本发明涉及云计算领域,具体是涉及一种虚拟交换机与物理交换机的非聚合端口级联系统及方法。The invention relates to the field of cloud computing, in particular to a non-aggregate port cascading system and method of a virtual switch and a physical switch.
背景技术Background technique
云计算数据中心包括多个物理服务器,每一个物理服务器上运行着多个虚拟机和一个虚拟交换机,多个虚拟机均与该虚拟交换机连接,该虚拟交换机通过物理服务器的物理网卡级联物理交换机,从而实现所有虚拟机网络互联。为了扩大虚拟机的业务带宽,通常将物理服务器的多块物理网卡绑定成一个虚拟端口,并将该虚拟端口加入虚拟交换机,使虚拟机的业务带宽通过多块物理网卡实现负载均衡。如图1所示,一个虚拟机通过虚拟网卡vnet1与虚拟交换机连接,物理服务器的物理网卡eth0和eth1分别与物理交换机连接,且eth0和eth1绑定成虚拟端口bond后与虚拟交换机连接。这种方法在某种特定情况下将导致虚拟机通信不正常,例如,当虚拟机发出一个广播报文时,该广播报文通过虚拟网卡vnet1到达虚拟交换机,虚拟交换机根据介质访问控制(Media Access Control,MAC)地址学习算法记录该广播报文的源MAC地址和虚拟网卡vnet1的对应关系,并将该广播报文转发到虚拟端口bond并从物理网卡eth0发送到物理交换机的端口,物理交换机将上述广播报文转发到其他所有端口上,该广播报文从物理网卡eth1和虚拟端口bond重新进入虚拟交换机,虚拟交换机根据MAC地址学习算法更新该广播报文的源MAC地址和虚拟端口bond的对应关系,即该虚拟机的MAC地址对应端口由虚拟网卡vnet1变为虚拟端口bond,造成此后发给该虚拟机的报文将被错误转发到虚拟端口bond,而不是转发到该虚拟机的虚拟网卡vnet1,造成虚拟机的通信不正常。只有当该虚拟机发出单播报文时,虚拟交换机根据MAC地址学习算法重新记录该单播报文的源MAC地址和虚拟网卡vnet1的对应关系,由于物理交换机不会将该单播报文转发回到虚拟端口bond,此后虚拟机的通信恢复正常。而在另一种特定情况下,例如,当虚拟机从当前物理服务器迁移到另一个物理服务器后,该虚拟机发出的报文的源MAC地址不变,但是,该虚拟机从另一个物理服务器的端口发出的报文被转发到上述虚拟端口bond时,当前物理服务器上的虚拟交换机应该根据MAC地址学习算法更新从该虚拟机发出的报文的源MAC地址对应的端口,否则将造成虚拟机的通信不正常。The cloud computing data center includes multiple physical servers. Each physical server runs multiple virtual machines and a virtual switch. Multiple virtual machines are connected to the virtual switch. The virtual switch cascades the physical switch through the physical network card of the physical server. , so as to realize the network interconnection of all virtual machines. In order to expand the service bandwidth of the virtual machine, multiple physical NICs of the physical server are usually bound into one virtual port, and the virtual port is added to a virtual switch, so that the service bandwidth of the virtual machine can be load-balanced through multiple physical NICs. As shown in Figure 1, a virtual machine is connected to the virtual switch through the virtual network card vnet1, and the physical network cards eth0 and eth1 of the physical server are respectively connected to the physical switch, and eth0 and eth1 are bound into a virtual port bond and then connected to the virtual switch. This method will lead to abnormal virtual machine communication under certain circumstances. For example, when a virtual machine sends a broadcast message, the broadcast message reaches the virtual switch through the virtual network card vnet1. Control, MAC) address learning algorithm records the corresponding relationship between the source MAC address of the broadcast message and the virtual network card vnet1, and forwards the broadcast message to the virtual port bond and sends it from the physical network card eth0 to the port of the physical switch, and the physical switch will The above broadcast message is forwarded to all other ports. The broadcast message re-enters the virtual switch from the physical network card eth1 and the virtual port bond. The virtual switch updates the source MAC address of the broadcast message and the correspondence between the virtual port bond according to the MAC address learning algorithm. Relationship, that is, the port corresponding to the MAC address of the virtual machine is changed from the virtual network card vnet1 to the virtual port bond, so that the packets sent to the virtual machine will be wrongly forwarded to the virtual port bond instead of the virtual network card of the virtual machine vnet1, causing the communication of the virtual machine to be abnormal. Only when the virtual machine sends a unicast packet, the virtual switch re-records the correspondence between the source MAC address of the unicast packet and the virtual network card vnet1 according to the MAC address learning algorithm, because the physical switch will not forward the unicast packet back to the virtual The port is bonded, after which the communication of the virtual machine returns to normal. In another specific case, for example, when a virtual machine is migrated from the current physical server to another physical server, the source MAC address of the message sent by the virtual machine remains unchanged, but the virtual machine from another physical server When the packet sent by the port is forwarded to the above virtual port bond, the virtual switch on the current physical server should update the port corresponding to the source MAC address of the packet sent from the virtual machine according to the MAC address learning algorithm, otherwise it will cause the virtual machine communication is abnormal.
