, data packets arriving at the physical network card of the host can be received by the second virtual switch and forwarded to the first virtual switch.
S304,按照下行数据包中的虚拟子网标识,通过第二虚拟交换机的第二端口,将下行数据包发送至第一虚拟交换机。S304: Send the downlink data packet to the first virtual switch through the second port of the second virtual switch according to the virtual subnet identifier in the downlink data packet.
其中,下行数据包对应的虚拟子网标识属于第二虚拟交换机的第二端口所对应的虚拟子网标识范围。具体地,第二虚拟交换机在接收到携带有虚拟子网标识的下行数据包之后,从下行数据包中提取出对应的虚拟子网标识,按照提取的虚拟子网标识从第二端口将下行数据包转发至第一虚拟交换机。The virtual subnet identifier corresponding to the downlink data packet belongs to the virtual subnet identifier range corresponding to the second port of the second virtual switch. Specifically, after receiving the downlink data packet carrying the virtual subnet identifier, the second virtual switch extracts the corresponding virtual subnet identifier from the downlink data packet, and sends the downlink data from the second port according to the extracted virtual subnet identifier. The packet is forwarded to the first virtual switch.
S306,通过第一虚拟交换机从下行数据包中剔除虚拟子网标识。S306, remove the virtual subnet identifier from the downlink data packet through the first virtual switch.
由于从第一用户虚拟机发出的上行数据包是没有虚拟子网标识的,同样地,要达到第一用户虚拟机的端口的下行数据包也不携带虚拟子网标识,因此在下行数据包到达第一用户虚拟机的端口之前需要剔除数据包中的虚拟子网标识。这样就不需要为用户虚拟机配置如何识别虚拟子网的标识,也不需要在用户虚拟机内部判断是否要接收或转发下行数据包,使得用户虚拟机内网络配置明显简化。Since the uplink data packet sent from the first user virtual machine does not have a virtual subnet identifier, similarly, the downlink data packet to reach the port of the first user virtual machine does not carry the virtual subnet identifier. Therefore, when the downlink data packet arrives Before the port of the first user virtual machine, the virtual subnet identifier in the data packet needs to be removed. In this way, it is not necessary to configure the identifier of how to identify the virtual subnet for the user virtual machine, and it is not necessary to determine whether to receive or forward downlink data packets in the user virtual machine, which simplifies the network configuration in the user virtual machine.
具体地,第一虚拟交换机接收到下行数据包之后,从下行数据包中提取对应的虚拟子网标识,从下行数据包中剔除该虚拟子网标识。Specifically, after receiving the downlink data packet, the first virtual switch extracts the corresponding virtual subnet identifier from the downlink data packet, and removes the virtual subnet identifier from the downlink data packet.
S308,通过第一虚拟交换机的第一端口,将已剔除虚拟子网标识的下行数据包发送至第一用户虚拟机。S308: Send the downlink data packet from which the virtual subnet identifier has been removed to the first user virtual machine through the first port of the first virtual switch.
具体地,第一虚拟交换机在识别了下行数据包对应的虚拟子网标识后,查询第一虚拟交换机的各端口对应的虚拟子网标识,确定与下行数据包对应的虚拟子网标识相同的第一端口,将已剔除虚拟子网标识的下行数据包通过第一端口发送至第一用户虚拟机。Specifically, after identifying the virtual subnet identifier corresponding to the downlink data packet, the first virtual switch queries the virtual subnet identifier corresponding to each port of the first virtual switch, and determines the first virtual subnet identifier that is the same as the virtual subnet identifier corresponding to the downlink data packet. A port for sending the downlink data packet from which the virtual subnet identifier has been removed to the first user virtual machine through the first port.
在本实施例中,通过第一虚拟交换机在接收到第二虚拟交换机上报的下行数据包之后,剔除下行数据包中的虚拟子网标识,这样使得到达第一用户虚拟机的下行数据包已经不携带虚拟子网标识。In this embodiment, after receiving the downlink data packet reported by the second virtual switch, the first virtual switch removes the virtual subnet identifier in the downlink data packet, so that the downlink data packet reaching the first user virtual machine is no longer available. Carry the virtual subnet ID.
在一个实施例中,按照下行数据包中的虚拟子网标识,通过第二虚拟交换机的第二端口,将下行数据包发送至第一虚拟交换机的步骤具体包括:查询第二虚拟交换机的各端口各自对应的虚拟子网标识范围;确定下行数据包中的虚拟子网标识所在的虚拟子网标识范围;通过确定的虚拟子网标识范围所对应的第二端口,将下行数据包发送至第一虚拟交换机。In one embodiment, the step of sending the downlink data packet to the first virtual switch through the second port of the second virtual switch according to the virtual subnet identifier in the downlink data packet specifically includes: querying each port of the second virtual switch The corresponding virtual subnet identification range; determine the virtual subnet identification range where the virtual subnet identification in the downlink data packet is located; send the downlink data packet to the first port through the second port corresponding to the determined virtual subnet identification range virtual switch.
其中,由于第二虚拟交换机各端口都被配置为对应了一个虚拟子网标识范围,需要通过包含下行数据包中的虚拟子网标识的端口将下行数据包转发至第一虚拟交换机。Wherein, since each port of the second virtual switch is configured to correspond to a virtual subnet ID range, the downlink data packet needs to be forwarded to the first virtual switch through the port including the virtual subnet ID in the downlink data packet.
具体地,在第二虚拟交换机接收到下行数据包之后,查询第二虚拟交换机各端口各自对应的虚拟子网标识范围,确定下行数据包对应的虚拟子网标识所在的虚拟子网标识范围对应的第二端口,通过该第二端口将下行数据包发送至第一虚拟交换机。Specifically, after the second virtual switch receives the downlink data packet, it queries the virtual subnet ID range corresponding to each port of the second virtual switch, and determines the virtual subnet ID range corresponding to the virtual subnet ID corresponding to the downlink data packet. the second port, and the downlink data packet is sent to the first virtual switch through the second port.
