[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN107395508B - Method and device for forwarding message - Google Patents

Method and device for forwarding message Download PDF

Info

Publication number
CN107395508B
CN107395508B CN201610327961.2A CN201610327961A CN107395508B CN 107395508 B CN107395508 B CN 107395508B CN 201610327961 A CN201610327961 A CN 201610327961A CN 107395508 B CN107395508 B CN 107395508B
Authority
CN
China
Prior art keywords
vlan
mac address
mapping
physical switch
destination mac
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610327961.2A
Other languages
Chinese (zh)
Other versions
CN107395508A (en
Inventor
王雨晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201610327961.2A priority Critical patent/CN107395508B/en
Publication of CN107395508A publication Critical patent/CN107395508A/en
Application granted granted Critical
Publication of CN107395508B publication Critical patent/CN107395508B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The embodiment of the invention discloses a method for forwarding a message, which is applied to a communication system comprising a first physical switch and a first physical host, and comprises the following steps: a first physical switch receives a first message sent by a first virtual switch running on a first physical host through a first relay port, wherein the first message carries a source MAC address, a destination MAC address and a first VLAN mapping identifier, the first message is sent by a source virtual machine identified by the source MAC address to a destination virtual machine identified by the destination MAC address, the source virtual machine is a virtual machine running on the first physical host, and the first VLAN mapping identifier is used for identifying a VLAN network segment to which the source virtual machine belongs; the method comprises the steps that a first physical switch determines the address type of a destination MAC address, wherein the address type comprises a non-broadcast address and a broadcast address; and the first physical switch forwards the first message according to the address type of the destination MAC address.

