Implementation method for improving virtual machine network performance in openstack dvr modeTechnical Field
The invention relates to a cloud computing and computer network technology, in particular to an implementation method for improving virtual machine network performance in an openstack dvr mode.
Background
In the dvr mode of the current openstack, when the virtual machines of the same subnet cross the computing node communicate with each other, the traffic sent by the virtual machine on the current node to the virtual machine of the remote node can flood on the local br-int bridge, and the flooding of the two-layer traffic on the br-int bridge seriously consumes the resources of the system, greatly weakens the communication efficiency between the virtual machines, so that when the number of the virtual machines increases, the PPS performance between the virtual machines of the same subnet greatly reduces: when different subnetworks communicate across virtual machines of computing nodes, traffic is sent to a router on a node where a sender is located, and when the traffic is sent to a br-int bridge from a gateway in the router, a problem of two-layer communication exists, the traffic still floods the br-int bridge, system resources are consumed, and performance is reduced.
As the number of virtual machines increases, network performance decreases proportionally.
Disclosure of Invention
In order to solve the technical problems, the invention provides a realization method for improving the network performance of a virtual machine in an openstack dvr mode, which solves the problem of traffic flooding of the virtual machine traffic on a br-int bridge in the dvr mode and improves the network performance of the virtual machine.
The technical scheme of the invention is as follows:
the implementation method for improving the virtual machine network performance in the openstack dvr mode comprises the following steps: two-layer flow flooding repair on the br-int bridge and three-layer flow flooding repair on the br-int bridge;
the two-layer traffic flooding repair is responsible for repairing the traffic flooding problem among virtual machines of the same subnet across the computing nodes in the dvr mode; the three-layer traffic flooding repair is responsible for repairing the traffic flooding problem among virtual machines of different subnets across the computing nodes in the dvr mode.
By modifying the br-int flow table, the br-int knows which port the destination mac is on.
Further, in the above-mentioned case,
and (3) restoring the flooding of the two layers of flow on the br-int bridge, namely modifying the two layers of return flow to walk a normal flow table, and ensuring that the br-int bridge learns the remote mac.
And modifying the return path of the two-layer flow, so that the returned flow and the outgoing flow are matched with the normal flow table on the br-int bridge as well, that the mac learned by the br-int to the remote virtual machine is at the patch-tun port, and the subsequent flow can be directly sent to the patch-tun port without flooding.
The method comprises the following steps:
step one, adding br-int flow table number 59, wherein the 59 table is specially used for processing flow related to the dvr mode;
secondly, putting a flow table which is native in a 60 th table on br-int and accurately leads to a local virtual machine port into a 59 th table;
third, let the flow of the model table of the matching table 60 of the return flow.
Further, in the above-mentioned case,
and (3) performing flood repair on the three-layer flow on the br-int bridge, namely adding a specified table 59 for processing dvr related flow, and adding a flow table to enable the flow sent from the qrouter to be sent to a table 59 for processing.
The destination of the newly added processing from the remote node is a local flow table in the table No. 59, the destination of the newly added processing from the qrouter to the local flow table in the table No. 59, and the destination of the newly added processing from the qrouter to the virtual machine in the table No. 59 is a flow table of the remote virtual machine.
The method specifically comprises the following steps:
firstly, on the basis of two-layer repair, a table 59 is newly added and is specially used for processing flow related to a dvr mode;
secondly, the data flow firstly matches the flow table of table 0 on br-int, and a flow table is added in the table 0 table, so that the flow sent from the qrouter gateway is sent to the table 59;
thirdly, modifying the flow table from the remote node in the table 1, and sending the flow from the remote node to the table 59;
fourthly, adding a flow table with high priority into a table 59 table to process three layers of flow sent to the virtual machine of the node from the remote node, and directly and accurately sending the flow to a port of the local virtual machine after stripping off a vlan tag during the processing method;
fifthly, adding a flow table with high priority to process three-layer flow of the same node in a table 59 table, and forwarding the flow table which is sent from a gateway and aims at the local virtual machine by using a normal mode, so that br-int can learn the mac of the local virtual machine;
sixthly, adding a low-priority flow table in the table 59 table to process the flow table sent from the qrouter gateway, wherein the purpose of the flow table is not the flow table of the local virtual machine, that is, three layers of flow sent to the remote node need to be sent to the patch-tun port.
The invention has the advantages that
The problem that the performance of the virtual machine network is reduced when the scale number of the virtual machines is increased in an openstack environment can be effectively solved, after the method is applied, the PPS is improved by 400% in UDP flow tests of virtual machines (8) of the same subnet of different computing nodes, the PPS is improved by 364% in UDP flow tests of virtual machines (8) of different subnets of different computing nodes, and the performance is obviously improved after the method is applied.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below, it is obvious that the described embodiments are a part of the embodiments of the present invention, but not all embodiments, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts based on the embodiments of the present invention belong to the protection scope of the present invention.