在一个实施例中,若仅查询到第二虚拟交换机接收下行数据包的端口对应的虚拟子网标识范围包括下行数据包的虚拟子网标识,则对下行数据包作丢弃处理。In one embodiment, if only the virtual subnet identifier range corresponding to the port on which the second virtual switch receives the downlink data packet is found to include the virtual subnet identifier of the downlink data packet, the downlink data packet is discarded.
在上述实施例中,第二虚拟交换机在接收到下行数据包后,通过查询第二虚拟交换机对应的虚拟子网标识范围,确定下行数据包中的虚拟子网标识所在的虚拟子网标识范围,就可以通过该虚拟子网标识范围对应的第二端口将下行数据包转发至第一虚拟交换机。In the above embodiment, after receiving the downlink data packet, the second virtual switch determines the virtual subnet identifier range where the virtual subnet identifier in the downlink data packet is located by querying the virtual subnet identifier range corresponding to the second virtual switch, Then, the downlink data packet can be forwarded to the first virtual switch through the second port corresponding to the virtual subnet identification range.
在一个实施例中,第一端口为ACCESS类型的端口;第二端口为TRUNK类型的端口;第一用户虚拟机和第二用户虚拟机运行在OpenStack中的计算节点上。In one embodiment, the first port is an ACCESS type port; the second port is a TRUNK type port; the first user virtual machine and the second user virtual machine run on computing nodes in OpenStack.
其中,ACCESS(访问连接)类型的端口仅对应一个VLAN。比如,与第一用户虚拟机的虚拟网卡对应的第一虚拟交换机的第一端口为ACCESS类型的端口。TRUNK(汇聚连接)类型的端口对应多个VLAN,即对应了一个虚拟子网标识范围,可以接收和发送多个VLAN的数据包。比如,第二虚拟交换机的第二端口为TRUNK类型的端口。第一用户虚拟机和第二用户虚拟机是运行在OpenStack中的计算节点上的虚拟交换机。该计算节点上可以运行有多个属于多个VLAN的用户虚拟机。第一虚拟交换机和第二虚拟交换机可以是OpenStack环境中的OVS交换机。Among them, the ACCESS (access connection) type port corresponds to only one VLAN. For example, the first port of the first virtual switch corresponding to the virtual network card of the first user virtual machine is an ACCESS type port. A TRUNK (convergence connection) type port corresponds to multiple VLANs, that is, corresponds to a virtual subnet identification range, and can receive and send data packets of multiple VLANs. For example, the second port of the second virtual switch is a trunk type port. The first user virtual machine and the second user virtual machine are virtual switches running on compute nodes in OpenStack. Multiple user virtual machines belonging to multiple VLANs may run on the computing node. The first virtual switch and the second virtual switch may be OVS switches in an OpenStack environment.
在一个实施例中,第一用户虚拟机所在的宿主机上有多个计算节点,每个计算节点对应了不同的虚拟子网标识范围,虚拟子网标识范围是计算节点中各个用户虚拟机对应的虚拟子网标识的合并范围。In one embodiment, there are multiple computing nodes on the host machine where the first user virtual machine is located, each computing node corresponds to a different virtual subnet identification range, and the virtual subnet identification range is the corresponding virtual subnet of each user in the computing node. The merged range of virtual subnet IDs for .
如图4所示,在一个具体的实施例中数据包处理方法的流程示意图。该数据包处理方法具体包括如下步骤:As shown in FIG. 4, a schematic flowchart of a data packet processing method in a specific embodiment. The data packet processing method specifically includes the following steps:
S401,通过第一用户虚拟机发出针对第二用户虚拟机的上行数据包。S401, sending an uplink data packet for a second user virtual machine through the first user virtual machine.
S402,创建与第一用户虚拟机对应的第一虚拟交换机,通过第一虚拟交换机的第一端口接收上行数据包。S402: Create a first virtual switch corresponding to the first user virtual machine, and receive an uplink data packet through a first port of the first virtual switch.
S403,通过第一虚拟交换机,将与第一端口对应的虚拟子网标识添加到上行数据包中,得到更新的上行数据包。S403, through the first virtual switch, add the virtual subnet identifier corresponding to the first port into the uplink data packet to obtain an updated uplink data packet.
S404,通过第一虚拟交换机查询相应的第一网络配置文件。S404, query the corresponding first network configuration file through the first virtual switch.
S405,通过第一虚拟交换机,按照第一网络配置文件,查询第一虚拟交换机的各端口各自对应的虚拟子网标识。S405 , through the first virtual switch, according to the first network configuration file, query the respective virtual subnet identifiers corresponding to each port of the first virtual switch.
S406,当通过第一虚拟交换机查询到与第一端口对应相同虚拟子网标识的端口时,通过查询到的端口发送更新的上行数据包。S406, when a port corresponding to the same virtual subnet identifier as the first port is queried through the first virtual switch, send an updated uplink data packet through the queried port.
S407,配置与第一虚拟交换机连接的第二虚拟交换机,通过第二虚拟交换机查询第二虚拟交换机的各端口各自对应的虚拟子网标识范围。S407: Configure a second virtual switch connected to the first virtual switch, and query the virtual subnet identification range corresponding to each port of the second virtual switch through the second virtual switch.
S408,通过第二虚拟交换机确定更新的上行数据包中的虚拟子网标识所在的虚拟子网标识范围。S408: Determine, through the second virtual switch, a virtual subnet identifier range where the virtual subnet identifier in the updated uplink data packet is located.
