CN102025535B - Virtual machine management method and device and network equipment - Google Patents

Virtual machine management method and device and network equipment Download PDF

Info

Publication number
CN102025535B
CN102025535B CN201010549171A CN201010549171A CN102025535B CN 102025535 B CN102025535 B CN 102025535B CN 201010549171 A CN201010549171 A CN 201010549171A CN 201010549171 A CN201010549171 A CN 201010549171A CN 102025535 B CN102025535 B CN 102025535B
Authority
CN
China
Prior art keywords
virtual machine
network equipment
port
security strategy
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201010549171A
Other languages
Chinese (zh)
Other versions
CN102025535A (en
Inventor
卓志强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruijie Networks Co Ltd
Original Assignee
Fujian Star Net Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Star Net Communication Co Ltd filed Critical Fujian Star Net Communication Co Ltd
Priority to CN201010549171A priority Critical patent/CN102025535B/en
Publication of CN102025535A publication Critical patent/CN102025535A/en
Application granted granted Critical
Publication of CN102025535B publication Critical patent/CN102025535B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention provides virtual machine management method and device and network equipment. The method comprises the following steps of: receiving and analyzing a data message by the network equipment to acquire an MAC (Media Access Control) address in the data message; and recognizing whether an object sending the data message is a virtual machine by the network equipment according to the MAC address and a prestored MAC address of the virtual machine. The technical scheme of the invention can be adopted to recognize the virtual machine, further manage the virtual machine, such as configuration of a security policy, and the like and overcome the defects of virtual machine recognition incapability by the network equipment in the prior art, and is beneficial to wholly improving the management efficiency of the network equipment to the virtual machine.

