CN103036919B

CN103036919B - For realizing the method and apparatus of the migration of virtual machine in virtual privately owned cloud

Info

Publication number: CN103036919B
Application number: CN201110299271.8A
Authority: CN
Inventors: 梁铮; 宾梵翔; 温海波; 郑军
Original assignee: Alcatel Lucent Shanghai Bell Co Ltd
Current assignee: Nokia Shanghai Bell Co Ltd
Priority date: 2011-09-30
Filing date: 2011-09-30
Publication date: 2015-12-09
Anticipated expiration: 2031-09-30
Also published as: CN103036919A

Abstract

The invention provides a kind of method and apparatus for realizing the migration of virtual machine in virtual privately owned cloud.Wherein, described method comprises: the binding information between the Provider edge router safeguarded virtual machine binary identifier for identifying virtual machine and provide service for this virtual machine; When receiving the grouped data going to virtual machine, based on the binary identifier of received packet determination object virtual machine, and determine the Provider edge router that is associated with this binary identifier according to safeguarded binding information; Wherein, described grouped data will be routed to determined Provider edge router; The binary identifier of virtual machine comprises the private IP address of this virtual machine and can identify the specificator of Virtual Private Network at this virtual machine place.

Description

For realizing the method and apparatus of the migration of virtual machine in virtual privately owned cloud

Technical field

The present invention relates generally to network service.More specifically, the present invention relates to the migration of the virtual machine in virtual privately owned cloud.

Background technology

The appearance of cloud computing changes the computation schema of user terminal--and computer center is transferred to network side from client, significantly reduces the requirement of the serviceability to client.Such computing architecture makes thin-client become possibility, thus provides wider development space for client device.In addition, such computing architecture also makes to allow originally not possess Large Copacity, the client device of high process and computational speed uses more network application, and especially those require high calculating and the application of strong disposal ability.Therefore, cloud computing can provide renewal all more than any prior art, attractive service to client.The application that current cloud computing combines with thin-client becomes more and more popular, in future by one of focus becoming networking technology area.

In simple terms, cloud computing is mainly by Intel Virtualization Technology, and transferred to by the evaluation work on client device on the equipment in network, the equipment having accepted this evaluation work is often called cloud center visually, comprises such as resource pool, data center etc.Such cloud center can provide good fail safe, flexibility and extensibility for client device.

Be appreciated that client can expect the efficiency of service that cloud center can provide more and more higher, thus promote service quality, obtain good service experience.Therefore the virtual machine VM (VirtualMachine) of carrying out practically cloud center calculation task needs dynamically, adaptively to move to optimum position according to the state (such as where, when may use cloud computing service, needs are carried out which cloud computing etc.) that client is up-to-date, and has high flexibility.This not only needs hardware and software support, also needs the position dependence eliminating virtual machine simultaneously.That is, virtual machine should at multiple different or free migration between distributed cloud center.Like this, running the application based on cloud on a virtual machine for client device, is exactly be all available, addressable in any place, any time, and can meet the requirement of the concrete conditions such as the position of user and connection status.

Visible, realizing virtual machine (vm) migration is one of main path improving cloud center service efficiency.Several distributed cloud central integration can be got up (as conformity calculation resource, storage resources etc.) based on virtual machine (vm) migration, become a cloud center with better function.In addition, realize virtual machine (vm) migration and can also bring plurality of advantages, such as, the distribution of operating load can be improved by migration, facilitate the management at cloud center, improve whole system performance, the fault-tolerant ability improving cloud center etc.

Recently, privately owned cloud virtual privately owned cloud (VPC, VirtualPrivateCloud) one of developing direction becoming cloud computing in other words.Virtual privately owned cloud can by share or a part of resource of publicly-owned cloud be supplied to user and use.Utilize virtual privately owned cloud, the mode that cloud service can be connected by VPN and existing IP network infrastructure integrate.All multiple enterprises such as current Amazon, Google all develop so virtual privately owned cloud.

The object of VPN is used to be exactly realize isolation between multiple virtual privately owned cloud.Virtual machine in virtual privately owned cloud can be assigned with private IP address.When belonging to different VPN but the virtual machine having an identical private address crosses over wide area network migration simultaneously, address conflict can be produced in a network, cause PE to distinguish having two virtual machines of identical private address.Be used for realizing virtual machine in virtual privately owned cloud at present to cross over the scheme that wide area network carries out moving and be: in order to ensure that the IP address of the virtual machine of movement is unique in whole Networks Environment, namely, the IP address of the virtual machine in different VPN is avoided to collide with one another or overlapping, for the virtual machine with migration demand distributes public ip address.Like this, when there is migration in the virtual machine in virtual privately owned cloud, its private IP address is just mapped to the public ip address into it distributes by provider edge router, and then indicates destination to be where the grouping of this mobile virtual machine should be forwarded to by public ip address.

But along with the increasing of virtual machine with migration demand, such migration scheme will consume a large amount of public ip address, and its extensibility and efficiency are all more weak.In view of also needing the longer time just can complete conversion from IPv4 to IPv6, so the publicly-owned address in publicly-owned address, particularly IPv4 remains valuable Internet resources.

From above-mentioned, be badly in need of effective virtual machine (vm) migration scheme, make when do not expend or at least not at substantial public ip address, realize virtual machine based on the flexible migration in the virtual privately owned cloud of MPLSVPN.

Summary of the invention

In order to solve or at least alleviate the problems referred to above of the prior art, the invention provides a kind of for realizing virtual machine at the method and apparatus based on the migration in the virtual privately owned cloud of MPLSVPN, and corresponding computer program and store the computer-readable medium of computer-readable code.

According to a first aspect of the invention, provide a kind of for realizing the method that virtual machine moves in virtual privately owned cloud, described method comprises:

Binding information between the Provider edge router safeguarding virtual machine binary identifier for identifying virtual machine and provide service for this virtual machine;

When receiving the grouped data going to virtual machine, based on the binary identifier reception of packet being determined to object virtual machine, and determine the Provider edge router that is associated with this binary identifier according to safeguarded binding information;

Wherein, described grouped data will be routed to determined Provider edge router; The binary identifier of virtual machine comprises the private IP address of this virtual machine and can identify the specificator of Virtual Private Network at this virtual machine place.

Preferably, according to the determined Provider edge router be associated with binary identifier, the label switched path of described grouped data is determined.

According to a second aspect of the invention, provide a kind of method for realizing the migration of virtual machine in virtual privately owned cloud, described method comprises:

Binding information between the binary identifier safeguarding mark virtual machine and the Provider edge router providing service for this virtual machine;

When receiving about the renewal of safeguarded binding information or new binding information, upgrade the binding information safeguarded;

Under the message scenario receiving inquiry binding information, if the binding information inquired about to some extent in the binding information safeguarded, then responsively, send corresponding binding information; If there is no inquired about binding information in the binding information safeguarded and the message of described inquiry binding information send from Provider edge router, then inquire about this binding information to other route mapped devices, and obtained binding information is sent to described Provider edge router; Otherwise, inquire about this binding information to other route mapped devices, and responsively send the binding information obtained, or do not do any response;

Wherein, the binary identifier of virtual machine comprises the private IP address of this virtual machine and can identify the specificator of Virtual Private Network at this virtual machine place.