Description

Method and device for forwarding message
Technical Field
The present invention relates to the field of virtual machines, and in particular, to a method and an apparatus for forwarding a packet.
Background
In a conventional virtual networking, a communication device mainly includes a physical host and a physical switch, and a virtual switch and at least one virtual machine are usually run on a physical host. The Virtual switch supports only a Virtual Local Area Network (VLAN) protocol, but not a Virtual extensible LAN (VXLAN) protocol. The physical switch is responsible for conversion between a virtual local area Network Identifier VLAN _ ID in the VLAN protocol and a virtual extended local area Network Identifier (VNI) in the VXLAN protocol. Based on the networking structure, when communication is performed between the virtual machines, a message for communication sent by the source virtual machine firstly enters the virtual switch. If the source virtual machine and the destination virtual machine of communication belong to different VLANs, the message is forwarded to the physical switch through the virtual switch, and the physical switch converts the message between the VLAN _ ID and the VNI and finally sends the message to the destination virtual machine.
However, if the source virtual machine and the destination virtual machine which perform communication belong to the same VLAN, the virtual switch in the conventional networking supports the VLAN protocol, that is, after receiving the packet for communication sent by the source virtual machine, the virtual switch directly forwards the packet to the destination virtual machine, and does not forward the packet to the physical switch.
Therefore, the physical switch deployed in the conventional networking cannot receive all messages used for communication between the virtual machines, and thus cannot realize unified management on communication traffic between the virtual machines.
Disclosure of Invention
The application provides a method for forwarding messages, so that a physical switch can receive all messages sent during communication between virtual machines, and communication flow between the virtual machines can be uniformly managed.
In a first aspect, the present application provides a method for forwarding a packet, which is applied to a communication system including a first physical switch and a first physical host, where the first physical switch is configured with at least one trunk port, the first physical host is run with at least one virtual switch and at least two virtual machines, each virtual switch in the at least one virtual switch transmits a packet with the first physical switch through a trunk port connected with the virtual switch, each virtual machine belongs to one tenant, each tenant has at least one virtual local area network identifier VNI, each VNI is used for uniquely identifying a virtual extended local area network VXLAN segment to which the corresponding tenant belongs in the communication system, each two virtual machines have different VLAN mapping identifiers, each virtual machine has one virtual local area network VLAN mapping identifier, each VLAN mapping identifier is used for uniquely identifying a VLAN segment to which one virtual machine belongs in the communication system, each virtual machine has a MAC address, each MAC address is used to uniquely identify one virtual machine in the communication system, the first physical switch stores a first mapping table, a second mapping table and a third mapping table, the first mapping table is used to record a one-to-one mapping relationship between a plurality of MAC addresses and a plurality of VLAN mapping identifiers, the second mapping table is used to record a mapping relationship between a plurality of MAC addresses and a plurality of trunk ports, each trunk port corresponds to at least one MAC address, the third mapping table is used to record a mapping relationship between a plurality of VLAN mapping identifiers and a plurality of VNIs, each VNI corresponds to at least one VLAN mapping identifier, and the method includes: the first physical switch receives a first message sent by a first virtual switch running on the first physical host through a first relay port, wherein the first message carries a source MAC address, a destination MAC address and a first VLAN mapping identifier, the first message is sent by a source virtual machine of the source MAC address identifier to a destination virtual machine of the destination MAC address identifier, the virtual source machine is a virtual machine running on the first physical host, and the first VLAN mapping identifier is used for identifying a VLAN network segment to which the source virtual machine belongs; the first physical switch determines the address type of the destination MAC address, wherein the address type comprises a non-broadcast address and a broadcast address; and the first physical switch carries out forwarding processing on the first message according to the address type of the destination MAC address.
In the existing virtual network networking, although each virtual machine has a VLAN ID, the VLAN ID is used to identify a VLAN segment corresponding to a tenant to which the virtual machine belongs. However, a plurality of virtual machines belonging to the same tenant share one VLAN _ ID, that is, the plurality of virtual machines belonging to the same tenant all correspond to the same VLAN segment. Therefore, when the virtual machines which are positioned on the same physical host and belong to the same tenant communicate with each other, the virtual switch can directly forward the message and cannot forward the message to the physical switch. Therefore, the part of the message cannot enter the physical network, and the physical switch cannot uniformly manage the communication traffic between the virtual machines because the physical switch cannot receive the part of the message.
In the technical scheme provided by the invention, each virtual machine is allocated with a VALN mapping identifier, and the VALN mapping identifiers between every two virtual machines are different, so that each virtual machine corresponds to a unique VLAN network segment. Therefore, even if communication is carried out between virtual machines belonging to the same tenant, the virtual switch can only forward the communication message to the physical switch, so that the physical switch can receive all the messages communicated between the virtual machines, and further unified management can be carried out on communication flow between the virtual machines.
Optionally, in a first possible implementation manner of the first aspect, the forwarding, by the first physical switch, the first packet according to the address type of the destination MAC address includes: when the first physical switch determines that the address type of the destination MAC address is a non-broadcast address, the first physical switch judges whether the destination MAC address exists in the first mapping table or the second mapping table, and generates a first judgment result; and the first physical switch carries out forwarding processing on the first message according to the first judgment result.
Optionally, in a second possible implementation manner of the first aspect, the performing, by the first physical switch, forwarding the first packet according to the first determination result includes: when the first physical switch determines that the destination MAC address exists in the first mapping table or the second mapping table, the first physical switch determines a second VLAN mapping identifier corresponding to the destination MAC address according to the destination MAC address and the first mapping table, where the second VLAN mapping identifier is used to identify a VLAN segment to which the destination virtual machine belongs; the first physical switch determines, according to the third mapping table, the first VLAN mapping identifier and the second VLAN mapping identifier, a first VNI corresponding to the first VLAN mapping identifier and a second VNI corresponding to the second VLAN mapping identifier, and determines whether the first VNI and the second VNI are the same, thereby generating a second determination result; and the first physical switch performs forwarding processing on the first message according to the second judgment result.
Optionally, in a third possible implementation manner of the first aspect, the forwarding, by the first physical switch, the first packet according to the second determination result includes: when the first VNI is the same as the second VNI, the first physical switch changes the first VLAN mapping identifier of the first packet to the second VLAN mapping identifier to generate a second packet; the first physical switch determines a second trunk port corresponding to the destination MAC address according to the second mapping table and the destination MAC address; and the first physical switch forwards the second message to a virtual switch connected with the second relay port through the second relay port.
Optionally, in a fourth possible implementation manner of the first aspect, the performing, by the first physical switch, forwarding the first packet according to the second determination result includes: the first physical switch discards the first packet when the first VNI and the second VNI are different.
Optionally, in a fifth possible implementation manner of the first aspect, the communication system further includes a second physical switch, where the second physical switch communicates with the first physical switch through a VXLAN tunnel, and the first physical switch performs forwarding processing on the first packet according to the first determination result, where the forwarding processing includes: when the first physical switch determines that the destination MAC address does not exist in the first mapping table or the second mapping table, the first physical switch determines, according to the first VLAN mapping identifier and the third mapping table, a first VNI corresponding to the first VLAN mapping identifier, where the first VNI is used to identify a VXLAN network segment corresponding to a tenant to which the source virtual machine belongs; the first physical switch changes the first VLAN mapping identifier of the first message into the first VNI so as to generate a third message; the first physical switch forwards the third message to the second physical switch through the VXLAN tunnel.
Optionally, in a sixth possible implementation manner of the first aspect, the forwarding, by the first physical switch, the first packet according to the address type of the destination MAC address includes: when the first physical switch determines that the address type of the destination MAC address is a broadcast address, the first physical switch determines, according to the first VLAN mapping identifier and the third mapping table, a first VNI corresponding to the first VLAN mapping identifier, and determines P third VLAN mapping identifiers corresponding to the first VNI, where the first VNI is used to identify a VXLAN network segment corresponding to a tenant to which the source virtual machine belongs, and P is greater than or equal to 2; the first physical switch determines P destination MAC addresses corresponding to the P third VLAN mapping identifications according to the P third VLAN mapping identifications and the first mapping table; the first physical switch determines R third relay ports corresponding to the P destination MAC addresses according to the P destination MAC addresses and the second mapping table, wherein R is more than or equal to 1 and less than or equal to P; the first physical switch creates P third messages, the P third messages correspond to the P third VLAN mapping identifiers one to one, each third message carries the source MAC address, the corresponding third VLAN mapping identifier, and the corresponding destination MAC address, and the first physical switch forwards the P third messages to R virtual switches connected to the R third relay ports through the R third relay ports.
Optionally, in a seventh possible implementation manner of the first aspect, the communication system further includes a second physical switch, where the second physical switch and the first physical switch communicate through a VXLAN tunnel, and the method further includes: the first physical switch changes the first VLAN mapping identifier in the first message into the first VNI to generate a third message; the first physical switch forwards the third message to the second physical switch through the VXLAN tunnel.
In a second aspect, the present application provides a method for transmitting a packet, which is applied to a communication system including a second physical host and a second physical switch, the second physical switch is configured with at least one trunk port, the second physical host runs on at least one virtual switch, each virtual switch in the at least one virtual switch transmits a packet with the second physical switch through the trunk port connected to the virtual switch, each virtual machine belongs to one tenant, each tenant has at least one virtual local area network identifier VNI, each VNI is used for uniquely identifying a VXLAN to which the corresponding tenant belongs in the communication system, each virtual machine has one VLAN mapping identifier, each VLAN mapping identifier is used for uniquely identifying a VLAN segment to which one virtual machine belongs in the communication system, and each two virtual machines have different VLAN mapping identifiers, each virtual machine has a MAC address, each MAC address is used to uniquely identify one virtual machine in the communication system, the second physical switch stores a fourth mapping table, a fifth mapping table and a sixth mapping table, the fourth mapping table is used to record a one-to-one mapping relationship between a plurality of MAC addresses and a plurality of VLAN mapping identifiers, the fifth mapping table is used to record a mapping relationship between a plurality of MAC addresses and a plurality of trunk ports, each trunk port corresponds to at least one MAC address, the sixth mapping table is used to record a mapping relationship between a plurality of VLAN mapping identifiers and a plurality of VNIs, each VNI corresponds to at least one VLAN mapping identifier, the method includes: the second physical switch receives a third message, where the third message carries a source MAC address, a destination MAC address, and a first VNI, and the third message is a message sent by a source virtual machine identified by the source MAC address to a destination virtual machine identified by the destination MAC address, where the first VNI is used to identify a VXLAN network segment corresponding to a tenant to which the source virtual machine belongs; the second physical switch determines the address type of the destination MAC address, wherein the address type comprises a non-broadcast address and a broadcast address; and the second physical switch performs forwarding processing on the third message according to the address type of the destination MAC address.
Optionally, in a first possible implementation manner of the second aspect, the performing, by the second physical switch, forwarding the third packet according to the address type of the destination MAC address includes: when the destination MAC address is a non-broadcast address, the second physical switch determines that the destination MAC address exists in the fourth mapping table or the fifth mapping table; the second physical switch determines a second VLAN mapping identifier corresponding to the destination MAC address according to the destination MAC address and the fourth mapping table; the second physical switch changes the first VNI in the third message into the second VLAN mapping identifier to generate a fourth message, where the second VLAN mapping identifier is used to identify a VLAN segment to which the destination virtual machine belongs; the second physical switch determines a fourth relay port corresponding to the destination MAC address according to the destination MAC address and the fifth mapping table; and the second physical switch forwards the fourth message to the virtual switch connected with the fourth trunk port through the fourth trunk port.
Optionally, in a second possible implementation manner of the second aspect, the performing, by the second physical switch, forwarding the third packet according to the address type of the destination MAC address includes: when the destination MAC address is a non-broadcast address, the second physical switch determines that the destination MAC address does not exist in the fourth mapping table or the fifth mapping table; the second physical switch discards the third message.
Optionally, in a third possible implementation manner of the second aspect, the performing, by the second physical switch, forwarding the third packet according to the address type of the destination MAC address includes: when the destination MAC address is a broadcast address, the second physical switch determines Q fourth VLAN mapping identifiers corresponding to the first VNI according to the sixth mapping table and the first VNI, where Q is greater than or equal to 1; the second physical switch determines Q destination MAC addresses corresponding to the Q fourth VLAN mapping identifications according to the Q fourth VLAN mapping identifications and the fourth mapping table; the second physical switch determines T fifth relay ports corresponding to the Q destination MAC addresses according to the Q destination MAC addresses and the fifth mapping table, wherein T is more than or equal to 1 and less than or equal to P; the second physical switch creates Q fifth messages, the Q fifth messages correspond to the Q fourth VLAN mapping identifications in a one-to-one mode, each fifth message carries the source MAC address, the corresponding fourth VLAN mapping identification and the corresponding destination MAC address, and the second physical switch forwards the Q fifth messages to T virtual switches connected with the T fifth relay ports through the T fifth relay ports.
Optionally, in some implementations, the VLAN mapping identification is a virtual local area network identification VLAN _ ID.