为了解决上述问题,通常在物理交换机上将与物理服务器多个绑定网卡所连接的端口设置为一个端口聚合组,物理交换机将该端口聚合组当成一个逻辑端口,从而避免物理交换机在该逻辑端口收到广播报文后又转发回到上述逻辑端口,进而避免虚拟交换机从绑定的虚拟端口收到虚拟机发出的广播报文导致MAC地址表被错误更新。但是,上述方法存在以下缺陷:由于物理交换机需要支持端口聚合功能,每个绑定的物理网卡所连接的物理交换机端口都要设置端口聚合组,便宜的物理交换机通常不支持端口聚合功能,或者仅提供数量较少的端口聚合组,因此增加了云计算数据中心的部署成本和管理成本。In order to solve the above problems, usually on the physical switch, the ports connected to multiple bound NICs of the physical server are set as a port aggregation group, and the physical switch regards the port aggregation group as a logical port, thereby avoiding After receiving the broadcast message, it is forwarded back to the above logical port, thereby preventing the virtual switch from receiving the broadcast message sent by the virtual machine from the bound virtual port, causing the MAC address table to be incorrectly updated. However, the above method has the following defects: since the physical switch needs to support the port aggregation function, the physical switch port connected to each bound physical network card must be set with a port aggregation group, and cheap physical switches usually do not support the port aggregation function, or only A small number of port aggregation groups are provided, thus increasing the deployment cost and management cost of the cloud computing data center.
发明内容Contents of the invention
针对现有技术中存在的缺陷,本发明的主要目的在于提供一种虚拟交换机与物理交换机的非聚合端口级联系统,本发明的另一目的在于提供一种虚拟交换机与物理交换机的非聚合端口级联方法,能够保证虚拟机正常通信,且物理交换机不需要支持端口聚合,降低云计算数据中心的部署成本和管理成本。In view of the defects existing in the prior art, the main purpose of the present invention is to provide a non-aggregated port cascading system of a virtual switch and a physical switch, and another purpose of the present invention is to provide a non-aggregated port cascade system of a virtual switch and a physical switch The cascading method can ensure the normal communication of the virtual machine, and the physical switch does not need to support port aggregation, which reduces the deployment cost and management cost of the cloud computing data center.
本发明提供一种虚拟交换机与物理交换机的非聚合端口级联系统,虚拟交换机通过物理服务器的多个物理网卡绑定的虚拟端口与物理交换机通信连接,所述系统包括预设模块、截获模块和筛选模块;The present invention provides a non-aggregated port cascading system of a virtual switch and a physical switch. The virtual switch communicates with the physical switch through virtual ports bound to multiple physical network cards of the physical server. The system includes a preset module, an interception module and filter module;
所述预设模块用于在虚拟端口创建MAC学习受限属性变量,并将虚拟端口设置为MAC学习受限;The preset module is used to create a MAC learning restricted attribute variable on a virtual port, and set the virtual port as MAC learning restricted;
所述截获模块用于将虚拟交换机从设置为MAC学习受限的虚拟端口接收到的报文转发到筛选模块;The intercepting module is used to forward the message received by the virtual switch to the screening module from the virtual port set as MAC learning limited;
所述筛选模块用于计算报文的源MAC地址在MAC地址表中对应的端口的最近更新时间和该报文的接收时间的差值,剔除差值小于设定的时间阈值的报文,并将未剔除的报文发送回虚拟交换机。The screening module is used to calculate the difference between the latest update time of the port corresponding to the source MAC address of the message in the MAC address table and the receiving time of the message, and reject the message whose difference is less than the set time threshold, and Send the unrejected packets back to the virtual switch.
在上述技术方案的基础上,所述MAC学习受限属性变量的取值为MAC学习受限或者MAC学习不受限。On the basis of the above technical solution, the value of the MAC learning restricted attribute variable is MAC learning restricted or MAC learning not restricted.
在上述技术方案的基础上,所述预设模块还用于设定所述时间阈值,所述时间阈值用于判定MAC地址表中源MAC地址对应的端口的更新频繁程度。On the basis of the above technical solution, the preset module is further configured to set the time threshold, and the time threshold is used to determine the update frequency of the port corresponding to the source MAC address in the MAC address table.
在上述技术方案的基础上,所述筛选模块还用于对收到的报文进行解析,得到所述报文的目的MAC地址和源MAC地址,以及从MAC地址表中获取所述源MAC地址对应的端口及其最近更新时间。On the basis of the above technical solution, the screening module is also used to analyze the received message, obtain the destination MAC address and source MAC address of the message, and obtain the source MAC address from the MAC address table The corresponding port and its latest update time.