Description

Virtual Machine Manager method, device and the network equipment
Technical field
The present invention relates to the network communications technology, relate in particular to a kind of Virtual Machine Manager method, device and the network equipment.
Background technology
Server virtualization is that a kind of making can be moved a plurality of virtual servers technology of (industry is called virtual machine again) on the single one physical server; This physical server is that the provide support hardware resource of its operation of a plurality of virtual machines is abstract, for example virtual basic input output system (Basic Input Output System; Abbreviate as: BIOS), virtual processor, virtual memory and virtual unit and input and output (Input Output; Abbreviate as: IO) etc., also good isolation performance and fail safe are provided simultaneously for each virtual machine.For example: before adopting the server virtualization technology, customer relation management (Customer Relationship Management; Abbreviate as: CRM) system, game on line and Enterprise Resources Plan (Enterprise Resource Planning; Abbreviate as: ERP) system need move on the physical server of three platform independent; And after adopting the server virtualization technology, above-mentioned three application may operate on three virtual machines, and three virtual machines are by a physical server trustship.This shows that the server virtual technology can make the physical server resource utilized more fully.For example in the actual motion of data center environment, can adopt the server virtualization technology that a plurality of systems are installed on a physical server usually, a physical server invented a plurality of virtual machines use, to improve the utilance of physical server.
The server real-time migration is a kind of in the virtual machine running, and is the running status of whole virtual machine is complete, move to the technology on the new physical server (target physical server) from the physical server (being called the source physical server) at original place fast.The transition process of whole virtual machine is level and smooth, and is transparent to the user.Because virtual abstract actual physical resource, therefore, the server real-time migration can be supported the isomerism between source physical server and the target physical server.The server real-time migration need cooperatively interact through the virtual machine monitor (target virtual machine monitor) on virtual machine monitor on the physical server of source (being called the source virtual machine monitor) and the target physical server and accomplish the internal memory of VME operating system or the copy of other state informations.After the server real-time migration began, memory pages was constantly copied to the target virtual machine monitor from the source virtual machine monitor; After the last part memory pages is copied into the target virtual machine monitor; Accomplish the handover operation of virtual machine by source virtual machine monitor and target virtual machine monitor; Virtual machine on the target physical server brings into operation; Virtual machine on the physical server of source is terminated, and the server real-time migration is accomplished.For example: in data center environment; Maintenance and renewal to system hardware can adopt server real-time migration technology to accomplish; Be about to virtual machine and move on another physical server, then, original physical server is carried out hardware maintenance from a physical server; After waiting to safeguard completion, virtual machine is moved back on the original physical server, whole process can be accomplished under the situation of the machine of not delaying, and further promotes the utilance of resource in the data center environment again.
Usually, physical server is through being articulated on the network equipment, carries out communication through the network equipment with extraneous.Wherein, the network equipment is being born fail safe and the reliability transmission of the data flow of the external communication of virtual machine on the physical server etc., therefore, and can some security strategies of configuration on the network equipment.After virtual machine moved, above-mentioned security strategy needed to be moved to accordingly on the new network equipment or the new port and on the new network equipment or new port, comes into force.But, because the present network equipment can't perceive the migration of virtual machine, therefore, treat virtual machine (vm) migration after, the pairing security strategy of virtual machine can only manually or through webmastering software be moved on the new network equipment or the new port by the network manager.Aforesaid operations mode not only efficient is low, and it is also very inconvenient to operate, and therefore, the migration how network equipment can discern virtual machine becomes the primary problem that solves in the present server virtualization technology.
Summary of the invention
The present invention provides a kind of Virtual Machine Manager method, device and the network equipment, in order to the identification virtual machine, improves the efficient of managing virtual machines on the whole.
The present invention provides a kind of Virtual Machine Manager method, comprising:
Network equipment receiving data packets, and resolve said data message to obtain the Media Access Control address in the said data message;
The said network equipment is according to said Media Access Control address and stored virtual machines Media Access Control address in advance, and whether the object that said data message is sent in identification is virtual machine;
When the said network equipment identifies the object that sends said data message and is virtual machine,, judge whether said virtual machine moves according to said Media Access Control address and the virtual machine state table that obtains in advance;
When judged result is that said virtual machine is when migration takes place; The said network equipment sends the failure notification message according to the network equipment that said virtual machine state table connects before said virtual machine (vm) migration, to inform the network equipment that connects before the said migration security strategy of said virtual machine is carried out crash handling.
The present invention provides a kind of Virtual Machine Manager device, comprising:
Receiver module is used for receiving data packets, and resolves said data message to obtain the Media Access Control address in the said data message;
Identification module is used for according to said Media Access Control address and stored virtual machines Media Access Control address in advance, and whether the object that said data message is sent in identification is virtual machine;
Judge module is used for when the object that said data message is sent in the identification of said identification module is virtual machine, according to said Media Access Control address and the virtual machine state table that obtains in advance, judges whether said virtual machine moves;
Sending module; Be used for when said judge module is judged said virtual machine migration is taken place; The Virtual Machine Manager device that before said virtual machine (vm) migration, connects according to said virtual machine state table sends the failure notification message, to inform the Virtual Machine Manager device that connects before the said migration security strategy of said virtual machine is carried out crash handling.
The present invention provides a kind of network equipment, comprises arbitrary Virtual Machine Manager device provided by the invention.
Virtual Machine Manager method provided by the invention, device and the network equipment; Storage virtual machine Media Access Control address in advance; Obtain the Media Access Control address in the data message that receives through parsing; And Media Access Control address in the data message and virtual machine Media Access Control address compared, whether be virtual machine with this object that can identify the literary composition that sends datagram.Through technical scheme of the present invention; The network equipment can be discerned virtual machine; And then can do further management to virtual machine; For example security strategy configuration etc. has overcome in the prior art network equipment because of discerning the defective that virtual machine causes, and is beneficial to improve the network equipment on the whole virtual machine is carried out efficiency of managing.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply; Obviously, the accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work property, can also obtain other accompanying drawing according to these accompanying drawings.
The flow chart of the Virtual Machine Manager method that Fig. 1 provides for the embodiment of the invention one;
The flow chart of the Virtual Machine Manager method that Fig. 2 provides for the embodiment of the invention two;
Fig. 3 A is a kind of flow chart of the Virtual Machine Manager method that provides of the embodiment of the invention three;
Fig. 3 B is the another kind of flow chart of the Virtual Machine Manager method that provides of the embodiment of the invention three;
Fig. 4 A is the flow chart of the Virtual Machine Manager method that provides of the embodiment of the invention four;
Fig. 4 B be the Virtual Machine Manager method that provides of the embodiment of the invention four based on the network topology structure sketch map;
The structural representation of the Virtual Machine Manager device that Fig. 5 provides for the embodiment of the invention five;
Fig. 6 A is a kind of structural representation of the Virtual Machine Manager device that provides of the embodiment of the invention six;
Fig. 6 B is the another kind of structural representation of the Virtual Machine Manager device that provides of the embodiment of the invention six.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer; To combine the accompanying drawing in the embodiment of the invention below; Technical scheme in the embodiment of the invention is carried out clear, intactly description; Obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
Embodiment one
The flow chart of the Virtual Machine Manager method that Fig. 1 provides for the embodiment of the invention one.The executive agent of present embodiment is the network equipment, and is as shown in Figure 1, and the method for present embodiment comprises:
Step 101, network equipment receiving data packets, and the resolution data message is to obtain medium access control (the Media Access Control in the data message; Abbreviate as: MAC) address;
In the present embodiment, the network equipment is connected with server, and server communicates through the network equipment and the external world.
Step 102, the network equipment be according to MAC Address and stored virtual machines MAC Address in advance, and whether the send datagram object of literary composition of identification is virtual machine.
Wherein, all corresponding virtual machine MAC Address of each virtual machine, MAC Address in various embodiments of the present invention that virtual machine is corresponding is called the virtual machine MAC Address.Concrete, in the network equipment, store the virtual machine MAC Address in the network of place in advance; When the network equipment receives data message, MAC Address in the data message of learning and local stored virtual machines MAC Address are compared; If comparative result is for finding the virtual machine MAC Address consistent with the MAC Address of learning, the civilian object of then confirming to send datagram is the virtual machine that runs on the physical server; Otherwise the civilian object of then confirming to send datagram is non-virtual machine.
The Virtual Machine Manager method that present embodiment provides; Through storage virtual machine MAC Address in advance; Make the network equipment and compare two processes through MAC address learning, whether the object that automatically identifies the literary composition that sends datagram is virtual machine, to reach the purpose of identification virtual machine; And then can carry out the follow-up management operation to virtual machine identifying when being virtual machine, convenience and efficient when for improving virtual machine being managed lay the foundation.
Wherein, the virtual machine MAC Address that the manufacturer of each virtual machine all has application alone to use, for example the virtual machine MAC Address field of VM ware company has 00-1C-14-XX-XX-XX.Therefore; In various embodiments of the present invention; Can be the virtual machine MAC Address of each virtual machine of network equipments configuration manufacturer application in advance by the keeper, and upgrade these virtual machines manufacturer's virtual machine MAC Address field through the mode of software upgrading or online updating.
When the network equipment receives data message,,, just can think and the existence that perceives virtual machine promptly identify virtual machine in case obtain virtual machine manufacturer's virtual machine MAC Address through MAC address learning and comparison.
In addition; Virtual machine MAC Address in the various embodiments of the present invention is not limited to the virtual machine MAC Address of each virtual machine manufacturer application; It can also be the virtual machine MAC Address of particular arrangement; For example in one network LA Management Room makes an appointment the virtual machine MAC Address special, and is that the network equipment adds by administrator hand.Wherein, having only the network equipment in this network can discern the MAC Address that is added is the virtual machine MAC Address.
Further, the virtual machine MAC Address in the various embodiments of the present invention can comprise the virtual machine MAC Address of virtual machine manufacturer application and the virtual machine MAC Address that special agreement is used simultaneously.Wherein, the virtual machine MAC Address of special agreement, the demand in the time of can satisfying the part virtual machine and have to use special MAC Address because of special requirement or reason.
Embodiment two
The flow chart of the Virtual Machine Manager method that Fig. 2 provides for the embodiment of the invention two.Present embodiment can realize that as shown in Figure 2, the Virtual Machine Manager method of present embodiment comprises based on embodiment one:
Step 201, network equipment receiving data packets, and the resolution data message is to obtain the MAC Address in the data message; Be the study that the network equipment carries out MAC Address.
Step 202, the MAC Address that the network equipment will be learnt matees with stored virtual machines MAC Address in advance, and judges whether the corresponding to virtual machine MAC Address of the MAC Address that matches and learn; When judged result when being, the corresponding to virtual machine MAC Address of the MAC Address that matches and learn is described, the object that promptly identifies the literary composition that sends datagram is a virtual machine, then continues execution in step 203; Otherwise, the corresponding to virtual machine MAC Address of the MAC Address that does not match and learn is described, the object that promptly identifies the literary composition that sends datagram is non-virtual machine, then execution in step 204.
Step 203, the network equipment are carried out the security strategy configuration to the port that receives data message, and are finished according to MAC Address of learning and the secure virtual machine strategy correspondence table obtained in advance.
In various embodiments of the present invention, secure virtual machine strategy correspondence table is obtained by the network equipment in advance.Wherein, secure virtual machine strategy correspondence table can also can be learnt through information interaction by each network equipment by the keeper according to situation manual configuration such as network state, layouts each other.Wherein, because each other the study mode of obtaining secure virtual machine strategy correspondence table has flexible and can change and advantage such as variation voluntarily with network condition, and become a kind of optimal way.
Wherein, store in the secure virtual machine strategy correspondence table each virtual machine MAC Address and with each virtual machine MAC Address corresponding security strategy.And the stored virtual machines MAC Address is consistent in advance for the virtual machine MAC Address in the secure virtual machine strategy correspondence table and the network equipment.Therefore; When the network equipment when operations such as study, coupling recognize the virtual machine MAC Address; Can be through inquiry secure virtual machine strategy correspondence table to obtain the virtual machine corresponding security strategy of the literary composition that sends datagram; And this security strategy is configured on the port (promptly receiving the port of data message) of this virtual machine of connection of the network equipment, be about to security strategy and on this port, this virtual machine come into force; To carry out security control to the message of this virtual machine according to this security strategy follow-up.
The safety and the reliable transmission of the data flow when wherein, the network equipment mainly comes the charge server correspondence with foreign country through security strategy.The mode of realization security strategy commonly used mainly contains arranging access control list (Access Control List; Abbreviate as: ACL).Wherein, ACL controls the data message that the port of the network equipment receives through defining some rules: allow through or abandon.The network equipment can carry out categorical filtering to it during through the network equipment at data message through ACL; And to checking from the data message of designated port input or output, decision is to allow it still to abandon (Deny) through (Permit) according to matching condition (Conditions).ACL is made up of a series of list item, the behavior when the corresponding list item of each ACL comprises the matching condition that satisfies this list item and Satisfying Matching Conditions.And the rule of visit ACL can be to the source MAC or source Internet protocol (the Internet Protocol of data message; Abbreviate as: IP) address, Destination MAC or target ip address, upper-layer protocol, information such as time zone.For example: when only allowing the IP accessed virtual machine of this network segment of 192.168.1.0/24; Then the network equipment should dispose ACL on the outbound course of the port that this virtual machine connects; And acl rule is: PERMIT (permission) source IP=192.168.1.0/24, and this acl rule come into force on this port.Wherein, pass through for forbidding other data messages, so the data message that source IP address does not satisfy above-mentioned requirements will be filtered through the default that ACL is set.
In addition, the network equipment can also pass through service quality (Quality of Service; Abbreviate as: QOS) carry out security control, for example: can carry out security control according to the restriction of the network bandwidth.For example: when only allowing virtual machine to send the data message of 10M, the network equipment need be on the port that virtual machine connects configuration QOS bandwidth constraints rule, QOS bandwidth constraints rule is: rate limit 10M, and this QOS bandwidth constraints rule is configured in this port.
Step 204, the network equipment carries out conventional treatment to the data message.For example: the network equipment can carry out validity checking to each field in the data message; Again for example: the network equipment also can be searched mac address table according to the target MAC (Media Access Control) address in the data message, if inquire this target MAC (Media Access Control) address, then with data message forwarding on corresponding ports; Otherwise, then data message is broadcast on all of the port.Wherein, the conventional treatment in the present embodiment is meant the processing that data message that non-virtual machine is sent carries out, and also possibly include fail safe in this conventional treatment and detect and handle, and conventional treatment is not limited in the present embodiment.
Need explanation at this; In the present embodiment technical scheme; When virtual machine is connected with a certain port of the network equipment always; Only need according to initial learn to MAC Address the port of the data message that receives virtual machine and send carried out the once safety policy configurations get final product, need not when learning MAC Address, all to carry out security strategy at every turn and dispose.
The Virtual Machine Manager method of present embodiment; Through storage virtual machine MAC Address in advance, carry out operations such as MAC address learning, coupling and judgement; Can make network equipment identification virtual machine; And after identifying virtual machine, carry out the security strategy configuration voluntarily, the safety and the reliable transmission of the data message when communicating by letter with the external world with the assurance virtual machine according to the secure virtual machine strategy correspondence table of obtaining in advance; Simultaneously, present embodiment can carry out the security strategy configuration to virtual machine by the network equipment based on the identification to virtual machine, need not administrator hand operate, and has improved the efficient of configuration security strategy, can manage virtual machine more easily.
Embodiment three
Fig. 3 A is a kind of flow chart of the Virtual Machine Manager method that provides of the embodiment of the invention three.Present embodiment can realize that shown in Fig. 3 A, the management method of present embodiment comprises based on embodiment one and embodiment two:
Step 301, network equipment receiving data packets, and the resolution data message is to obtain the MAC Address in the data message; Be the study that the network equipment carries out MAC Address.
Step 302, the MAC Address that the network equipment will be learnt matees with stored virtual machines MAC Address in advance, and judges whether the corresponding to virtual machine MAC Address of the MAC Address that matches and learn; When judged result when being, execution in step 303; Otherwise, execution in step 305.
Step 303, the network equipment judge according to MAC Address of learning and the virtual machine state table that obtains in advance whether the MAC Address corresponding virtual machine of learning moves; If judged result is for being, then execution in step 304, if judged result is not for, and then end.
Wherein, The corresponding data message of this MAC Address that the network equipment receives possibly be by sent when newly starting by the virtual machine of a station server trustship always, also possibly be to be sent by the virtual machine of moving on another station server from a station server (physical server).Whether can discern above-mentioned virtual machine through the decision operation of step 303 moves.
Wherein, Store the state information of the virtual machine that moves on the server that each network equipment connects in the network in the virtual machine state table; For example comprise on the server, server of port, the connection of the network equipment virtual machine tabulation that should the port operation, and the information such as MAC Address of virtual machine.
Step 304, the network equipment that the network equipment connects before virtual machine (vm) migration according to the virtual machine state table sends the failure notification packet, to inform the network equipment that connects before the virtual machine (vm) migration security strategy of virtual machine is carried out crash handling, and finishes.
Wherein,, need the original network equipment of announcement, the security strategy on the port that connects virtual machine is deleted the operation of promptly losing efficacy so that inform the network equipment that connects before the migration when finding that virtual machine is to move to another station server by a station server.After the network equipment that connects before the migration receives the failure notification message, can resolve and obtain the virtual machine MAC Address that carries in the notification packet, according to this virtual machine MAC Address the security strategy on the corresponding port is carried out crash handling then.Can guarantee the integrality of security strategy migration like this.
Step 305, the network equipment carries out conventional treatment to the data message.
The Virtual Machine Manager method of present embodiment; Through storage virtual machine MAC Address in advance, carry out operations such as MAC address learning, coupling and judgement; Can make network equipment identification virtual machine; And can identify the migration of virtual machine, make it to the operation of losing efficacy of the security strategy before moving, with the complete migration of completion security strategy through the network equipment that connects before the failure notification message announcement migration simultaneously; Present embodiment can be discerned virtual machine and virtual machine (vm) migration, has solved the migration problem that can't discern virtual machine and virtual machine, is convenient to follow-up migration or configuration to security strategy
Technique scheme; When the network equipment identifies virtual machine; No matter this virtual machine is to be moved to another service or hosted by a station server always by a station server, and the network equipment need carry out the security strategy configuration on the port that connects virtual machine.Fig. 3 B is depicted as the another kind of structural representation of the Virtual Machine Manager method that the embodiment of the invention three provides; The difference of flow process shown in Fig. 3 B and Fig. 3 A is after step 302, also to comprise step 303a: the network equipment carries out the security strategy configuration according to MAC Address of learning and the secure virtual machine strategy correspondence table obtained in advance to the port that receives data message.
In this explanation; No matter be always by the virtual machine of a physical server trustship; The virtual machine of migration still takes place; In present embodiment step 303a, the network equipment only need according to initial learn to the port of MAC Address data message that sink virtual machine is sent carry out the once safety policy configurations and get final product.
Need explanation at this, both do not have sequencing step 303a and step 303, promptly can be to carry out the security strategy configuration earlier, carry out the judgement of whether moving then; Also can be to judge whether earlier to move, and then carry out the security strategy configuration, can be called the security strategy migration this moment with the security strategy configuration.
Further; Local network device is after the security strategy configuration of accomplishing virtual machine; Can also send to other network equipments with the security strategy that disposes on its each port and with security strategy corresponding virtual machine information, so that other network equipment records or renewal institute canned data.
The Virtual Machine Manager method of present embodiment; The network equipment can be discerned the migration of virtual machine and virtual machine; And after identifying virtual machine, carry out the security strategy configuration voluntarily according to the secure virtual machine strategy correspondence table of obtaining in advance, guaranteed the safety and the reliable transmission of the data message when virtual machine is communicated by letter with the external world; And based on the identification to virtual machine (vm) migration, the network equipment can carry out the security strategy configuration to virtual machine voluntarily, need not administrator hand operate, and has improved the efficient of configuration security strategy, can manage virtual machine more easily.
Wherein, the execution mode that present embodiment provides a kind of network equipment to obtain secure virtual machine strategy correspondence table and virtual machine state table in advance, but be not limited to this.The execution mode that present embodiment provides comprises:
Step 3031; When each network equipment starts; All send first administrative message; Comprise the MAC Address and the port information that sends first administrative message of the network equipment in first administrative message, wherein port information comprises the type information such as (for example being device port or Service-Port) of port numbers and port.
Step 3033 receives first administrative message that other network equipments send as the network equipment of the executive agent of present embodiment, identifies the device port and the Service-Port of the network equipment according to first administrative message; Wherein, the network equipment not only is connected with server, also can be connected with other network equipments simultaneously, and the port that is connected with server is called Service-Port, and the port that is connected with the network equipment is called device port; Wherein, first administrative message of making an appointment can only send through the port (being device port) that is connected with the network equipment, and can only receive through device port.Therefore, the network equipment can be a device port with the port identification that receives first administrative message, and other ports are then as Service-Port.Then; The method that each network equipment all can provide according to the foregoing description perhaps also can be carried out the security strategy configuration by the virtual machine MAC Address that the keeper uses according to network convention carrying out operations such as virtual machine identification, secure virtual machine policy configurations or migration on the Service-Port separately on corresponding network equipment.After the intact security strategy of each network equipments configuration, device port that can be through separately is to the information of removing own such as other network equipments transmission security strategies that it disposed and security strategy corresponding virtual machine information.
Step 3035; The network equipment as the executive agent of present embodiment receives second administrative message that other network equipments send through device port, comprises the information of the virtual machine on each Service-Port that runs on other network equipments in second administrative message and is the security strategy of each virtual machine configuration of being in running status;
Step 3037 according to second administrative message, generates secure virtual machine strategy correspondence table and virtual machine state table as the network equipment of present embodiment executive agent.
Particularly; The information of the network equipment through the virtual machine in second administrative message that obtains each other network equipments and send, the security strategy that disposes for each virtual machine; And mutual corresponding relation; Carry out integrated treatment to generate secure virtual machine strategy correspondence table, comprise information, security strategy and the security strategy of virtual machine and the corresponding relation between the virtual machine in this secure virtual machine strategy correspondence table; And generating the virtual machine state table according to the Service-Port information in second administrative message (for example port numbers) and corresponding virtual machine information (for example virtual machine MAC Address), this virtual machine state table comprises the corresponding relation of information such as the port of virtual machine, the network equipment that residing server and the server of virtual machine connected and above-mentioned information.Therefore; When the network equipment as executive agent recognizes the virtual machine MAC Address; Can whether move according to the virtual machine state table identification virtual machine of previous moment; If the virtual machine MAC Address appears on other Service-Ports simultaneously, explain that migration has taken place this virtual machine, and the security strategy of this virtual machine is carried out corresponding migration.
Wherein, if need not whether virtual machine migration is taken place when discerning (for example embodiment two described scenes), can only generate secure virtual machine strategy correspondence table, and need not to generate the virtual machine state table according to the present embodiment technical scheme.
By the way, each network equipment all can obtain secure virtual machine strategy correspondence table and/or virtual machine state table in advance.The migration that wherein can follow network state or virtual machine for the secure virtual machine strategy correspondence table and the virtual machine state table that guarantee on each network equipment and respective change; Stipulate also in the present embodiment that each network equipment regularly sends second administrative message to other network equipments; The pairing security strategy of virtual machine of obtaining the information of the virtual machine that moves on other network equipments in real time and being in running status for each network equipment is to upgrade secure virtual machine strategy correspondence table and/or virtual machine state table in view of the above.
Further; In the above-described embodiments; After 3033, also comprise step 3034; Promptly the network equipment as the executive agent of present embodiment carries out the security strategy configuration to the virtual machine on its Service-Port; And regularly send the information that runs on the virtual machine on its each Service-Port and security strategy (i.e. second administrative message) for each virtual machine configuration to other network equipments through device port, be used to supply other network equipments to generate secure virtual machine strategy correspondence table and virtual machine state table in advance, and renewal secure virtual machine strategy correspondence table and virtual machine state table.
The above-mentioned a kind of execution mode that obtains secure virtual machine strategy correspondence table and virtual machine state table for the present invention; This execution mode mainly is through sending first administrative message for each network equipment identification equipment port and Service-Port according to the rule of making an appointment; Then; Carry out the security strategy configuration, and send second administrative message, with the unified operation of the whole network of carrying out virtual machine and virtual machine corresponding security strategy through device port; Promptly on each network equipment, all generate content essentially identical secure virtual machine strategy correspondence table and virtual machine state table, and then lay the first stone for the enforcement of various embodiments of the present invention.
Below will specify the flow process of technical scheme of the present invention in conjunction with network topology structure through specific embodiment.
Embodiment four
Fig. 4 A is the flow chart of the Virtual Machine Manager method that provides of the embodiment of the invention four; Fig. 4 B be the Virtual Machine Manager method that provides of the embodiment of the invention four based on the network topology structure sketch map.Shown in Fig. 4 B, present embodiment comprises the network equipment 41, the network equipment 42, the network equipment 43, the network equipment 44 and server 45 and server 46.The network equipment 41 is connected with the network equipment 42, the network equipment 43 and the network equipment 44 respectively, and server 45 is connected with the network equipment 41, and server 46 is connected with the network equipment 42.Wherein the network equipment 41, the network equipment 42, the network equipment 43 and the network equipment 44 are followed the virtual machine unified management mechanism of making an appointment respectively, and on each network equipment, have all disposed the employed virtual machine MAC Address of network.Then the method for present embodiment comprises:
Step 401 is all regularly outwards broadcasted first administrative message after 44 starts of the network equipment 41-network equipment, state own virtual support machine administrative mechanism, and let other network equipments know.Wherein, The network equipment 41-network equipment 44 will be received the port of first administrative message; Be designated as device port (Net-Port); Rule according to Virtual Machine Manager mechanism is made an appointment can be known: each network equipment has only through device port and sends first administrative message to other network equipments, and the port that connects virtual machine can not received first administrative message, therefore can other ports that does not receive first administrative message be designated as Service-Port (Server-Port).Based on this, in network topology shown in Fig. 4 B, there is device port 51,52 and 53; Service-Port 54 and 55.Wherein, the form of first administrative message includes, but are not limited to following information field: network equipment MAC Address; Send the numbering of port of the current network equipment of first administrative message; Send the port type (for example being Server-Port or Net-Port) of the current network equipment of first administrative message.
Step 402; To pre-configured virtual machine MAC Address; Identify virtual machine, and on the network equipment, generate " virtual machine dispensing unit ", the network manager is come into force at these " security strategy " (being strategies such as ACL mentioned above, QOS) of virtual machine on " virtual machine dispensing unit ".Wherein, Because a physical port of the network equipment connects a physical server; On the physical server a plurality of virtual machines can be installed; Therefore a physical port of the network equipment can comprise a plurality of " virtual machine dispensing units ", and on the network equipment, generates the corresponding relation of a plurality of virtual machine MAC Addresss and security strategy.
Step 403 through second administrative message, is announced the every other network equipment to the whole network virtual support machine administrative mechanism to the corresponding relation of < virtual machine MAC Address, security strategy>through device port.Second administrative message has increased on the basis of first administrative message but has been not limited to following field at this moment: " Server-Port " tabulation of present networks equipment and total number thereof; The virtual machine dispensing unit tabulation of present networks equipment and total number thereof; Be applied in virtual machine MAC Address and corresponding relation of security strategy on each virtual machine dispensing unit etc.
Based on above-mentioned, all preserved secure virtual machine strategy correspondence table on the network equipment 41-network equipment 44, come into force real-time and get ready for carrying out security strategy.
Step 404; Suppose that virtual machine moves on the server 46 from server 45; At this moment the network equipment 42 knows that through the information in MAC address learning and the secure virtual machine strategy correspondence table virtual machine moved on the server 46 from server 45 immediately; And find that MAC Address learns on Service-Port 55, then come into force this virtual machine MAC Address corresponding security strategy on new Service-Port 55.Wherein, can only come into force with virtual machine MAC Address corresponding security strategy and to come into force, can not come into force at device port (net-port) at Service-Port (Server-Port) and along with the variation of MAC Address.Need explanation at this, comprised the pairing security policy information of information, virtual machine and the virtual machine place server info that are in the virtual machine of running status in the network in the present embodiment in the secure virtual machine strategy correspondence table simultaneously; Promptly the network equipment does not need to generate separately the information that the virtual machine state table comes storage virtual machine and virtual machine place server and corresponding relation thereof in the present embodiment.
Step 405 after the new security strategy on the network equipment 42 comes into force success, notify legacy network equipment 41 to delete former security strategy, so that the process of complete reaching " security strategy migration ".
Can solve conventional network equipment by the way and can't independently carry out the problem of Autonomic Migration Framework, reach that the whole network in the data center network environment is intelligent, the purpose of automatic management security strategy the virtual machine using security strategy.
Embodiment five
The structural representation of the Virtual Machine Manager device that Fig. 5 provides for the embodiment of the invention five.As shown in Figure 5, the Virtual Machine Manager device of present embodiment comprises: receiver module 61 and identification module 62.
Wherein, receiver module 61 is used for receiving data packets, and the resolution data message is to obtain the MAC Address in the data message; Identification module 62 is connected with receiver module 61, MAC Address that is used for obtaining and stored virtual machines MAC Address in advance according to receiver module 61, and whether the send datagram object of literary composition of identification is virtual machine.
The Virtual Machine Manager device that present embodiment provides; Can be used for carrying out the flow process of the Virtual Machine Manager method that the embodiment of the invention provides; Through storage virtual machine MAC Address in advance; Make the network equipment and compare two processes through MAC address learning, whether the object that automatically identifies the literary composition that sends datagram is virtual machine, to reach the purpose of identification virtual machine; And then can carry out the follow-up management operation to virtual machine identifying when being virtual machine, convenience and efficient when for improving virtual machine being managed lay the foundation.
Embodiment six
Fig. 6 A is a kind of structural representation of the Virtual Machine Manager device that provides of the embodiment of the invention six.Present embodiment can realize that shown in Fig. 6 A, the Virtual Machine Manager device of present embodiment also comprises: first configuration module 63 based on embodiment five.
Wherein, First configuration module 63 is connected with identification module 62, is used for sending datagram the object of literary composition when being virtual machine in identification module 62 identification; According to MAC Address and the secure virtual machine strategy correspondence table obtained in advance, the port of the data message that receives is carried out the security strategy configuration.
The Virtual Machine Manager device of present embodiment; Can be used for carrying out the flow process of the Virtual Machine Manager method that the embodiment of the invention provides equally; Through storage virtual machine MAC Address in advance, carry out operations such as MAC address learning, coupling and judgement; Can discern virtual machine, and after identifying virtual machine, carry out the security strategy configuration voluntarily, the safety and the reliable transmission of the data message when communicating by letter with the external world with the assurance virtual machine according to the secure virtual machine strategy correspondence table of obtaining in advance; Simultaneously, present embodiment can carry out the security strategy configuration to virtual machine voluntarily based on the identification to virtual machine, need not administrator hand operate, and has improved the efficient of configuration security strategy, can manage virtual machine more easily.
Fig. 6 B is the another kind of structural representation of the Virtual Machine Manager device that provides of the embodiment of the invention six.Shown in Fig. 6 B, the Virtual Machine Manager device of present embodiment also comprises: judge module 64 and sending module 65.
When the object that identifies the literary composition that sends datagram is virtual machine, can also discerns this virtual machine and whether move.Judge module 64 is connected with identification module 62 with receiver module 61 respectively, is used for judging according to MAC Address and the virtual machine state table that obtains in advance whether virtual machine moves; Sending module 65; Be connected with judge module 64; Be used for when judge module 64 is judged virtual machine generation migration; The Virtual Machine Manager device that before virtual machine (vm) migration, connects according to the virtual machine state table sends the failure notification message, to inform the Virtual Machine Manager device that connects before the migration security strategy of virtual machine is carried out crash handling.
Virtual Machine Manager device shown in present embodiment Fig. 6 B; Can be used for carrying out the flow process of the Virtual Machine Manager method that the embodiment of the invention provides equally; After identifying virtual machine, further judge whether virtual machine moves; When finding virtual machine (vm) migration; Virtual Machine Manager device through before virtual machine (vm) migration, connecting sends the failure notification message, so that the Virtual Machine Manager device that connects before the migration carries out crash handling to the security strategy on the corresponding port, has guaranteed security strategy migration fully with the migration of virtual machine.
Whether wherein, when identifying virtual machine, no matter the migration of virtual machine is discerned, the Virtual Machine Manager device all need carry out the security strategy configuration on the corresponding port.Based on this; Shown in Fig. 6 B; The Virtual Machine Manager device of present embodiment also comprises: second configuration module 67, be connected with identification module 62, and be used for when identification module 62 identifies virtual machine; According to MAC Address and the secure virtual machine strategy correspondence table obtained in advance, the port of the data message that receives is carried out the security strategy configuration.
Wherein, first configuration module 63 among Fig. 6 A is used for need not identifying virtual machine discerning under the situation whether virtual machine move and carries out the security strategy configuration; And second configuration module 67 is used under the situation that identifies virtual machine and needs identification virtual machine generation migration, carrying out the security strategy configuration.But in the practical implementation process, first configuration module 63 and second configuration module 67 can be realized respectively by disparate modules; Can be realized by same module yet, and be used under different situations, carrying out security strategy configuration (is example at Fig. 6 B with a configuration module, i.e. second configuration module 67), present embodiment does not limit this.
Based on technique scheme, shown in Fig. 6 B, the Virtual Machine Manager device of present embodiment also comprises acquisition module 66, is connected with judge module 64 with second configuration module 67 respectively, is used for obtaining in advance secure virtual machine strategy correspondence table and virtual machine state table.Concrete, this acquisition module 66 comprises: first receiving element, second receiving element and generation unit.Wherein, First receiving element; Be used to receive first administrative message that other Virtual Machine Manager devices send; And identify the device port and the Service-Port of local virtual machine management devices according to first administrative message, said first administrative message comprise other network equipments MAC Address, send the port information of first administrative message; Second receiving element is used for receiving second administrative message that other Virtual Machine Manager devices send through device port, the security strategy that said second administrative message comprises the virtual machine information that operates on other Virtual Machine Manager devices and disposes for this virtual machine; Generation unit is used for according to second administrative message, generates the said secure virtual machine strategy correspondence table that comprises virtual machine and security strategy corresponding relation, and the said virtual machine state table that comprises the virtual machine information that is in running status.Need explanation at this, whether in the time need not discerning virtual machine and move, this generation unit can only generate secure virtual machine strategy correspondence table, and need not to generate the virtual machine state table.
Further; This acquisition module 66 also comprises: transmitting element; Be used for the virtual machine on the Service-Port that runs on local virtual machine management devices is carried out the security strategy configuration; And regularly send virtual machine information and the security strategy (i.e. second administrative message) that disposes for each virtual machine on each Service-Port that runs on local virtual machine management devices to other Virtual Machine Manager devices through device port, generate secure virtual machine strategy correspondence table and virtual machine state table in advance for other Virtual Machine Manager devices.In like manner; For other Virtual Machine Manager devices; When only needing that virtual machine is discerned and when need not to discern virtual machine and whether moving, can only generate secure virtual machine strategy correspondence table and do not generate the virtual machine state table, do not do qualification but specifically whether generate virtual machine state table present embodiment.
Pass through technique scheme; The Virtual Machine Manager device of present embodiment can obtain the information of the virtual machine that moves on other Virtual Machine Manager devices and be the security strategy of each virtual machine configuration with the mode of information interaction in advance; And the corresponding relation of above-mentioned information; And then generate secure virtual machine strategy correspondence table and virtual machine state table in advance, for the enforcement of various embodiments of the present invention provides the basis.The corresponding relation of virtual machine information, security strategy and above-mentioned information on other Virtual Machine Manager devices that obtain through technique scheme more accurately and in time; And can upgrade in time to secure virtual machine strategy correspondence table and virtual machine state table, improve the accuracy and the real-time of carrying out Virtual Machine Manager based on the above-mentioned information of obtaining.
Embodiment seven
The embodiment of the invention seven provides a kind of network equipment, comprises the Virtual Machine Manager device.Wherein, the Virtual Machine Manager device that the Virtual Machine Manager device can provide for the embodiment of the invention, its operation principle and structure see also the description of the above embodiment of the present invention, repeat no more at this.The network equipment of present embodiment can be the various network device that has the physical server of virtual machine to be connected with operation, and for example router, switch can be various gateway devices also, can be used for virtual machine is managed.
The network equipment of present embodiment has the Virtual Machine Manager device that the embodiment of the invention provides, and can be used for carrying out the flow process of the Virtual Machine Manager method that the embodiment of the invention provides, therefore; Adopt the network equipment of present embodiment that virtual machine is managed; Can discern the migration of virtual machine voluntarily, and virtual machine is carried out the security strategy configuration, need not administrator hand dispose; Improve the efficient of configuration security strategy, greatly improved the convenience that virtual machine is managed.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of program command; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
What should explain at last is: above embodiment is only in order to explaining technical scheme of the present invention, but not to its restriction; Although with reference to previous embodiment the present invention has been carried out detailed explanation, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these are revised or replacement, do not make the spirit and the scope of the essence disengaging various embodiments of the present invention technical scheme of relevant art scheme.

Claims (9)

1. a Virtual Machine Manager method is characterized in that, comprising:
Network equipment receiving data packets, and resolve said data message to obtain the Media Access Control address in the said data message;
The said network equipment is according to said Media Access Control address and stored virtual machines Media Access Control address in advance, and whether the object that said data message is sent in identification is virtual machine;
When the said network equipment identifies the object that sends said data message and is virtual machine,, judge whether said virtual machine moves according to said Media Access Control address and the virtual machine state table that obtains in advance;
When judged result is that said virtual machine is when migration takes place; The said network equipment sends the failure notification message according to the network equipment that said virtual machine state table connects before said virtual machine (vm) migration, to inform the network equipment that connects before the said migration security strategy of said virtual machine is carried out crash handling.
2. Virtual Machine Manager method according to claim 1 is characterized in that, also comprises when the object that sends said data message is virtual machine when the said network equipment identifies:
The said network equipment carries out the security strategy configuration according to said Media Access Control address and the secure virtual machine strategy correspondence table obtained in advance to the port that receives said data message.
3. Virtual Machine Manager method according to claim 2 is characterized in that, the said network equipment obtains said secure virtual machine strategy correspondence table in advance and said virtual machine state table comprises:
The said network equipment receives first administrative message that other network equipments send; And identifying the device port and the Service-Port of the said network equipment according to said first administrative message, said first administrative message comprises the Media Access Control address and the port information that sends said first administrative message of other network equipments;
The said network equipment receives second administrative message that said other network equipments send through said device port, and said second administrative message comprises the information that operates in the virtual machine on said other network equipments and is the security strategy that is in the virtual machine configuration of running status;
The said network equipment generates the said secure virtual machine strategy correspondence table that comprises virtual machine and security strategy corresponding relation according to said second administrative message, and the said virtual machine state table that comprises the information of the virtual machine that is in running status.
4. Virtual Machine Manager method according to claim 3 is characterized in that, also comprises:
The said network equipment carries out the security strategy configuration to the virtual machine that runs on the said Service-Port; And regularly send the information that runs on the virtual machine on the said Service-Port and security strategy for the virtual machine configuration that is in running status to said other network equipments through said device port, generate secure virtual machine strategy correspondence table and virtual machine state table in advance for said other network equipments.
5. a Virtual Machine Manager device is characterized in that, comprising:
Receiver module is used for receiving data packets, and resolves said data message to obtain the Media Access Control address in the said data message;
Identification module is used for according to said Media Access Control address and stored virtual machines Media Access Control address in advance, and whether the object that said data message is sent in identification is virtual machine;
Judge module is used for when the object that said data message is sent in the identification of said identification module is virtual machine, according to said Media Access Control address and the virtual machine state table that obtains in advance, judges whether said virtual machine moves;
Sending module; Be used for when said judge module is judged said virtual machine migration is taken place; The Virtual Machine Manager device that before said virtual machine (vm) migration, connects according to said virtual machine state table sends the failure notification message, to inform the Virtual Machine Manager device that connects before the said migration security strategy of said virtual machine is carried out crash handling.
6. Virtual Machine Manager device according to claim 5 is characterized in that, also comprises:
Second configuration module; Be used for when the object that said data message is sent in said identification module identification is virtual machine; According to said Media Access Control address and the secure virtual machine strategy correspondence table obtained in advance, the port that receives said data message is carried out the security strategy configuration.
7. Virtual Machine Manager device according to claim 6 is characterized in that, also comprises: acquisition module; Said acquisition module comprises:
First receiving element; Be used to receive first administrative message that other Virtual Machine Manager devices send; And identifying the device port and the Service-Port of local virtual machine management devices according to said first administrative message, said first administrative message comprises the Media Access Control address and the port information that sends said first administrative message of other network equipments;
Second receiving element; Be used for receiving second administrative message that said other Virtual Machine Manager devices send through said device port, said second administrative message comprises the information that operates in the virtual machine on said other Virtual Machine Manager devices and is the security strategy that is in the virtual machine configuration of running status;
Generation unit is used for according to said second administrative message, generates the said secure virtual machine strategy correspondence table that comprises virtual machine and security strategy corresponding relation, and the said virtual machine state table that comprises the information of the virtual machine that is in running status.
8. Virtual Machine Manager device according to claim 7 is characterized in that, said acquisition module also comprises:
Transmitting element; Be used for the virtual machine on the Service-Port that runs on local virtual machine management devices is carried out the security strategy configuration; And regularly send the information that runs on the virtual machine on the said Service-Port and security strategy for the virtual machine configuration that is in running status to said other Virtual Machine Manager devices through said device port, generate secure virtual machine strategy correspondence table and virtual machine state table in advance for said other Virtual Machine Manager devices.
9. a network equipment is characterized in that, comprises each described Virtual Machine Manager device of claim 5-8.
CN201010549171A 2010-11-17 2010-11-17 Virtual machine management method and device and network equipment Active CN102025535B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010549171A CN102025535B (en) 2010-11-17 2010-11-17 Virtual machine management method and device and network equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010549171A CN102025535B (en) 2010-11-17 2010-11-17 Virtual machine management method and device and network equipment

Publications (2)

Publication Number Publication Date
CN102025535A CN102025535A (en) 2011-04-20
CN102025535B true CN102025535B (en) 2012-09-12

Family

ID=43866427

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010549171A Active CN102025535B (en) 2010-11-17 2010-11-17 Virtual machine management method and device and network equipment

Country Status (1)

Country Link
CN (1) CN102025535B (en)

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102148715A (en) * 2011-05-17 2011-08-10 杭州华三通信技术有限公司 Method and device for virtual network configuration migration
CN103024090B (en) * 2011-09-20 2015-07-01 阿里巴巴集团控股有限公司 Method and system for identifying user terminal
CN102413041B (en) * 2011-11-08 2015-04-15 华为技术有限公司 Method, device and system for moving security policy
CN103139167B (en) * 2011-11-30 2017-12-12 温州大学 A kind of method and apparatus for associating virtual site during virtual site migration
CN102739645B (en) * 2012-04-23 2016-03-16 杭州华三通信技术有限公司 The moving method of secure virtual machine strategy and device
CN103428106B (en) * 2012-05-16 2016-11-23 华为技术有限公司 The method of the Message processing after virtual machine VM migration and equipment thereof
CN103891206B (en) * 2012-10-12 2017-02-15 华为技术有限公司 Method and device for synchronizing network data flow detection status
US8910162B2 (en) * 2012-11-30 2014-12-09 International Business Machines Corporation User datagram protocol (UDP) packet migration in a virtual machine (VM) migration
CN103905383B (en) * 2012-12-26 2017-11-24 华为技术有限公司 A kind of data message forwarding method, device and system
CN103179192B (en) * 2013-02-07 2015-11-25 杭州华三通信技术有限公司 The message forwarding method that virtual server moves, system and NAT service equipment
CN103236963A (en) * 2013-04-25 2013-08-07 西北工业大学 VMWare virtual machine remote detection method
CN103220298A (en) * 2013-04-27 2013-07-24 西北工业大学 Windows Virtual machine remote detecting method
CN104348671A (en) * 2013-07-26 2015-02-11 中国电信股份有限公司 Method for identifying virtual host in IPv6 network and DPI equipment
CN104901923B (en) 2014-03-04 2018-12-25 新华三技术有限公司 A kind of virtual machine access mechanism and method
CN105450532B (en) * 2014-09-28 2018-10-09 新华三技术有限公司 Three-layer forwarding method in software defined network and device
CN104780071B (en) * 2015-04-21 2018-12-25 新华三技术有限公司 The upgrade method and device of virtual switch
CN105100109B (en) 2015-08-19 2019-05-24 华为技术有限公司 A kind of method and device of deployment secure access control policy
EP3229405B1 (en) 2015-12-31 2020-07-15 Huawei Technologies Co., Ltd. Software defined data center and scheduling and traffic-monitoring method for service cluster therein
JP6556875B2 (en) 2015-12-31 2019-08-07 華為技術有限公司Huawei Technologies Co.,Ltd. Software-defined data center and service cluster placement method there
CN105763440B (en) * 2016-01-29 2019-04-09 新华三技术有限公司 A kind of method and apparatus of message forwarding
CN106375281B (en) * 2016-08-25 2018-12-25 杭州数梦工场科技有限公司 A kind of message control method and device
CN108259545B (en) * 2017-01-13 2021-04-27 新华三技术有限公司 Port security policy diffusion method and device
CN107707551A (en) * 2017-10-09 2018-02-16 山东中创软件商用中间件股份有限公司 A kind of method and system of IP access controls
CN108363611A (en) * 2017-11-02 2018-08-03 北京紫光恒越网络科技有限公司 Method for managing security, device and the omnidirectional system of virtual machine
CN109413082A (en) * 2018-11-12 2019-03-01 郑州云海信息技术有限公司 Message processing method and device in cloud computing system
CN110703899B (en) * 2019-09-09 2020-09-25 创新奇智(南京)科技有限公司 Data center energy efficiency optimization method based on transfer learning
CN110943880B (en) * 2019-11-07 2021-07-13 中国联合网络通信集团有限公司 Equipment management method and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101809943A (en) * 2007-09-24 2010-08-18 英特尔公司 Method and system for virtual port communications

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7561531B2 (en) * 2005-04-19 2009-07-14 Intel Corporation Apparatus and method having a virtual bridge to route data frames
CN101459618B (en) * 2009-01-06 2011-01-19 北京航空航天大学 Data packet forwarding method and device for virtual machine network
CN101605084B (en) * 2009-06-29 2011-09-21 北京航空航天大学 Method and system for processing virtual network messages based on virtual machine

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101809943A (en) * 2007-09-24 2010-08-18 英特尔公司 Method and system for virtual port communications

Also Published As

Publication number Publication date
CN102025535A (en) 2011-04-20

Similar Documents

Publication Publication Date Title
CN102025535B (en) Virtual machine management method and device and network equipment
CN110301104B (en) Optical line terminal OLT equipment virtualization method and related equipment
US9444743B2 (en) Network system, switch and connected terminal detection method
US10091274B2 (en) Method, device, and system for controlling network device auto-provisioning
CN101860534B (en) Method and system for switching network, access equipment and authentication server
TWI702817B (en) Automatic multi-chassis link aggregation configuration with link layer discovery
US20070101422A1 (en) Automated network blocking method and system
CN102143138A (en) Method and device for configuring virtual local area network (VLAN) in live migration process of virtual machine
CN102959910A (en) Notifying a controller of a change to a packet forwarding configuration of a network element over a communication channel
CN102316043B (en) Port virtualization method, switch and communication system
US8902731B2 (en) Method, network card, and communication system for binding physical network ports
EP3007385B1 (en) Terminal peripheral control method, m2m gateway, and communications system
CN103931144A (en) Method, equipment and system for communication in virtual domain
CN105704042A (en) Message processing method, BNG and BNG cluster system
CN102916826A (en) Method and device for controlling network access
CN107332814B (en) Request message transmission method and device
US9166947B1 (en) Maintaining private connections during network interface reconfiguration
CN104270317B (en) A kind of control method, system and the router of router operation application program
EP3642713A1 (en) Security orchestration and network immune system deployment framework
CN101917414B (en) BGP (Border Gateway Protocol) classification gateway device and method for realizing gateway function by using same
CN104144130A (en) Virtual machine system interconnection method and system and access switch
CN101924700A (en) Method, device and network equipment for processing messages
CN110311861B (en) Method and device for guiding data flow
CN102263679A (en) Source role information processing method and forwarding chip
US10630690B2 (en) Group zoning and access control over a network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: Cangshan District of Fuzhou City, Fujian province 350002 Jinshan Road No. 618 Garden State Industrial Park 19 floor

Patentee after: RUIJIE NETWORKS Co.,Ltd.

Address before: Cangshan District of Fuzhou City, Fujian province 350002 Jinshan Road No. 618 Garden State Industrial Park 19 floor

Patentee before: Beijing Star-Net Ruijie Networks Co.,Ltd.

CP01 Change in the name or title of a patent holder