Optionally, in some implementations, the VLAN mapping identifier includes a first portion that is a VLAN _ ID and a second portion that is a port number on the first physical switch corresponding to each virtual machine.
In a third aspect, the present application provides an apparatus for forwarding a packet, configured to execute the method in the first aspect or any possible implementation manner of the first aspect. In particular, the apparatus comprises means for performing the method of the first aspect or any possible implementation manner of the first aspect.
In a fourth aspect, the present application provides an apparatus for forwarding a packet, configured to execute the method in the second aspect or any possible implementation manner of the second aspect. In particular, the apparatus comprises means for performing the method of the second aspect or any possible implementation manner of the second aspect.
In a fifth aspect, the present application provides an apparatus for forwarding a packet, where the apparatus includes: the system comprises a memory, a processor and a network interface, wherein the memory, the processor and the network interface are connected with each other through a bus system. The memory is configured to store instructions and the processor is configured to execute the instructions stored by the memory, and when executed, the processor performs the method of the first aspect or any possible implementation manner of the first aspect through the network interface.
In a sixth aspect, the present application provides an apparatus for forwarding a packet, where the apparatus includes: the system comprises a memory, a processor and a network interface, wherein the memory, the processor and the network interface are connected with each other through a bus system. The memory is configured to store instructions and the processor is configured to execute the instructions stored by the memory, and when executed, the processor performs the method of the second aspect or any possible implementation manner of the second aspect through the network interface.
In a seventh aspect, the present application provides a computer-readable medium for storing a computer program comprising instructions for performing the method of the first aspect or any possible implementation manner of the first aspect.
In an eighth aspect, the present application provides a computer readable medium for storing a computer program comprising instructions for performing the method of the second aspect or any possible implementation of the second aspect.
The application provides a method and a device for forwarding messages, so that a physical switch can receive all messages sent during communication between virtual machines, and the physical switch can uniformly manage communication flow between the virtual machines.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic architecture diagram of a communication system to which the method for forwarding a packet according to the embodiment of the present invention is applied.
Fig. 2 is a schematic interaction diagram of a method 100 for forwarding a packet according to an embodiment of the present invention.
Fig. 3 is a schematic interaction diagram of a method 200 of forwarding a message according to another embodiment of the invention.
Fig. 4 is a schematic diagram illustrating a method for forwarding a packet according to an embodiment of the present invention.
Fig. 5 is a schematic diagram illustrating a method for forwarding a packet according to another embodiment of the present invention.
Fig. 6 is a schematic diagram illustrating a method for forwarding a packet according to another embodiment of the present invention.
Fig. 7 is a diagram illustrating a method for forwarding a packet according to another embodiment of the present invention.
Fig. 8 is a diagram illustrating a method for forwarding a packet according to another embodiment of the present invention.
Fig. 9 is a schematic diagram illustrating a method for forwarding a packet according to another embodiment of the present invention.
Fig. 10 is a schematic block diagram of an apparatus for forwarding a packet according to an embodiment of the present invention.
Fig. 11 is a schematic block diagram of an apparatus for forwarding a packet according to another embodiment of the present invention.
Fig. 12 is a schematic structural diagram of a device for forwarding a packet according to an embodiment of the present invention.
Fig. 13 is a schematic structural diagram of an apparatus for forwarding a packet according to another embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For convenience of understanding, first, with reference to fig. 1, an architecture of a communication system and functions of each device in the communication system, which are applicable to the method for forwarding a packet according to the embodiment of the present invention, are described.
Fig. 1 is a schematic architecture diagram of a communication system to which the method for forwarding a packet according to the embodiment of the present invention is applied. As shown in fig. 1, the communication devices in the communication system include a physical switch, a virtual switch, and a virtual machine. The following describes the above-described communication apparatuses, respectively.
(1) A physical switch.
In an embodiment of the invention, the physical switch has a VXLAN gateway function. Thus, when the VLAN needs to be deployed across a network, mapping between the tenant VLAN and the tenant VXLAN is realized through the VXLAN gateway on the physical switch. In this scenario, tenant VLANs to tenant VXLANs are one-to-one mapped.
In addition, in the embodiment of the present invention, a plurality of mapping tables are stored on the physical switch.
Taking fig. 1 as an example, the first physical switch stores a first mapping table, a second mapping table, and a third mapping table. The first mapping table is used for recording one-to-one mapping relations between a plurality of Media Access Control (MAC) addresses and a plurality of Virtual Local Area Network (VLAN) mapping identifications, the second mapping table is used for recording mapping relations between a plurality of MAC addresses and a plurality of relay ports, each relay port corresponds to at least one MAC address, the third mapping table is used for recording mapping relations between a plurality of VLAN mapping identifications and a plurality of Virtual Networking Interfaces (VNIs), each VNI corresponds to at least one VLAN mapping identification, and the second physical switch is stored with a fourth mapping table, a fifth mapping table and a sixth mapping table. Wherein the fourth mapping table is similar to the first mapping table (i.e. for storing the mapping relationship between the MAC address and the VLAN mapping id), the fifth mapping table is similar to the second mapping table, and the sixth mapping table is similar to the third mapping table. For brevity, no further description is provided herein.
It should be noted that the mapping relationships stored in the first mapping table, the second mapping table, and the third mapping table in the embodiment of the present invention may also be stored by any plurality of (for example, one or two) mapping tables. The storage form of the mapping relationship is not particularly limited in the embodiment of the present invention.
For simplicity in description, in the embodiment of the present invention, as an example and not by way of limitation, mapping relationships stored in the first mapping table, the second mapping table, and the third mapping table in the embodiment of the present invention are stored through two mapping tables.
Taking fig. 1 as an example, physical switch #1 stores mapping table 1 and mapping table 2. In the present embodiment, different tenants are respectively represented by a triangle, a square, and a circle.
Mapping table 1
Figure BDA0000991531960000091
Mapping table 2
Relay port Corresponding VLAN _ ID Corresponding MAC address
Relay port
1 VLAN_ID 1 MAC 1
VLAN_ID 2 MAC 2
VLAN_ID 3 MAC 3
Trunk port 2 VLAN_ID 4 MAC 4
VLAN_ID 5 MAC 5
VLAN_ID 6 MAC 6
It should be understood that the above mapping table 1 and mapping table 2 are only used as examples and not limitations, and the mapping relationship stored in mapping table 1 and mapping table 2 may be in other forms or in combination with each other.
Similarly, the mapping relationships stored in the fourth mapping table, the fifth mapping table, and the sixth mapping table in the embodiment of the present invention may also be stored by any multiple (for example, one or two) mapping tables. The storage form of the mapping relationship is not particularly limited in the embodiment of the present invention. Taking fig. 1 as an example, physical switch #2 stores mapping table 3 and mapping table 4.
Mapping table 3
Tenant Corresponding VNI Corresponding VLAN _ ID Mapping relation between VNI and VLAN _ ID
Triangle shape 1000 VLAN_ID 7 VNI 1000,VLAN_ID7
Square shape 2000 VLAN_ID 9 VNI 2000,VLAN_ID9
Circular shape 3000 VLAN_ID 8 VNI 3000,VLAN_ID8
Mapping table 4
Relay port Corresponding VLAN _ ID Corresponding MAC address
Trunk port
3 VLAN_ID 7 MAC 7
VLAN_ID 8 MAC 8
VLAN_ID 9 MAC 9
It should be understood that, in the embodiment of the present invention, the VLAN mapping identifier is used to uniquely identify a Virtual Local Area Network (VLAN) segment to which one Virtual machine belongs in the communication system.
It should be noted that, in the embodiment of the present invention, each tenant has at least one VNI. For simplicity, the method for forwarding a packet according to the embodiment of the present invention is described by taking only one VNI per tenant as an example. For a scenario where one tenant has multiple VNIs, the process flow of forwarding the packet is similar to the process where one tenant has one VNI. And will not be described in detail herein. Therefore, the method for forwarding a packet according to the embodiment of the present invention is applicable to a scenario in which one tenant has one VNI or multiple VNIs.
Specifically, in the embodiment of the present invention, the VLAN mapping identifier may include the following 2 ways.
Mode 1
The VLAN mapping is identified as VLAN _ ID.
I.e. each VM has a VLAN _ ID. For a VM, the VLAN _ ID it has is unique throughout the communication system. Alternatively, the communication system may assign each VM a VLAN _ ID, and the VLAN _ IDs of any two VMs may not be the same.
Taking fig. 1 as an example, each of the 9 VMs in the communication system has one VLAN _ ID, which is VLAN _ ID1, VLAN _ ID2, VLAN _ ID 3, VLAN _ I4, VLAN _ ID 5, VLAN _ ID6, VLAN _ ID 7, VLAN _ ID 8, and VLAN _ ID 9.
Mode 2
The VLAN mapping identity comprises a first portion and a second portion. The first part is the VLAN _ ID and the second part is the port number of the physical switch.
That is, the VLAN segment to which each VM belongs is identified by the form "VLAN _ ID + port number". In other words, for any two VMs in a communication system, their respective VLAN _ IDs are unique on the same port of the same physical switch, but are repeatable on different ports of the same physical switch.
Taking fig. 1 as an example, 9 VMs in the communication system each correspond to "VLAN _ ID + port number", for convenience of description, see mapping table 5 and mapping table 6.
In the embodiment of the present invention, when the VLAN segment to which each virtual machine belongs is identified by using the method 2 in the communication system, the physical switch #1 stores the mapping table 5.
Mapping table 5
Figure BDA0000991531960000111
Similarly, the mapping table stored in the physical switch #2 is different from the mapping tables 3 and 4 described above in that the physical switch #2 stores the mapping table 6.
Mapping table 6
VM VLAN mapping identification (VLAN _ ID + port number)
VM7 VLAN_ID 1:P1
VM8 VLAN_ID 2:P1
VM9 VLAN_ID 3:P1
It can be seen that the VLAN _ ID between any two VMs can be duplicated on any one physical switch, but "VLAN _ ID + port number" must be unique.
(2) Virtual switch
It should be understood that the virtual switch technology is a switch system that solves the problem of intercommunication between different virtual machines. Different from a common physical switch, the virtual switch is a software module, is positioned between a virtual machine and a network card of a physical server, connects different virtual network interfaces of the virtual server and physical network card interfaces of the physical server, and can form a switch system for software forwarding according to different forwarding logics.
In an embodiment of the invention, the virtual switch supports the VLAN protocol. The virtual switch uploads all received messages from the virtual machine to the physical switch. Therefore, the communication traffic of all the virtual machines can pass through the physical switch, and the physical switch can count the communication traffic of all the virtual machines, so that the management of the communication traffic of all the virtual machines is realized.
In addition, the virtual switch stores the mapping relationship among the MAC address, the VLAN _ ID, and the virtual machine.
Taking fig. 1 as an example, the virtual switch #1 stores a mapping table 7.
Mapping table 7
VM VLAN_ID MAC address
VM1
1 MAC1
VM2
2 MAC2
VM3
3 MAC3
The virtual switch #2 has a mapping table 8 stored thereon.
Mapping table 8
VM VLAN_ID MAC address
VM4
4 MAC4
VM5
5 MAC5
VM6
6 MAC6
The virtual switch #3 has a mapping table 9 stored thereon.
Mapping table 9
VM VLAN_ID MAC address
VM7 7 MAC7
VM8
8 MAC8
VM9
9 MAC9
(3) And (4) a virtual machine.
It should be understood that a virtual machine refers to a complete computer system with complete hardware system functionality, emulated by software, running in a completely isolated environment. In which a physical host is virtualized into a plurality of logical computers by virtualization technology, and each logical computer is a virtual machine. Each virtual machine can run a different operating system, and therefore, the application programs of the virtual machines can run in the spaces of the operating systems which are independent of each other.
It should be noted that, in the embodiment of the present invention, a virtual machine may run on one physical host. Alternatively, multiple virtual machines may run on a single physical host. The invention is not limited in this respect.
It should be appreciated that multi-tenant networks must meet isolation requirements between virtual machines. That is, several virtual machines communicating with each other must be isolated. In other words, each tenant has an independent identity different from other tenants in the virtual resource environment.
As shown in fig. 1, "triangle", "square", and "circle" in fig. 1 are used to distinguish different tenants. Assume that "triangle" represents tenant #1, "square" represents tenant #2, and "circle" represents tenant # 3. Then, VM1, VM2, and VM7 belong to tenant # 1. VM3, VM6, and VM9 belong to tenant # 2. VM4, VM5, and VM8 belong to tenant # 3.
In the embodiment of the present invention, each "tenant" has an exclusive VXLAN network segment on the physical switch, that is, each "tenant" obtains an independent VNI on the virtual switch.
The following describes in detail specific steps and processes of the method for forwarding a packet according to the embodiment of the present invention, which are executed in the above-mentioned communication system, with reference to fig. 2 to fig. 3.
Fig. 2 shows a schematic interaction diagram of a method 100 of forwarding a packet according to an embodiment of the invention. As shown in fig. 2, the method 100 includes:
110. the first physical switch receives a first message sent by the first virtual switch.
The first message carries a source MAC address, a destination MAC address, and a first VLAN _ ID, where the first message is a message that is sent by a source virtual machine identified by the source MAC address to a destination virtual machine identified by the destination MAC address and needs to be forwarded by the first virtual switch and the first physical switch, and the first VLAN _ ID is used to identify a VLAN segment to which the source virtual machine belongs.
It should be noted that the destination virtual machine and the source virtual machine may run on the same physical host, or may run on different physical hosts. The embodiment of the present invention is not particularly limited.
Specifically, step 101 and step 102 are also included before step 110.
101. The virtual switch #1 (i.e., an example of the first virtual switch) receives the packet transmitted by the source virtual machine. The form of the message may be:
source MAC address Destination MAC address
<Source MAC address> <Destination MAC address>
102. The virtual switch #1 adds the VLAN _ ID of the source virtual machine (i.e., the first VLAN _ ID) to the packet according to the mapping table 7 described above, and generates a first packet.
The first message (hereinafter referred to as message # a for ease of distinction) may be in the form of:
VLAN source MAC address Destination MAC address
<First VLAN _ ID> <Source MAC address> <Destination MAC address>
It should be understood that the first VLAN _ ID in the first message is the VLAN _ ID corresponding to the source virtual machine.
120. The first physical switch determines an address type of the destination MAC address, wherein the address type includes a non-broadcast address and a broadcast address.
130. And the first physical switch forwards the first message according to the address type of the destination MAC address.
Specifically, when the first physical switch determines the address type of the destination MAC address, there are 2 types.
Type 1
The destination MAC address being a non-broadcast address
When the destination MAC address is a non-broadcast address, the first physical switch needs to further determine whether the destination MAC address exists in the first mapping table or the second mapping table.
In the embodiment of the present invention, the first mapping table and the second mapping table store MAC addresses. Thus, the first physical switch may look up the first mapping table or the second mapping table to determine whether the destination MAC address is present in the communication system.
Taking fig. 1 as an example, the first physical switch looks up the mapping table 2 to determine whether the destination MAC address exists.
Specifically, the following may occur as a result of the search.
Case 1
The destination MAC address exists.
When the destination MAC address exists, the first physical switch needs to further determine whether the source virtual machine identified by the source MAC address and the destination virtual machine identified by the destination MAC address belong to the same tenant. If the two-layer interworking belongs to the same tenant, the communication is allowed, and if the two-layer interworking does not belong to the same tenant, the communication is forbidden, so that the two-layer interworking of the same tenant and the two-layer isolation of different tenants are realized.
(1) The source virtual machine and the destination virtual machine belong to the same tenant.
The first physical switch creates a second message. The format of the second message may be as follows:
VLAN source MAC address Destination MAC address
Second one<VLAN_ID> <Source MAC address> <Destination MAC address>
The first physical switch looks up the mapping table 2, determines a trunk port (for convenience of distinction, referred to as trunk port 2) corresponding to the second < VLAN _ ID >, and forwards the second packet to the virtual switch corresponding to the trunk port 2 through the trunk port 2.
Specifically, when determining whether the source virtual machine and the destination virtual machine belong to the same tenant, the first physical switch first queries the mapping table 2 to determine the VLAN _ ID corresponding to the source MAC address and the destination MAC address, and then determines whether the VLAN _ ID corresponding to the source MAC address and the destination MAC address corresponds to the same VNI (or the same tenant) by querying the mapping table 1, so that it can be determined whether the source virtual machine and the destination virtual machine belong to the same tenant.
(2) The source virtual machine and the destination virtual machine do not belong to the same tenant
The first physical switch discards the first packet.
Case 2
The destination MAC address does not exist.
In this embodiment of the present invention, when the first physical switch determines that the destination MAC address does not exist in the mapping table 2, the first packet is forwarded to another physical switch in the communication system through the VXLAN tunnel, that is, the first physical switch enters a forwarding process.
The forwarding flow of the physical switch is explained in detail below.
Specifically, taking the first physical switch as an example, the forwarding process mainly includes the following steps:
step 1
The first physical switch determines a VNI corresponding to the first VLAN _ ID (i.e., a first VNI) according to the first VLAN _ ID and the mapping table 1.
Step 2
The first physical switch modifies the first packet (for example, packet # a) to generate packet # B (an example of the third packet).
That is, the message # a:
VLAN_ID source MAC address Destination MAC address
First of all<VLAN_ID> <Source MAC address> <Destination MAC address>
Change to message # B:
VNI source MAC address Destination MAC address
First VNI <Source MAC address> <Destination MAC address>
It should be understood that the first VNI is a VNI corresponding to a tenant to which the source virtual machine belongs, and is used for uniquely identifying a VXLAN network segment corresponding to the tenant to which the source virtual machine belongs in the communication system.
Step 3
And the first physical switch forwards the third message to the second physical switch through the VXLAN tunnel.
Through the steps 1 to 3, the physical switch completes the forwarding processing of one message.
Type 2
The destination MAC address being a broadcast address
In this case, the first physical switch processes the first packet as follows:
as can be seen from the foregoing, the first message may be in the form of:
VLAN_ID source MAC address Destination MAC address
First of all<VLAN_ID> <Source MAC address> <Destination MAC address>
Step 1
The first physical switch refers to the mapping table 2 and determines a VLAN _ ID (hereinafter referred to as VLAN _ ID #1 for convenience of distinction and description) corresponding to the source MAC address in the first packet (e.g., the packet # a).
Step 2
The first physical switch queries the mapping table 1 to determine the tenant corresponding to VLAN _ ID #1 (for convenience of differentiation and description, hereinafter referred to as tenant # 1).
Since one VNI can uniquely identify a VXLAN network segment corresponding to one tenant, in step 2, the first physical switch may also determine the VNI corresponding to VLAN _ ID #1 (i.e., the first VNI).
Step 3
The first physical switch determines a plurality of VLAN _ IDs (i.e., examples of P third VLAN mapping identifiers) corresponding to tenant #1 from mapping table 1.
Also, the first physical switch can determine a plurality of destination MAC addresses one-to-one corresponding to the plurality of VLAN _ IDs by referring to the mapping table 2.
The first physical switch creates P third packets, and each third packet corresponds to a third VLAN mapping identifier (for convenience of distinction, referred to as third VLAN mapping identifier #1) and a destination MAC address (for convenience of distinction, referred to as destination MAC address #1) corresponding to the third VLAN mapping identifier # 1.
The form of each third message (denoted as message # C for ease of distinction) may be as follows:
VLAN source MAC address Destination MAC address
Second one<VLAN_ID> <Source MAC address> <Destination MAC address>
The first physical switch consults the mapping table 2 to determine the trunk port corresponding to the destination MAC address #1 (for convenience of distinction and description, it is referred to as trunk port 3).
And the first physical switch sends the message # C to the virtual switch corresponding to the trunk port 3 through the trunk port 3.
It should be understood that, in this embodiment, the P third packets correspond to P destination virtual machines, which may correspond to one or more virtual switches. Therefore, each third packet is sent to the virtual switch corresponding to the relay port through the corresponding relay port, and the virtual switch forwards the third packet to the corresponding destination virtual machine.
Taking mapping table 1 as an example, assuming that the first VLAN _ ID is VLAN _ ID2 (i.e., the system identifier corresponding to the source virtual machine), the first physical switch queries mapping table 1 to determine that the tenant corresponding to VLAN _ ID2 is a "triangle". Further, the first physical switch may determine that the tenant "triangle" includes a VLAN _ ID that includes VLAN _ ID1 in addition to VLAN _ ID 2. That is, all VLAN _ IDs included in the tenant "triangle" are VLAN _ ID1 and VLAN _ ID 2.
For another example, assume that the first VLAN _ ID is VLAN _ ID 4. The first physical switch can determine, according to mapping table 1, that the tenant corresponding to VLAN _ ID 4 is "round", and can determine that all VLAN _ IDs included in the tenant "round" are VLAN _ ID 4 and VLAN _ ID 5.
After acquiring all VLAN _ IDs included by tenant #1, the first physical switch needs to create an independent packet for all VLAN members included by tenant # 1. That is, tenant #1 corresponds to several VLAN _ IDs, and the first physical switch needs to create several third packets.
The form of each third message (e.g., message # C) may be as follows.
Figure BDA0000991531960000171
Finally, the first physical switch determines the trunk port corresponding to the second VLAN _ ID (that is, the trunk port may correspond to the trunk port 3) by querying the mapping table 2, and forwards the third packet through the trunk port P3, and forwards the plurality of third packets to the corresponding virtual switch through the corresponding trunk ports 3, respectively.
In addition, in this case, the first physical switch may perform forwarding processing on the first packet, that is, the first physical switch enters a forwarding flow.
For the forwarding process, reference may be made to the description in the foregoing, and details are not described herein for brevity.
As described above, through the forwarding procedure, the first physical switch modifies the first packet, and generates a third packet (e.g., packet # B). The form of the third message may be:
VNI source MAC address Destination MAC address
First VNI <Source MAC address> <Destination MAC address>
Thereafter, the first physical switch forwards the third message to other physical switches (e.g., the second physical switch in the embodiment of the present invention) in the communication system through the VXLAN tunnel.
The method 200 for forwarding a packet according to the embodiment of the present invention is described in detail below from the perspective of the second physical switch, taking the second physical switch as an example.
Fig. 3 shows a schematic interaction diagram of a method 200 of forwarding a message according to another embodiment of the invention. As shown in fig. 3, the method includes:
210. and the second physical switch receives a third message, wherein the third message carries the source MAC address, the destination MAC address and the first VNI.
The third message is a message sent by the source virtual machine identified by the source MAC address to the destination virtual machine identified by the destination MAC address, where the first VNI is used to identify a VXLAN network segment corresponding to the tenant to which the source virtual machine belongs.
It should be understood that the first physical switch shown in fig. 2 is merely an example of communication with the second physical switch and the present invention is not limited thereto. That is, the third message may also be a message sent by another physical switch to the second physical switch.
220. The second physical switch determines the type of the destination MAC address. The type of the MAC address may include a non-broadcast address and a broadcast address, among others.
Specifically, when judging the type of the destination MAC address, the following types may occur. And aiming at different types, the second physical switch needs to perform different forwarding processing on the third message.
Type 1
The destination MAC address is a non-broadcast address.
Type 2
The destination MAC address is a broadcast address.
230. And the second physical switch forwards the third message according to the type of the destination MAC address.
The following description will be made for the following processing procedures of the second physical switch with respect to the 2 types of MAC addresses in step 220.
When the second physical switch determines that the destination MAC address is a non-broadcast address, further, the second physical switch needs to determine whether the destination MAC address exists in the fourth mapping table or the fifth mapping table.
Specifically, the second physical switch determines whether the destination MAC address exists in the mapping table 4 by referring to the mapping table 4.
Case 1
The destination MAC address exists.
When the destination MAC address exists in the mapping table 4, the second physical switch may determine whether the destination virtual machine and the source virtual machine belong to the same tenant (or whether the VLAN _ ID corresponding to the source MAC address and the destination MAC address corresponds to the same VNI) according to the mapping table 4 and the mapping table 3.
Specifically, as can be seen from the foregoing, the form of the third packet (e.g., packet # C) sent by the first physical switch and received by the second physical switch is:
VNI source MAC address Destination MAC address
First VNI <Source MAC address> <Destination MAC address>
Step 1
The second physical switch looks up the mapping table 4 and determines the VLAN _ ID (for example, VLAN _ ID #1) corresponding to the destination MAC address.
Step 2
The second physical switch looks up the mapping table 3 and determines whether VLAN _ ID #1 is included in the plurality of VLAN _ IDs corresponding to the first VNI.
(1) VLAN _ ID #1 is included in the plurality of VLAN _ IDs corresponding to the first VNI.
It should be understood that, since the first VNI is used to identify the VXLAN network segment corresponding to the tenant to which the source virtual machine belongs, when VLAN _ ID #1 is included in the VLAN _ IDs corresponding to the first VNI, it is stated that the destination virtual machine and the source virtual machine belong to the same tenant. Thus, communication is allowed.
The second physical switch creates a fourth message (denoted as message # D for ease of distinction and understanding). The form of message # D may be as follows:
VLAN source MAC address Destination MAC address
Second one<VLAN_ID> <Source MAC address> <Destination MAC address>
The second physical switch queries the mapping table 2 to determine a trunk port (for convenience of distinction, referred to as a trunk port 4) corresponding to the destination MAC address.
The second physical switch transmits the message # D to the virtual switch corresponding to the trunk port 4 through the trunk port P4.
(2) VLAN _ ID #1 is not included in the plurality of VLAN _ IDs corresponding to the first VNI.
When the second physical switch cannot find the VLAN _ ID #1 corresponding to the destination virtual machine in the plurality of VLAN _ IDs corresponding to the first VNI, it is described that the source virtual machine and the destination virtual machine performing communication do not belong to the same tenant, and communication is prohibited. At this time, the second physical switch discards the message # C.
Case 2
The destination MAC address does not exist.
In this case, the destination virtual machine is illustrated not running on the physical host corresponding to the second physical switch. Or the source virtual machine and the destination virtual machine which communicate do not belong to the same tenant. At this time, the second physical switch discards the third packet.
Type 2
The destination MAC address is a broadcast address.
The second physical switch queries the mapping table 1 to determine all VLAN _ IDs (assuming that there are Q) corresponding to the first VNI.
The second physical switch creates Q messages (i.e., fifth messages), and each fifth message (for ease of distinction and understanding, referred to as message # E) may be in the form of:
VLAN source MAC address Destination MAC address
Second one<VLAN_ID> <Source MAC address> <Destination MAC address>
It should be understood that, in the Q fifth messages created by the second physical switch, each fifth message carries a second VLAN _ ID, where each second VLAN _ ID corresponds to a VLAN _ ID of a destination virtual machine.
The second physical switch queries the mapping table 2 to determine a trunk port corresponding to the destination MAC address (for convenience of distinction and description, referred to as trunk port 5).
And the second physical switch sends the fifth message to the virtual switch corresponding to the relay port 5 through the relay port 5.
It should be understood that there may be one or more trunk ports P5.
The method for forwarding a packet according to the embodiment of the present invention is described in detail above with reference to fig. 2 and fig. 3 from the perspective of the first physical switch and the second physical switch, respectively.
The following describes, with reference to fig. 4 to fig. 9, a method for forwarding a packet according to an embodiment of the present invention.
For example, with the host, the virtual machine of the same tenant allows communication, and the virtual machine of the different tenant prohibits communication.
Fig. 4 is a schematic diagram illustrating a method for forwarding a packet according to an embodiment of the present invention. As shown in fig. 4, the VM1 sends a message to the VM2 as an example.
VM1 transmits a message (hereinafter referred to as message #1 for convenience of distinction) to VM2, and virtual switch 1# receives message # 1. The form of message #1 may be:
VLAN source MAC address Destination MAC address
1 MAC1 MAC2
As can be seen from the foregoing description, the VLAN in the packet #1 is a VLAN corresponding to the source MAC address (MAC 1).
Virtual switch #1 according to the standard VLAN processing flow, since VM1 and VM2 belong to different VLANs (i.e., each VM has a separate VLAN in the present embodiment), virtual switch #1 can only forward message #1 into physical switch # 1.
The physical switch #1 searches the mapping table 2 according to the destination MAC address of the packet #1, and knows that the VLAN where the VM2 is located corresponds to the VLAN _ ID 2.
The physical switch #1 determines whether or not the two VLAN _ IDs corresponding to the source virtual machine and the destination virtual machine belong to the same tenant. If belonging to the same tenant, the communication is allowed. If the tenant belongs to a different tenant, communication is not allowed, and the message #1 is discarded.
By looking up the mapping table 1, the physical switch #1 recognizes that VLAN _ ID1 and VLAN _ ID2 belong to the same tenant, and allows communication. Proceed to the next step.
The physical switch #1 changes the VLAN of the message #1 to the VLAN corresponding to the destination MAC address (MAC2), and generates a new message (referred to as a message #2 for the sake of convenience of distinction). Message #2 may be in the form of:
VLAN source MAC address Destination MAC address
2 MAC1 MAC2
The physical switch #1 inquires the mapping table 2, and finds that the trunk port corresponding to VLAN _ ID2 is P1. Next, the physical switch # forwards the message #2 to the virtual switch #1 through the trunk port P1.
Upon receiving the packet #2, the virtual switch #1 forwards the packet #2 to the VM2 having the MAC address MAC2 in the VLAN 2 based on the VLAN _ ID in the packet # 2. Thus, VM2 and VM1 can communicate normally.
As another example, communication isolation between VMs (MAC address presence) between different tenants.
Continuing with fig. 4, the example that VM6 sends a message to VM5 in fig. 4 is taken as an example for explanation.
VM6 transmits a message (hereinafter referred to as message #3 for convenience of distinction) to VM5, and virtual switch 2# receives message # 3. Message #3 may be in the form of:
VLAN source MAC address Destination MAC address
6 MAC6 MAC5
The virtual switch #2 forwards the packet #3 to the physical switch #1 according to the standard VLAN processing flow.
The physical switch #1 inquires the mapping table 2 to know that the destination MAC address (MAC5) exists. The physical switch #1 acquires VLAN _ ID 5 corresponding to the VLAN where the MAC5 is located, according to the mapping table 2. Physical switch #1 then determines whether VLAN _ ID 5 and VLAN _ ID6 belong to the same tenant. As can be seen by looking up mapping table 1, VLAN _ ID 5 and VLAN _ ID6 belong to different tenants (in fig. 1, the tenant corresponding to VLAN _ ID 5 is "circular" and the tenant corresponding to VLAN _ ID6 is "square"). Communication between virtual machines belonging to different tenants is prohibited, and thus, the physical switch #1 discards the packet 3.
For another example, for the forwarding processing of the broadcast packet, only VMs belonging to the same tenant are allowed to receive the broadcast packet.
Fig. 5 is a schematic diagram illustrating a method for forwarding a packet according to another embodiment of the present invention. As shown in fig. 5, the example that VM3 sends broadcast messages in fig. 5 is taken as an example for explanation.
VM3 sends a broadcast message (hereinafter referred to as message #4 for ease of distinction). Message #4 may be in the form of:
VLAN source MAC address Destination MAC address
3 MAC3 Broadcast address
The virtual switch #1 receives the message # 4. According to the standard VLAN processing procedure, the virtual switch #1 forwards the packet #4 through the trunk port P1 to the physical switch # 1.
The physical switch #1 queries which tenant the message #4 belongs to according to the VLAN _ ID of the message #4, and queries all VLAN members included in the tenant. By querying the mapping table 1, the tenant corresponding to VLAN _ ID 3 is "square", and it is known that the tenant "square" includes VLAN _ ID 3 and VLAN _ ID6 on the physical switch # 1.
The physical switch #1 inquires the mapping table 2, and obtains trunk ports P1 and P2 corresponding to VLAN _ ID 3 and VLAN _ ID6, respectively. Next, the physical switch #1 creates corresponding packets (for the sake of convenience of distinction, packet #5 and packet #6, respectively) from the VLAN _ ID 3 and VLAN _ ID6 included in the tenant "square", and transmits them through the corresponding relay ports.
The packet #5 is sent through the relay port P1, and the form of the packet #5 may be:
VLAN source MAC address Destination MAC address
3 MAC3 Broadcast address
And sends the message #6 through the trunk port P2, where the form of the message #6 may be:
VLAN source MAC address Destination MAC address
6 MAC3 Broadcast address
Accordingly, the virtual switch #1 receives the packet #5 and transfers it in the VLAN 3. Upon receiving the packet #6, the virtual switch #2 forwards the packet #6 in the VLAN 6. In this way, a VM belonging to the same tenant as the VM3 can receive the corresponding broadcast message.
Meanwhile, the physical switch #1 also needs to forward the broadcast packet (i.e., the above-mentioned packet #4) to the physical switch #2 through the VLAN protocol.
When forwarding the message, the physical switch #1 needs to acquire, according to the VLAN3 in the message #4, the VNI corresponding to the VLAN3 (or the VXLAN network segment corresponding to the tenant to which the VLAN3 belongs). By looking up mapping table 1, the VNI corresponding to VLAN3 is VNI 2000.
The physical switch #1 constructs a VXLAN message (hereinafter referred to as a message #7 for the sake of convenience of distinction), and forwards the VXLAN message to the physical switch # 2. Message #7 may be in the form of:
VNI source MAC address Destination MAC address
2000 MAC3 Broadcast address
Physical switch #2 receives message # 7. Since the destination MAC address in the packet #7 is a broadcast address, the physical switch #2 determines which VLAN _ IDs the VNI 2000 corresponds to on the physical switch #2 according to the VNI (i.e., the VNI 2000) specified in the packet # 7.
By looking up the mapping table 3, the VLAN _ ID corresponding to the VNI 2000 is only VLAN _ ID 9 on the physical switch # 2. The physical switch #2 constructs a message (referred to as a message #8 for the sake of convenience of distinction) in the following form.
VLAN Source MAC address Destination MAC address
9 MAC3 Broadcast address
By querying the mapping table 4, the trunk port corresponding to VLAN _ ID 9 is P1, and the physical switch #2 forwards the packet #8 to the virtual switch #3 through the trunk port 3 on the physical switch # 2.
Upon receiving the packet #8, the virtual switch #3 forwards the packet within the VLAN designated in the packet #8 (i.e., VLAN 9). Thus, VM9, which belongs to the same tenant as VM3, may receive message # 8.
As another example, a communication across VXLAN (the MAC address exists and belongs to the same tenant).
Fig. 6 is a schematic diagram illustrating a method for forwarding a packet according to another embodiment of the present invention. As shown in fig. 6, the example that VM9 sends a message to VM3 in fig. 6 is taken as an example for explanation.
VM9 sends a message (denoted as message #9 for ease of distinction) to VM 3. Message #9 may be in the form of:
VLAN source MAC address Destination MAC address
9 MAC9 MAC3
The virtual switch #3 receives the packet #9, and according to the standard VLAN processing flow, the packet #9 is forwarded to the physical switch # 2.
Physical switch #2 consults mapping table 4 to determine whether the destination MAC address (i.e., MAC3) is present in mapping table 4. It can be seen that MAC3 is not present on physical switch # 2.
The physical switch #2 determines the VNI corresponding to VLAN _ ID 9 from the VLAN _ ID (i.e., VLAN _ ID 9) specified in the packet # 9. By querying the mapping table 3, the physical switch #2 acquires that the VNI corresponding to the VLAN _ ID 9 is VNI 2000.
The physical switch #2 creates a message (for the sake of distinction, referred to as a message # 10). Message #10) may be in the form of:
VNI source MAC address Destination MAC address
2000 MAC9 MAC3
The physical switch forwards the message #10 to physical switch #1 via the VXLAN tunnel.
When the physical switch #1 receives the packet #10, it can be known by querying the mapping table 1 that the tenant corresponding to the VNI 2000 is "square". Furthermore, from mapping table 1, it can be seen that the VLAN corresponding to MAC3 is VLAN _ ID 3.
The physical switch #1 creates a message (for the sake of distinction, referred to as a message # 11). Message #11 may be in the form of:
VLAN source MAC address Destination MAC address
3 MAC9 MAC3
The physical switch #1 determines that the trunk port corresponding to the MAC3 is the trunk port 1 according to the mapping table 2. The physical switch #1 forwards the packet #11 to the virtual switch #1 through the trunk port 1.
Upon receiving the packet #11, the virtual switch #1 forwards the packet #11 to the VM3 having the MAC address MAC3 within VLAN3 based on the VLAN _ ID (i.e., VLAN _ ID 3) specified in the packet # 11. In this way, VM9 may communicate with VM 3.
As another example, a communication across VXLAN (the MAC address exists and does not belong to the same tenant).
Fig. 7 is a diagram illustrating a method for forwarding a packet according to another embodiment of the present invention. As shown in fig. 7, the example that VM9 sends a message to VM2 in fig. 7 is taken as an example for explanation.
VM9 sends a message (denoted as message #12 for ease of distinction) to VM 2. Message #12 may be in the form of:
VLAN source MAC address Destination MAC address
9 MAC9 MAC2
The virtual switch #3 receives the packet #12, and since each VM has a VLAN _ ID in the embodiment of the present invention, the virtual switch #3 forwards the packet #12 to the physical switch # 2.
Physical switch #2 first looks up mapping table 4 locally to determine if the destination MAC address (i.e., MAC2) is present locally. From mapping table 4, MAC2 is not locally present.
The physical switch #2 queries, according to the mapping table 1, that the VNI corresponding to the VLAN _ ID in the packet #12 is VNI 2000. Next, the physical switch #2 creates a packet (for the sake of convenience, referred to as packet #13), and the form of the packet #13 may be:
VNI source MAC address Destination MAC address
2000 MAC9 MAC2
Physical switch #2 forwards message #13 to physical switch #1 via the VXLAN channel.
When the physical switch #1 receives the packet #13, the mapping table 1 is queried to know that the VNI corresponding to the packet #13 is VNI 2000, and the mapping table 2 is queried to know that the VLAN _ ID corresponding to the destination MAC address (i.e., MAC2) is VLAN _ ID 2. By querying the mapping table 1, the physical switch #1 knows that the VNI corresponding to VLAN _ ID2 does not belong to the tenant identified by VNI 2000. Therefore, physical switch #1 discards packet # 13. Thus, communication between VM9 and VM2 belonging to different tenants is not possible.
As another example, a process flow in which the accessed VM does not exist.
Fig. 8 is a diagram illustrating a method for forwarding a packet according to another embodiment of the present invention. As shown in fig. 8, the example that VM9 sends a message to VMx in fig. 8 is taken as an example for explanation.
VM9 sends a message (denoted as message #14 for ease of distinction) to VMx. Message #14 may be in the form of:
VLAN source MAC address Destination MAC address
9 MAC9 MACx
It should be understood that MACx here denotes a MAC address that cannot be queried (or does not exist) in the communication system.
The virtual switch #3 receives the packet #14, and according to the VLAN processing flow, the packet #14 is forwarded to the physical switch # 2.
The physical switch #2 queries the mapping table 4 to determine whether the destination MAC address (i.e., MACx) exists locally. From mapping table 4, physical switch #2 knows that MACx does not exist locally.
The physical switch #2 queries the mapping table 3, and determines that the VNI corresponding to the VLAN _ ID 9 in the packet #14 is VNI 2000.
Physical switch #2 creates a message (for the sake of distinction, it is referred to as message #15), and the form of message #15 may be:
VNI source MAC address Destination MAC address
2000 MAC9 MACx
Physical switch #2 forwards message #15 to physical switch #1 via the VXLAN channel.
Correspondingly, after receiving the message #15, the physical switch #1 inquires about the VLAN (or tenant) to which the destination MAC address in the message #15 belongs. Physical switch #1 cannot query the record of MACx locally. Physical switch #1 discards message # 15.
In the above embodiment, the VLAN mapping ID of the VM is merely referred to as VLAN _ ID. In the embodiment of the present invention, the VLAN mapping identifier of the VM may also be "VLAN _ ID + port". In other words, the use of physical switch "port" parameters is added to the mapping relationship between each "tenant" and VLAN, and the mapping relationship between VLAN and VXLAN. The VLAN _ ID assigned by each VM may overlap between the "ports" of the physical switch, but the combination of "VLAN _ ID + port number" must be unique.
Because each broadcast domain has only 4094 VLAN _ IDs at most, in such a way, the VLANs can be multiplexed without collision, and the use efficiency of the VLAN _ IDs is improved.
In this embodiment, the VLAN _ ID is not duplicated on one virtual switch. But the VLAN _ ID may be duplicated between different virtual machines.
Taking fig. 1 as an example, the virtual switch #1 stores a mapping table 10.
Mapping table 10
VM VLAN_ID MAC
VM1
1 MAC1
VM2
2 MAC2
VM3
3 MAC3
The virtual switch #2 has a mapping table 11 stored thereon.
Mapping table 11
VM VLAN_ID MAC
VM4
1 MAC4
VM5
2 MAC5
VM6
3 MAC6
The virtual switch #3 has a mapping table 12 stored thereon.
Mapping table 12
VM VLAN_ID MAC
VM7
1 MAC7
VM8
2 MAC8
VM9
3 MAC9
Correspondingly, the physical switch #1 has stored thereon a mapping table 13 and a mapping table 14.
Mapping table 13
Figure BDA0000991531960000271
Mapping table 14
Figure BDA0000991531960000272
Correspondingly, the physical switch #2 has stored thereon a mapping table 15.
Mapping table 15
Figure BDA0000991531960000273
Meanwhile, the physical switch #2 also has a mapping table 16 stored thereon.
Mapping table 16
Figure BDA0000991531960000281
As can be seen from the mapping tables 14 to 16, the VLAN _ IDs allocated between VMs can be duplicated, but the VLAN _ IDs do not duplicate on the same virtual switch.
It should be understood that, for the physical switch #1, the mapping relationships stored in the mapping table 13, the mapping table 14 and the mapping table 5 described above may be stored by using any number of mapping tables (e.g., one or two mapping tables). Similarly, for the physical switch #2, the mapping relationships stored in the mapping table 15, the mapping table 16, and the mapping table 6 described above may be stored by using any number of mapping tables (for example, one or two mapping tables). The number of mapping tables and the contents stored in the mapping tables described in the embodiments of the present invention are only examples, and the embodiments of the present invention are not particularly limited, and the protection scope of the embodiments of the present invention should not be limited at all.
In this embodiment, when the physical switch determines whether two virtual machines performing communication belong to the same tenant, the basis of the determination is no longer merely based on the VLAN _ ID in the packet, but "port + VLAN _ ID".
Fig. 9 is a schematic diagram illustrating a method for forwarding a packet according to another embodiment of the present invention. As shown in fig. 9, the VM1 sends a message to the VM2 for example.
The virtual switch #1 receives a message (hereinafter referred to as a message #16 for convenience of distinction) sent from the VM1 to the VM 2. Message #16 may be in the form of:
port + VLAN _ ID Source MAC address Destination MAC address
P1:1 MAC1 MAC2
Virtual switch #1 forwards packet #16 to physical switch # 1.
According to the destination MAC address (i.e., MAC2) of the packet #16, the physical switch #1 queries the mapping table 14, and thus the VLAN where the VM2 identified by the MAC2 is located corresponds to "P1: 2", that is, the VLAN segment where the VM2 is located is identified as "P1 + VLAN _ ID 2".
The physical switch #1 queries the mapping table 13, determines that the tenant corresponding to "P1: 2" is a "triangle", and determines whether "P1: 1" and "P1: 2" corresponding to the VLAN where the source virtual machine carried in the packet #16 is located belong to the same tenant. If belonging to the same tenant, the communication is allowed. If it belongs to a different tenant, communication is not allowed, message #16 is discarded.
As the physical switch #1 queries the mapping table 13, the tenant corresponding to "P1: 1" is a "triangle" and is the same as the tenant corresponding to "P1: 2", and therefore, communication is allowed.
The physical switch #1 changes the "port + VLAN _ ID" of the message #16 to the VLAN corresponding to the destination MAC address (i.e., MAC2), and generates a new message (referred to as a message #17 for the sake of convenience of distinction). Message #17 may be in the form of:
end + VLAN _ ID Source MAC address Destination MAC address
P1:2 MAC1 MAC2
Next, the physical switch #1 refers to the mapping table 14, and determines that the trunk port corresponding to "P1: 2" is trunk port 1. Finally, the physical switch #1 forwards the packet #17 to the virtual switch #1 corresponding to the relay port 1 through the relay port 1.
Upon receiving the packet #17, the virtual switch #1 forwards the packet #17 to the VM2 having a MAC address of MAC2 in VLAN 2 under the port P1 according to "P1: 2" in the packet. Thus, VM2 and VM1 can communicate.
It can be seen that in this embodiment, the difference from the above-described embodiment is that the VLAN mapping identification assigned by the virtual machine is in the form of "port + VLAN _ ID", not just "VLAN _ ID". The difference is that, when performing packet conversion (or changing), the port + VLAN _ ID corresponding to the source virtual machine needs to be converted into the port + VLAN _ ID corresponding to the destination virtual machine.
For the process of intercommunication between the virtual machines in this case, similar to the above-mentioned case where the VLAN mapping of the virtual machine is identified as "VLAN _ ID", the above description of the VLAN mapping of the virtual machine being identified as "VLAN _ ID" can be referred to. For brevity, no further description is provided.
Therefore, according to the method for forwarding a packet in the embodiment of the present invention, the communication system allocates one VLAN mapping identifier to each virtual machine, so that each virtual machine has an independent VLAN. The virtual switch forwards all received messages from the virtual machines to a physical switch in the communication system, so that the physical switch can receive all the messages sent during communication between the virtual machines, and communication flow between the virtual machines can be uniformly managed.
The method for forwarding a packet according to the embodiment of the present invention is described in detail above with reference to fig. 1 to 9. Hereinafter, an apparatus for forwarding a packet according to an embodiment of the present invention is described in detail with reference to fig. 10 and 11.
Fig. 10 is a schematic block diagram of an apparatus 400 for forwarding a packet according to an embodiment of the present invention. The device is configured in a communication system comprising a first physical host, the device is configured with at least one relay port, at least one virtual switch and at least two virtual machines run on the first physical host, each virtual switch in the at least one virtual switch transmits messages with the device through the relay port connected with the virtual switch, each virtual machine running on the first physical host belongs to a tenant, each tenant has at least one virtual local area network identification (VNI), each VNI is used for uniquely identifying a virtual extended local area network (VXLAN) segment to which the corresponding tenant belongs in the communication system, each virtual machine has one Virtual Local Area Network (VLAN) mapping identification, each VLAN mapping identification is used for uniquely identifying a network segment to which one virtual machine belongs in the communication system, and each two virtual machines have different VLAN mapping identifications, each virtual machine has a MAC address for media access control, each MAC address is used to uniquely identify one virtual machine in the communication system, the device stores a first mapping table, a second mapping table and a third mapping table, the first mapping table is used to record a one-to-one mapping relationship between a plurality of MAC addresses and a plurality of VLAN mapping identifiers, the second mapping table is used to record a mapping relationship between a plurality of MAC addresses and a plurality of relay ports, each relay port corresponds to at least one MAC address, the third mapping table is used to record a mapping relationship between a plurality of VLAN mapping identifiers and a plurality of VNIs, and each VNI corresponds to at least one VLAN mapping identifier. As shown in fig. 10, the apparatus 400 includes:
a receiving unit 410, configured to receive a first packet sent by a first virtual switch running on the first physical host through a first relay port, where the first packet carries a source MAC address, a destination MAC address, and a first VLAN mapping identifier, the first packet is a packet sent by a source virtual machine identified by the source MAC address to a destination virtual machine identified by the destination MAC address, the source virtual machine is a virtual machine running on the first physical host, and the first VLAN mapping identifier is used to identify a VLAN network segment to which the source virtual machine belongs;
a processing unit 420, configured to determine an address type of the destination MAC address, where the address type includes a non-broadcast address and a broadcast address;
the processing unit 420 is further configured to forward the first packet according to the address type of the destination MAC address.
The apparatus 400 for forwarding a packet according to the embodiment of the present invention may correspond to the first physical switch in the method 100 and the method 200 for forwarding a packet according to the embodiment of the present invention. Also, the elements and other operations or functions described above in the apparatus 400 are for the respective flows performed by the first physical switch in the methods 100 and 200, respectively. For brevity, no further description is provided herein.
Therefore, according to the device for forwarding a packet in the embodiment of the present invention, the communication system allocates a VLAN mapping identifier to each virtual machine, so that each virtual machine has an independent VLAN. The virtual switch forwards all received messages from the virtual machines to a physical switch in the communication system, so that the physical switch can receive all the messages sent during communication between the virtual machines, and communication flow between the virtual machines can be uniformly managed.
Fig. 11 is a schematic block diagram of an apparatus 500 for forwarding a packet according to an embodiment of the present invention. The device is applied to a communication system comprising a second physical host, the device is provided with at least one relay port, at least one virtual switch and at least two virtual machines run on the second physical host, each virtual switch in the at least one virtual switch transmits messages with the device through the relay port connected with the virtual switch, each virtual machine running on the second physical host belongs to a tenant, each tenant has at least one virtual local area network identifier (VNI), each VNI is used for uniquely identifying a VXLAN segment to which the corresponding tenant belongs in the communication system, each virtual machine has one VLAN mapping identifier, each VLAN mapping identifier is used for uniquely identifying a VLAN segment to which one virtual machine belongs in the communication system, each two VLAN machines have different mapping identifiers, and each virtual machine has one Media Access Control (MAC) address, each MAC address is used for uniquely identifying the position of one virtual machine in the communication system, a fourth mapping table, a fifth mapping table and a sixth mapping table are stored on the device, the fourth mapping table is used for recording the one-to-one mapping relation between a plurality of MAC addresses and a plurality of VLAN mapping identifications, the fifth mapping table is used for recording the mapping relation between a plurality of MAC addresses and a plurality of relay ports, and each relay port corresponds to at least one MAC address. The sixth mapping table is used for recording mapping relationships between a plurality of VLAN mapping identifications and a plurality of VNIs, where each VNI corresponds to at least one VLAN mapping identification. As shown in fig. 11, the apparatus 500 includes:
a receiving unit 510, configured to receive a third packet, where the third packet carries a source MAC address, a destination MAC address, and a first VNI, and the third packet is a packet that a source virtual machine identified by the source MAC address sends to a destination virtual machine identified by the destination MAC address, where the first VNI is used to identify a VXLAN network segment corresponding to a tenant to which the source virtual machine belongs;
a processing unit 520, configured to determine an address type of the destination MAC address, where the address type includes a non-broadcast address and a broadcast address;
the processing unit 520 is further configured to forward the third packet according to the address type of the destination MAC address.
The apparatus 500 for forwarding a packet according to the embodiment of the present invention may correspond to the second physical switch in the method 100 and the method 200 for forwarding a packet according to the embodiment of the present invention. Also, the units in the apparatus 500 and other operations or functions described above are for the respective flows performed by the second physical switch in the methods 100 and 200, respectively. For brevity, no further description is provided herein.
Therefore, according to the device for forwarding a packet in the embodiment of the present invention, the communication system allocates a VLAN mapping identifier to each virtual machine, so that each virtual machine has an independent VLAN. The virtual switch forwards all received messages from the virtual machines to a physical switch in the communication system, so that the physical switch can receive all the messages sent during communication between the virtual machines, and communication flow between the virtual machines can be uniformly managed.
In the above, the apparatus for forwarding a packet according to the embodiment of the present invention is described in detail with reference to fig. 10 and fig. 11. Hereinafter, an apparatus for forwarding a packet according to an embodiment of the present invention is described with reference to fig. 12 and 13.
Fig. 12 is a schematic structural diagram of an apparatus 600 for forwarding a packet according to an embodiment of the present invention. The device is configured in a communication system comprising a first physical host, the device is configured with at least one relay port, the first physical host runs at least one virtual switch and at least two virtual machines, each virtual switch in the at least one virtual switch transmits messages with the device through the relay port connected with the virtual switch, each virtual machine running on the first physical host belongs to a tenant, each tenant has at least one virtual local area network identification (VNI), each VNI is used for uniquely identifying a virtual extended local area network (VXLAN) segment to which the corresponding tenant belongs in the communication system, each virtual machine has one Virtual Local Area Network (VLAN) mapping identification, each VLAN mapping identification is used for uniquely identifying a network segment to which one virtual machine belongs in the communication system, and any two virtual machines have different VLAN mapping identifications, each virtual machine has a media access control MAC address, each MAC address is used to uniquely identify one virtual machine in the communication system, the first physical switch stores a first mapping table, a second mapping table and a third mapping table, the first mapping table is used to record a one-to-one mapping relationship between a plurality of MAC addresses and a plurality of VLAN mapping identifiers, the second mapping table is used to record a mapping relationship between a plurality of MAC addresses and a plurality of trunk ports, each trunk port corresponds to at least one MAC address, the third mapping table is used to record a mapping relationship between a plurality of VLAN mapping identifiers and a plurality of VNIs, and each VNI corresponds to at least one VLAN mapping identifier.
As shown in fig. 12, the apparatus 600 includes: a memory 610, a processor 620, and a network interface 630, wherein the memory 610, the processor 620, and the network interface 630 are interconnected via a bus system 640, the memory 610 is configured to store instructions, and the processor 620 is configured to execute the instructions stored by the memory 620 to control the network interface 630 to send or receive signals. Wherein,
the network interface 630 is configured to receive a first packet sent by a first virtual switch running on a first physical host through a first relay port, where the first packet carries a source MAC address, a destination MAC address, and a first VLAN mapping identifier, the first packet is a packet sent by a source virtual machine identified by the source MAC address to a destination virtual machine identified by the destination MAC address, the source virtual machine is a virtual machine running on the first physical host, and the first VLAN mapping identifier is used to identify a VLAN segment to which the source virtual machine belongs;
the processor 620 is configured to determine an address type of the destination MAC address, where the address type includes a non-broadcast address and a broadcast address;
the processor 620 is further configured to forward the first packet according to the address type of the destination MAC address.
It should be understood that, in the embodiment of the present invention, the processor 620 may be a Central Processing Unit (CPU), and the processor 620 may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 610 may include a read-only memory and a random access memory, and provides instructions and data to the processor 620. A portion of the memory 610 may also include non-volatile random access memory. For example, the memory 610 may also store device type information.
The bus system 640 may include a power bus, a control bus, a status signal bus, and the like, in addition to a data bus. For clarity of illustration, however, the various buses are designated in the figure as bus system 640.
The network Interface 630 may be a wired Interface, such as a Fiber Distributed Data Interface (FDDI) Interface or a Gigabit Ethernet (GE) Interface; the network interface 230 may also be a wireless interface.
In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 620. The steps of the method for forwarding a packet disclosed in the embodiments of the present invention may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 610, and the processor 620 reads the information in the memory 610 and performs the steps of the above method in combination with the hardware thereof. To avoid repetition, it is not described in detail here.
The apparatus 600 for forwarding a packet according to the embodiment of the present invention may correspond to the first physical switch in the method 100 and the method 200 for forwarding a packet according to the embodiment of the present invention. Also, the units in the device and other operations or functions described above are for the respective flows performed by the first physical switch in the methods 100, 200, respectively. For brevity, no further description is provided herein.
Therefore, according to the device for forwarding a packet in the embodiment of the present invention, the communication system allocates one VLAN mapping identifier to each virtual machine, so that each virtual machine has an independent VLAN. The virtual switch forwards all received messages from the virtual machines to a physical switch in the communication system, so that the physical switch can receive all the messages sent during communication between the virtual machines, and communication flow between the virtual machines can be uniformly managed.
Fig. 13 is a schematic structural diagram of a device 700 for forwarding a packet according to an embodiment of the present invention. The device is configured in a communication system comprising a second physical host, the device is configured with at least one relay port, at least one virtual switch and at least two virtual machines run on the second physical host, each virtual switch in the at least one virtual switch transmits messages with the device through the relay port connected with the virtual switch, each virtual machine running on the second physical host belongs to a tenant, each tenant has at least one virtual local area network identifier (VNI), each VNI is used for uniquely identifying a virtual LAN segment to which the corresponding tenant belongs in the communication system, each virtual machine has a VLAN mapping identifier, each VLAN mapping identifier is used for uniquely identifying a VLAN segment to which one virtual machine belongs in the communication system, any two VLAN machines have different mapping identifiers, and each virtual machine has a Media Access Control (MAC) address, each MAC address is used to uniquely identify one virtual machine in the communication system, a fourth mapping table, a fifth mapping table and a sixth mapping table are stored in the device, the fourth mapping table is used to record a one-to-one mapping relationship between a plurality of MAC addresses and a plurality of VLAN mapping identifiers, the fifth mapping table is used to record a mapping relationship between a plurality of MAC addresses and a plurality of trunk ports, each trunk port corresponds to at least one MAC address, the sixth mapping table is used to record a mapping relationship between a plurality of VLAN mapping identifiers and a plurality of VNIs, and each VNI corresponds to at least one VLAN mapping identifier.
As shown in fig. 13, the apparatus 700 includes: a memory 710, a processor 720 and a network interface 730, wherein the memory 710, the processor 720 and the network interface 730 are connected by a bus system 740, the memory 710 is used for storing instructions, and the processor 720 is used for executing the instructions stored by the memory 710 to control the network interface 730 to send or receive signals. Wherein,
the network interface 730 is configured to receive a third packet, where the third packet carries a source MAC address, a destination MAC address, and a first VNI, where the third packet is a packet that a source virtual machine identified by the source MAC address sends to a destination virtual machine identified by the destination MAC address, and the first VNI is used to identify a VXLAN network segment corresponding to a tenant to which the source virtual machine belongs;
the processor 720 is configured to determine an address type of the destination MAC address, wherein the address type includes a non-broadcast address and a broadcast address;
the processor 720 is further configured to forward the third packet according to the determined address type of the destination MAC address.
It should be understood that, in the embodiment of the present invention, the processor 720 may be a Central Processing Unit (CPU), and the processor 720 may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 710, which may include both read-only memory and random-access memory, provides instructions and data to the processor 720. A portion of the memory 710 may also include non-volatile random access memory. For example, the memory 710 may also store device type information.
The bus system 740 may include a power bus, a control bus, a status signal bus, and the like, in addition to a data bus. For clarity of illustration, the various buses are designated in the figure as the bus system 740.
The network Interface 730 may be a wired Interface, such as a Fiber Distributed Data Interface (FDDI) Interface or a Gigabit Ethernet (GE) Interface; the network interface 230 may also be a wireless interface.
In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 720. The steps of the method for forwarding a packet disclosed in the embodiments of the present invention may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 710, and the processor 720 reads the information in the memory 710 and performs the steps of the method in combination with the hardware. To avoid repetition, it is not described in detail here.
The device 700 for forwarding a packet according to the embodiment of the present invention may correspond to the second physical switch in the method 100 and the method 200 for forwarding a packet according to the embodiment of the present invention. Also, the units in the device and other operations or functions described above are for the respective flows performed by the second physical switch in the methods 100, 200, respectively. For brevity, no further description is provided herein.
Therefore, according to the device for forwarding a packet in the embodiment of the present invention, the communication system allocates one VLAN mapping identifier to each virtual machine, so that each virtual machine has an independent VLAN. The virtual switch forwards all received messages from the virtual machines to a physical switch in the communication system, so that the physical switch can receive all the messages sent during communication between the virtual machines, and communication flow between the virtual machines can be uniformly managed.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (24)

1. A method for forwarding a message is applied to a communication system including a first physical switch and a first physical host, the first physical switch is configured with at least one trunk port, the first physical host runs on at least one virtual switch and at least two virtual machines, each virtual switch in the at least one virtual switch transmits a message with the first physical switch through the trunk port connected with the virtual switch, each virtual machine running on the first physical host belongs to one tenant, each tenant has at least one virtual local area network identifier (VNI), each VNI is used for uniquely identifying a virtual extended local area network (VXLAN) to which the corresponding tenant belongs in the communication system, each network segment virtual machine has one Virtual Local Area Network (VLAN) mapping identifier, each VLAN mapping identifier is used for uniquely identifying a VLAN network segment to which one virtual machine belongs in the communication system, any two virtual machines have different VLAN mapping identifications, each virtual machine has a MAC address, each MAC address is used to uniquely identify one virtual machine in the communication system, the first physical switch has stored thereon a first mapping table, a second mapping table and a third mapping table, the first mapping table is used to record a one-to-one mapping relationship between a plurality of MAC addresses and a plurality of VLAN mapping identifications, the second mapping table is used to record a mapping relationship between a plurality of MAC addresses and a plurality of trunk ports, each trunk port corresponds to at least one MAC address, the third mapping table is used to record a mapping relationship between a plurality of VLAN mapping identifications and a plurality of VNIs, each VNI corresponds to at least one VLAN mapping identification, and the method includes:
the first physical switch receives a first message sent by a first virtual switch running on the first physical host through a first relay port, wherein the first message carries a source MAC address, a destination MAC address and a first VLAN mapping identifier, the first message is sent by a source virtual machine of the source MAC address identifier to a destination virtual machine of the destination MAC address identifier, the virtual machine is a virtual machine running on the first physical host, and the first VLAN mapping identifier is used for identifying a VLAN network segment to which the source virtual machine belongs;
the first physical switch determines the address type of the destination MAC address, wherein the address type comprises a non-broadcast address and a broadcast address;
and the first physical switch carries out forwarding processing on the first message according to the address type of the destination MAC address.
2. The method according to claim 1, wherein the forwarding the first packet by the first physical switch according to the address type of the destination MAC address includes:
when the first physical switch determines that the address type of the destination MAC address is a non-broadcast address, the first physical switch determines whether the destination MAC address exists in the first mapping table or the second mapping table, and generates a first determination result;
and the first physical switch carries out forwarding processing on the first message according to the first judgment result.
3. The method according to claim 2, wherein the forwarding the first packet by the first physical switch according to the first determination result includes:
when the first physical switch determines that the destination MAC address exists in the first mapping table or the second mapping table, the first physical switch determines a second VLAN mapping identifier corresponding to the destination MAC address according to the destination MAC address and the first mapping table, wherein the second VLAN mapping identifier is used for identifying a VLAN network segment to which the destination virtual machine belongs;
the first physical switch determines a first VNI corresponding to the first VLAN mapping identifier and a second VNI corresponding to the second VLAN mapping identifier according to the third mapping table, the first VLAN mapping identifier, and the second VLAN mapping identifier, and determines whether the first VNI and the second VNI are the same, thereby generating a second determination result;
and the first physical switch forwards the first message according to the second judgment result.
4. The method according to claim 3, wherein the forwarding, by the first physical switch, the first packet according to the second determination result includes:
when the first VNI and the second VNI are the same, the first physical switch changes a first VLAN mapping identifier of the first message into a second VLAN mapping identifier to generate a second message;
the first physical switch determines a second relay port corresponding to the destination MAC address according to the second mapping table and the destination MAC address;
and the first physical switch forwards the second message to a virtual switch connected with the second trunk port through the second trunk port.
5. The method according to claim 3, wherein the forwarding, by the first physical switch, the first packet according to the second determination result includes:
when the first VNI and the second VNI are different, the first physical switch discards the first packet.
6. The method of claim 2, wherein the communication system further comprises a second physical switch, wherein the second physical switch is in communication with the first physical switch via a VXLAN tunnel, and wherein
The first physical switch, according to the first determination result, performs forwarding processing on the first packet, including:
when the first physical switch determines that the destination MAC address does not exist in the first mapping table or the second mapping table, the first physical switch determines, according to the first VLAN mapping identifier and the third mapping table, a first VNI corresponding to the first VLAN mapping identifier, where the first VNI is used to identify a VXLAN network segment corresponding to a tenant to which the source virtual machine belongs;
the first physical switch changes the first VLAN mapping identification of the first message into the first VNI so as to generate a third message;
and the first physical switch forwards the third message to the second physical switch through the VXLAN tunnel.
7. The method according to claim 1, wherein the forwarding the first packet by the first physical switch according to the address type of the destination MAC address includes:
when the first physical switch determines that the address type of the destination MAC address is a broadcast address, the first physical switch determines, according to the first VLAN mapping identifier and the third mapping table, a first VNI corresponding to the first VLAN mapping identifier, and determines P third VLAN mapping identifiers corresponding to the first VNI, where the first VNI is used to identify a VXLAN network segment corresponding to a tenant to which the source virtual machine belongs, and P is greater than or equal to 2;
the first physical switch determines P destination MAC addresses corresponding to the P third VLAN mapping identifications according to the P third VLAN mapping identifications and the first mapping table;
the first physical switch determines R third relay ports corresponding to the P destination MAC addresses according to the P destination MAC addresses and the second mapping table, wherein R is more than or equal to 1 and less than or equal to P;
the first physical switch creates P third messages, the P third messages correspond to the P third VLAN mapping identifications one by one, and each third message carries the source MAC address, the corresponding third VLAN mapping identification and the corresponding destination MAC address;
and the first physical switch forwards the P third messages to R virtual switches connected with the R third relay ports through the R third relay ports.
8. The method of claim 7, wherein the communication system further comprises a second physical switch, wherein the second physical switch is in communication with the first physical switch via a VXLAN tunnel, and wherein the method further comprises:
the first physical switch changes the first VLAN mapping identification in the first message into the first VNI so as to generate a third message;
and the first physical switch forwards the third message to the second physical switch through the VXLAN tunnel.
9. A method for forwarding a message is applied to a communication system comprising a second physical host and a second physical switch, wherein the second physical switch is configured with at least one trunk port, the second physical host is operated with at least one virtual switch and at least two virtual machines, each virtual switch in the at least one virtual switch transmits a message with the second physical switch through the trunk port connected with the virtual switch, each virtual machine operated on the second physical host belongs to one tenant, each tenant has at least one virtual local area network identifier (VNI), each VNI is used for uniquely identifying a VXLAN segment to which the corresponding tenant belongs in the communication system, each virtual machine has one VLAN mapping identifier, each VLAN mapping identifier is used for uniquely identifying a VLAN segment to which one virtual machine belongs in the communication system, any two virtual machines have different VLAN mapping identifications, each virtual machine has a MAC address, each MAC address is used to uniquely identify one virtual machine in the communication system, the second physical switch has a fourth mapping table, a fifth mapping table and a sixth mapping table stored thereon, the fourth mapping table is used to record a one-to-one mapping relationship between a plurality of MAC addresses and a plurality of VLAN mapping identifications, the fifth mapping table is used to record a mapping relationship between a plurality of MAC addresses and a plurality of trunk ports, each trunk port corresponds to at least one MAC address, the sixth mapping table is used to record a mapping relationship between a plurality of VLAN mapping identifications and a plurality of VNIs, each VNI corresponds to at least one VLAN mapping identification, and the method includes:
the second physical switch receives a third message, where the third message carries a source MAC address, a destination MAC address, and a first VNI, and the third message is a message sent by a source virtual machine identified by the source MAC address to a destination virtual machine identified by the destination MAC address, where the first VNI is used to identify a VXLAN network segment corresponding to a tenant to which the source virtual machine belongs;
the second physical switch determines the address type of the destination MAC address, wherein the address type comprises a non-broadcast address and a broadcast address;
and the second physical switch forwards the third message according to the address type of the destination MAC address.
10. The method according to claim 9, wherein the second physical switch performs forwarding processing on the third packet according to the address type of the destination MAC address, including:
when the destination MAC address is a non-broadcast address, the second physical switch determines that the destination MAC address exists in the fourth mapping table or the fifth mapping table;
the second physical switch determines a second VLAN mapping identifier corresponding to the destination MAC address according to the destination MAC address and the fourth mapping table;
the second physical switch changes the first VNI in the third message into the second VLAN mapping identifier to generate a fourth message, wherein the second VLAN mapping identifier is used for identifying a VLAN network segment to which the destination virtual machine belongs;
the second physical switch determines a fourth relay port corresponding to the destination MAC address according to the destination MAC address and the fifth mapping table;
and the second physical switch forwards the fourth message to a virtual switch connected with the fourth trunk port through the fourth trunk port.
11. The method according to claim 9, wherein the second physical switch performs forwarding processing on the third packet according to the address type of the destination MAC address, including:
when the destination MAC address is a non-broadcast address, the second physical switch determines that the destination MAC address does not exist in the fourth mapping table or the fifth mapping table;
and the second physical switch discards the third message.
12. The method according to claim 9, wherein the second physical switch performs forwarding processing on the third packet according to the address type of the destination MAC address, including:
when the destination MAC address is a broadcast address, the second physical switch determines Q fourth VLAN mapping identifiers corresponding to the first VNI according to the sixth mapping table and the first VNI, wherein Q is more than or equal to 1;
the second physical switch determines Q destination MAC addresses corresponding to the Q fourth VLAN mapping identifications according to the Q fourth VLAN mapping identifications and the fourth mapping table;
the second physical switch determines T fifth relay ports corresponding to the Q destination MAC addresses according to the Q destination MAC addresses and the fifth mapping table, wherein T is more than or equal to 1 and less than or equal to P;
the second physical switch creates Q fifth messages, the Q fifth messages correspond to the Q fourth VLAN mapping identifications one by one, and each fifth message carries the source MAC address, the corresponding fourth VLAN mapping identification and the corresponding destination MAC address;
and the second physical switch forwards the Q fifth messages to T virtual switches connected with the T fifth relay ports through the T fifth relay ports.
13. An apparatus for forwarding a message, the apparatus being configured in a communication system including a first physical host, the apparatus being configured with at least one trunk port, at least one virtual switch and at least two virtual machines running on the first physical host, each virtual switch in the at least one virtual switch communicating a message with the apparatus through the trunk port connected to the virtual switch, each virtual machine running on the first physical host belonging to one tenant, each tenant having at least one virtual local area network identifier, VNI, each VNI for uniquely identifying a virtual extended local area network, VXLAN, segment to which the corresponding tenant belongs in the communication system, each virtual machine having one virtual local area network, VLAN, mapping identifier, each VLAN, for uniquely identifying a VLAN segment to which one virtual machine belongs in the communication system, any two virtual machines have different VLAN mapping identifications, each virtual machine has a MAC address, each MAC address is used to uniquely identify one virtual machine in the communication system, the apparatus stores a first mapping table, a second mapping table and a third mapping table, the first mapping table is used to record a one-to-one mapping relationship between a plurality of MAC addresses and a plurality of VLAN mapping identifications, the second mapping table is used to record a mapping relationship between a plurality of MAC addresses and a plurality of relay ports, each relay port corresponds to at least one MAC address, the third mapping table is used to record a mapping relationship between a plurality of VLAN mapping identifications and a plurality of VNIs, each VNI corresponds to at least one VLAN mapping identification, and the apparatus includes:
a receiving unit, configured to receive a first packet sent by a first virtual switch running on the first physical host through a first relay port, where the first packet carries a source MAC address, a destination MAC address, and a first VLAN mapping identifier, the first packet is a packet sent by a source virtual machine identified by the source MAC address to a destination virtual machine identified by the destination MAC address, the source virtual machine is a virtual machine running on the first physical host, and the first VLAN mapping identifier is used to identify a VLAN network segment to which the source virtual machine belongs;
the processing unit is used for determining the address type of the destination MAC address, wherein the address type comprises a non-broadcast address and a broadcast address;
the processing unit is further configured to forward the first packet according to the address type of the destination MAC address.
14. The apparatus according to claim 13, characterized in that the processing unit is specifically configured to,
when the processing unit determines that the address type of the destination MAC address is a non-broadcast address, judging whether the destination MAC address exists in the first mapping table or the second mapping table, and generating a first judgment result;
the processing unit is further configured to forward the first packet according to the first determination result.
15. The apparatus according to claim 14, wherein the processing unit is specifically configured to:
when the processing unit determines that the destination MAC address exists in the first mapping table or the second mapping table, determining a second VLAN mapping identifier corresponding to the destination MAC address according to the destination MAC address and the first mapping table, wherein the second VLAN mapping identifier is used for identifying a VLAN network segment to which the destination virtual machine belongs;
determining a first VNI corresponding to the first VLAN mapping identifier and a second VNI corresponding to the second VLAN mapping identifier according to the third mapping table, the first VLAN mapping identifier and the second VLAN mapping identifier, judging whether the first VNI and the second VNI are the same or not, and generating a second judgment result;
and forwarding the first message according to the second judgment result.
16. The apparatus according to claim 15, wherein the processing unit is specifically configured to, when the first VNI and the second VNI are the same, change a first VLAN mapping identifier of the first packet to the second VLAN mapping identifier to generate a second packet;
determining a second relay port corresponding to the destination MAC address according to the second mapping table and the destination MAC address;
and, the apparatus further comprises:
and the sending unit is used for forwarding the second message to a virtual switch connected with the second trunk port through the second trunk port.
17. The apparatus of claim 15, wherein the processing unit is specifically configured to discard the first packet when the first VNI and the second VNI are different.
18. The apparatus of claim 14, wherein the communication system further comprises a second physical switch, wherein the second physical switch is in communication with the apparatus via a VXLAN tunnel,
and the processing unit is specifically configured to:
when the destination MAC address does not exist in the first mapping table or the second mapping table, determining a first VNI corresponding to the first VLAN mapping identifier according to the first VLAN mapping identifier and the third mapping table, where the first VNI is used to identify a VXLAN network segment corresponding to a tenant to which the source virtual machine belongs;
changing the first VLAN mapping identification of the first message into the first VNI to generate a third message;
and, the apparatus further comprises:
and the sending unit forwards the third message generated by the processing unit to the second physical switch through the VXLAN tunnel.
19. The apparatus according to claim 13, wherein the processing unit is specifically configured to:
when the address type of the destination MAC address is a broadcast address, determining a first VNI corresponding to the first VLAN mapping identifier according to the first VLAN mapping identifier and the third mapping table, and determining P third VLAN mapping identifiers corresponding to the first VNI, wherein the first VNI is used for identifying a VXLAN segment corresponding to a tenant to which the source virtual machine belongs, and P is more than or equal to 2;
determining P destination MAC addresses corresponding to the P third VLAN mapping identifications according to the P third VLAN mapping identifications and the first mapping table;
determining R third relay ports corresponding to the P destination MAC addresses according to the P destination MAC addresses and the second mapping table, wherein R is more than or equal to 1 and less than or equal to P;
creating P third messages, wherein the P third messages correspond to the P third VLAN mapping identifications one to one, and each third message carries the source MAC address, the corresponding third VLAN mapping identification and the corresponding destination MAC address;
and, the apparatus further comprises:
a sending unit, configured to forward, through the R third relay ports, the P third packets to R virtual switches connected to the R third relay ports.
20. The apparatus of claim 19, wherein the communication system further comprises a second physical switch, wherein the second physical switch is in communication with the first physical switch via a VXLAN tunnel,
the processing unit is further configured to change the first VLAN mapping identifier in the first packet to the first VNI, so as to generate a third packet;
the sending unit is further configured to forward the third packet to the second physical switch through the VXLAN tunnel.
21. A device for forwarding a message, configured in a communication system including a second physical host, the device being configured with at least one trunk port, the second physical host running thereon at least one virtual switch and at least two virtual machines, each virtual switch in the at least one virtual switch transmitting a message with the device through the trunk port connected to the virtual switch, each virtual machine running on the second physical host belonging to one tenant, each tenant having at least one virtual local area network identifier (VNI) for uniquely identifying a VXLAN segment to which the corresponding tenant belongs in the communication system, each virtual machine having one VLAN mapping identifier for uniquely identifying a segment to which one virtual machine belongs in the communication system, any two virtual machines having different VLAN mapping identifiers, each virtual machine has a MAC address, each MAC address is used to uniquely identify a location of one virtual machine in the communication system, the apparatus has stored thereon a fourth mapping table, a fifth mapping table and a sixth mapping table, the fourth mapping table is used to record a one-to-one mapping relationship between a plurality of MAC addresses and a plurality of VLAN mapping identifiers, the fifth mapping table is used to record a mapping relationship between a plurality of MAC addresses and a plurality of trunk ports, each trunk port corresponds to at least one MAC address, the sixth mapping table is used to record a mapping relationship between a plurality of VLAN mapping identifiers and a plurality of VNIs, each VNI corresponds to at least one VLAN mapping identifier, the apparatus includes:
a receiving unit, configured to receive a third packet, where the third packet carries a source MAC address, a destination MAC address, and a first VNI, and the third packet is a packet that a source virtual machine identified by the source MAC address sends to a destination virtual machine identified by the destination MAC address, where the first VNI is used to identify a VXLAN network segment corresponding to a tenant to which the source virtual machine belongs;
the processing unit is used for determining the address type of the destination MAC address, wherein the address type comprises a non-broadcast address and a broadcast address;
the processing unit is further configured to forward the third packet according to the address type of the destination MAC address.
22. The apparatus according to claim 21, characterized in that the processing unit is specifically configured to,
when the destination MAC address is a non-broadcast address, determining that the destination MAC address exists in the fourth mapping table or the fifth mapping table;
determining a second VLAN mapping identifier corresponding to the destination MAC address according to the destination MAC address and the fourth mapping table;
changing a first VNI in the third message into the second VLAN mapping identifier to generate a fourth message, wherein the second VLAN mapping identifier is used for identifying a VLAN network segment to which the destination virtual machine belongs;
determining a fourth relay port corresponding to the destination MAC address according to the destination MAC address and the fifth mapping table;
and forwarding the fourth message to a virtual switch connected with the fourth trunk port through the fourth trunk port.
23. The apparatus according to claim 21, wherein the processing unit is specifically configured to determine that the destination MAC address does not exist in the fourth mapping table or the fifth mapping table when the destination MAC address is a non-broadcast address, and discard the third packet.
24. The apparatus according to claim 21, wherein the processing unit is specifically configured to:
when the destination MAC address is a broadcast address, determining Q fourth VLAN mapping identifications corresponding to the first VNI according to the sixth mapping table and the first VNI, wherein Q is more than or equal to 1;
determining Q destination MAC addresses corresponding to the Q fourth VLAN mapping identifications according to the Q fourth VLAN mapping identifications and the fourth mapping table;
determining T fifth relay ports corresponding to the Q destination MAC addresses according to the Q destination MAC addresses and the fifth mapping table, wherein T is more than or equal to 1 and less than or equal to P;
creating Q fifth messages, wherein the Q fifth messages correspond to the Q fourth VLAN mapping identifications one to one, and each fifth message carries the source MAC address, the corresponding fourth VLAN mapping identification and the corresponding destination MAC address;
and, the apparatus further comprises:
and the sending unit is configured to forward the Q fifth messages to T virtual switches connected to the T fifth trunk ports through the T fifth trunk ports.
CN201610327961.2A 2016-05-17 2016-05-17 Method and device for forwarding message Active CN107395508B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610327961.2A CN107395508B (en) 2016-05-17 2016-05-17 Method and device for forwarding message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610327961.2A CN107395508B (en) 2016-05-17 2016-05-17 Method and device for forwarding message

Publications (2)

Publication Number Publication Date
CN107395508A CN107395508A (en) 2017-11-24
CN107395508B true CN107395508B (en) 2020-04-14

Family

ID=60338499

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610327961.2A Active CN107395508B (en) 2016-05-17 2016-05-17 Method and device for forwarding message

Country Status (1)

Country Link
CN (1) CN107395508B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833250A (en) * 2018-06-22 2018-11-16 山东超越数控电子股份有限公司 A kind of retransmission method between VxLAN and VLAN
CN109525582B (en) * 2018-11-19 2021-07-30 北京六方云信息技术有限公司 Message processing method, system and storage medium
CN109510870A (en) * 2018-11-22 2019-03-22 酒泉钢铁(集团)有限责任公司 A kind of method of group enterprise's tradition IT architecture cloud
CN113228567B (en) * 2019-03-12 2022-11-25 华为技术有限公司 Information processing method and device and information processing system
CN112751769B (en) * 2019-10-31 2022-05-10 华为技术有限公司 Method, device and system for sending message
CN111327635B (en) * 2020-03-09 2023-07-14 深信服科技股份有限公司 Data transmission method, server and readable storage device
CN111464511A (en) * 2020-03-18 2020-07-28 紫光云技术有限公司 Method for supporting multi-VPC isolation in cloud computing network
CN111698167B (en) * 2020-04-01 2023-04-07 新华三大数据技术有限公司 Message processing method and device
CN115996183A (en) * 2021-10-15 2023-04-21 中国联合网络通信集团有限公司 Flow determination method and equipment
CN114039809B (en) * 2021-12-13 2024-07-23 成都奥瑞科电子科技有限公司 CAN long-distance communication system based on optical transceiver

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102801599A (en) * 2012-07-26 2012-11-28 华为技术有限公司 Communication method and system
CN103404084A (en) * 2012-11-21 2013-11-20 华为技术有限公司 MAC address forced forwarding device and method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8811409B2 (en) * 2012-06-04 2014-08-19 Telefonaktiebolaget L M Ericsson (Publ) Routing VLAN tagged packets to far end addresses of virtual forwarding instances using separate administrations

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102801599A (en) * 2012-07-26 2012-11-28 华为技术有限公司 Communication method and system
CN103404084A (en) * 2012-11-21 2013-11-20 华为技术有限公司 MAC address forced forwarding device and method

Also Published As

Publication number Publication date
CN107395508A (en) 2017-11-24

Similar Documents

Publication Publication Date Title
CN107395508B (en) Method and device for forwarding message
US11283650B2 (en) Method for sending virtual extensible local area network packet, computer device, and computer readable medium
EP3533189B1 (en) Rule-based network identifier mapping
US9602430B2 (en) Global VLANs for fabric switches
US8819267B2 (en) Network virtualization without gateway function
WO2016055027A1 (en) Table entry in software defined network
Kreeger et al. Network Virtualization Overlay Control Protocol Requirements
US9397943B2 (en) Configuring virtual media access control addresses for virtual machines
US9419811B2 (en) Automatic fabric multicast group selection in a dynamic fabric automation network architecture
EP3197107B1 (en) Message transmission method and apparatus
EP2966815A1 (en) Packet forwarding method and vxlan gateway
CN103118149B (en) Communication control method between same tenant&#39;s server and the network equipment
WO2015149253A1 (en) Data center system and virtual network management method of data center
CN106878136B (en) Message forwarding method and device
EP3099026B1 (en) In-network message processing method, in-network message forwarding equipment and in-network message processing system
WO2018103043A1 (en) Message processing method and device in a cloud computing system
CN107968749B (en) Method for realizing QinQ route termination, switching chip and switch
CN104852846A (en) Data forwarding control method and system
CN112822104A (en) Data message processing method, device, storage medium and system
CN107528784B (en) Message forwarding method and device
CN114765567B (en) Communication method and communication system
CN110912797B (en) Method and device for forwarding broadcast message

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant