CN104883302B

CN104883302B - A kind of method, apparatus and system of data packet forwarding

Info

Publication number: CN104883302B
Application number: CN201510119441.8A
Authority: CN
Inventors: 丁天虹
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2015-03-18
Filing date: 2015-03-18
Publication date: 2018-11-09
Anticipated expiration: 2035-03-18
Also published as: CN104883302A

Abstract

The invention discloses a kind of methods of data packet forwarding, applied to the sources traffic port in physical host, sources traffic port includes the virtual communication port on each VM, and the physical communication port on physical network card, the the first data forwarding table for having this communication port is safeguarded in each source port, first data forwarding table is made of the correspondence identified with purpose communication port with the associated MAC address of this communication port, and method includes：Data packet to be sent is received, data packet to be sent carries target MAC (Media Access Control) address；From the first data forwarding table that this communication port is safeguarded, purpose communication port mark corresponding with the associated target MAC (Media Access Control) address of this communication port is searched；When finding purpose communication port mark corresponding with target MAC (Media Access Control) address, directly corresponding purpose communication port is identified to purpose communication port and send data packet to be sent.The present invention can improve the efficiency of data packet forwarding, mitigate the burden of monitor of virtual machine.

Description

A kind of method, apparatus and system of data packet forwarding

Technical field

The present invention relates to technical field of virtualization, and in particular to a kind of method, apparatus and system of data packet forwarding.

Background technology

Virtualization technology is at present using widely, and in existing virtualization technology, a physical host can be run Multiple virtual machines, each virtual machine share the hardware resource of the physical machine, but for each virtual machine on the physical host I O access all must be based on the physical host the same monitor of virtual machine (Virtual Machine Monitor, VMM it) is forwarded, therefore, if the quantity of virtual machine is very huge on the physical host, all data packets are all concentrated logical VMM is crossed, network data flow congestion is necessarily caused, to influence system performance.

The occupation mode of existing virtualization network, all data packets must be all forwarded in VMM, by searching for Forwarding table in VMM finds the corresponding destination interface of each data packet, corresponding to be forwarded a packet to data by the port Receiving device is dealt into specified outer net, while when port receives a new data packet, all can to packet information into Destination interface and specified MAC Address are established correspondence, if virtual machine quantity is or not row record to refresh forwarding table Disconnected to increase, the destination host that each virtual machine accesses also constantly changes, and forwarding table will necessarily be caused huge, while needing often brush Newly, it causes to access the time lengthening for forwarding table search destination interface, causes performance bottleneck.

The prior art manages the uplink and downlink port of all virtual machines in VMM by a forwarding table, when virtual machine number When amount increases, the volume for inevitably resulting in table increased dramatically, and search the time to extend, and type of service complexity is various, often A virtual machine can all access a large amount of different destination addresses, therefore the volume of table can increase as business complexity increases, and make Decline at performance.

Invention content

A kind of method of data packet forwarding provided in an embodiment of the present invention, can make the data packet of virtual machine uplink and downlink need not It is each passed through monitor of virtual machine, to improve the efficiency of data packet forwarding, alleviates the burden of monitor of virtual machine.This Inventive embodiments additionally provide corresponding device and physical host.

First aspect present invention provides a kind of method of data packet forwarding, and it is logical that the method is applied to the source in physical host Believe port, the physical host includes multiple virtual machine VM, monitor of virtual machine VMM and physical network card, the sources traffic port Including the virtual communication port on each VM and the physical communication port on the physical network card, each virtual communication port With safeguard there is the first data forwarding table of this communication port in each physical communication port, the first data forwarding table by with The described associated MAC address of communication port and the correspondence of purpose communication port mark form, described Method includes：

Data packet to be sent is received, the data packet to be sent carries target MAC (Media Access Control) address；

From the first data forwarding table that described communication port is safeguarded, search associated described with described communication port The corresponding purpose communication port mark of target MAC (Media Access Control) address；

When finding purpose communication port mark corresponding with the target MAC (Media Access Control) address, directly to the purpose communication ends Mouth identifies corresponding purpose communication port and sends the data packet to be sent, wherein when the sources traffic port is virtual machine Virtual communication port when, the purpose communication port is purpose physical communication port, when the sources traffic port is logical for physics When believing port, the purpose communication port is the virtual communication port of purpose virtual machine.

With reference to first aspect, in the first possible implementation, the method further includes：

It deletes the MAC Address for meeting deletion condition in the first data forwarding table of described communication port maintenance and purpose is logical The correspondence for believing port-mark, to keep the capacity of the first data forwarding table of described communication port maintenance.

With reference to first aspect or first aspect the first possible realization method, in second of possible realization method, The method further includes：

When not finding purpose communication port mark corresponding with the target MAC (Media Access Control) address, waited for described in VMM transmissions The data packet of transmission, the data packet to be sent by the VMM from the second data forwarding table safeguarded in the VMM, really Fixed purpose communication port corresponding with the target MAC (Media Access Control) address identifies, and to the corresponding purpose communication ends of the target MAC (Media Access Control) address Mouth sends the data packet to be sent, and the second data forwarding table includes each MAC Address and purpose communication port mark The correspondence of knowledge.

Second of possible realization method with reference to first aspect, it is described to described in the third possible realization method After VMM sends the data packet to be sent, the method further includes：

Receive the correspondence that the target MAC (Media Access Control) address that the VMM is sent is identified with corresponding purpose communication port；

The target MAC (Media Access Control) address is added to first data with the correspondence that corresponding purpose communication port identifies In forwarding table, the target MAC (Media Access Control) address is used to send next carrying with the correspondence that corresponding purpose communication port identifies The data packet of the target MAC (Media Access Control) address.

Second of possible realization method with reference to first aspect, in the 4th kind of possible realization method, the method is also Including：

When the corresponding purpose communication port mark of any one MAC Address changes, the institute that the VMM is sent is received State the correspondence of any one MAC Address and updated purpose communication port mark；

By the correspondence of any one described MAC Address and updated purpose communication port mark, update is described in In first data forwarding table, the correspondence that any one described MAC Address is identified with updated purpose communication port is used for It sends and carries the data packet of any one MAC Address to updated destination interface.

Second aspect of the present invention provides a kind of device of data packet forwarding, and described device is the sources traffic end in physical host Mouthful, the physical host includes multiple virtual machine VM, monitor of virtual machine VMM and physical network card, and the sources traffic port includes Virtual communication port on each VM and the physical communication port on the physical network card, each virtual communication port and every All safeguard there is the first data forwarding table of this communication port in a physical communication port, the first data forwarding table by with it is described The associated MAC address of this communication port and the correspondence of purpose communication port mark form, described device Including：

Receiving module, for receiving data packet to be sent, the data packet to be sent carries target MAC (Media Access Control) address；

Searching module, for from the first data forwarding table that described communication port is safeguarded, lookup to be communicated with described The corresponding purpose communication port mark of the target MAC (Media Access Control) address of port association；

Sending module finds purpose communication port corresponding with the target MAC (Media Access Control) address for working as the searching module Mark, directly identifies corresponding purpose communication port to the purpose communication port and sends the data packet to be sent, wherein When the sources traffic port is the virtual communication port of virtual machine, the purpose communication port is purpose physical communication port, When the sources traffic port is physical communication port, the purpose communication port is the virtual communication port of purpose virtual machine.

In conjunction with second aspect, in the first possible implementation, described device further includes：

Forwarding table management module deletes item for deleting to meet in the first data forwarding table that described communication port is safeguarded The correspondence of the MAC Address of part and purpose communication port mark is turned with the first data for keeping described communication port to safeguard The capacity delivered.

In conjunction with second aspect or second aspect the first possible realization method, in second of possible realization method,

The sending module is additionally operable to not find purpose corresponding with the target MAC (Media Access Control) address when the searching module Communication port identifies, and the data packet to be sent is sent to the VMM, and the data packet to be sent is by the VMM from institute It states in the second data forwarding table safeguarded in VMM, determines purpose communication port mark corresponding with the target MAC (Media Access Control) address, and The data packet to be sent, the second data forwarding table are sent to the corresponding purpose communication port of the target MAC (Media Access Control) address Include the correspondence of each MAC Address and purpose communication port mark.

In conjunction with second of possible realization method of second aspect, in the third possible realization method, described device is also Including：Add module,

The receiving module is additionally operable to receive the target MAC (Media Access Control) address and corresponding purpose communication ends that the VMM is sent The correspondence of mouth mark；

The add module, the target MAC (Media Access Control) address for receiving the receiving module are communicated with corresponding purpose The correspondence of port-mark is added in the first data forwarding table, and the target MAC (Media Access Control) address is communicated with corresponding purpose The correspondence of port-mark is used to send next data packet for carrying the target MAC (Media Access Control) address.

In conjunction with second of possible realization method of second aspect, in the 4th kind of possible realization method, described device is also Including：Update module,

The receiving module is additionally operable to when the corresponding purpose communication port mark of any one MAC Address changes, Receive the correspondence of any one described MAC Address and updated purpose communication port mark that the VMM is sent；

The update module, for any one MAC Address described in receiving the receiving module and updated mesh Communication port mark correspondence, update is in the first data forwarding table, any one described MAC Address and update The correspondence of purpose communication port mark afterwards, which is used to send, carries the data packet of any one MAC Address to updating Destination interface afterwards.

Third aspect present invention provides a kind of physical host, including multiple virtual machine VM, monitor of virtual machine VMM and physics Network interface card includes virtual communication port on each VM, includes multiple physical communication ports, each virtual communication on the physical network card The the first data forwarding table for having this communication port, the first data forwarding table are safeguarded in port and each physical communication port It is made of the correspondence identified with purpose communication port with the described associated MAC address of communication port,

It is described when any one in each virtual communication port and each physical communication port is as sources traffic port Sources traffic port is used for：

When finding purpose communication port mark corresponding with the target MAC (Media Access Control) address, to the purpose communication port mark Know corresponding purpose communication port and send the data packet to be sent, wherein when the void that the sources traffic port is virtual machine When quasi- communication port, the purpose communication port is purpose physical communication port, when the sources traffic port is physical communication end When mouth, the purpose communication port is the virtual communication port of purpose virtual machine.

The method of data packet forwarding provided in an embodiment of the present invention, the method are applied to the sources traffic end in physical host Mouthful, the physical host includes multiple virtual machine VM, monitor of virtual machine VMM and physical network card, and the sources traffic port includes Virtual communication port on each VM and the physical communication port on the physical network card, each virtual communication port and every All safeguard there is the first data forwarding table of this communication port in a physical communication port, the first data forwarding table by with it is described The associated MAC address of this communication port and the correspondence of purpose communication port mark form, the method Including：Data packet to be sent is received, the data packet to be sent carries target MAC (Media Access Control) address；It is tieed up from described communication port In first data forwarding table of shield, purpose communication corresponding with the associated target MAC (Media Access Control) address of described communication port is searched Port-mark；When finding purpose communication port mark corresponding with the target MAC (Media Access Control) address, directly to the purpose communication ends Mouth identifies corresponding purpose communication port and sends the data packet to be sent, wherein when the sources traffic port is virtual machine Virtual communication port when, the purpose communication port is purpose physical communication port, when the sources traffic port is logical for physics When believing port, the purpose communication port is the virtual communication port of purpose virtual machine.With virtual machine uplink and downlink in the prior art Data packet will pass through VMM, by VMM from the big of the correspondence identified comprising each MAC Address and purpose communication port Determine that the data packet destination interface to be sent to be sent is compared in table, the side of data packet forwarding provided in an embodiment of the present invention Method safeguards that one is only associated with this communication port in the virtual communication port of virtual machine and the physical communication port of physical network card The first data forwarding table, the first data forwarding table is by with the associated media access control MAC of described communication port Location and the correspondence of purpose communication port mark form, to accelerate the speed of determining purpose communication port, and true Surely after arriving purpose communication port, sources traffic port directly delivers a packet to purpose communication port, that is to say, that data packet can To bypass VMM, to alleviate the burden of VMM, the efficiency of data packet forwarding is improved.

Description of the drawings

In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Obtain other attached drawings according to these attached drawings.

Fig. 1 is an embodiment schematic diagram of physical host in the embodiment of the present invention；

Fig. 2 is an embodiment schematic diagram of data center in the embodiment of the present invention；

Fig. 3 is another embodiment schematic diagram of physical host in the embodiment of the present invention；

Fig. 4 is an embodiment schematic diagram of the method that data packet forwards in the embodiment of the present invention；

Fig. 5 is another embodiment schematic diagram for the method that data packet forwards in the embodiment of the present invention；

Fig. 6 is an embodiment schematic diagram of the device of data forwarding in the embodiment of the present invention；

Fig. 7 is another embodiment schematic diagram of the device of data forwarding in the embodiment of the present invention；

Fig. 8 is another embodiment schematic diagram of the device of data forwarding in the embodiment of the present invention；

Fig. 9 is another embodiment schematic diagram of the device of data forwarding in the embodiment of the present invention；

Figure 10 is another embodiment schematic diagram of physical host in the embodiment of the present invention；

Figure 11 is another embodiment schematic diagram of physical host in the embodiment of the present invention；

Figure 12 is another embodiment schematic diagram of physical host in the embodiment of the present invention.

Specific implementation mode

The embodiment of the present invention provides a kind of method of data packet forwarding, can make the data packet of virtual machine uplink and downlink need not be every It is a all to pass through monitor of virtual machine, to improve the efficiency of data packet forwarding, alleviate the burden of monitor of virtual machine.This hair Bright embodiment additionally provides corresponding device and physical host.It is described in detail separately below.

In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The every other embodiment that member is obtained without making creative work should all belong to the model that the present invention protects It encloses.

To facilitate understanding of the present embodiment of the invention, the several members that can be introduced in description of the embodiment of the present invention are introduced at this first Element, as shown in Figure 1：

Virtual machine (Virtual Machine, VM)：

One or more virtual computers can be simulated on a physical host by software virtual machine, and this A little virtual machines work just as real computer, can be with installation operation system and application program, virtually on virtual machine Machine may also access Internet resources.For the application program run in virtual machine, virtual machine is like really to calculate It works in machine.

Hardware layer：

The hardware platform of virtualized environment operation.Wherein, hardware layer may include multiple hardwares, such as certain calculate node is hard Part layer may include processor (such as CPU) and memory, can also include the high speed such as network interface card, memory or low speed input/output (I/O, Input/Output) equipment, and the miscellaneous equipment with particular procedure function, as input and output memory management unit (IOMMU, Input/Output Memory Management Unit), wherein IOMMU can be used for virtual machine physical address and Host physics The conversion of address.

Monitor of virtual machine (Virtual Machine Monitor, VMM)：

As management level, to complete management, the distribution of hardware resource；Virtual hardware platform is presented for virtual machine；It realizes The scheduling and isolation of virtual machine.Wherein, virtual hardware platform provides various hardware resources to each virtual machine run thereon, such as Virtual cpu, memory, virtual disk, Microsoft Loopback Adapter etc. are provided.It is flat for the virtual hardware of its preparation that virtual machine then operates in Host One or more virtual machines are run on platform, on Host.

Fig. 2 is an embodiment schematic diagram of data center in the embodiment of the present invention.Data center is it can be appreciated that be cloud Calculating center.Data center or cloud computing center include multiple physical hosts.

Fig. 3 is an embodiment schematic diagram of physical host in the embodiment of the present invention.Multiple void are run on each physical host Quasi- machine, as shown in Figure 3,100 virtual machines (Virtual Machine, VM), each physics are run on each physical host A monitor of virtual machine (Virtual Machine Monitor, VMM) is run on host, meanwhile, on each physical host also Including physical network card, certain physical network card is a part of hardware resource of hardware layer, data packet provided in an embodiment of the present invention The method more particularly to physical network card of forwarding.

May include multiple physical communication ports on physical network card, each virtual machine includes a virtual communication port, often Safeguard there is the first data forwarding table of this communication port in a virtual communication port and each physical communication port, described first Data forwarding table is corresponding by being identified with purpose communication port with the described associated MAC address of communication port Relationship forms, that is to say, that in the first data forwarding table that the virtual communication port of virtual machine is safeguarded by MAC Address and purpose thing The correspondence composition of the mark of communication port is managed, the first data forwarding table of physical communication port maintenance is by MAC Address and mesh Virtual machine virtual communication port mark correspondence composition.Certainly, also safeguard there is the second data forwarding table in VMM, The second data forwarding table includes the correspondence of each MAC Address and purpose communication port mark.Comparatively, first Data forwarding watch is properly termed as fast table (Fast-Forward Table, FFT), and the second data forwarding watch can become slow table (Slow-Forward Table, SFT).

In the embodiment of the present invention, in data packet repeating process, by taking the data packet sent out from virtual machine as an example, such as Fig. 3 institutes The access 2 shown, if directly determined in the first data forwarding table that the virtual communication port of virtual machine is safeguarded from this communication port Purpose physics communication port on physical network card, then need not deliver a packet to VMM, directly deliver a packet to mesh Physical communication port.If the virtual communication port of virtual machine does not determine from the first data forwarding table to physical communication end Mouthful, then data packet walks access 1 shown in Fig. 3, and virtual machine delivers a packet to VMM, then passes through the second data forwarding by VMM Table determines the mark of purpose physics communication port, then the data packet is sent to the purpose physics communication port by VMM.Anti- mistake Come, the transmission process of the upstream data packet from physical network card to virtual machine is also identical as above-mentioned downlink process, this place was not done It repeats more.

About the repeating process of virtual machine uplink and downlink data packet, can be understood refering to Fig. 4, it is involved in Fig. 4 First data forwarding table and the second data forwarding table can be understood refering to Tables 1 and 2.

Table 1：First data forwarding table

MAC Address	Purpose communication port identifies
		MAC0	vnic0/Nic0
MAC3	vnic3/bond0
		MAC50	vnic50/Vlan2.5

It is illustrated it is understood that table 1 is only illustrated, the list item number of specific table 1 can determine according to demand.

Second data forwarding table can be understood refering to table 2.As shown in table 2：

Table 2：Second data forwarding table

MAC Address	Purpose communication port identifies
		MAC0	Tap0/port0
MAC1	Tap1/port1
		MAC2	Tap2/port2
MAC3	Tap3/port3
		…	…
MACN	TapN/port0
		…	…

Wherein, TapN is the communication port communicated with VM on VMM, corresponds to the communication port vnicN, port0 of VMN extremely Port3 is the communication port communicated with physical network card on VMM, correspond to Nic0, bond0, Vlan2.5 on physical network card and macvlan2.Wherein, N is greater than 3 positive integer.

As shown in figure 4, physical host includes 100 virtual machines, virtual machine is numbered from VM0 to V99.Each virtual machine MAC Address respectively from MAC0 to MAC99.The virtual communication port of virtual machine is identified from vnic0 to vnic99.Each virtual machine Virtual communication port all safeguard a first data forwarding table.In the embodiment of the present invention, the first data forwarding table is stored in In storage device, virtual communication port safeguard the first data forwarding table refer to virtual communication port be responsible for and use this One data forwarding table.The upper communication port marks communicated with each virtual machine of VMM are respectively from tap0 to tap99.VMM is upper and each The communication port mark of physical communication port communication is respectively from port0 to port3.Each physical communication port on physical network card Mark be respectively Nic0, bond0, Vlan2.5 and macvlan2.

In each virtual communication port of the port-mark from vnic0 to vnic99 and Nic0, bond0, Vlan2.5 and Safeguard that the first data forwarding table of this communication port, each communication port are safeguarded respectively in the physical communication port of macvlan2 The first data forwarding table only record with the relevant forwarding information of the port, therefore, if the quantity and physical network card of virtual machine Physical communication port total quantity be 104, then the maximum list item of each first data forwarding table only be the second data forwarding Therefore the 1/104 of table when tabling look-up determining purpose communication port, can improve search efficiency.Especially the development of current chip has been It is therefore, a large amount of virtual when check figure increases to 500 or even 1000 through being switched in the increase of check figure from the promotion of dominant frequency The scene that machine creates on a physical host can more improve the efficiency of data packet forwarding.

Upstream data packet and the repeating process of downlink data packet are introduced separately below：

After virtual machine VM0 generates data packet A, via the virtual communication port vnic0 of virtual machine, virtual communication port Vnic0 searches the first data forwarding table of self maintained, determines that the MAC0 of data packet A carryings corresponds to physics and leads to by tabling look-up Believe port Nic0, therefore, data packet A is sent directly to physical communication port Nic0 by virtual communication port vnic0, need not be through VMM is crossed, to alleviate the burden of VMM, improves the efficiency of data packet forwarding.

Physical communication port macvlan2 receives data packet B, and physical communication port macvlan2 searches self maintained First data forwarding table passes through the virtual communication port for the corresponding virtual machines of MAC99 for determining that data packet B is carried of tabling look-up Data packet B is sent directly to the virtual communication port vnic99 of virtual machine by vnic99, therefore, communication port vnic0, is not needed By VMM, to alleviate the burden of VMM, the efficiency of data packet forwarding is improved.

If it is logical that communication port vnic0 does not find the corresponding physics of MAC0 in the first data forwarding table of self maintained Believe port, then data packet A is sent to VMM by communication port vnic0, searches MAC0 correspondences from the second data forwarding table by VMM Purpose communication port, find as port0, then data packet A is sent to physical communication port by VMM from communication port port0 Nic0 does not have in the first data forwarding table safeguarded by communication port vnic0 to record the correspondence of MAC0 and Nic0, therefore The correspondence can be sent to communication port vnic0, communication ends by VMM after determining the correspondence of MAC0 and Nic0 The correspondence is added in the first data forwarding table of self maintained by mouth vnic0, and data packet is retransmited to Nic0 when next time When, so that it may to find the correspondence from the first data forwarding table, so as to get around VMM, data packet is directly transmitted To physical communication port Nic0.

If physical communication port macvlan2 does not find MAC99 correspondences in the first data forwarding table of self maintained Virtual machine virtual communication port, then physical communication port macvlan2 data packet B is sent to VMM, by VMM from second number According to the corresponding purpose communication port of MAC99 is searched in forwarding table, find as tap99, then VMM by data packet B from communication port Tap99 is sent to the virtual communication port vnic99 of virtual machine, the second data safeguarded by physical communication port macvlan2 Do not have to record the correspondence of MAC99 and vnic99 in forwarding table, therefore VMM is in the corresponding pass for determining MAC99 and vnic99 After system, which is sent to physical communication port macvlan2, physical communication port macvlan2 is by the correspondence It is added in the first data forwarding table of self maintained, when retransmiting data packet to vnic99 next time, so that it may to be counted from first According to the correspondence is found in forwarding table, so as to get around VMM, data packet is sent directly to communication port vnic99.

In order to keep the lightweight of the first data forwarding table, each virtual communication port and each physical communication port can The correspondence for meeting deletion condition in the data forwarding table of self maintained is periodically deleted, meets deletion condition and can be understood as Frequency of use is less than preset thresholding whithin a period of time, alternatively, sort according to frequency of use, M correspondence before only retaining, M Correspondence is all deleted later.This way it is possible to avoid the first data forwarding table volume is excessive, search efficiency is influenced.

Refering to Fig. 5, an embodiment of the method for data packet forwarding provided in an embodiment of the present invention includes：

101, the sources traffic port in physical host receives data packet to be sent, and the data packet to be sent carries mesh MAC address, wherein the physical host includes multiple virtual machine VM, monitor of virtual machine VMM and physics Network interface card, the sources traffic port include the virtual communication port on each VM and the physical communication end on the physical network card Mouthful, the first data forwarding table for having this communication port, institute are safeguarded in each virtual communication port and each physical communication port The first data forwarding table is stated by being identified with the described associated MAC address of communication port and purpose communication port Correspondence composition.

102, it from the first data forwarding table that described communication port is safeguarded, searches associated with described communication port The corresponding purpose communication port mark of the target MAC (Media Access Control) address.

103, when finding purpose communication port mark corresponding with the target MAC (Media Access Control) address, directly lead to the purpose The corresponding purpose communication port of letter port-mark sends the data packet to be sent, wherein when the sources traffic port is void When the virtual communication port of quasi- machine, the purpose communication port is purpose physical communication port, when the sources traffic port is object When managing communication port, the purpose communication port is the virtual communication port of purpose virtual machine.

Optionally, on the basis of above-mentioned Fig. 5 corresponding embodiments, the side of data packet forwarding provided in an embodiment of the present invention In first alternative embodiment of method, the method can also include：

As it can be seen that in the embodiment of the present invention, delete meet deletion condition MAC Address identified with purpose communication port it is corresponding Relationship can keep the lightweight of the first data forwarding table, to further increase the efficiency of data packet forwarding.

Optionally, on the basis of the corresponding embodiments of above-mentioned Fig. 5 or first alternative embodiment, the embodiment of the present invention carries In second alternative embodiment supplied, the method can also include：

As it can be seen that during the embodiment of the present invention provides, purpose communication port mark can not found by the first data forwarding table When knowledge, corresponding purpose communication port mark can be searched by VMM, to ensure that each data packet can be forwarded.

Optionally, on the basis of second alternative embodiment of the method for above-mentioned data packet forwarding, the embodiment of the present invention In the third alternative embodiment of offer, it is described send the data packet to be sent to the VMM after, the method may be used also To include：

As it can be seen that in the embodiment of the present invention, target MAC (Media Access Control) address and purpose virtual machine that communication port can determine VMM Communication port identifies or the correspondence of the mark of purpose physics communication port is added in time in the first data forwarding table, to The data packet of the same hereinafter MAC Address is set to obtain fast-forwarding.

Optionally, on the basis of second alternative embodiment of the method for above-mentioned data packet forwarding, the embodiment of the present invention In the 4th alternative embodiment provided, the method can also include：

As it can be seen that in the embodiment of the present invention, when the corresponding purpose communication port mark of a MAC Address changes, such as VMM can send the correspondence of MAC Address and updated purpose communication port mark after updating the second data forwarding table To each communication port, to make the port comprising the MAC Address update in the first data forwarding table MAC Address with it is updated The correspondence of purpose communication port mark, to ensure that the follow-up data packet for carrying any one MAC Address can be quickly Be sent to updated destination interface.

The corresponding embodiments of Fig. 5 and its alternative embodiment can be refering to fig. 1 to the parts Fig. 4 description understood, this place It does not do and excessively repeats.

Refering to Fig. 6, the device 20 of data packet forwarding provided in an embodiment of the present invention, described device 20 is in physical host Sources traffic port, the physical host include multiple virtual machine VM, monitor of virtual machine VMM and physical network card, the sources traffic Port includes the virtual communication port on each VM and the physical communication port on the physical network card, which is characterized in that every Safeguard there is the first data forwarding table of this communication port in a virtual communication port and each physical communication port, described first Data forwarding table is corresponding by being identified with purpose communication port with the described associated MAC address of communication port Relationship forms, and described device 20 includes：

Receiving module 201, for receiving data packet to be sent, the data packet to be sent carries target MAC (Media Access Control) address；

Searching module 202, for from the first data forwarding table that described communication port is safeguarded, searching and leading to described Believe the corresponding purpose communication port mark of the target MAC (Media Access Control) address of port association；

Sending module 203, for working as the searching module 202, to find purpose corresponding with the target MAC (Media Access Control) address logical Believe port-mark, directly identifies corresponding purpose communication port to the purpose communication port and send the data to be sent Packet, wherein when the sources traffic port is the virtual communication port of virtual machine, the purpose communication port is logical for purpose physics Believe port, when the sources traffic port is physical communication port, the purpose communication port is the virtual logical of purpose virtual machine Believe port.

The device 20 of the data packet forwarding provided in the embodiment of the present invention, described device 20 are the sources traffic in physical host Port, the physical host include multiple virtual machine VM, monitor of virtual machine VMM and physical network card, the sources traffic port packet Include the virtual communication port on each VM and the physical communication port on the physical network card, which is characterized in that each virtual Safeguard that the first data forwarding table for having this communication port, first data turn in communication port and each physical communication port It delivers by the correspondence group with the described associated MAC address of communication port and purpose communication port mark At described device 20 includes：Receiving module 201 receives data packet to be sent, and the data packet to be sent carries purpose MAC Address；Searching module 202 is searched and is closed with described communication port from the first data forwarding table that described communication port is safeguarded The corresponding purpose communication port mark of the target MAC (Media Access Control) address of connection；Sending module 203 is found when the searching module 202 Purpose communication port mark corresponding with the target MAC (Media Access Control) address, directly identifies corresponding purpose to the purpose communication port Communication port sends the data packet to be sent, wherein when the sources traffic port is the virtual communication port of virtual machine, The purpose communication port is purpose physical communication port, when the sources traffic port is physical communication port, the purpose Communication port is the virtual communication port of purpose virtual machine.It will pass through with the data packet of virtual machine uplink and downlink in the prior art VMM, by VMM, determination is to be sent from the big table of the correspondence identified comprising each MAC Address and purpose communication port The data packet destination interface to be sent to is compared, the device of data packet forwarding provided in an embodiment of the present invention, in the virtual of virtual machine One and the associated first data forwarding table of this communication port are safeguarded in the physical communication port of communication port and physical network card, The first data forwarding table by with the described associated MAC address of communication port and purpose communication port mark The correspondence of knowledge forms, to accelerate the speed of determining purpose communication port, and after determining to purpose communication port, Sources traffic port directly delivers a packet to purpose communication port, that is to say, that data packet can bypass VMM, to alleviate The burden of VMM improves the efficiency of data packet forwarding.

Optionally, on the basis of above-mentioned Fig. 6 corresponding embodiments, refering to Fig. 7, data provided in an embodiment of the present invention turn In first alternative embodiment of the device 20 of hair, described device 20 further includes：

Forwarding table management module 204 is deleted for deleting to meet in the first data forwarding table that described communication port is safeguarded Except the correspondence of the MAC Address and purpose communication port mark of condition, with the first number for keeping described communication port to safeguard According to the capacity of forwarding table.

Optionally, on the basis of above-mentioned Fig. 6 corresponding embodiments, refering to Fig. 7, data provided in an embodiment of the present invention turn In second alternative embodiment of the device 20 of hair,

The sending module 203, be additionally operable to when the searching module 202 do not find it is corresponding with the target MAC (Media Access Control) address Purpose communication port mark, send the data packet to be sent to the VMM, the data packet to be sent is by described VMM determines purpose communication port corresponding with the target MAC (Media Access Control) address from the second data forwarding table safeguarded in the VMM Mark, and send the data packet to be sent, second data to the corresponding purpose communication port of the target MAC (Media Access Control) address Forwarding table includes the correspondence of each MAC Address and purpose communication port mark.

Optionally, on the basis of second alternative embodiment of the device of data forwarding 20, refering to Fig. 8, the present invention is real In the third alternative embodiment for applying the device 20 of the data forwarding of example offer, described device 20 further includes：Add module 205,

The receiving module 201, the target MAC (Media Access Control) address for being additionally operable to receive the VMM transmissions are logical with corresponding purpose Believe the correspondence of port-mark；

The add module 205, the target MAC (Media Access Control) address for receiving the receiving module 201 and corresponding mesh Communication port mark correspondence be added in the first data forwarding table, the target MAC (Media Access Control) address and corresponding mesh The correspondence of communication port mark be used to send next data packet for carrying the target MAC (Media Access Control) address.

Optionally, on the basis of second alternative embodiment of the device of data forwarding 20, refering to Fig. 9, the present invention is real In the 4th alternative embodiment for applying the device 20 of the data forwarding of example offer, described device 20 further includes：Update module 206,

The receiving module 201 is additionally operable to change when the corresponding purpose communication port mark of any one MAC Address When, receive the correspondence of any one described MAC Address and updated purpose communication port mark that the VMM is sent；

The update module 206, for any one MAC Address described in receiving the receiving module with it is updated The correspondence of purpose communication port mark, update in the first data forwarding table, any one described MAC Address with more The correspondence of purpose communication port mark after new, which is used to send, carries the data packet of any one MAC Address to updating Destination interface afterwards.

The corresponding embodiments of Fig. 6 to Fig. 9 and its alternative embodiment can be refering to fig. 1 to the parts Fig. 5 description understood, This place, which is not done, excessively to be repeated.

In multiple embodiments of the fault-tolerant device of above-mentioned virtual machine, it should be appreciated that in an implementation mode, connect Receipts module, sending module can be realized by input/output I/O equipment (such as network interface card), and searching module, turns add module Deliver management module, update module can by processor execute memory in program or instruction come realize (in other words, by Special instruction in processor and the memory coupled with the processor cooperates to realize)；In another realization side Under formula, receiving module, sending module, searching module, add module, forwarding table management module, update module can also lead to respectively Proprietary circuit is crossed to realize, specific implementation is referring to the prior art, and which is not described herein again；Under another realization method, connect Module, sending module are received, searching module, add module, forwarding table management module, update module can also pass through field-programmable Gate array (FPGA, Field-Programmable Gate Array) realizes, specific implementation referring to the prior art, this In repeat no more, the present invention includes but not limited to aforementioned realization method, it should be appreciated that as long as thought according to the invention is real Existing scheme both falls within the range that the embodiment of the present invention is protected.

A kind of hardware configuration of physical host is present embodiments provided, a kind of shown in Figure 10, hardware of physical host Structure may include：

Transceiving device, software components and hardware device three parts；

Transceiving device is the hardware circuit for completing pack receiving and transmitting；

Hardware device can also claim " hardware processing module " or simpler, can be also simply referred to as " hardware ", hardware device master To include certain to realize based on FPGA, ASIC etc special hardware circuit (can also coordinate other support devices, such as memory) The hardware circuit of specific function, processing speed is often many soon compared to general processor, but function one is customized, is just difficult Change, therefore, implements and dumb, commonly used to handle some fixed functions.It should be noted that hardware device exists Can also include MCU (microprocessor, such as microcontroller) or CPU processors, but the master of these processors in practical application It is not to complete the processing of big data, and be mainly used for carrying out some controls to want function, under this application scenarios, by these devices The system of part collocation is hardware device.

Software components (or also simple " software ") include mainly that general processor (such as CPU) and some are mating Device (such as memory, hard disk storage device), can allow processor to have corresponding processing function by programming, with software come , can be according to business demand flexible configuration when realization, but often speed is slow compared to for hardware device.After software has been handled, The data handled can be sent by hardware device by transceiving device, one and transceiving device phase can also be passed through Interface even sends the data handled to transceiving device.

In the present embodiment, transceiving device is used to carry out sending and receiving for data packet in above-described embodiment, software components or Hardware device is for determining the corresponding purpose physical port of target MAC (Media Access Control) address, first data forwarding table of management etc..

Other of hardware device and software components function are discussed in detail in the aforementioned embodiment, and which is not described herein again.

Can be below in conjunction with the accompanying drawings by input/output I/O equipment (such as network interface card) Lai real with regard to receiving module, sending module Existing, searching module, add module, forwarding table management module, update module can be executed by processor in memory Program instructs the technical solution to realize to do detailed introduction：

Figure 11 is the structural schematic diagram of physical host 4 provided in an embodiment of the present invention.The physical host 4 includes multiple void Intend machine VM, monitor of virtual machine VMM and physical network card, includes virtual communication port on each VM, include on the physical network card Multiple physical communication ports, are characterized in that, safeguard there is this communication in each virtual communication port and each physical communication port First data forwarding table of port, the first data forwarding table by with the described associated media access control of communication port The correspondence of MAC Address and purpose communication port mark forms, the physical host 4 include processor 410, memory 450, With input/output I/O equipment 430, on the memory operation have a host virtual machine 4501, in the standby end main frame operation have standby empty Quasi- machine, memory 450 may include read-only memory and random access memory, and to processor 410 provide operational order and Data.The a part of of memory 450 can also include nonvolatile RAM (NVRAM).

In some embodiments, memory 450 stores following element, executable modules or data structures, or Their subset of person or their superset:

Virtual machine 4501 and monitor of virtual machine 4052：Wherein, virtual machine 4501 can be at one by software virtual machine Simulate one or more virtual computers on physical computer, and these virtual machines just as real computer into Row work can may also access Internet resources on virtual machine with installation operation system and application program, virtual machine.For in virtual machine For the application program of middle operation, virtual machine is like to work in real computer.In embodiments of the present invention, lead to The operational order (operational order is storable in operating system) for calling memory 450 to store is crossed,

The I/O equipment 430 is for receiving data packet to be sent, and the data packet to be sent is with carrying purpose MAC Location；

The processor 410 is used for：From the first data forwarding table that described communication port is safeguarded, search and described The corresponding purpose communication port mark of the associated target MAC (Media Access Control) address of communication port；

The I/O equipment 430 is used for when finding purpose communication port mark corresponding with the target MAC (Media Access Control) address, directly It connects and identifies corresponding purpose communication port to the purpose communication port and send the data packet to be sent, wherein when described When sources traffic port is the virtual communication port of virtual machine, the purpose communication port is purpose physical communication port, when described When sources traffic port is physical communication port, the purpose communication port is the virtual communication port of purpose virtual machine.

As it can be seen that VMM will be passed through with the data packet of virtual machine uplink and downlink in the prior art, by VMM from including each MAC The data packet destination interface phase to be sent to be sent is determined in the big table for the correspondence that address is identified with purpose communication port Than physical host provided in an embodiment of the present invention, in the virtual communication port of virtual machine and the physical communication port of physical network card Middle to safeguard one only with the associated first data forwarding table of this communication port, the first data forwarding table with described by communicating The MAC address of port association and the correspondence of purpose communication port mark form, to accelerate determination The speed of purpose communication port, and after determining to purpose communication port, sources traffic port directly delivers a packet to mesh Communication port, that is to say, that data packet can bypass VMM, to alleviate the burden of VMM, improve data packet forwarding effect Rate.

Processor 410 controls the operation of physical host 4, and processor 410 can also be known as CPU (Central Processing Unit, central processing unit).Memory 450 may include read-only memory and random access memory, and Instruction and data is provided to processor 410.The a part of of memory 450 can also include nonvolatile RAM (NVRAM).The various components of physical host 4 are coupled by bus system 420 in specific application, wherein bus system 420 in addition to including data/address bus, can also include power bus, controlling bus and status signal bus in addition etc..But in order to clear For the sake of Chu's explanation, various buses are all designated as bus system 420 in figure.

The method that the embodiments of the present invention disclose can be applied in processor 410, or be realized by processor 410. Processor 410 may be a kind of IC chip, the processing capacity with signal.During realization, the above method it is each Step can be completed by the integrated logic circuit of the hardware in processor 410 or the instruction of software form.Above-mentioned processing Device 410 can be general processor, digital signal processor (DSP), application-specific integrated circuit (ASIC), ready-made programmable gate array (FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hardware components.May be implemented or Person executes disclosed each method, step and the logic diagram in the embodiment of the present invention.General processor can be microprocessor or Person's processor can also be any conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be straight Connect and be presented as that hardware decoding processor executes completion, or in decoding processor hardware and software module combination executed At.Software module can be located at random access memory, and flash memory, read-only memory, programmable read only memory or electrically-erasable can In the storage medium of this fields such as programmable memory, register maturation.The storage medium is located at memory 450, and processor 410 is read Information in access to memory 450, in conjunction with the step of its hardware completion above method.

Optionally, processor 410 is additionally operable to：It deletes to meet in the first data forwarding table of described communication port maintenance and delete Except the correspondence of the MAC Address and purpose communication port mark of condition, with the first number for keeping described communication port to safeguard According to the capacity of forwarding table.

Optionally, input/output (I/O) equipment 430 ought not find purpose communication corresponding with the target MAC (Media Access Control) address Port-mark sends the data packet to be sent to the VMM, and the data packet to be sent is by the VMM from the VMM In second data forwarding table of middle maintenance, determine that corresponding with target MAC (Media Access Control) address purpose communication port identifies, and to described The corresponding purpose communication port of target MAC (Media Access Control) address sends the data packet to be sent, and the second data forwarding table includes every The correspondence of one MAC Address and purpose communication port mark.

Optionally, input/output (I/O) equipment 430 be additionally operable to receive the target MAC (Media Access Control) address that the VMM is sent with The correspondence of corresponding purpose communication port mark；

Processor 410 is additionally operable to add the target MAC (Media Access Control) address with the correspondence that corresponding purpose communication port identifies It is added in the first data forwarding table, the target MAC (Media Access Control) address is used with the correspondence that corresponding purpose communication port identifies In the data packet for sending next carrying target MAC (Media Access Control) address.

Optionally, input/output (I/O) equipment 430 is additionally operable to work as the corresponding purpose communication port of any one MAC Address When mark changes, receives any one described MAC Address that the VMM is sent and identified with updated purpose communication port Correspondence；

Processor 410 is additionally operable to identify any one described MAC Address with updated purpose communication port corresponding Relationship, in update to the first data forwarding table, any one described MAC Address is identified with updated purpose communication port Correspondence be used to send carry described in any one MAC Address data packet to updated destination interface.

Refering to fig. 12, physical host provided in an embodiment of the present invention, including multiple virtual machine VM, monitor of virtual machine VMM And physical network card, include virtual communication port on each VM, includes multiple physical communication ports, Mei Gexu on the physical network card The the first data forwarding table for having this communication port, first data are safeguarded in quasi- communication port and each physical communication port Forwarding table is by the correspondence with the described associated MAC address of communication port and purpose communication port mark Composition,

VMM will be passed through with the data packet of virtual machine uplink and downlink in the prior art, by VMM from including each MAC Address Compared with determining the data packet destination interface to be sent to be sent in the big table of the correspondence of purpose communication port mark, this The physical host that inventive embodiments provide, is safeguarded in the virtual communication port of virtual machine and the physical communication port of physical network card One only with the associated first data forwarding table of this communication port, the first data forwarding table with described communication port by closing The MAC address of connection and the correspondence of purpose communication port mark form, logical to accelerate determining purpose Believe the speed of port, and after determining to purpose communication port, sources traffic port directly delivers a packet to purpose communication Port, that is to say, that data packet can bypass VMM, to alleviate the burden of VMM, improve the efficiency of data packet forwarding.

One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can It is completed with instructing relevant hardware (such as processor) by program, which can be stored in a computer-readable storage In medium, storage medium may include：ROM, RAM, disk or CD etc..

The method, apparatus and system for being provided for the embodiments of the invention data packet forwarding above have carried out detailed Jie It continues, principle and implementation of the present invention are described for specific case used herein, and the explanation of above example is only It is the method and its core concept for being used to help understand the present invention；Meanwhile for those of ordinary skill in the art, according to this hair Bright thought, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification should not manage Solution is limitation of the present invention.

Claims

1. a kind of method of data packet forwarding, the method are applied to the sources traffic port in physical host, the physical host Including multiple virtual machine VM, monitor of virtual machine VMM and physical network card, the sources traffic port includes virtual logical on each VM Believe the physical communication port on port and the physical network card, which is characterized in that each virtual communication port and each physics The the first data forwarding table for having this communication port is all safeguarded in communication port, the first data forwarding table with described by communicating The MAC address of port association and the correspondence of purpose communication port mark form, the method includes：

From the first data forwarding table that described communication port is safeguarded, search and the associated purpose of described communication port The corresponding purpose communication port mark of MAC Address；

When finding purpose communication port mark corresponding with the target MAC (Media Access Control) address, directly to the purpose communication port mark Know corresponding purpose communication port and send the data packet to be sent, wherein when the void that the sources traffic port is virtual machine When quasi- communication port, the purpose communication port is purpose physical communication port；When the sources traffic port is physical communication end When mouth, the purpose communication port is the virtual communication port of purpose virtual machine；

The method further includes：

Delete the MAC Address and purpose communication ends for meeting deletion condition in the first data forwarding table of described communication port maintenance The correspondence of mouth mark, to keep the capacity of the first data forwarding table of described communication port maintenance, the satisfaction to delete Condition includes frequency of use less than preset thresholding or sorts according to frequency of use, sorts after M.

2. according to the method described in claim 1, it is characterized in that, the method further includes：

When not finding purpose communication port mark corresponding with the target MAC (Media Access Control) address, sent to the VMM described to be sent Data packet, the data packet to be sent by the VMM from the second data forwarding table safeguarded in the VMM, determine with The corresponding purpose communication port mark of the target MAC (Media Access Control) address, and to the corresponding purpose communication port hair of the target MAC (Media Access Control) address It includes each MAC Address and purpose communication port mark to send the data packet to be sent, the second data forwarding table Correspondence.

3. according to the method described in claim 2, it is characterized in that, described send the data packet to be sent to the VMM Later, the method further includes：

The target MAC (Media Access Control) address is added to first data forwarding with the correspondence that corresponding purpose communication port identifies In table, the target MAC (Media Access Control) address is used to send described in next carrying with the correspondence that corresponding purpose communication port identifies The data packet of target MAC (Media Access Control) address.

4. according to the method described in claim 2, it is characterized in that, the method further includes：

When the corresponding purpose communication port mark of any one MAC Address changes, described that the VMM is sent is received The correspondence of one MAC Address of meaning and updated purpose communication port mark；

By the correspondence of any one described MAC Address and updated purpose communication port mark, update arrives described first In data forwarding table, the correspondence that any one described MAC Address is identified with updated purpose communication port is for sending The data packet of any one MAC Address is carried to updated destination interface.

5. a kind of device of data packet forwarding, described device is the sources traffic port in physical host, and the physical host includes Multiple virtual machine VM, monitor of virtual machine VMM and physical network card, the sources traffic port include the virtual communication end on each VM Physical communication port on mouth and the physical network card, which is characterized in that each virtual communication port and each physical communication All safeguard there is the first data forwarding table of this communication port in port, the first data forwarding table by with described communication port Associated MAC address and the correspondence of purpose communication port mark form, and described device includes：

Searching module, for from the first data forwarding table that described communication port is safeguarded, searching and described communication port The corresponding purpose communication port mark of the associated target MAC (Media Access Control) address；

Sending module finds purpose communication port mark corresponding with the target MAC (Media Access Control) address for working as the searching module, Directly corresponding purpose communication port is identified to the purpose communication port and send the data packet to be sent, wherein work as institute When stating the virtual communication port that sources traffic port is virtual machine, the purpose communication port is purpose physical communication port, works as institute State sources traffic port be physical communication port when, the purpose communication port be purpose virtual machine virtual communication port；

Described device further includes：

Forwarding table management module meets deletion condition for deleting in the first data forwarding table that described communication port is safeguarded The correspondence of MAC Address and purpose communication port mark, with the first data forwarding table for keeping described communication port to safeguard Capacity, the deletion condition that meets includes frequency of use less than preset thresholding or sorts according to frequency of use, sequence M it Afterwards.

6. device according to claim 5, which is characterized in that

The sending module is additionally operable to not find purpose communication corresponding with the target MAC (Media Access Control) address when the searching module Port-mark sends the data packet to be sent to the VMM, and the data packet to be sent is by the VMM from the VMM In second data forwarding table of middle maintenance, determine that corresponding with target MAC (Media Access Control) address purpose communication port identifies, and to described The corresponding purpose communication port of target MAC (Media Access Control) address sends the data packet to be sent, and the second data forwarding table includes every The correspondence of one MAC Address and purpose communication port mark.

7. device according to claim 6, which is characterized in that described device further includes：Add module,

The receiving module is additionally operable to receive the target MAC (Media Access Control) address and corresponding purpose communication port mark that the VMM is sent The correspondence of knowledge；

The add module, the target MAC (Media Access Control) address for receiving the receiving module and corresponding purpose communication port The correspondence of mark is added in the first data forwarding table, the target MAC (Media Access Control) address and corresponding purpose communication port The correspondence of mark is used to send next data packet for carrying the target MAC (Media Access Control) address.

8. device according to claim 6, which is characterized in that described device further includes：Update module,

The receiving module is additionally operable to, when the corresponding purpose communication port mark of any one MAC Address changes, receive The correspondence of any one described MAC Address that the VMM is sent and updated purpose communication port mark；

The update module is led to for any one MAC Address described in receiving the receiving module with updated purpose Believe the correspondence of port-mark, update in the first data forwarding table, any one described MAC Address with it is updated The correspondence of purpose communication port mark be used to send carry described in any one MAC Address data packet to updated mesh Port.

Include void 9. a kind of physical host, including multiple virtual machine VM, monitor of virtual machine VMM and physical network card, on each VM Quasi- communication port includes multiple physical communication ports on the physical network card, which is characterized in that each virtual communication port and every All safeguard there is the first data forwarding table of this communication port in a physical communication port, the first data forwarding table by with it is described The associated MAC address of this communication port and the correspondence of purpose communication port mark form,

When any one in each virtual communication port and each physical communication port is as sources traffic port, the source is logical Letter port is used for：

When finding purpose communication port mark corresponding with the target MAC (Media Access Control) address, to purpose communication port mark pair The purpose communication port answered sends the data packet to be sent, wherein when the sources traffic port is the virtual logical of virtual machine When believing port, the purpose communication port is purpose physical communication port, when the sources traffic port is physical communication port, The purpose communication port is the virtual communication port of purpose virtual machine；