The method mainly comprises two-layer flow flooding repair and three-layer flow flooding repair, and is realized through the following technical scheme.
And the two-layer traffic flooding repair is responsible for repairing the traffic flooding problem among virtual machines of the same subnet across the computing nodes in the dvr mode. The reason for generating the two-layer traffic flooding is that the outgoing traffic is matched with the normal flow table of the table 60, and the incoming traffic is matched with the flow table of the actual table 60 which is accurate to the specific destination port, and the incoming and outgoing paths are different, so that the br-int bridge cannot learn which port the mac address of the remote virtual machine is on, and the subsequent traffic does not know which port to send, and the flooding needs to be performed all the time. Therefore, the idea of repair is to modify the return path of the two-layer flow, so that the returned flow and the outgoing flow are both matched with the normal flow table on the br-int bridge, so that br-int can learn that the mac of the remote virtual machine is at the patch-tun port, and the subsequent flow can be directly sent to the patch-tun port without flooding. The specific implementation method comprises the following steps:
in the first step, we add br-int flow table number 59, which 59 table will be used exclusively to handle the flow related to the dvr mode.
Second, place the native flow table that leads to the local virtual machine port exactly in table 60 on br-int into table 59.
Third, let the flow of the model table of the matching table 60 of the return flow.
And the three-layer traffic flooding repair is responsible for repairing the traffic flooding problem among virtual machines of different subnets across the computing nodes in the dvr mode. The reason why the three-layer traffic flooding is generated is that the sending virtual machine will first send the traffic of the cross-network segment to its gateway, the virtual router, that is, qrouter, in the dvr mode will be distributed at several points of calculation, after receiving the traffic, the qrouter on the sending node will send the traffic to br-int from the gateway, at this time, the source mac of the traffic is the gateway mac of the destination virtual machine network segment, and the destination mac is the destination virtual machine mac, and at this time, the situation can be understood as the situation of two-layer traffic communication, the traffic sent from the gateway matches the normal flow table of table 60, and the traffic returned from the receiving party matches the flow table of the accurate guide sending virtual machine port of table 60, which leads to br-int being unable to learn from which port of br-int the remote virtual machine should be sent out, resulting in that the subsequent traffic is flooded. The idea of repair is to modify the br-int flow table so that br-int knows which port the destination mac is on. The specific implementation method comprises the following steps:
firstly, on the basis of two-layer repair, a table 59 is newly added and is specially used for processing flow related to a dvr mode
In the second step, the data flow will first match the table 0 flow table on br-int, add a flow table in table 0 table, let the flow sent from the qrouter gateway send to table 59, if: table 0, priority 10, dl src fa 16:3e 5b 6c 61actions resibmit (59), where fa 16:3e 5b 6c 61 is a gateway mac.
Third, modifying the flow table from the remote node in table 1, and sending the traffic from the remote node to table 59, such as: table 1, priority 4, dl _ vlan 1, dl _ dst fa 16:3e aa 2, ee actions mod dl src 16:3e:5b:6c 61, resume (59), where dl _ dst is mac of the virtual machine on the node.
And fourthly, adding a high-priority flow table into a table 59 table to process three layers of flow sent from the remote node to the virtual machine of the node, and directly and accurately sending the flow to a port of the local virtual machine after stripping off a vlan tag during the processing method. Such as: table 59, priority 4, dl _ vlan 1, dl _ src fa 16:3e:5b:6c:61, dl _ dst fa 16:3e: aa: e2, ee actions strip _ vlan, output: "qvo352ac 079-26".
Fifthly, adding a high-priority flow table in a table 59 to process three-layer flow of the same node, and forwarding the flow table which is sent from a gateway and aims at the local virtual machine in a normal mode, so that br-int can learn the mac of the local virtual machine, such as: table 59, priority 4, dl _ src fa 16:3e:5b:6c:61, dl _ dst fa 16:3e: aa 2, ee actions NORMAL.
Sixthly, adding a low-priority flow table in the table 59 table to process the flow table sent from the qrouter gateway, wherein the purpose of the flow table is not the flow table of the local virtual machine, that is, three layers of flow sent to the remote node need to be sent to a patch-tun port, for example: table 59, priority 3, dl _ src fa 16:3e:5b:6c:61actions mod _ vlan _ vid:1, output: "patch-tun".
The above description is only a preferred embodiment of the present invention, and is only used to illustrate the technical solutions of the present invention, and not to limit the protection scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.