S409,通过确定的虚拟子网标识范围所对应的第二端口,接收更新的上行数据包。S409: Receive an updated uplink data packet through the second port corresponding to the determined virtual subnet identification range.
S410,通过第一用户虚拟机所在宿主机的物理网卡,将更新的上行数据包转发至物理交换机。S410, forward the updated uplink data packet to the physical switch through the physical network card of the host where the first user virtual machine is located.
S411,通过第二虚拟交换机接收物理交换机转发的针对第一用户虚拟机的下行数据包。S411. Receive, through the second virtual switch, a downlink data packet directed to the virtual machine of the first user and forwarded by the physical switch.
S412,按照下行数据包中的虚拟子网标识,通过第二虚拟交换机的第二端口,将下行数据包发送至第一虚拟交换机。S412: Send the downlink data packet to the first virtual switch through the second port of the second virtual switch according to the virtual subnet identifier in the downlink data packet.
S413,通过第一虚拟交换机从下行数据包中剔除虚拟子网标识。S413, remove the virtual subnet identifier from the downlink data packet through the first virtual switch.
S414,通过第一虚拟交换机的第一端口,将已剔除虚拟子网标识的下行数据包发送至第一用户虚拟机。S414: Send the downlink data packet from which the virtual subnet identifier has been removed to the first user virtual machine through the first port of the first virtual switch.
上述数据包处理方法,在通过第一用户虚拟机发出针对第二用户虚拟机的上行数据包之后,就通过配置好的第一虚拟交换机的第一端口接收上行数据包,并通过第一虚拟交换机,将与第一端口对应的虚拟子网标识添加到上行数据包中,得到更新的上行数据包,然后通过第二虚拟交换机的第二端口接收更新的上行数据包,最后通过第一用户虚拟机所在宿主机的物理网卡,将汇集到第二虚拟交换机的更新的上行数据包转发至物理交换机,由于第二端口对应的虚拟子网标识范围包括虚拟子网标识,因此完全不需要为第一用户虚拟机来配置对应虚拟子网对应的端口,简化了用户虚拟机内部的网络配置,尤其在用户虚拟机数量达到一定数量时,可以节约资源。In the above data packet processing method, after the first user virtual machine sends an uplink data packet for the second user virtual machine, the uplink data packet is received through the configured first port of the first virtual switch, and the uplink data packet is sent through the first virtual switch. , add the virtual subnet identifier corresponding to the first port to the uplink data packet to obtain an updated uplink data packet, then receive the updated uplink data packet through the second port of the second virtual switch, and finally pass the first user virtual machine The physical network card of the host computer forwards the updated uplink data packets collected to the second virtual switch to the physical switch. Since the virtual subnet ID corresponding to the second port includes the virtual subnet ID, it does not need to be the first user at all. The virtual machine configures the port corresponding to the virtual subnet, which simplifies the internal network configuration of the user virtual machine, especially when the number of user virtual machines reaches a certain number, resources can be saved.
在一个实施例中,提供了一种数据包处理方法,以该方法应用于图1中的第二宿主机300为例进行说明,包括以下步骤:通过第二虚拟交换机接收物理交换机转发的针对第一用户虚拟机的下行数据包;下行数据包由第二用户虚拟机发起;第一用户虚拟机与第二用户虚拟机分别部署在不同的宿主机,且第一用户虚拟机与第二用户虚拟机对应相同的虚拟子网标识;按照下行数据包中的虚拟子网标识,通过第二虚拟交换机的第二端口,将下行数据包发送至第一虚拟交换机;第二端口对应的虚拟子网标识范围包括虚拟子网标识;第一用户虚拟机、第一虚拟交换机和第二虚拟交换机部署在相同的宿主机;通过第一虚拟交换机从下行数据包中剔除虚拟子网标识;通过第一虚拟交换机的、与第一用户虚拟机一一对应的第一端口,将已剔除虚拟子网标识的下行数据包发送至第一用户虚拟机。In one embodiment, a data packet processing method is provided, which is illustrated by taking the method applied to the
在本实施例中,数据包处理方法,通过第二虚拟交换机接收物理交换机转发的针对第一用户虚拟机的下行数据包,并按照下行数据包中的虚拟子网标识,通过第二虚拟交换机的第二端口,将下行数据包发送至第一虚拟交换机,然后通过第一虚拟交换机从下行数据包中剔除虚拟子网标识,就可以将已剔除虚拟子网标识的下行数据包通过第一虚拟交换机的、与第一用户虚拟机一一对应的第一端口发送至第一用户虚拟机,由于最后到达第一用户虚拟机的数据包没有虚拟子网标识,就不需要为第一用户虚拟机来配置对应虚拟子网以在第一用户虚拟机内部来读取对应的虚拟子网标识,简化了用户虚拟机内部的网络配置。In this embodiment, the data packet processing method receives, through the second virtual switch, a downlink data packet for the first user virtual machine forwarded by the physical switch, and according to the virtual subnet identifier in the downlink data packet, through the second virtual switch The second port sends the downlink data packet to the first virtual switch, and then removes the virtual subnet identifier from the downlink data packet through the first virtual switch, so that the downlink data packet from which the virtual subnet identifier has been removed can pass through the first virtual switch The first port corresponding to the first user virtual machine one-to-one is sent to the first user virtual machine. Since the data packet that finally arrives at the first user virtual machine does not have a virtual subnet identifier, it does not need to be sent to the first user virtual machine. The corresponding virtual subnet is configured to read the corresponding virtual subnet identifier inside the first user virtual machine, which simplifies the network configuration inside the user virtual machine.
如图5所示,为一个实施例中,对第一用户虚拟机发送的针对第二用户虚拟机的数据包进行处理的示意图。第一用户虚拟机102和第二用户虚拟机302所对应的虚拟子网标识为VLAN1000,具体地,第一用户虚拟机102通虚拟网卡102a将数据包发送至第一虚拟交换机104,由于第一虚拟交换机104上的端口104a对应的虚拟子网标识被配置为与第一用户虚拟机102对应的虚拟子网相同,因此,第一虚拟交换机104通过端口104a接收该数据包;在第一虚拟交换机104接收到该数据包之后,检查到该数据包由端口104a接收,就为数据包添加与端口104a对应的虚拟子网标识VLAN1000,第一虚拟交换机104检查到端口104b所对应的虚拟子网标识范围包括VLAN1000,就通过端口104b转发至第二虚拟交换机106;由于第二虚拟交换机106的端口106a对应的虚拟子网标识被配置为包括104b对应的虚拟子网标识范围,就可以通过106a接收到添加了虚拟子网标识的数据包,第一宿主机100的物理网卡100a被添加到了第二虚拟交换机106上,因此第二虚拟交换机就可以将数据包转发给第一宿主机100对应的物理网卡100a。可以理解,第一虚拟交换机104和第二虚拟交换机106可以实现对不同的虚拟子网标识的数据流进行汇聚和转发。As shown in FIG. 5 , it is a schematic diagram of processing a data packet sent by a first user virtual machine and directed to a second user virtual machine in one embodiment. The virtual subnets corresponding to the first user
从图中还可以看出,第一宿主机100上可以配置有多个计算节点,每个计算节点对应了不同的虚拟子网标识范围,最后都汇聚到第一宿主机100的第二虚拟机交换机106上。It can also be seen from the figure that the
数据包通过第一宿主机100的物理网卡100a转发到物理交换机200上,然后有物理交换机通过网络转发至第二宿主机300,第二宿主机300对应的第二虚拟交换机306在接收到携带有虚拟子网标识的数据包之后,查找包含该虚拟子网标识的虚拟子网标识范围对应的端口306a,从端口306a将数据包转发至第二宿主机300对应的第一虚拟交换机304,由第一虚拟交换机304识别数据包携带的虚拟子网标识VLAN1000并从数据包中剔除该虚拟子网标识,由于第一虚拟交换机304对应的端口304a被配置为对应了虚拟子网标识VLAN1000,因此就可以通过该端口将剔除了虚拟子网标识的数据包发送至用户虚拟机302,就完成了数据包的整个处理过程。The data packet is forwarded to the
应该理解的是,虽然图2-4的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,这些步骤可以以其它的顺序执行。而且,图2-4中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,这些子步骤或者阶段的执行顺序也不必然是依次进行,而是可以与其它步骤或者其它步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that although the steps in the flowcharts of FIGS. 2-4 are shown in sequence according to the arrows, these steps are not necessarily executed in the sequence shown by the arrows. Unless explicitly stated herein, the execution of these steps is not strictly limited to the order, and these steps may be performed in other orders. Moreover, at least a part of the steps in FIGS. 2-4 may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily executed at the same time, but may be executed at different times. These sub-steps or stages are not necessarily completed at the same time. The order of execution of the steps is not necessarily sequential, but may be performed alternately or alternately with other steps or at least part of sub-steps or stages of other steps.
在一个实施例中,如图6所示,提供了一种数据包处理装置600,包括:上行数据包发送模块602、上行数据包接收模块604、上行数据包更新模块606、更新的上行数据包接收模块608和更新的上行数据包发送模块610,其中:In one embodiment, as shown in FIG. 6, a data packet processing apparatus 600 is provided, including: an uplink data
上行数据包发送模块602,用于通过第一用户虚拟机发出针对第二用户虚拟机的上行数据包;第一用户虚拟机与第二用户虚拟机分别部署在不同的宿主机,且第一用户虚拟机与第二用户虚拟机对应相同的虚拟子网标识;The uplink data
上行数据包接收模块604,用于创建与第一用户虚拟机对应的第一虚拟交换机,通过第一虚拟交换机的第一端口接收上行数据包;第一端口与第一用户虚拟机一一对应;The uplink data
上行数据包更新模块606,用于通过第一虚拟交换机,将与第一端口对应的虚拟子网标识添加到上行数据包中,得到更新的上行数据包,并发送更新的上行数据包;The uplink data
更新的上行数据包接收模块608,用于配置与第一虚拟交换机连接的第二虚拟交换机,通过第二虚拟交换机的第二端口接收更新的上行数据包;第二端口对应的虚拟子网标识范围包括虚拟子网标识;第一用户虚拟机、第一虚拟交换机和第二虚拟交换机部署在相同的宿主机;The updated uplink data
更新的上行数据包发送模块610,用于通过第一用户虚拟机所在宿主机的物理网卡,将更新的上行数据包转发至物理交换机;更新的上行数据包,用于指示物理交换机按照虚拟子网标识,将更新的上行数据包转发至第二用户虚拟机所在的宿主机。The updated upstream data
在一个实施例中,如图7所示,数据包处理装置600还包括:In one embodiment, as shown in FIG. 7 , the data packet processing apparatus 600 further includes:
下行数据包接收模块702,用于通过第二虚拟交换机接收物理交换机转发的针对第一用户虚拟机的下行数据包;下行数据包由第二用户虚拟机发起;A downlink data
下行数据包转发模块704,用于按照下行数据包中的虚拟子网标识,通过第二虚拟交换机的第二端口,将下行数据包发送至第一虚拟交换机;The downlink data
虚拟子网标识剔除模块706,用于通过第一虚拟交换机从下行数据包中剔除虚拟子网标识;a virtual subnet
更新的下行数据包发送模块708,用于通过第一虚拟交换机的第一端口,将已剔除虚拟子网标识的下行数据包发送至第一用户虚拟机。The updated downlink data
在一个实施例中,下行数据包转发模块704还用于查询第二虚拟交换机的各端口各自对应的虚拟子网标识范围;确定下行数据包中的虚拟子网标识所在的虚拟子网标识范围;通过确定的虚拟子网标识范围所对应的第二端口,将下行数据包发送至第一虚拟交换机。In one embodiment, the downlink data
在一个实施例中,第一端口为ACCESS类型的端口;第二端口为TRUNK类型的端口;第一用户虚拟机和第二用户虚拟机运行在OpenStack中的计算节点上。In one embodiment, the first port is an ACCESS type port; the second port is a TRUNK type port; the first user virtual machine and the second user virtual machine run on computing nodes in OpenStack.
上述数据包处理装置600,在通过第一用户虚拟机发出针对第二用户虚拟机的上行数据包之后,就通过配置好的第一虚拟交换机的第一端口接收上行数据包,并通过第一虚拟交换机,将与第一端口对应的虚拟子网标识添加到上行数据包中,得到更新的上行数据包,然后通过第二虚拟交换机的第二端口接收更新的上行数据包,最后通过第一用户虚拟机所在宿主机的物理网卡,将汇集到第二虚拟交换机的更新的上行数据包转发至物理交换机,由于第二端口对应的虚拟子网标识范围包括虚拟子网标识,因此完全不需要为第一用户虚拟机来配置对应虚拟子网对应的端口,简化了用户虚拟机内部的网络配置,尤其在用户虚拟机数量达到一定数量时,可以节约资源。The above-mentioned data packet processing apparatus 600, after sending the uplink data packet for the second user virtual machine through the first user virtual machine, receives the uplink data packet through the first port of the configured first virtual switch, and sends the uplink data packet through the first virtual machine. The switch adds the virtual subnet identifier corresponding to the first port to the uplink data packet to obtain an updated uplink data packet, and then receives the updated uplink data packet through the second port of the second virtual switch, and finally passes the first user virtual switch. The physical network card of the host where the host is located, forwards the updated uplink data packets collected to the second virtual switch to the physical switch. Since the virtual subnet ID range corresponding to the second port includes the virtual subnet ID, it does not need to be the first virtual switch at all. The user virtual machine configures the port corresponding to the corresponding virtual subnet, which simplifies the internal network configuration of the user virtual machine, and can save resources especially when the number of user virtual machines reaches a certain number.
在一个实施例中,如图8所示,提供了一种数据包处理装置800,包括:下行数据包接收模块802、下行数据包第一发送模块804、剔除模块806和下行数据包第二发送模块808,其中:In one embodiment, as shown in FIG. 8, a data packet processing apparatus 800 is provided, including: a downlink data
下行数据包接收模块802,用于通过第二虚拟交换机接收物理交换机转发的针对第一用户虚拟机的下行数据包;下行数据包由第二用户虚拟机发起;第一用户虚拟机与第二用户虚拟机分别部署在不同的宿主机,且第一用户虚拟机与第二用户虚拟机对应相同的虚拟子网标识。The downlink data
下行数据包第一发送模块804,用于按照下行数据包中的虚拟子网标识,通过第二虚拟交换机的第二端口,将下行数据包发送至第一虚拟交换机;第二端口对应的虚拟子网标识范围包括虚拟子网标识;第一用户虚拟机、第一虚拟交换机和第二虚拟交换机部署在相同的宿主机。The downlink data packet first sending
剔除模块806,用于通过第一虚拟交换机从下行数据包中剔除虚拟子网标识。The removing
下行数据包第二发送模块808,用于通过第一虚拟交换机的、与第一用户虚拟机一一对应的第一端口,将已剔除虚拟子网标识的下行数据包发送至第一用户虚拟机。The second downlink data
上述数据包处理装置800,通过第二虚拟交换机接收物理交换机转发的针对第一用户虚拟机的下行数据包,并按照下行数据包中的虚拟子网标识,通过第二虚拟交换机的第二端口,将下行数据包发送至第一虚拟交换机,然后通过第一虚拟交换机从下行数据包中剔除虚拟子网标识,就可以将已剔除虚拟子网标识的下行数据包通过第一虚拟交换机的、与第一用户虚拟机一一对应的第一端口发送至第一用户虚拟机,由于最后到达第一用户虚拟机的数据包没有虚拟子网标识,就不需要为第一用户虚拟机来配置对应虚拟子网以在第一用户虚拟机内部来读取对应的虚拟子网标识,简化了用户虚拟机内部的网络配置。The above-mentioned data packet processing apparatus 800 receives, through the second virtual switch, a downlink data packet for the first user virtual machine forwarded by the physical switch, and passes through the second port of the second virtual switch according to the virtual subnet identifier in the downlink data packet, The downlink data packet is sent to the first virtual switch, and then the virtual subnet identifier is removed from the downlink data packet through the first virtual switch, so that the downlink data packet from which the virtual subnet identifier has been removed can be passed through the first virtual switch and the first virtual switch. The first port corresponding to one user virtual machine is sent to the first user virtual machine. Since the data packet that finally arrives at the first user virtual machine does not have a virtual subnet identifier, there is no need to configure the corresponding virtual subnet for the first user virtual machine. The network can read the corresponding virtual subnet identifier inside the first user virtual machine, which simplifies the network configuration inside the user virtual machine.
关于数据包处理装置的具体限定可以参见上文中对于数据包处理方法的限定,在此不再赘述。上述数据包处理装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。For the specific limitation of the data packet processing apparatus, reference may be made to the above limitation on the data packet processing method, which will not be repeated here. Each module in the above-mentioned data packet processing apparatus may be implemented in whole or in part by software, hardware and combinations thereof. The above modules can be embedded in or independent of the processor in the computer device in the form of hardware, or stored in the memory in the computer device in the form of software, so that the processor can call and execute the operations corresponding to the above modules.
在一个实施例中,提供了一种计算机设备,该计算机设备可以是第一宿主机100或第二宿主机300,其内部结构图可以如图9所示。该计算机设备包括通过系统总线连接的处理器、存储器和网络接口。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统和计算机程序。该内存储器为非易失性存储介质中的操作系统和计算机程序的运行提供环境。该计算机设备的网络接口用于与外部的宿主机通过网络连接通信。该计算机程序被处理器执行时以实现一种数据包处理方法。In one embodiment, a computer device is provided, and the computer device may be the
本领域技术人员可以理解,图9中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备的限定,具体的计算机设备可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。Those skilled in the art can understand that the structure shown in FIG. 9 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the computer equipment to which the solution of the present application is applied. Include more or fewer components than shown in the figures, or combine certain components, or have a different arrangement of components.
在一个实施例中,提供了一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现以下步骤:通过第一用户虚拟机发出针对第二用户虚拟机的上行数据包;第一用户虚拟机与第二用户虚拟机分别部署在不同的宿主机,且第一用户虚拟机与第二用户虚拟机对应相同的虚拟子网标识;创建与第一用户虚拟机对应的第一虚拟交换机,通过第一虚拟交换机的第一端口接收上行数据包;第一端口与第一用户虚拟机一一对应;通过第一虚拟交换机,将与第一端口对应的虚拟子网标识添加到上行数据包中,得到更新的上行数据包,并发送更新的上行数据包;配置与第一虚拟交换机连接的第二虚拟交换机,通过第二虚拟交换机的第二端口接收更新的上行数据包;第二端口对应的虚拟子网标识范围包括虚拟子网标识;第一用户虚拟机、第一虚拟交换机和第二虚拟交换机部署在相同的宿主机;通过第一用户虚拟机所在宿主机的物理网卡,将更新的上行数据包转发至物理交换机;更新的上行数据包,用于指示物理交换机按照虚拟子网标识,将更新的上行数据包转发至第二用户虚拟机所在的宿主机。In one embodiment, a computer device is provided, including a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the following steps when executing the computer program: using a first user virtual machine Sending an uplink data packet for the second user virtual machine; the first user virtual machine and the second user virtual machine are respectively deployed on different hosts, and the first user virtual machine and the second user virtual machine correspond to the same virtual subnet identifier ; Create a first virtual switch corresponding to the first user virtual machine, and receive the upstream data packet through the first port of the first virtual switch; the first port is in one-to-one correspondence with the first user virtual machine; The virtual subnet identifier corresponding to the first port is added to the upstream data packet, the updated upstream data packet is obtained, and the updated upstream data packet is sent; The second port receives the updated uplink data packet; the virtual subnet identifier range corresponding to the second port includes the virtual subnet identifier; the first user virtual machine, the first virtual switch and the second virtual switch are deployed on the same host; The physical network card of the host where the user virtual machine is located, forwards the updated uplink data packet to the physical switch; the updated uplink data packet is used to instruct the physical switch to forward the updated uplink data packet to the second user according to the virtual subnet identifier The host where the virtual machine is located.
在一个实施例中,提供了一种计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现以下步骤:通过第一用户虚拟机发出针对第二用户虚拟机的上行数据包;第一用户虚拟机与第二用户虚拟机分别部署在不同的宿主机,且第一用户虚拟机与第二用户虚拟机对应相同的虚拟子网标识;创建与第一用户虚拟机对应的第一虚拟交换机,通过第一虚拟交换机的第一端口接收上行数据包;第一端口与第一用户虚拟机一一对应;通过第一虚拟交换机,将与第一端口对应的虚拟子网标识添加到上行数据包中,得到更新的上行数据包,并发送更新的上行数据包;配置与第一虚拟交换机连接的第二虚拟交换机,通过第二虚拟交换机的第二端口接收更新的上行数据包;第二端口对应的虚拟子网标识范围包括虚拟子网标识;第一用户虚拟机、第一虚拟交换机和第二虚拟交换机部署在相同的宿主机;通过第一用户虚拟机所在宿主机的物理网卡,将更新的上行数据包转发至物理交换机;更新的上行数据包,用于指示物理交换机按照虚拟子网标识,将更新的上行数据包转发至第二用户虚拟机所在的宿主机。In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented: sending, by a first user virtual machine, uplink data for a second user virtual machine package; the first user virtual machine and the second user virtual machine are respectively deployed on different hosts, and the first user virtual machine and the second user virtual machine correspond to the same virtual subnet identifier; create a virtual machine corresponding to the first user virtual machine The first virtual switch receives uplink data packets through the first port of the first virtual switch; the first port is in one-to-one correspondence with the first user virtual machine; through the first virtual switch, the virtual subnet identifier corresponding to the first port is added In the upstream data packet, obtain the updated upstream data packet, and send the updated upstream data packet; configure the second virtual switch connected with the first virtual switch, receive the updated upstream data packet through the second port of the second virtual switch; The virtual subnet identifier range corresponding to the second port includes the virtual subnet identifier; the first user virtual machine, the first virtual switch and the second virtual switch are deployed on the same host; the physical network card of the host where the first user virtual machine is located , forward the updated uplink data packet to the physical switch; the updated uplink data packet is used to instruct the physical switch to forward the updated uplink data packet to the host where the second user virtual machine is located according to the virtual subnet identifier.
上述计算机设备和计算机可读存储介质,在通过第一用户虚拟机发出针对第二用户虚拟机的上行数据包之后,就通过配置好的第一虚拟交换机的第一端口接收上行数据包,并通过第一虚拟交换机,将与第一端口对应的虚拟子网标识添加到上行数据包中,得到更新的上行数据包,然后通过第二虚拟交换机的第二端口接收更新的上行数据包,最后通过第一用户虚拟机所在宿主机的物理网卡,将汇集到第二虚拟交换机的更新的上行数据包转发至物理交换机,由于第二端口对应的虚拟子网标识范围包括虚拟子网标识,因此完全不需要为第一用户虚拟机来配置对应虚拟子网对应的端口,简化了用户虚拟机内部的网络配置,尤其在用户虚拟机数量达到一定数量时,可以节约资源。The above-mentioned computer equipment and computer-readable storage medium, after the first user virtual machine sends out the uplink data packet for the second user virtual machine, the uplink data packet is received through the first port of the configured first virtual switch, and the uplink data packet is sent through the first user virtual machine. The first virtual switch adds the virtual subnet identifier corresponding to the first port to the uplink data packet to obtain an updated uplink data packet, then receives the updated uplink data packet through the second port of the second virtual switch, and finally passes the first The physical network card of the host where the user virtual machine is located forwards the updated uplink data packets collected to the second virtual switch to the physical switch. Since the virtual subnet ID corresponding to the second port includes the virtual subnet ID, it is not required at all. Configuring the port corresponding to the corresponding virtual subnet for the first user virtual machine simplifies the network configuration inside the user virtual machine, especially when the number of user virtual machines reaches a certain number, resources can be saved.
在一个实施例中,提供了一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现以下步骤:通过第二虚拟交换机接收物理交换机转发的针对第一用户虚拟机的下行数据包;下行数据包由第二用户虚拟机发起;第一用户虚拟机与第二用户虚拟机分别部署在不同的宿主机,且第一用户虚拟机与第二用户虚拟机对应相同的虚拟子网标识;按照下行数据包中的虚拟子网标识,通过第二虚拟交换机的第二端口,将下行数据包发送至第一虚拟交换机;第二端口对应的虚拟子网标识范围包括虚拟子网标识;第一用户虚拟机、第一虚拟交换机和第二虚拟交换机部署在相同的宿主机;通过第一虚拟交换机从下行数据包中剔除虚拟子网标识;通过第一虚拟交换机的、与第一用户虚拟机一一对应的第一端口,将已剔除虚拟子网标识的下行数据包发送至第一用户虚拟机。In one embodiment, a computer device is provided, including a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the following steps when executing the computer program: receiving through a second virtual switch The downlink data packet for the first user virtual machine forwarded by the physical switch; the downlink data packet is initiated by the second user virtual machine; the first user virtual machine and the second user virtual machine are respectively deployed on different hosts, and the first user virtual machine The virtual machine and the second user virtual machine correspond to the same virtual subnet identifier; according to the virtual subnet identifier in the downlink data packet, the downlink data packet is sent to the first virtual switch through the second port of the second virtual switch; the second port The corresponding virtual subnet identifier range includes a virtual subnet identifier; the first user virtual machine, the first virtual switch and the second virtual switch are deployed on the same host; the virtual subnet identifier is removed from the downlink data packet through the first virtual switch ; Send the downlink data packet whose virtual subnet identifier has been eliminated to the first user virtual machine through the first port of the first virtual switch that is in one-to-one correspondence with the first user virtual machine.
在一个实施例中,提供了一种计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现以下步骤:通过第二虚拟交换机接收物理交换机转发的针对第一用户虚拟机的下行数据包;下行数据包由第二用户虚拟机发起;第一用户虚拟机与第二用户虚拟机分别部署在不同的宿主机,且第一用户虚拟机与第二用户虚拟机对应相同的虚拟子网标识;按照下行数据包中的虚拟子网标识,通过第二虚拟交换机的第二端口,将下行数据包发送至第一虚拟交换机;第二端口对应的虚拟子网标识范围包括虚拟子网标识;第一用户虚拟机、第一虚拟交换机和第二虚拟交换机部署在相同的宿主机;通过第一虚拟交换机从下行数据包中剔除虚拟子网标识;通过第一虚拟交换机的、与第一用户虚拟机一一对应的第一端口,将已剔除虚拟子网标识的下行数据包发送至第一用户虚拟机。In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented: receiving a virtual machine for a first user forwarded by a physical switch through a second virtual switch The downlink data packet is initiated by the second user virtual machine; the first user virtual machine and the second user virtual machine are respectively deployed on different hosts, and the first user virtual machine and the second user virtual machine correspond to the same The virtual subnet identifier; according to the virtual subnet identifier in the downlink data packet, the downlink data packet is sent to the first virtual switch through the second port of the second virtual switch; the virtual subnet identifier range corresponding to the second port includes the virtual subnet network identifier; the first user virtual machine, the first virtual switch and the second virtual switch are deployed on the same host; the virtual subnet identifier is removed from the downlink data packet through the first virtual switch; A first port corresponding to a user virtual machine one-to-one sends the downlink data packet whose virtual subnet identifier has been removed to the first user virtual machine.