本发明还提供一种虚拟交换机与物理交换机的非聚合端口级联方法,包括步骤:The present invention also provides a method for cascading non-aggregated ports of a virtual switch and a physical switch, comprising the steps of:
S1.预设模块在虚拟端口创建MAC学习受限属性变量,并将虚拟端口设置为MAC学习受限;S1. The preset module creates a MAC learning restricted attribute variable on the virtual port, and sets the virtual port as MAC learning restricted;
S2.截获模块将虚拟交换机从设置为MAC学习受限的虚拟端口接收到的报文转发到筛选模块;S2. The interception module forwards the message received by the virtual switch to the screening module from the virtual port that is set to be MAC learning limited;
S3.筛选模块计算报文的源MAC地址在MAC地址表中对应的端口的最近更新时间和该报文的接收时间的差值,剔除差值小于设定的时间阈值的报文,并将未剔除的报文发送回虚拟交换机。S3. Screening module calculates the source MAC address of message in the difference value of the latest update time of the corresponding port in MAC address table and the receiving time of this message, rejects the message that difference value is less than the time threshold value of setting, and will not The rejected packets are sent back to the virtual switch.
在上述技术方案的基础上,步骤S3包括:On the basis of the above technical solution, step S3 includes:
S31所述筛选模块对收到的报文进行解析,得到所述报文的目的MAC地址和源MAC地址,以及从MAC地址表中获取所述源MAC地址对应的端口及其最近更新时间;The screening module of S31 parses the received message, obtains the destination MAC address and the source MAC address of the message, and obtains the port corresponding to the source MAC address and the latest update time thereof from the MAC address table;
S32所述筛选模块计算报文的源MAC地址在MAC地址表中对应的端口的最近更新时间和该报文的接收时间的差值,剔除差值小于设定的时间阈值的报文,并将未剔除的报文发送回虚拟交换机。The screening module of S32 calculates the difference between the latest update time of the port corresponding to the source MAC address of the message in the MAC address table and the receiving time of the message, and rejects the message whose difference is less than the set time threshold, and sends Unrejected packets are sent back to the virtual switch.
在上述技术方案的基础上,步骤S3具体包括:On the basis of the above technical solution, step S3 specifically includes:
S321判断收到报文的虚拟端口与所述报文的源MAC地址在MAC地址表中对应的端口是否相同,若是,进入S326;若否,进入S322;S321 judges whether the virtual port receiving the message is the same as the port corresponding to the source MAC address of the message in the MAC address table, if so, enters S326; if not, enters S322;
S322检测所述报文是否为广播报文,若是,进入S323;若否,进入S326;S322 detects whether the message is a broadcast message, if so, enters S323; if not, enters S326;
S323检测收到报文的虚拟端口是否设置为MAC学习受限,若是,进入S324;若否,进入S326;S323 detects whether the virtual port receiving the message is set to MAC learning restriction, if so, enters S324; if not, enters S326;
S324判断所述报文的接收时间与所述最近更新时间的差值是否小于所述时间阈值,若是,进入S325;若否,进入S326;S324 judges whether the difference between the receiving time of the message and the latest update time is less than the time threshold, if so, enters S325; if not, enters S326;
S325剔除所述报文;S325 removes the message;
S326将所述报文发送回虚拟交换机。S326 Send the packet back to the virtual switch.
在上述技术方案的基础上,所述MAC学习受限属性变量的取值为MAC学习受限或者MAC学习不受限。On the basis of the above technical solution, the value of the MAC learning restricted attribute variable is MAC learning restricted or MAC learning not restricted.
在上述技术方案的基础上,所述预设模块设定所述时间阈值,所述时间阈值用于判定MAC地址表中源MAC地址对应的端口的更新频繁程度。On the basis of the above technical solution, the preset module sets the time threshold, and the time threshold is used to determine the update frequency of the port corresponding to the source MAC address in the MAC address table.
在上述技术方案的基础上,所述时间阈值为1秒。On the basis of the above technical solution, the time threshold is 1 second.
与现有技术相比,本发明的优点如下:Compared with prior art, advantage of the present invention is as follows:
(1)本发明在虚拟端口创建并设置MAC学习受限属性变量,对收到报文的虚拟端口和该报文的源MAC地址在MAC地址表中对应的端口不相同的广播报文进行筛选,确保剔除接收时间与最近更新时间的差值小于设定的时间阈值的广播报文,从而保证虚拟机正常通信,提高云计算数据中心的运行效率,提升用户体验。(1) The present invention creates and sets the MAC learning restricted attribute variable on the virtual port, and screens the broadcast message that the virtual port that receives the message is not the same as the port corresponding to the source MAC address of the message in the MAC address table , to ensure that the broadcast message whose difference between the receiving time and the latest update time is less than the set time threshold is eliminated, so as to ensure the normal communication of the virtual machine, improve the operating efficiency of the cloud computing data center, and improve the user experience.
(2)采用本发明的物理交换机不需要支持端口聚合,因此,降低了云计算数据中心的部署成本和管理成本,减少维护时间和费用。(2) The physical switch adopting the present invention does not need to support port aggregation, therefore, the deployment cost and management cost of the cloud computing data center are reduced, and the maintenance time and cost are reduced.
(3)本发明适用于多种虚拟交换机,适用范围广。(3) The present invention is applicable to various virtual switches and has a wide application range.
附图说明Description of drawings
图1是虚拟交换机与物理交换机的连接示意图;FIG. 1 is a schematic diagram of a connection between a virtual switch and a physical switch;
图2是本发明实施例虚拟交换机与物理交换机的非聚合端口级联系统示意图;2 is a schematic diagram of a non-aggregated port cascading system of a virtual switch and a physical switch according to an embodiment of the present invention;
图3是本发明实施例虚拟交换机与物理交换机的级联方法流程图;FIG. 3 is a flowchart of a method for cascading a virtual switch and a physical switch according to an embodiment of the present invention;
图4是步骤S32的具体流程图。FIG. 4 is a specific flowchart of step S32.
具体实施方式detailed description
下面结合附图及具体实施例对本发明作进一步的详细描述。The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.
通常情况下,虚拟交换机发出的广播报文先后通过虚拟网卡vnet1和虚拟端口bond进入虚拟交换机的时间间隔很小,而虚拟交换机分别从迁移前后的两个物理服务器的端口发出的报文被转发到虚拟端口bond的时间间隔相对较长。Usually, the time interval between the broadcast packets sent by the virtual switch entering the virtual switch through the virtual network card vnet1 and the virtual port bond is very small, and the packets sent by the virtual switch from the ports of the two physical servers before and after migration are forwarded to The time interval for virtual port bonding is relatively long.
基于上述原理,本发明实施例提供一种虚拟交换机与物理交换机的非聚合端口级联系统,虚拟交换机通过物理服务器的多个物理网卡绑定的虚拟端口与物理交换机通信连接,参见图2所示,包括预设模块,截获模块和筛选模块。Based on the above principles, an embodiment of the present invention provides a non-aggregated port cascading system between a virtual switch and a physical switch. The virtual switch communicates with the physical switch through virtual ports bound to multiple physical network cards of the physical server, as shown in FIG. 2 , including a preset module, an intercept module and a filter module.
预设模块用于在虚拟端口创建MAC学习受限属性变量,并将虚拟端口设置为MAC学习受限。The preset module is used to create a MAC learning limited attribute variable on a virtual port, and set the virtual port to be MAC learning limited.
MAC学习受限属性变量的取值为MAC学习受限或者MAC学习不受限。The value of the MAC learning restricted attribute variable is MAC learning restricted or MAC learning not restricted.
预设模块还用于设定时间阈值,时间阈值用于判定MAC地址表中源MAC地址对应的端口的更新频繁程度。The preset module is also used to set a time threshold, and the time threshold is used to determine the update frequency of the port corresponding to the source MAC address in the MAC address table.
时间阈值可以默认设定为1秒。由于不同物理交换机的运行性能和实际负载情况存在差异,因此,可以根据不同物理交换机的具体情况灵活设定时间阈值。The time threshold may be set to 1 second by default. Since different physical switches have different operating performances and actual load conditions, the time threshold can be flexibly set according to specific conditions of different physical switches.
截获模块用于将虚拟交换机从设置为MAC学习受限的虚拟端口接收到的报文转发到筛选模块。The intercepting module is used to forward the packets received by the virtual switch from the virtual port set as MAC learning limited to the screening module.
筛选模块用于计算报文的源MAC地址在MAC地址表中对应的端口的最近更新时间和该报文的接收时间的差值,剔除差值小于设定的时间阈值的报文,并将未剔除的报文发送回虚拟交换机。The screening module is used to calculate the difference between the latest update time of the port corresponding to the source MAC address of the message in the MAC address table and the receiving time of the message, and reject the messages whose difference is less than the set time threshold, and send unused The rejected packets are sent back to the virtual switch.
筛选模块还用于对收到的报文进行解析,得到报文的目的MAC地址和源MAC地址,以及从MAC地址表中获取源MAC地址对应的端口及其最近更新时间。The screening module is also used to analyze the received message to obtain the destination MAC address and source MAC address of the message, and to obtain the port corresponding to the source MAC address and its latest update time from the MAC address table.
预设模块、截获模块和筛选模块均设于虚拟交换机中。The preset module, the interception module and the screening module are all set in the virtual switch.
本发明在虚拟端口创建并设置MAC学习受限属性变量,对收到报文的虚拟端口和该报文的源MAC地址在MAC地址表中对应的端口不相同的广播报文进行筛选,确保剔除接收时间与最近更新时间的差值小于设定的时间阈值的广播报文,从而保证虚拟机正常通信,提高云计算数据中心的运行效率,提升用户体验。The present invention creates and sets the MAC learning restricted attribute variable on the virtual port, and screens the broadcast messages whose virtual port received the message and the port corresponding to the source MAC address of the message are not the same in the MAC address table, so as to ensure the elimination The difference between the receiving time and the latest update time is less than the set time threshold broadcast message, so as to ensure the normal communication of the virtual machine, improve the operating efficiency of the cloud computing data center, and improve the user experience.
采用本发明的物理交换机不需要支持端口聚合,因此,降低了云计算数据中心的部署成本和管理成本,减少维护时间和费用。The physical switch adopting the present invention does not need to support port aggregation, therefore, the deployment cost and management cost of the cloud computing data center are reduced, and the maintenance time and cost are reduced.
参见图3所示,本发明实施例提供一种虚拟交换机与物理交换机的非聚合端口级联方法,包括步骤:Referring to Fig. 3, an embodiment of the present invention provides a method for cascading non-aggregated ports of a virtual switch and a physical switch, including steps:
S1.预设模块在虚拟端口创建MAC学习受限属性变量,并将虚拟端口设置为MAC学习受限。S1. The preset module creates a MAC learning restricted attribute variable on the virtual port, and sets the virtual port as MAC learning restricted.
S2.截获模块将虚拟交换机从设置为MAC学习受限的虚拟端口接收到的报文转发到筛选模块。S2. The intercepting module forwards the packet received by the virtual switch from the virtual port set as MAC learning limited to the screening module.
S3.筛选模块计算报文的源MAC地址在MAC地址表中对应的端口的最近更新时间和该报文的接收时间的差值,剔除差值小于设定的时间阈值的报文,并将未剔除的报文发送回虚拟交换机。S3. Screening module calculates the source MAC address of message in the difference value of the latest update time of the corresponding port in MAC address table and the receiving time of this message, rejects the message that difference value is less than the time threshold value of setting, and will not The rejected packets are sent back to the virtual switch.
步骤S3包括:Step S3 includes:
S31筛选模块对收到的报文进行解析,得到报文的目的MAC地址和源MAC地址,以及从MAC地址表中获取源MAC地址对应的端口及其最近更新时间。The S31 screening module parses the received message to obtain the destination MAC address and source MAC address of the message, and obtains the port corresponding to the source MAC address and its latest update time from the MAC address table.
S32筛选模块计算报文的源MAC地址在MAC地址表中对应的端口的最近更新时间和该报文的接收时间的差值,剔除差值小于设定的时间阈值的报文,并将未剔除的报文发送回虚拟交换机。The S32 screening module calculates the difference between the latest update time of the port corresponding to the source MAC address of the message in the MAC address table and the receiving time of the message, and rejects the messages whose difference is less than the set time threshold The packets are sent back to the virtual switch.
参见图4所示,步骤S32具体包括:Referring to Fig. 4, step S32 specifically includes:
S321判断收到报文的虚拟端口与报文的源MAC地址在MAC地址表中对应的端口是否相同,若是,进入S326;若否,进入S322。S321 judges whether the virtual port of the received message is the same as the port corresponding to the source MAC address of the message in the MAC address table, and if so, proceeds to S326; if not, proceeds to S322.
S322检测报文是否为广播报文,若是,进入S323;若否,进入S326。S322 detects whether the packet is a broadcast packet, if yes, proceeds to S323; if not, proceeds to S326.
S323检测收到报文的虚拟端口是否设置为MAC学习受限,若是,进入S324;若否,进入S326。S323 detects whether the virtual port of the received message is set to limit MAC learning, if so, proceeds to S324; if not, proceeds to S326.
S324判断报文的接收时间与最近更新时间的差值是否小于时间阈值,若是,进入S325;若否,进入S326。S324 judges whether the difference between the receiving time of the message and the latest update time is smaller than the time threshold, if yes, proceed to S325; if not, proceed to S326.
S325剔除报文。S325 Eliminates packets.
S326将报文发送回虚拟交换机。S326 sends the message back to the virtual switch.
MAC学习受限属性变量的取值为MAC学习受限或者MAC学习不受限。The value of the MAC learning restricted attribute variable is MAC learning restricted or MAC learning not restricted.
预设模块设定时间阈值,时间阈值用于判定MAC地址表中源MAC地址对应的端口的更新频繁程度。时间阈值为1秒。The preset module sets a time threshold, and the time threshold is used to determine the update frequency of the port corresponding to the source MAC address in the MAC address table. The time threshold is 1 second.
本发明适用于多种虚拟交换机,虚拟交换机可以为Open vSwitch、Linux网桥、VMware vSphere标准交换机或者VMware vSphere分布式交换机,因此,本发明的适用范围广。The present invention is applicable to various virtual switches, and the virtual switch can be an Open vSwitch, a Linux network bridge, a VMware vSphere standard switch or a VMware vSphere distributed switch, therefore, the present invention has a wide application range.
以下以开源虚拟交换机Open vSwitch为例对本发明作进一步详细说明,对其它类型的虚拟交换机同理可得。Hereinafter, the present invention will be further described in detail by taking Open vSwitch, an open source virtual switch, as an example, and the same can be obtained for other types of virtual switches.
虚拟交换机Open vSwitch通过物理服务器的多个物理网卡绑定的虚拟端口与物理交换机通信连接,将预设模块、截获模块和筛选模块安装在该物理服务器上。The virtual switch Open vSwitch communicates with the physical switch through virtual ports bound to multiple physical network cards of the physical server, and installs the preset module, interception module and screening module on the physical server.
预设模块在虚拟端口上创建MAC学习受限属性变量,并将MAC学习受限属性变量设置为MAC学习受限,以及设定用于判定MAC地址表中源MAC地址对应的端口的更新频繁程度的时间阈值。The preset module creates a MAC learning restricted attribute variable on the virtual port, sets the MAC learning restricted attribute variable to MAC learning restricted, and sets the update frequency used to determine the port corresponding to the source MAC address in the MAC address table time threshold.
创建的MAC学习受限属性变量可以命名为mac-learning-limited,并对MAC学习受限属性变量进行设置,例如,可以将mac-learning-limited设为true,表示绑定的虚拟端口为MAC学习受限,mac-learning-limited设为false,表示绑定的虚拟端口为MAC学习不受限。The created MAC learning limited attribute variable can be named mac-learning-limited, and the MAC learning limited attribute variable can be set, for example, mac-learning-limited can be set to true, indicating that the bound virtual port is MAC learning Limited, mac-learning-limited is set to false, which means that the bound virtual port is unlimited for MAC learning.
时间阈值用于判定MAC地址表中源MAC地址对应的端口的更新频繁程度,可以设置为1秒,如果报文的接收时间与该报文的源MAC地址在MAC地址表中对应的端口的最近更新时间的差值小于1秒,则判定该报文的源MAC地址对应的端口更新频繁。The time threshold is used to determine the update frequency of the port corresponding to the source MAC address in the MAC address table. It can be set to 1 second. If the receiving time of the packet is the closest to the port corresponding to the source MAC address in the MAC address table If the difference between update times is less than 1 second, it is determined that the port corresponding to the source MAC address of the packet is frequently updated.
本系统对虚拟交换机的MAC地址学习算法进行修改,具体的,在虚拟交换机OpenvSwitch中,MAC地址学习算法为mac_learning_insert函数。This system modifies the MAC address learning algorithm of the virtual switch. Specifically, in the virtual switch OpenvSwitch, the MAC address learning algorithm is the mac_learning_insert function.
具体方法为:虚拟交换机Open vSwitch接收到的报文的当前端口为in_port,虚拟交换机Open vSwitch在MAC地址表中找到该报文的源MAC地址的表项e,该报文的源MAC地址对应的端口为e->port.ofp_port,The specific method is: the current port of the message received by the virtual switch Open vSwitch is in_port, the virtual switch Open vSwitch finds the entry e of the source MAC address of the message in the MAC address table, and the source MAC address of the message corresponds to The port is e->port.ofp_port,
进行如下操作:Do the following:
a)检查该报文的in_port端口与e->port.ofp_port是否相同,若否,则转b);若是,转e)。a) Check whether the in_port port of the message is the same as e->port.ofp_port, if not, go to b); if so, go to e).
b)检查该报文是否为广播报文,若是,则转c);若否,转e)。b) Check whether the message is a broadcast message, if so, go to c); if not, go to e).
c)检查该报文的in_port端口的mac-learning-limited属性,如果该属性为true,则转d);若否,转e)。c) Check the mac-learning-limited attribute of the in_port port of the message, if the attribute is true, then go to d); if not, go to e).
d)计算接收时间与表项e中的最近更新时间的差值,如果上述差值小于1秒,则返回NULL,即剔除该报文;若否,转e)。d) Calculate the difference between the receiving time and the latest update time in entry e, if the above difference is less than 1 second, then return NULL, that is, reject the message; if not, go to e).
e)将报文发送到虚拟交换机Open vSwitch。e) Send the message to the virtual switch Open vSwitch.
虚拟交换机Open vSwitch则继续执行mac_learning_insert函数的后续代码,即虚拟交换机根据MAC地址学习算法将MAC地址表中该报文的源MAC地址的表项e的e->port.ofp_port更新为in_port端口。The virtual switch Open vSwitch continues to execute the subsequent code of the mac_learning_insert function, that is, the virtual switch updates the e->port.ofp_port of the entry e of the source MAC address of the message in the MAC address table to the in_port port according to the MAC address learning algorithm.
本发明在绑定的虚拟端口创建并设置MAC学习受限属性变量,对虚拟端口和源MAC地址对应的端口不相同的广播报文进行筛选,可以确保剔除设置为MAC学习受限的当前端口对应的接收时间与最近更新时间的差值小于时间阈值的广播报文,从而保证虚拟机正常通信,提高云计算数据中心的运行效率,提升用户体验。The present invention creates and sets the MAC learning restricted attribute variable on the bound virtual port, and screens the broadcast messages whose virtual port and the port corresponding to the source MAC address are not the same, so as to ensure that the current port corresponding to the MAC learning restricted port is eliminated. The difference between the receiving time and the latest update time is less than the time threshold, so as to ensure the normal communication of the virtual machine, improve the operating efficiency of the cloud computing data center, and improve the user experience.
采用本发明的物理交换机不需要支持端口聚合,因此,降低了云计算数据中心的部署成本和管理成本,减少维护时间和费用。The physical switch adopting the present invention does not need to support port aggregation, therefore, the deployment cost and management cost of the cloud computing data center are reduced, and the maintenance time and cost are reduced.
本发明不局限于上述实施方式,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也视为本发明的保护范围之内。本说明书中未作详细描述的内容属于本领域专业技术人员公知的现有技术。The present invention is not limited to the above-mentioned embodiments. For those of ordinary skill in the art, without departing from the principle of the present invention, some improvements and modifications can also be made, and these improvements and modifications are also considered protection of the present invention. within range. The content not described in detail in this specification belongs to the prior art known to those skilled in the art.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611082198.8ACN106790411B (en) | 2016-11-30 | 2016-11-30 | Non-aggregated port cascading system and method for virtual switch and physical switch |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611082198.8ACN106790411B (en) | 2016-11-30 | 2016-11-30 | Non-aggregated port cascading system and method for virtual switch and physical switch |
| Publication Number | Publication Date |
|---|---|
| CN106790411Atrue CN106790411A (en) | 2017-05-31 |
| CN106790411B CN106790411B (en) | 2019-10-25 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611082198.8AActiveCN106790411B (en) | 2016-11-30 | 2016-11-30 | Non-aggregated port cascading system and method for virtual switch and physical switch |
| Country | Link |
|---|---|
| CN (1) | CN106790411B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109728932A (en)* | 2017-10-31 | 2019-05-07 | 中兴通讯股份有限公司 | SDN setting method, controller, switch and computer-readable storage medium |
| CN111556136A (en)* | 2020-04-26 | 2020-08-18 | 全球能源互联网研究院有限公司 | A data interaction method between internal containers of power edge IoT agent |
| CN113742331A (en)* | 2021-10-11 | 2021-12-03 | 浙江数智交院科技股份有限公司 | Digital twin ship driving method and device |
| CN114553798A (en)* | 2022-01-14 | 2022-05-27 | 奇安信科技集团股份有限公司 | Flow mirroring method, device, electronic equipment, medium and product |
| CN116346620A (en)* | 2023-03-27 | 2023-06-27 | 中国工商银行股份有限公司 | Operation and maintenance method, device, computer equipment and storage medium |
| CN120614324A (en)* | 2025-08-01 | 2025-09-09 | 济南浪潮数据技术有限公司 | Virtual machine MAC address learning method, device, equipment, medium and product |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217492A (en)* | 2008-01-04 | 2008-07-09 | 福建星网锐捷网络有限公司 | Address information processing method and device and system |
| US20100107162A1 (en)* | 2008-03-07 | 2010-04-29 | Aled Edwards | Routing across a virtual network |
| CN101841473A (en)* | 2010-04-09 | 2010-09-22 | 北京星网锐捷网络技术有限公司 | Method and apparatus for updating MAC (Media Access Control) address table |
| US8429652B2 (en)* | 2009-06-22 | 2013-04-23 | Citrix Systems, Inc. | Systems and methods for spillover in a multi-core system |
| CN103220235A (en)* | 2013-04-26 | 2013-07-24 | 华为技术有限公司 | Distributed virtual switcher management method, relevant device and relevant system |
| CN103634225A (en)* | 2013-12-18 | 2014-03-12 | 武汉朋客云计算有限公司 | Service bandwidth expansion method in cloud computing network virtualization |
| CN104219211A (en)* | 2013-06-03 | 2014-12-17 | 中国移动通信集团公司 | Detection method and detection device for network security in cloud computing network |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217492A (en)* | 2008-01-04 | 2008-07-09 | 福建星网锐捷网络有限公司 | Address information processing method and device and system |
| US20100107162A1 (en)* | 2008-03-07 | 2010-04-29 | Aled Edwards | Routing across a virtual network |
| US8429652B2 (en)* | 2009-06-22 | 2013-04-23 | Citrix Systems, Inc. | Systems and methods for spillover in a multi-core system |
| CN101841473A (en)* | 2010-04-09 | 2010-09-22 | 北京星网锐捷网络技术有限公司 | Method and apparatus for updating MAC (Media Access Control) address table |
| CN103220235A (en)* | 2013-04-26 | 2013-07-24 | 华为技术有限公司 | Distributed virtual switcher management method, relevant device and relevant system |
| CN104219211A (en)* | 2013-06-03 | 2014-12-17 | 中国移动通信集团公司 | Detection method and detection device for network security in cloud computing network |
| CN103634225A (en)* | 2013-12-18 | 2014-03-12 | 武汉朋客云计算有限公司 | Service bandwidth expansion method in cloud computing network virtualization |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109728932A (en)* | 2017-10-31 | 2019-05-07 | 中兴通讯股份有限公司 | SDN setting method, controller, switch and computer-readable storage medium |
| CN109728932B (en)* | 2017-10-31 | 2021-09-28 | 中兴通讯股份有限公司 | SDN setting method, controller, switch and computer readable storage medium |
| EP3678340B1 (en)* | 2017-10-31 | 2025-01-01 | ZTE Corporation | Software-defined network setting method, controller, switch, and storage medium |
| CN111556136A (en)* | 2020-04-26 | 2020-08-18 | 全球能源互联网研究院有限公司 | A data interaction method between internal containers of power edge IoT agent |
| CN111556136B (en)* | 2020-04-26 | 2022-08-30 | 全球能源互联网研究院有限公司 | Data interaction method between internal containers of power edge Internet of things agent |
| CN113742331A (en)* | 2021-10-11 | 2021-12-03 | 浙江数智交院科技股份有限公司 | Digital twin ship driving method and device |
| CN114553798A (en)* | 2022-01-14 | 2022-05-27 | 奇安信科技集团股份有限公司 | Flow mirroring method, device, electronic equipment, medium and product |
| CN116346620A (en)* | 2023-03-27 | 2023-06-27 | 中国工商银行股份有限公司 | Operation and maintenance method, device, computer equipment and storage medium |
| CN120614324A (en)* | 2025-08-01 | 2025-09-09 | 济南浪潮数据技术有限公司 | Virtual machine MAC address learning method, device, equipment, medium and product |
| Publication number | Publication date |
|---|---|
| CN106790411B (en) | 2019-10-25 |
| Publication | Publication Date | Title |
|---|---|---|
| US12301479B2 (en) | Managing network traffic in virtual switches based on logical port identifiers | |
| EP3482532B1 (en) | Automatic service function validation in a virtual network environment | |
| EP3340064B1 (en) | Network interface card, computer device and data packet processing method | |
| US9755959B2 (en) | Dynamic service path creation | |
| US10063470B2 (en) | Data center network system based on software-defined network and packet forwarding method, address resolution method, routing controller thereof | |
| CN106790411B (en) | Non-aggregated port cascading system and method for virtual switch and physical switch | |
| EP3226132B1 (en) | Method and apparatus for deploying virtual machine instances in a nfv architecture | |
| US8989188B2 (en) | Preventing leaks among private virtual local area network ports due to configuration changes in a headless mode | |
| US9124536B2 (en) | Managing data flows in overlay networks | |
| US8032660B2 (en) | Apparatus and method for managing subscription requests for a network interface component | |
| EP2725749B1 (en) | Method, apparatus and system for processing service flow | |
| CN105745883B (en) | Method, network device and system for synchronization of forwarding tables | |
| CN114070723A (en) | Virtual network configuration method, system and intelligent network card of bare metal server | |
| WO2016107594A1 (en) | Accessing external network from virtual network | |
| CN110061912B (en) | Arbitrating mastership between redundant control planes of virtual nodes | |
| US20160205033A1 (en) | Pool element status information synchronization method, pool register, and pool element | |
| CN107682182A (en) | A kind of alarm method and system for realizing virtualization network load monitoring | |
| CN116566752A (en) | Safety drainage system, cloud host and safety drainage method | |
| CN111371608B (en) | A method, apparatus and medium for deploying SFC service chain | |
| CN104168200A (en) | Open vSwitch-based method and system for realizing ACL function | |
| WO2016177180A1 (en) | Method and device for reporting openflow switch capability | |
| CN114157668A (en) | Multi-tenant cross-cluster networking method, communication system and readable storage medium | |
| WO2021135792A1 (en) | Data forwarding method, forwarding device, system, server, and storage medium | |
| EP3197106B1 (en) | Switch processing method, controller, switch, and switch processing system | |
| CN115622959A (en) | Switch control method, device, equipment, storage medium and SDN network |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | Denomination of invention:Non-aggregated port cascading system and method for virtual switch and physical switch Effective date of registration:20200609 Granted publication date:20191025 Pledgee:Bank of Communications Ltd. Wuhan fruit Lake Branch Pledgor:WUHAN OS-EASY CLOUD COMPUTING Co.,Ltd. Registration number:Y2020980002830 | |
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right | Granted publication date:20191025 Pledgee:Bank of Communications Ltd. Wuhan fruit Lake Branch Pledgor:WUHAN OS-EASY CLOUD COMPUTING Co.,Ltd. Registration number:Y2020980002830 | |
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | Denomination of invention:Non aggregated port cascading system and method for virtual switches and physical switches Granted publication date:20191025 Pledgee:Bank of Communications Ltd. Wuhan fruit Lake Branch Pledgor:WUHAN OS-EASY CLOUD COMPUTING Co.,Ltd. Registration number:Y2025980009350 |