According to a third aspect of the invention we, provide a kind of equipment, this equipment comprises the device of any means for realizing said method and embodiments of the invention.

According to a forth aspect of the invention, provide a kind of equipment for realizing the migration of virtual machine in virtual privately owned cloud, described equipment comprises:

Transmit-Receive Unit, for receiving and sending messages;

Database, for the binding information between the virtual machine binary identifier of safeguarding mark virtual machine and the Provider edge router providing service for this virtual machine;

Binding information administrative unit, when receiving via Transmit-Receive Unit the grouped data going to virtual machine, based on the binary identifier reception of packet being determined to object virtual machine, and determine the Provider edge router that is associated with this binary identifier according to safeguarded binding information;

According to a fifth aspect of the invention, provide a kind of equipment for realizing the migration of virtual machine in virtual privately owned cloud, described equipment comprises:

Transmit-Receive Unit, for receiving and sending messages;

Binding information administrative unit, under the message scenario receiving inquiry binding information via Transmit-Receive Unit, if the binding information inquired about to some extent in the binding information safeguarded, then responsively, sends corresponding binding information via described Transmit-Receive Unit; If there is no inquired about binding information in the binding information safeguarded and the message of described inquiry binding information send from Provider edge router, then inquire about this binding information via described Transmit-Receive Unit to other route mapped devices, and obtained binding information is sent to described Provider edge router; Otherwise, inquire about this binding information via described Transmit-Receive Unit to other route mapped devices, and responsively send the binding information obtained, or do not do any response;

According to a sixth aspect of the invention, preceding method and any means according to embodiments of the invention realization can be realized by computer program.

According to a seventh aspect of the invention, provide a kind of equipment, it comprises interface, for receiving and the information of transmission; Memory, it stores the computer-executable code for realizing any means of the present invention or equipment; Processor, described processor can cause the computer-executable code that described memory stores to be performed by described equipment.

According to an eighth aspect of the invention, providing a kind of computer-readable recording medium, it storing the computer executable instructions for realizing method of the present invention or equipment.

According to the solution of the present invention, use virtual machine just can realize virtual machine based on the private IP address in the virtual privately owned cloud of MPLSVPN based on the migration in the virtual privately owned cloud of MPLSVPN.Make when migration occurs virtual machine, that is, when virtual machine becomes mobile virtual machine, without the need to distributing public ip address separately for it again.Like this, as long as need, adopt any one virtual machine in the network environment of the solution of the present invention can become the virtual machine of movement at any time.Thus, present invention achieves virtual machine based on the migration in the virtual privately owned cloud of MPLSVPN.For virtual privately owned cloud provider, use virtual machine migration technology of the present invention, can more easily by virtual privately owned cloud service and MPLSVPN integrated, and without the need to for its corresponding virtual privately owned cloud service or application build MPLS network especially.

And, in a preferred embodiment of the invention, for the virtual privately owned cloud center of the MPLSVPN based on multi-protocols (such as IPv4, IPv6 etc.), proposed ICMP message can be utilized to carry the message of the registration process in the present invention, utilize expansion bgp update message (Updatemessage) to carry the message such as renewal, inquiry, notice of the relevant binding information in the present invention.Like this, achieve the minimum change to existing networking operational environment, communication protocol, communication equipment, minimize the impact on available frame.In addition, in another preferred embodiment, in above-mentioned message, new optional non-transitive attribute is introduced as the expansion to existing protocol.Like this, furthermore achieved that and the compatibility of existing network framework (not supporting that the network equipment of the present invention directly can abandon the information related to the present invention received).

Accompanying drawing explanation

By the detailed description of carrying out below in conjunction with accompanying drawing, further understanding will be had to the present invention, thus other characteristic of above-mentioned and other advantages of the present invention, disclosed exemplary embodiment and advantage will become obvious to those skilled in the art.It is to be noted, however, that no matter be accompanying drawing or instantiation hereinafter, all just in order to the exemplary description that thinking of the present invention is made is described, should by as the restriction to any aspect of the present invention.Protection scope of the present invention is limited by the content of claims and equivalents thereof.In the accompanying drawings,

Fig. 1 schematically shows a kind of exemplary network architecture for implementing the solution of the present invention;

Fig. 2 schematically shows according to one embodiment of present invention in the processing procedure at PE place.

Fig. 3 a schematically shows and can be deployed on pe router for realizing the block diagram of the equipment of one embodiment of the present of invention.

Fig. 3 b schematically shows the schematic block diagram of another embodiment for implementing equipment of the present invention.

Fig. 4 shows the exemplary preferred network framework of another kind for implementing the solution of the present invention.

Fig. 5 schematically shows the processing procedure performed at ARR place according to one embodiment of present invention.

Fig. 6 a illustrate according to one embodiment of present invention at ARR place for realizing the block diagram of the equipment of the solution of the present invention.

Fig. 6 b illustrate according to another embodiment of the invention at ARR place for realizing the block diagram of the equipment of the solution of the present invention.

Fig. 7 schematically shows VM through carrying out with client device the handling process that communicates to PE registration.

Fig. 8 schematically shows the communication instance of VM when migration occurs intra-zone between client and VM according to one embodiment of present invention.

Fig. 9 schematically shows the communication instance of VM when interregional generation migration between client and VM according to one embodiment of present invention.

Embodiment

Fig. 1 illustrates a kind of exemplary network architecture for implementing the solution of the present invention.To those skilled in the art, as shown in Figure 1, identical with the MPLSVPN networking operational environment being integrated with virtual privately owned cloud in prior art for implementing network environment of the present invention.That is, can by being directly attached in existing network implementing the present invention, without the need to making change to existing network frame by realizing method of the present invention, function, equipment according to the solution of the present invention.This also embodies the good compatibility of the present invention.

As shown in Figure 1, MPLSVPN network comprises Provider edge router PE (ProviderEdge), that is, tag edge router LER (LabelEdgeRouter) and provider P (Provider) router.VPC provider station network A, B, C and VPC serve predetermined network and comprise Customer Edge router CE (CE, CustomerEdge) and common user C (Customer) router.Wherein, pe router has and is connected with the direct layer 3 of CE, and here, CE is the edge router that VPC provider station network or VPC serve in predetermined network.And P router only communicates with other P routers and pe router, and direct network can not be set up with CE and be connected.As well known to the skilled person, C router is all connected by ce router and pe router, and ce router has all been come by PE with extraneous all communications.Particularly, when virtual machine VM or client need to communicate with the external world, it, by corresponding C router, is connected on PE (in this case, being also referred to as entry PE) via ce router.Then, be responsible for data packet encapsulation internal layer waiting for transmission and outer layer label by PE, and then transmit between P router, until transfer data to determined outlet PE router according to outer layer label.So outlet PE router carries out decapsulation to label, and client packet is transmitted to as the destination of transmission or VM.From above-mentioned, in the architecture, the treatment mechanism of data plane is same as the prior art.That is, divide into groups to be carried out additional label as prefix by according to its forwarding equivalence class, and be delivered to another PE along label switched path (LSR) from a PE.As described below, the solution of the present invention has made improvement at control plane.

In order to support that VM crosses over the migration of MPLS network in VPC, the present invention marks each VM in the mode of binary, that is, specificator and private address.Here, specificator is used for marking the VPN at VM place, to distinguish different MPLSVPN, and then the VM with identical private IP address can be distinguished each other mutually.Here, specificator can be any type of identifier that can be used for distinguishing different VPN, such as, include, but are not limited to the identifier of VPC and/or VPN identifying VM place.The identifier being used for identifying VPN such as it is possible to the route-distinguisher RD (RouteDistinguisher) that the whole network identifies specific VPN uniquely.As long as be appreciated that specificator can identify the different VPN in network, so for PE, the VM with identical private IP address just can be identified.And in some cases, VPC often only includes a VPN.In this case, alternately, the different VPN that the identifier identified VPC comes in diffServ network can be used.That is, use the identifier of VPC as the specificator in the present invention, the VM address conflict issues at PE place can be avoided too.Especially, implement in network environment of the present invention using the identifier of VPC as specificator, if there is the VPC including multiple VPN, then can mark the VPN in this VPC respectively, and use the identifier of the specific VPN in the identifier of VPC and this VPC of mark as specificator of the present invention.Like this, in the later case, even if the virtual machine being arranged in the different Virtual Private Network of a VPC two has identical private address, also can by another element in specificator---VPN identifier is distinguished the virtual machine in the different VPN of same VPC.Particularly, such as, if A comprises multiple Virtual Private Network a, b, c etc. in a virtual privately owned cloud, then VPC and VPN can be used to come jointly, identify the VPN at VM place uniquely, such as Aa, Ab, Ac etc., and it can be used as the specificator in the identifier of virtual machine VM.

Easy understand, except utilizing the existing attribute can distinguished different VPN, directly can re-start mark to the VPN in network.Then, using the identifier again identified as the specificator in the identifier of virtual machine VM.As a result, the VM in network has unique identifier, this for when not additional allocation public ip address VM cross over MPLS network and arbitrarily move that provide may (As mentioned above).

In the present invention, the use of this binary identifier of virtual machine VM mainly realizes on pe router.In a preferred embodiment of the invention, the specificator in the binary identifier of virtual machine VM, such as, RD utilizes the existing parameter in network to distinguish the VPN at VM place.And when using data packet transfer mode of the prior art, PE just can determine and utilize such specificator to be distinguished VM.In addition, the binary identifier for VM that the present invention proposes no matter to the P router in MPLSVPN network, or concerning VPC provider website or subscribe network (CE, C router in such as network), is all transparent.In above preferred embodiment, reduce substantially and implement complexity of the present invention, and the impact of the network minimized VPC provider website and VPC service subscription network.

In other embodiments, if according to existing data packet transfer mode, PE can not obtain such specificator, then may need the cooperation of the equipment (such as ce router) in VPC provider website or VPC service subscription network.Particularly, such as, extraly required specificator is added to by CE and mail in the packet of PE, or directly send to PE by message that is existing or newtype.

About the operation relevant to the binary identifier of VM at PE place, Fig. 2 schematically shows according to one embodiment of present invention in the processing procedure at PE place.As shown in Figure 2, PE safeguards the binding information that the service PE of VM and this VM is such.That is, binding information embodies the mapping relations of certain a virtual machine VM and specific PE.For a binding information, (this will be described in more detail below) after virtual machine VM that the binary identifier in binding information represents successfully is registered to a PE can be considered as, the PE bound with this binary identifier becomes the service PE of this virtual machine, that is, this virtual machine has been tied to this PE in logic.

Table 1 below illustrates the list about VM binding information that pe router is safeguarded.Here, the binary identifier of virtual machine VM is expressed as VMID (VirtualMachineIdentifier), and using RD as specificator.The embodiments of the invention provided herein are most is that specificator is described with RD, but it will be appreciated by those skilled in the art that RD just a kind of schematically citing.As mentioned above, any existing, be in exploitation and following that occur or can determine that virtual machine VM belongs to the identifier of which virtual private network what to implement in the solution of the present invention process definition separately, can as the specificator in VM binary identifier of the present invention.In addition, as shown in table 1, with the IP address serving PE, service PE is identified.Be appreciated that the information adopting other is also feasible to identify different PE, the present invention no longer endures at this and states.

The list of table 1VM binding information

Wherein, PE safeguards the binding information (details that VM registers to PE will be described hereinafter) of VM, have recorded the binary identifier of VM respectively, comprises specificator and private IP address, and corresponding with this VM provides the PE of service for it.Here, for the specific PE safeguarding binding information, what indicate in the binding information safeguarded provides the service PE of service may safeguard the PE self of this binding information exactly for a certain VM, also may be other PE in network.That is, PE not only safeguards the binding information of the VM accepting its service, preferably also safeguards there is the binding information establishing the VM that logic binding associates with other PE.

When PE receives grouping, determine whether this grouping is the packet of going to virtual machine VM.If the destination of the packet received is virtual machine, then PE can determine the binary identifier of object virtual machine.Such as, if in the binary identifier of VM, specificator is RD, then PE can be from which input interface input of PE according to the packet received, and directly determines the RD of this VM.So, PE using determined with the RD of the VPN at object virtual machine place and the object IP address (private IP address) of this grouping as the binary identifier of the object virtual machine VM of this packet.So PE searches safeguarded binding information, and determine that this packet is by the outlet PE be routed to (that is, bind with object VM and provide the PE of service for it) according to the binding information safeguarded, operation end.

So as known in the art, grouping will be routed to determined outlet PE, and be finally routed to object virtual machine VM.Well known to those skilled in the art, in MPLSVPN, the label switched path of packet depends on the forwarding equivalence class of grouping (forwardingequivalenceclass).In the present invention, the IP address of the service PE that the forwarding equivalence class going to the packet of object VM is tied to according to object VM at entry PE place is determined.That is, the forwarding equivalence class of packet does not directly associate with the private IP address of object VM, but its being tied to object VM to serve PE relevant.

When being appreciated that the negligible amounts of or mobile virtual machine less in network size, disposing each PE and all safeguard that the binding information of all mobile virtual machines is feasible.But, if network size is larger, or when there is a considerable amount of mobile virtual machine, the whole PE guaranteeing in network safeguard the binding information of all mobile VM at any time, by the Internet resources (by producing a large amount of traffics for this reason) of at substantial.In this case, the binding information that PE safeguards a part of mobile VM can be disposed.If PE receives the packet of going to a certain VM but do not have the binding information about this object VM in the binding information oneself safeguarded, then PE can to other PE, the PE of communication connection is crossed in such as nearest and its foundation, or all PE send message, so that the binding information that inquiry is relevant to object VM.So PE according to the binding information about this object VM received, according to the method shown in Fig. 2, can carry out route to grouped data.

In one exemplary embodiment, only may there is the situation of inquiring about specific VM binding information each other between the binding information of service portion VM and then PE for PE, in the VM binding information list that PE safeguards, add query note, namely, inquiry PEID row, as shown in Table 2 below.And, as shown in Table 2, for more than one of the query note possibility of same binding information, also may up to the present also not about the query note of this binding information.The advantage increasing query note is, when the binding information safeguarded when PE place changes, the change notification of binding information can be given other PE sending query messages to it by PE.In addition, be appreciated that if be applicable to, inform when the binding information that PE also can safeguard at it changes selected a part of PE (such as inquired about to it information, apart from this PE certain limit, etc.) or inform all PE.Extraly or additionally, corresponding with such scheme, PE can also safeguard such information: it sent Query Information to which PE.Thus, when needing to other PE inquiry maintenance information next time, query messages can be sent preferably to some or all in these PE.

The binding information list that table 2PE safeguards

In addition, since the virtual machine in the present invention can cross over the migration of MPLSVPN network freedom in VPC, so possible situation is, in the transmitting procedure of packet, the object VM of this packet there occurs migration.That is, along with the migration of object VM, its service PE will change.In this case, preferably, because entry PE has determined the label switched path of packet, so the service PE that packet will be routed to before object VM migration according to the binding information before its object VM migration safeguarded.Service PE is before in object VM migration and after binding with new service PE, will receive the notice from new service PE, and obtains moving the new binding information (will be described in more detail below) of VM about this.Like this, even if the movement of VM causes for the PE of its service changes and then causes binding information also to there occurs change, but because service pe router before knows the new service PE that VM is tied to, so packet can be transmitted to new service PE by the label switched path be responsible for by setting up temporarily by pe router before, and then arrive VM.Until entry PE router obtains the new binding information of object VM.After entry PE obtains new binding information, PE is by based on new binding information determination label switched path.So packet will be routed directly to the new service PE of object VM.By such scheme, ensure that the continuity of communication and service.

Be appreciated that, if virtual machine VM is not gone in the packet that PE receives, namely, packet goes to client device (in other words, this packet mails to client device from VM or other common clients), then PE processes grouping as prior art.And if packet sends self virtualizing machine, and this virtual machine there occurs migration in the process sending packet, then the new service PE that virtual machine is tied to by it after migration carries out the transmission of packet.

Alternatively, except maintenance mentioned above, inquiry binding information, in a preferred embodiment, PE be also responsible for accepting mobile virtual machine VM registration (thus the binary identifier of virtual machine and pe router are bound), existing binding information is upgraded, distribute in binding information etc. one or more.To describe in detail below.It should be noted that, in preferred embodiment described below, in order to minimize the change to existing communication agreement, network settings, the present invention is directed to and use the MPLSVPN network environment of bgp protocol, describe in detail how by the existing message in existing protocol---the present invention is implemented in the expansion of bgp update message.In exemplary embodiment hereafter, by introducing new multiprotocol bgp (MultipleProtocol-BGP) attribute, the operations such as above-mentioned inquiry, registration, renewal, distribution are carried out.But, those skilled in the art can understand, the any cited specificity information of value in the attribute of any definition hereinafter mentioned, the concrete structure (set field) of message, field, specific message of using etc., all the object for the solution of the present invention is described, instead of limitation of the present invention.To those skilled in the art, according to follow existing of concrete network environment, application demand, the at present network operation or agreement that is in exploitation or that occur in the future can be in, select suitable type of message, structure and concrete value.

When with the VPC provider station network that can communicate with one another in PE operation or VPC service subscription network in there is virtual machine VM time, in order to realize the communication with the external world, VM will initiate the registration process to the pe router communicated with the ce router in the network at its place.By such registration process, virtual machine is tied to specific pe router, thus with its foundation associating in logic.Like this, the packet of mailing to this VM just can be determined the label switched path of grouping according to this binding relationship by entry PE, and then be transmitted to the service PE of this VM.Next, serve PE, according to this binding relationship, the packet received is sent to object VM (through CE, C router, transmitting as prior art).So the binding information according to VM just can be addressed to this VM, no matter whether this VM has moved to other VPC.

Particularly, the registration message that VM sends can be called that migration ena-bung function MEF (MigrationEnablementFunction) finds message (discoverymessage).Here, CE is as the intermediate node between VM and PE, and this message directly can be transmitted to the PE with it with annexation by CE.So the PE receiving this message can determine it is that the MEF of VM finds message according to type of message, that is, has occurred mobile virtual machine in the region at the ce router place that PE is responsible for.So PE obtains the private IP address of this VM according to the message received, and according to the input interface determination specificator of message, such as RD.Like this, PE can set up this VM and the binding relationship of oneself, and is added to by this binding information in its binding information list safeguarded.And based on the reception this MEF being found to message, pe router responds with MEF notice message (advertisementmessage).In this notice message, the identifier of PE oneself (ID) can be informed to VM by PE.If virtual machine VM is successfully registered to a PE, that is, this PE becomes the service PE of this virtual machine, then can be for being tied to this PE in logic by this virtual machine.

If send MEF to find that the message VM that carries out registering comes from the station network migration of the diverse location of same VPC, then preferably, PE old before also including migration in this discovery message (if this PE also promising its ARR of route reflection is provided, then can also comprise ARR).The benefit done like this is, with this move VM establish bind the new service PE associated new binding information can be sent to old PE (and the ARR of old PE, if any).Like this, just can ensure to occur in the process of migration at VM, VM still can correctly receive mail to this VM packet (by old service PE by the forwarding of packets that receives to new PE, if any), and do not have the situation of packet loss.That is, the continuity of transfer of data can be ensured like this.But, be appreciated that this is not necessarily.On the contrary, only a preferred embodiment of the present invention.Easy understand, if MEF finds the information do not included in message about old PE, then can send to the modes such as all PE to ensure the accuracy of transmitted in packets to a certain extent when determining new binding information by re-transmission or PE.

In a preferred embodiment, find that message is from existing ICMP (InternetControlMessageProtocol, internet control message protocol) route request information (RouterSolicitationmessage) expands (within the message, ICMP type field is set as 10).Particularly, by ICMP code field is set to original value C1, type code be set to 0 represent this message be MEF find message.In addition, as known to those skilled in the art, type-length-value (type-length-value) form can realize code analysis and have good protocol extension faster.Accordingly, in a preferred embodiment, the message related in the present invention uses TLV coded system acquiescently.Particularly, such as, message can comprise the type field of 1 byte, the code field of 1 byte, the School Affairs of 2 bytes, length are 1 byte respectively type code field and length field is found.In addition, such example message preferably comprises old PE field, old ARR field (if being deployed with ARR Router Reflector in network), and association id field.Wherein, if VM initiates registration process first time, then (old ARR field, can be set to 0 to old PE field if any).Association id field is a sequence number, be used for identifying discovery message that VM in this registration process sends and PE to this notice responded this to message.

Correspondingly, the MEF notice message of PE feedback expands from ICMP advertising of route message (RouterAdvertisementmessage).Corresponding with above-mentioned discovery message, ICMP type field is 9, and by untapped value C2, type code value 1 as the mark to this notice message.By ARR (if any) that notice VM provides the PE of service for it and provides route to map for this service PE in this message.In addition, if find to include above-mentioned association id field in message, then notice message also correspondingly comprises the association ID with identical value, to show that this message is the response for the discovery message with identical association ID value.

In addition, in a preferred embodiment, after determining binding information, pe router this new binding information can also to be informed in network the part pe router selected, such as, there is with it at present the PE of communication connection relation, apart from the PE in its certain limit, or once sent the PE (this shows that these PE once had communication with this pe router) of query messages to this PE, or also can be every other PE.But, be appreciated that such Information issued is not enforceable for PE.As an alternative, PE also can not send (or in some cases, such as, when network traffic is excessive) new binding information.In this case, PE when receiving the query messages from the VM identified about this binding information of other PE, just can feed back.

Preferably, if the VM binding information that it will just register by PE is distributed to other PE, then in order to better with the compatibility of existing network and communication protocol, MP-BGP can be used to expand.For this reason, a pair new attribute---<AFI, SAFI> all different from the attribute set in existing agreement can be increased, to realize back compatible.Here, AFI and SAFI is Address-Family Identifier symbol (AddressFamilyIdentifier) and subsequent address race identifier (SubsequentAddressFamilyIdentifier) respectively, introduces this attribute to represent the address race about virtual machine (vm) migration.

In the exemplary embodiment, PE uses bgp update message (Updatemessage) to transmit this new binding information to other PE.Within the message, MP_REACH_NLRI and MP_UNREACH_NLRI attribute in existing protocol is all set to optional non-transitive attribute, and utilize in the invention described above to distinguish mutually and the <AFI introduced with the existing information of carrying in MP_REACH_NLRI and MP_UNREACH_NLRI attribute, SAFI> couple, such as <A1, S1> to identifying, namely, AFI=A1, SAFI=S1.Like this, the present invention can be made to possess compatibility and minimum impact is brought on existing routing mechanism.This is because, because its attribute is optional non-transitive, so do not support that the information carried in this attribute is just ignored by the equipment of the virtual machine (vm) migration function in the present invention, and be no longer transmitted to other peer device.Be understandable that, here, A1, S1 are exemplary, one of ordinary skill in the art will readily recognize that can set any other suitable value, characters etc. in specific implementation process.

Wherein, can be understood by the name of above-mentioned attribute, MP_REACH_NLRI is used for upgrading the Network layer reachability information NLRI (NetworkLayerReachabilityInformation) relevant to virtual machine binding information, and MP_UNREACH_NLRI is then used to abandon the NLRI be associated with virtual machine binding information.Here, these two attributes when PE can be notified binding information to other PE in the bgp update message that send modify and particularly called after MP_REACH_VMB and MP_UNREACH_VMB (to distinguish with existing MP_REACH_NLRI and MP_UNREACH_NLRI, and distinguish mutually with the message that sends in other situations of the present invention, thus be convenient to describe and understand the present invention), for carrying binding information of the present invention.In one exemplary embodiment, MP_REACH_VMB and MP_UNREACH_VMB containing VM binding information can comprise following field (making amendment relative to existing MP_REACH_NLRI and MP_UNREACH_NLRI): the AFI (value is A1) of 2 bytes, the field such as SAFI (value is S1), VM binding information field, next-hop network address size, reserved field of 1 byte.

In addition, in bgp update message, NLRI encodes the service PE of the binary identifier (VMID) of the object router id comprising this updating message, VM, this VMID, serves ARR, and last service PE, last service ARRID (if be deployed with ARR in network, VM also set up the words of binding relationship with other PE before this).

As mentioned before, preferably, if VM to move in VPC a new position and establishes new binding information with new PE from the position of VPC, then this new binding information is sent to old PE by updating message by new PE.Like this, old service PE just knows where having moved to of VM.

In addition, as previously mentioned, in the binding information list that PE safeguards, the binding information of whole mobile VM may do not comprised.When PE needs to send query messages to other PE (or to the ARR in other networking operational environments hereafter), in one exemplary embodiment, PE still uses bgp update message to carry Query Information.Here, will in this case (in query messages) MP_REACH_NLRI attribute modify and called after MP_VMB_QUERY particularly, for carrying the information relevant with inquiry of the present invention.In order to distinguish with the updating message that PE initiatively sends before this, in query messages, the value of attribute <AFI, SAFI> is <A1, S2>.In addition, the information such as binary identifier of VM in the ID including the pe router sending this query messages in this message, the quantity (one can inquire about many binding informations in query messages) of VMID that inquire about, the VMID that will inquire about.

In a preferred embodiment of the invention, MPLSVPN network is divided into some regions as prior art, and the pe router having a route mapper RR to be responsible in the region at its place in each region provides route reflection.In this case, above-mentioned query messages is then send to service ARR for this PE provides route to map from inquiry PE, sent to the service ARR of object PE again by ARR, then just send to object PE by the service ARR of object PE, instead of directly mail to another PE from PE.And such query messages can comprise the ID of the ARR of the pe router sending query messages.In addition, since network is divided into some regions, the PE so sending query messages and the PE that will receive this query messages may be in same region, namely, the service ARR of two PE is identical, or is in different regions (its service ARR is naturally also just different).In the present invention, the previous case is called in region and upwards binds inquiry, latter event is called interregional binding is inquired about.For these two kinds different types, the type code that can set different value in query messages is distinguished.Subsequently, based on the reception to query messages, if ARR finds the binding information inquired about to some extent in the binding information list safeguarded at it, then no longer forward this query messages, and corresponding binding information is sent to the PE that have issued query messages.Otherwise this ARR is to the message of other ARR (such as, current foundation has the ARR of correspondence, sets up one or more ARR, all ARR etc. that have in the ARR of correspondence, distance certain limit before this) this binding information of transmission inquiry in network.

Next, if certain PE or ARR (if being deployed with ARR in network) have received the query messages from other PE or ARR, then judge whether that there is inquired about binding information.If no, then directly ignore this query messages.If had, then respond with VM binding information notice.Preferably, ARR should respond in predetermined time section.And, preferably, if ARR is except binding information, also safeguards there is query note, then correspondingly safeguarded query note is upgraded.Particularly, in a preferred embodiment, this notification message uses bgp update message to realize.In this updating message, similarly, MP_REACH_NLRI attribute is modified and concrete called after MP_VMB_NTFC, for carrying binding information of the present invention.In order to the updating message, the query messages that initiatively send with PE are before this distinguished mutually, in binding information notification message, the value of attribute <AFI, SAFI> is <A1, S3>.In addition, comprise the VMID inquired about to some extent, the service PEID bound with this virtual machine in this message, serve ARRID.In addition, if contained in certain query messages the inquiry more than the binding information of, or this inquiry is interregional inquiry, then can also comprise the PEID sending query messages in binding information notification message and serve ARRID accordingly.

Similar with the situation sending query messages, correspond respectively to upwards binding inquiry and interregional binding inquiry in region, binding information notification message is respectively binding notice downwards and interregional binding notice in region.Wherein, in region when binding notice downwards, inquiring about PE, ARR identifier field in message can omit.In addition, if VM there occurs migration, and when old service PE receives the message about binding information from new PE, the binding information received can be reported to its service ARR by old PE.Then, the service ARR of the PE that this update notification of binding information can newly be tied to VM by service ARR (certainly, inform its corresponding service ARR by new service PE to be also fine), such notification message is called as binding information database notification message.In order to distinguish these three kinds dissimilar message, type code field can be additionally set in an announcement message, and distinguish three kinds of different types by different values.

Composition graphs 2 and relevant table describe the relevant operational related to the present invention that will realize according to PE of the present invention in detail above.Illustrate in pe router to realize the structural relative set that the solution of the present invention is made below in conjunction with Fig. 3 a, 3b.

Fig. 3 a schematically shows and can be deployed on pe router for realizing the block diagram of the equipment of one embodiment of the present of invention.As shown in Figure 3 a, equipment can comprise the device of the binding information for safeguarding VM, and for determining the device of its corresponding service PE for specific VM binary identifier.From the structure of Fig. 3 a, the structure of this equipment is corresponding with the method illustrated in Fig. 2.Such equipment can be realized by computer program code.And the various operations relevant with PE can be realized by the corresponding device be deployed on PE in the method for composition graphs 2 description above.No longer endure at this and state.It should be noted that and it will be understood by those skilled in the art that the device for performing an operation in said method can be one, also can be multiple, vice versa.

Fig. 3 b schematically shows the schematic block diagram of another embodiment for implementing equipment of the present invention.This equipment includes device for safeguarding binding information and binding information management devices.Wherein, binding information management devices is used for inquiring about the device of maintenance information according to one of the binary identifier or service both PE of VM, and forwards packet according to the binding information inquired.In addition, binding information management devices can also perform the registration of the VM that will be described in more detail below, and the renewal, inquiry etc. of binding information are except safeguarding that binding information is external PE to need the operation related to the present invention performed.Be appreciated that the equipment shown in Fig. 3 b can be realized by software, hardware or its combination.Such as, when this equipment is realized by software, safeguard that the device of binding information can be the list of binding information, binding information management devices can be the executable code command of computer.When equipment is realized by hardware, safeguard that the device of binding information can be database.

The networking operational environment described in conjunction with the present invention is so far more suitable for the situation that network size is not too large, pe router is not many.It is contemplated that even have in the applied environment of many mobile virtual machines being deployed with a large amount of pe router, the efficiency of the execution mode introduced above may decline.To this, the present invention proposes substituting execution mode, its network environment as shown in Figure 4.

Fig. 4 shows the exemplary preferred network framework of another kind for implementing the solution of the present invention.In the preferred embodiment, consider for autgmentability, MPLSVPN network is divided into some regions as prior art.In each area, there is a Router Reflector RR (AreaRouteReflector), its all PE be responsible in this region provide route reflection.As is well known, there is dissimilar Router Reflector RR, such as Partial route reflector ARR (AreaRouteReflector) etc.In Fig. 4, introduce network environment using ARR as Router Reflector example.In this network environment, in order to keep good autgmentability, unless expressly stated to the contrary, otherwise under normal circumstances pe router only carry out with the ARR served for this PE in its region with binding information relevant as upgraded, the communication such as inquiry, directly do not carry out the communication about binding information with other PE.Correspondingly, ARR carries out the communication relevant with binding information each other, and ARR can not cross other ARR and directly carry out the communication relevant with binding information with the PE in these other ARR regions.In other words, in order to strengthen autgmentability, between PE, directly do not distribute VM binding information data.Transmit between the ARR of information in PE and this PE region such as inquiry, renewal of VM binding information, or transmit between ARR.

Such as, when PE receives the registration of a VM thus produces new binding information, in this example, this binding information is informed to its service ARR by PE, instead of directly this binding information is informed to other PE.Then, determine which ARR binding information is informed to by this service ARR, such as, in distance certain limit, current or once set up communication connection or all ARR.Next, such binding information is informed to the PE in its region by ARR again that receive this binding information.Here be used for notifying that the message of new binding information can be identical with previously mentioned VM binding information updating message.

An exception for mentioned above principle is, when VM occurs move and be registered to new service PE, new binding information directly can be informed to old service PE (being informed to the service ARR of old service PE again by old service PE) by this new service PE.Certainly, as above, first inform its service ARR by new service PE, then inform old service ARR by service ARR, and then final notice is also feasible to old service PE.

Fig. 5 schematically shows the processing procedure performed at ARR place according to one embodiment of present invention.As shown in Figure 5, ARR safeguards the binding information having the service PE of VM and this VM, preferably, also comprises and serves ARR accordingly.An exemplary embodiment of the binding information list that ARR safeguards is shown in Table 3.

As shown in table 3, when being deployed with ARR in a network and being responsible for the route reflection about PE by ARR, an element can be added in VM binding information mentioned above: service ARR.That is, in binding information, corresponding with VM binary identifier or bind except providing except the PEID of service for this virtual machine VM, be also included as this service PE and provide route reflection and then also for virtual machine VM provides the service ARRID of service.At this moment, binding information can be considered as the entry containing three: < binding information, service PE, service ARR>.The binding information list that in table 3, institute's column information and PE safeguard is close, no longer elaborates here.

The binding information list that table 3ARR safeguards

In addition, can safeguard that query note is similar to the PE of previous example, also can additional queries record in the binding information list that ARR safeguards.Similarly, such query note can be extended to the entry containing two: < serves PE, service ARR>.And, it should be noted that the PE sending query messages to ARR is that the virtual machine identified for this VM binding information provides the situation of the PE of service to be also possible.Such as, this service PE lost partial data due to the reason such as equipment fault, network problem.

Next, get back to Fig. 5, as shown in the figure, if ARR receives the message of the renewal about binding information, then the list that it is safeguarded is upgraded accordingly, and the PE this lastest imformation is transmitted in its region and/or other ARR.If ARR receives the query messages about binding information, then respond with inquired about binding information.Particularly, if ARR safeguards the binding information inquired about to some extent, then directly to respond with corresponding binding information.Otherwise if that send query messages is PE, then first ARR inquires about this binding information from other ARR, and then obtained binding information is sent to this PE.If that send query messages is ARR, then the ARR receiving query messages can process as the query messages processed from PE, when not having corresponding binding information in the information also can safeguarded when oneself, ignores this query messages.

Although it should be noted that Fig. 5 illustrates sequentially and describes the exemplary operation at ARR place above with reference to Fig. 5, do not show that the operation as shown in Figure 5 that ARR carries out has specific order.Easy understand, obviously do not need to be updated to prerequisite to binding information to the inquiry of binding information, vice versa.That is, the operation of two shown in Fig. 5 can perform independently on ARR, and the association on having no time each other, both both can be performed in succession, also can perform simultaneously.

Fig. 6 a, 6b illustrate at ARR place for realizing the block diagram of the equipment of the solution of the present invention.Wherein, the device structure shown in Fig. 6 a is corresponding with the operating process shown in Fig. 5.As shown in Figure 6 a, equipment can comprise the device of the binding information for safeguarding VM, the binding information updating device of VM, and for retrieving the device of binding information.From the structure of Fig. 6 a, the structure of this equipment is corresponding with the method illustrated in Fig. 5.Such equipment can be realized by computer program code.And various operations relevant with ARR in above-described method can be realized by the corresponding device be deployed on ARR.No longer endure at this and state.It should be noted that and it will be understood by those skilled in the art that the device for performing an operation in said method can be one, also can be multiple, vice versa.

Fig. 6 b schematically shows the schematic block diagram of another embodiment for implementing equipment of the present invention.Identical with the structure shown in Fig. 3 b, equipment can include device for safeguarding binding information and binding information management devices.Wherein, binding information management devices is used for, according to the information received, upgrading, or process the query messages received safeguarded binding information.Be appreciated that the equipment shown in Fig. 6 b can be realized by software, hardware or its combination.Such as, when this equipment is realized by software, safeguard that the device of binding information can be the list of binding information, binding information management devices can be the executable code command of computer.When equipment is realized by hardware, safeguard that the device of binding information can be database.

Describe the network environment for implementing some embodiments of the present invention above, and in order to implement configuration structure that the present invention sets up on the network equipment PE, ARR and process accordingly.It will be understood by those skilled in the art that the configuration that can also dispose other in the said equipment thus realize other function additional.

Some embodiments of the present invention are described above from the angle of Provider edge router PE, Partial route mapper ARR.Below, by registering from virtual machine VM, communicate and there occurs the angle of migration in the communications, the solution of the present invention is introduced.

Fig. 7 schematically shows VM through carrying out with client device the handling process that communicates to PE registration.As shown in Figure 7, in step 701, complete registration process.Particularly, VM sends discovery message via CE10 router to PE11 router, and PE11 responds with MEF notice message.So VM is successfully registered to PE, its service PE is PE11, and service ARR is ARR1.And PE11 according to which interface of this message from PE enters in this process, determines the RD of VM.

In step 702, PE11 sends virtual machine binding information updating message, this new binding information is informed to ARR1 to its service ARR1.Based on the reception to this message, to it, ARR1 safeguards that the list of volume binding information upgrades.

In step 703, client device has initiated the packet that destination is this VM.This packet is forwarded to PE33 via CE30.PE33 searches its binding information list safeguarded, but does not find corresponding binding information.This may be because client just have sent packet before ARR1 sends the renewal of binding information to other ARR, or because the renewal of this binding information does not send to ARR3 (such as by ARR1, ARR1 and ARR3 is current not to establish a communications link, or do not set up communication connection between this first two ARR, or both are distant).

In step 704, PE33 sends binding information query messages (upwards inquiring about in region) to its service ARR3.Here, ARR3 finds also do not have corresponding binding information in the binding information table oneself safeguarded, so send binding information query messages (interregional inquiry) to other ARR.

In step 705, when ARR1 receives the binding information query messages from ARR3, search the database of oneself, and the binding information of the coupling retrieved is sent to ARR3.Then, the binding information received is sent to PE33 downwards with VM binding information notification message by ARR3.

In step 706, after PE33 receives this binding information, the service PE and the service ARR that just know object VM are PE11 and ARR1 respectively.So PE33 upgrades its binding information list safeguarded, and is this packet determination label switched path according to the IP address of PE11.

Finally, in step 707, between PE33 and PE11, establish communication connection, thus achieve the communication between client and object VM.

Fig. 8 schematically shows the communication instance of VM when migration occurs intra-zone between client and VM according to one embodiment of present invention.Here, the migration of intra-zone represents, VM has moved to the station network of the diverse location in the same VPC that communicates with another PE.But the old service PE bound with this VM before and after migration and new service PE has identical service ARR.Such as, when VM slave site network A moves to station network B, its old service PE (PE11) and new service PE (PE12) is in the region of same service ARR (ARR1).

As shown in Figure 8, in step 801, VM has been registered to service PE11 and ARR1, and is communicated by MPLSLSP with between client.

In step 802, VM there occurs migration, and sends MEF discovery message to PE12 via CE20, and carries the ID (being such as IP address) of old PE, old ARR within the message.When receiving the message, PE12 knows that this moves in a region, because the service ARR of old PE is identical with the service ARR of oneself.Here, PE12 feeds back MEF notice message to VM.Thus VM is successfully registered to new service PE12.So the label switched path that the grouping of mailing to client device from this VM is set up between PE12 and PE33 transmits.

In step 803, PE12 sends this binding information updating message respectively to old PE11 and the service ARR1 of oneself.Within the message, as described above, by comprise this VM binary identifier and with the new service PE of its binding, serve ARR.

In step 804, based on the reception to this binding information updating message, PE11 knows that VM moves to PE12, and upgrades its binding information list (that is, changing the service PE of this VM into PE12 from PE11) safeguarded.And PE11 will keep such amendment information always, until receive the VM binding information updating message including MP_UNREACH_VMB attribute (see step 806) mentioned above.It should be noted that this not necessarily, such as, PE can also keep such amendment information predetermined time section.Alternatively, even if old service PE (PE11) does not retain such amendment, the data of loss also can be reissued by the mode retransmitted.

So within this period, the packet of going to VM is still sent to PE11.Then, PE11 by interim LSP by these forwarding of packets of receiving to the new service PE (PE12) of VM.Finally, by PE12, packet is transmitted to VM.

In step 805, when receiving the binding confidence updating message from PE12, ARR1 knows VM still in its coverage, and upgrades accordingly the binding information list that it is safeguarded.Then, this binding information updating message is sent to selected some or all ARR (interregional binding information upgrades) by ARR1, such as send to the transmission of recording in the query note safeguarded at it the ARR of query messages, current, once to set up communication connection ARR, the ARR etc. in distance certain limit.

After receiving binding information updating message, ARR3 it is transmitted to downwards current in PE33 in its region or its region, once inquired about or safeguarded the PE of relevant information.

In step 806, the PE33 setting up communication connection with the service PE that shows in binding information is aware of to new PE and ARR of object VM.So PE33 upgrades the information that it is safeguarded, and determine the new label switched path of the packet of this VM according to the IP address of new service PE12.After these operations are completed, PE33 sends binding information updating message to old PE11, and within the message, attribute MP_UNREACH_VMB points out the old service PE of VM for the purpose of PE11.After such a message has been received, the amendment information deletion of VM that kept of PE11.

In step 807, finally, the LSP between PE33 and PE12 is established.

Preferred embodiment is as shown in Figure 8 visible, present invention achieves the persistent data transmission between client and object VM.

Fig. 9 schematically shows the communication instance of VM when interregional generation migration between client and VM according to one embodiment of present invention.Here, interregional migration represents, VM has moved to the station network of the diverse location in the same VPC that communicates with another PE.Wherein, different from the service ARR of the old service PE that this VM binds and new service PE before and after migration.Such as, when VM slave site network A moves to station network C, its old service PE (PE11) and new service PE (PE22) is in the region of different service ARR (ARR1 and ARR2).

As shown in Figure 9, in step 901, VM has been registered to service PE11 and ARR1, and is communicated by MPLSLSP with between client.

In step 802, VM there occurs migration, and sends MEF discovery message to PE22 via CE21, and carries the ID (being such as IP address) of old PE, old ARR within the message.When receiving the message, PE22 knows that this is an interregional migration, because the service ARR of old PE is different from the service ARR of oneself.Here, PE22 feeds back MEF notice message to VM.Thus VM is successfully registered to new service PE22.So the label switched path that the grouping of mailing to client device from this VM is set up between PE22 and PE33 transmits.

In step 903, PE22 sends this binding information updating message respectively to old PE11 and the service ARR2 of oneself.Within the message, as described above, by comprise this VM binary identifier and with the new service PE of its binding, serve ARR.

In step 904, based on the reception to this binding information updating message, PE11 knows that VM moves to PE22, and upgrades its binding information list (that is, changing the service PE of this VM into PE22 from PE11) safeguarded.And PE11 will keep such amendment information always, until receive the VM binding information updating message including MP_UNREACH_VMB attribute (see step 907) mentioned above.It should be noted that this not necessarily, such as, PE can also keep such amendment information predetermined time section.Alternatively, even if old service PE (PE11) does not retain such amendment, the data of loss also can be reissued by the mode retransmitted.

So within this period, the packet of going to VM is still sent to PE11.Then, PE11 by interim LSP by these forwarding of packets of receiving to the new service PE (PE22) of VM.Finally, by PE22, packet is transmitted to VM.

In step 905, when receiving the binding confidence updating message from PE22, ARR2 knows that VM moves in its coverage, and upgrades accordingly the binding information list that it is safeguarded.Then, this binding information updating message is sent to selected some or all ARR (interregional binding information upgrades) by ARR2, such as send to the transmission of recording in the query note safeguarded at it the ARR of query messages, current, once to set up communication connection ARR, the ARR etc. in distance certain limit.In this example, binding information updating message is at least sent to ARR1 by ARR2.

After receiving binding information updating message, ARR1 knows that this VM has shifted out its coverage, and upgrades the information that it is safeguarded.That is, change the service PE of this VM into PE22 from PE11, and change the service ARR of this VM into ARR2 from ARR1.Then, ARR1 sends binding information notice (binding information database notification) message to ARR2, within the message, ARR1 is by the full detail relevant with VM, and the historical informations (if any) such as such as binding information amendment record, query note send to ARR2.Certainly, here, this information that ARR1 sends to ARR2 is preferred, but not necessarily.

In step 906, when receiving this interregional binding information notification message, VM binding information notice is sent to the part or all of PE in its region downwards by ARR3.

In step 907, when receiving binding information notification message, PE33 knows that the service PE of this VM and service ARR is PE22 and ARR2 respectively.So PE33 upgrades its list safeguarded, and determines new label switched path according to the IP address of PE22.Then, PE33 sends binding information updating message to old PE11, and within the message, attribute MP_UNREACH_VMB points out the old service PE of VM for the purpose of PE11.After such a message has been received, the amendment information deletion of VM that kept of PE11.

In step 907, finally, the LSP between PE33 and PE22 is established.

Preferred embodiment is as shown in Figure 9 visible, and this embodiment of the present invention achieves the persistent data transmission between client and object VM equally.

From above, the present invention mainly pe router in a network realizes, or realizes on pe router and route mapper RR.Accordingly, in a preferred embodiment, to the router (it needs to forward the information transmitted between the PE that is connected with this CE at VM) in the network of the P router in MPLSVPN network and VPC provider changing.

And in a preferred embodiment, VM occurs in transition process, and the packet sent from VM directly can be transmitted by new service PE after succeeding in registration.And the packet of mailing to this VM under the assistance of old service PE, can send to VM continuously.And like this, ongoing transfer of data does not just need to wait for that all relevant PE with RR (if any) complete the binding information renewal rewards theory relevant to the migration of VM completely.

Various embodiments of the present invention is described in detail above in conjunction with several accompanying drawings.But it should be noted that concrete field contents cited hereinabove, the value of field, the length of field, it is all schematic for specifically employing the detailed information such as which type of message, and foregoing not should be understood to limitation of the present invention.And, although it is also to be noted that the embodiment that the present invention provides is all for IPv4 address, be appreciated that the solution of the present invention is equally applicable to the situation of IPv6 address.

Description is above illustrative rather than restrictive in essence.To those skilled in the art, be all feasible to any variants and modifications carried out to adapt to the factors such as concrete environment, requirement of disclosed example.Such as, the apparatus structure of the step of said method, equipment carried out merge, combine, further split etc.And, one of ordinary skill in the art will readily recognize that, between method step of the present invention, not there is specific ordinal relation.In any case protection scope of the present invention is determined by the content of claims and equivalent thereof.

Claims

1., for realizing a method for the migration of virtual machine in virtual privately owned cloud, described method comprises:

When receiving the packet of going to virtual machine, based on the binary identifier reception of packet being determined to object virtual machine, and determine the Provider edge router that is associated with this binary identifier according to safeguarded binding information;

Wherein, described packet will be routed to determined Provider edge router; The binary identifier of virtual machine comprises the private IP address of this virtual machine and can identify the specificator of Virtual Private Network at this virtual machine place.

2. the method for claim 1, wherein, if the binding information be not associated with determined binary identifier in the information safeguarded, then to other Provider edge routers, corresponding route mapper or send binding information query messages via corresponding route mapper in other route mappers in network, to inquire about this binding information, and according to the binding information be included in the binding information notification message that receives, determine the Provider edge router be associated.

3. method as claimed in claim 1 or 2, wherein, if receive the registration message of self virtualizing machine, then based on the binary identifier reception of registration message being determined to this virtual machine, and oneself is bound as the service provider edge router of this virtual machine and determined binary identifier, determined new binding information is updated in safeguarded binding information, and sends registration notifications message to show to succeed in registration to virtual machine.

4. method as claimed in claim 3, described method comprises further: determined new binding information is sent at least one in other Provider edge routers, corresponding service routing mapper, old service provider edge router in binding information updating message.

5. method as claimed in claim 3, wherein, described specificator is the mark virtual privately owned cloud at VM place and/or the identifier of Virtual Private Network; And/or described registration message and registration notifications message are ICMP message, binding information query messages, binding information notice message, binding information updating message are the MPBGP updating message of expansion.

6. method as claimed in claim 5, wherein, described specificator is route-distinguisher.

7. the method as described in claim arbitrary in claim 1-2,4-6, described method comprises further: if receive the binding information updating message from other Provider edge routers or corresponding route mapper, be then updated in safeguarded binding information by received binding information.

8. the method as described in claim arbitrary in claim 1-2,4-6, described method comprises further: if receive the binding information query messages from other Provider edge routers or corresponding route mapper, if the binding information inquired about to some extent in the information then safeguarded, then inquired binding information is included in binding information notification message and send to postbacking.

9. as claim 1-2, method in 4-6 described in arbitrary claim, if receive the binding information updating message from other Provider edge routers or route mapper, and the virtual machine (vm) migration that the instruction of this message is tied to this Provider edge router has before this arrived new other Provider edge router, then retain the migration information of this virtual machine, and when receiving the packet of going to this virtual machine, the packet received is transmitted to new other Provider edge router, until through predetermined time section or receive notification data grouping can not arrive this Provider edge router again.

10., for realizing an equipment for the migration of virtual machine in virtual privately owned cloud, described equipment comprises:

Transmit-Receive Unit, for receiving and sending messages;

Binding information administrative unit, when receiving the packet of going to virtual machine via Transmit-Receive Unit, based on the binary identifier reception of packet being determined to object virtual machine, and determine the Provider edge router that is associated with this binary identifier according to safeguarded binding information;

11. 1 kinds for realizing the method for the migration of virtual machine in virtual privately owned cloud, described method comprises:

12. methods as claimed in claim 11, wherein, described specificator is the mark virtual privately owned cloud at VM place and/or the identifier of Virtual Private Network.

13. methods as claimed in claim 12, wherein, described specificator is route-distinguisher.

14. 1 kinds for realizing the equipment of the migration of virtual machine in virtual privately owned cloud, described equipment comprises:

Transmit-Receive Unit, for receiving and sending messages;