上述计算机设备和计算机可读存储介质,通过第二虚拟交换机接收物理交换机转发的针对第一用户虚拟机的下行数据包,并按照下行数据包中的虚拟子网标识,通过第二虚拟交换机的第二端口,将下行数据包发送至第一虚拟交换机,然后通过第一虚拟交换机从下行数据包中剔除虚拟子网标识,就可以将已剔除虚拟子网标识的下行数据包通过第一虚拟交换机的、与第一用户虚拟机一一对应的第一端口发送至第一用户虚拟机,由于最后到达第一用户虚拟机的数据包没有虚拟子网标识,就不需要为第一用户虚拟机来配置对应虚拟子网以在第一用户虚拟机内部来读取对应的虚拟子网标识,简化了用户虚拟机内部的网络配置。The above-mentioned computer equipment and computer-readable storage medium receive the downlink data packet for the first user virtual machine forwarded by the physical switch through the second virtual switch, and according to the virtual subnet identifier in the downlink data packet, through the second virtual switch. The second port sends the downlink data packet to the first virtual switch, and then removes the virtual subnet identifier from the downlink data packet through the first virtual switch, so that the downlink data packet whose virtual subnet identifier has been removed can be passed through the first virtual switch. . The first port corresponding to the first user virtual machine is sent to the first user virtual machine. Since the data packet that finally arrives at the first user virtual machine does not have a virtual subnet identifier, it is not necessary to configure the first user virtual machine. The corresponding virtual subnet is used to read the corresponding virtual subnet identifier inside the first user virtual machine, which simplifies the network configuration inside the user virtual machine.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,的计算机程序可存储于一非易失性计算机可读取存储介质中,该计算机程序在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。Those skilled in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented by instructing relevant hardware through a computer program, and the computer program can be stored in a non-volatile computer-readable storage medium , when the computer program is executed, it may include the processes of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other medium used in the various embodiments provided in this application may include non-volatile and/or volatile memory. Nonvolatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in various forms such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Road (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above embodiments can be combined arbitrarily. In order to make the description simple, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction in the combination of these technical features It is considered to be the range described in this specification.
以上实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。The above examples only represent several embodiments of the present application, and the descriptions thereof are relatively specific and detailed, but should not be construed as a limitation on the scope of the invention patent. It should be noted that, for those skilled in the art, without departing from the concept of the present application, several modifications and improvements can be made, which all belong to the protection scope of the present application. Therefore, the scope of protection of the patent of the present application shall be subject to the appended claims.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810002734.1A CN108173696B (en) | 2018-01-02 | 2018-01-02 | Data packet processing method, apparatus, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810002734.1A CN108173696B (en) | 2018-01-02 | 2018-01-02 | Data packet processing method, apparatus, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108173696A CN108173696A (en) | 2018-06-15 |
| CN108173696B true CN108173696B (en) | 2020-11-24 |
Family
ID=62517284
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810002734.1A Expired - Fee Related CN108173696B (en) | 2018-01-02 | 2018-01-02 | Data packet processing method, apparatus, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108173696B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110636036A (en) * | 2018-06-22 | 2019-12-31 | 复旦大学 | A method for network access control of OpenStack cloud host based on SDN |
| CN110912825B (en) * | 2018-09-18 | 2022-08-02 | 阿里巴巴集团控股有限公司 | Message forwarding method, device, equipment and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103607430A (en) * | 2013-10-30 | 2014-02-26 | 中兴通讯股份有限公司 | Network processing method and system, and network control center |
| CN103703724A (en) * | 2013-08-15 | 2014-04-02 | 华为技术有限公司 | A method of distributing resources |
| EP2843906A1 (en) * | 2013-09-03 | 2015-03-04 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for data transmission |
-
2018
- 2018-01-02 CN CN201810002734.1A patent/CN108173696B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103703724A (en) * | 2013-08-15 | 2014-04-02 | 华为技术有限公司 | A method of distributing resources |
| EP2843906A1 (en) * | 2013-09-03 | 2015-03-04 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for data transmission |
| CN103607430A (en) * | 2013-10-30 | 2014-02-26 | 中兴通讯股份有限公司 | Network processing method and system, and network control center |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108173696A (en) | 2018-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109074330B (en) | Network interface card, computing device, and data packet processing method | |
| US10659342B2 (en) | Flow entry configuration method, apparatus, and system | |
| US20170310586A1 (en) | Table Entry In Software Defined Network | |
| US9325615B2 (en) | Method and apparatus for implementing communication between virtual machines | |
| US10623310B2 (en) | Network interface card, computing device, and data packet processing method | |
| US10237177B2 (en) | Transfer device and transfer system | |
| US11575592B2 (en) | Message processing method and apparatus, control-plane device, and computer storage medium | |
| EP3017569B1 (en) | Virtual network | |
| EP2685676B1 (en) | Multicast data forwarding method and device supporting virtual terminal | |
| CN107645431B (en) | Message forwarding method and device | |
| EP3358807B1 (en) | Firewall cluster | |
| US20170286158A1 (en) | Migration Of Virtual Machines | |
| CN108243106A (en) | Control method, forwarding unit, control device and the communication system of network slice | |
| CN107113241B (en) | Route determination method, network configuration method and related device | |
| US20120201169A1 (en) | Method & apparatus for provisioning a network switch port | |
| JP6437693B2 (en) | Multicast data packet forwarding | |
| CN108028801A (en) | A method and device for implementing ARP based on SDN | |
| WO2018001242A1 (en) | Data-message processing method and apparatus | |
| CN107493222B (en) | VXLAN message forwarding method and device | |
| CN108173696B (en) | Data packet processing method, apparatus, computer equipment and storage medium | |
| CN106385354A (en) | Message forwarding method and device | |
| CN114765567B (en) | Communication method and communication system | |
| CN107294989B (en) | Method and device for preventing ARP gateway spoofing | |
| US11902087B2 (en) | Forwarding fault location determining method and device | |
| CN114915580A (en) | Data packet routing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200201 Address after: 200120 floor 15, 1333 Lujiazui Ring Road, free trade Experimental Zone, Pudong New Area, Shanghai Applicant after: Weikun (Shanghai) Technology Service Co.,Ltd. Address before: 200120 13 floor, 1333 Lujiazui Road, Pudong New Area free trade pilot area, Shanghai. Applicant before: SHANGHAI LUJIAZUI INTERNATIONAL FINANCIAL ASSETS TRANSACTION MARKET CO.,LTD. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20201124 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |