CN114448752A - Message forwarding method and device - Google Patents

Message forwarding method and device Download PDF

Info

Publication number
CN114448752A
CN114448752A CN202210360404.6A CN202210360404A CN114448752A CN 114448752 A CN114448752 A CN 114448752A CN 202210360404 A CN202210360404 A CN 202210360404A CN 114448752 A CN114448752 A CN 114448752A
Authority
CN
China
Prior art keywords
vlan
message
virtual machine
lan
identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210360404.6A
Other languages
Chinese (zh)
Other versions
CN114448752B (en
Inventor
朱丽品
杨其
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Youyun Technology Co ltd
Original Assignee
Hangzhou Youyun Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Youyun Technology Co ltd filed Critical Hangzhou Youyun Technology Co ltd
Priority to CN202210360404.6A priority Critical patent/CN114448752B/en
Publication of CN114448752A publication Critical patent/CN114448752A/en
Application granted granted Critical
Publication of CN114448752B publication Critical patent/CN114448752B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a message forwarding method and a message forwarding device, wherein virtual machines in a cloud computing network are divided into different LANs, the virtual machines in the same LAN are divided into different VLANs, and the virtual machines in the same LAN with the same VLAN identification can communicate; the method comprises the following steps: receiving a message sent by a local virtual machine; the message carries VLAN identifications of the VLAN where the local virtual machine is located in the recorded VLAN MASK and PVID corresponding to each virtual machine, and the VLAN MASK and the PVID corresponding to the local virtual machine are obtained; and when determining that the VLAN corresponding to the VLAN MASK contains the VLAN indicated by the PVID, forwarding the message according to the VLAN identifier carried by the message and the LAN identifier of the LAN where the local virtual machine is located, thereby realizing the isolation between the virtual machines in one LAN.

Description

Message forwarding method and device
Technical Field
The present application relates to the field of cloud computing, and in particular, to a method and an apparatus for forwarding a packet.
Background
Cloud computing networks typically include: a plurality of host machines and an intranet switch. The intranet switch can interconnect a plurality of hosts. And a virtual machine and a virtual switch run on each host machine. The virtual machines are used for carrying out service processing, and the virtual machine switch is used for carrying out communication among the local virtual machines and cross-device communication of the virtual machines.
In a cloud computing network, a plurality of virtual machines (e.g., a plurality of virtual machines on different hosts, or a plurality of virtual machines on the same host) form a virtual data center, and the virtual data centers are isolated from each other. The user can apply for the virtual data center to perform service processing.
However, in practical applications, different departments within one user also need to be isolated. For example, the user is a company that leases a virtual data center in a cloud computing network, the company includes a research and development department, a sales department, a finance department, and a personnel department, and the company wants to realize that the research and development department, the sales department, and the finance department cannot access each other, but the research and development department, the sales department, and the finance department can access each other.
Therefore, how to implement isolation of some virtual machines from other virtual machines in a virtual data center becomes an urgent problem to be solved.
Disclosure of Invention
In view of this, the present application provides a message forwarding method and apparatus, which are used to implement isolation between some virtual machines and other virtual machines in a virtual data center.
Specifically, the method is realized through the following technical scheme:
according to a first aspect of the present application, a message forwarding method is provided, where the method is applied to a virtual switch on a host in a cloud computing network, virtual machines in the cloud computing network are divided into different LANs, virtual machines in the same LAN are divided into different VLANs, and virtual machines with the same VLAN identifier in the same LAN can communicate; the method comprises the following steps:
receiving a message sent by a local virtual machine; the message carries the VLAN identification of the VLAN where the local virtual machine is located;
acquiring VLAN MASK and PVID corresponding to a local virtual machine from the recorded VLAN MASK and PVID corresponding to each virtual machine;
and when determining that the VLAN corresponding to the VLAN MASK contains the VLAN indicated by the PVID, forwarding the message according to the VLAN identification carried by the message and the LAN identification of the LAN where the local virtual machine is located.
Optionally, the forwarding the packet according to the VLAN identifier carried by the packet and the LAN identifier of the LAN where the local virtual machine is located includes:
searching a flow table entry corresponding to the destination address of the message in a preset flow table;
acquiring a LAN identifier and a VLAN identifier of a destination virtual machine, which are indicated by a destination address of the message and recorded in the table entry of the flow table;
detecting whether the LAN identification corresponding to the local virtual machine is matched with the LAN identification corresponding to the target host machine or not and whether the VLAN identification corresponding to the local virtual machine is matched with the VLAN identification corresponding to the target host machine or not;
and if the messages are matched, forwarding the messages to the target virtual machine.
Optionally, the forwarding the packet to the destination virtual machine includes:
tunnel packaging is carried out on the message to form a tunnel message, and the LAN identification and the VLAN identification corresponding to the local virtual machine are added into a tunnel head of the tunnel message;
and forwarding the tunnel message to a destination virtual machine.
According to a second aspect of the present application, there is provided a packet forwarding method, which is applied to a virtual switch on a host in a cloud computing network, virtual machines in the cloud computing network are divided into different LANs, virtual machines in the same LAN are divided into different VLANs, and virtual machines with the same VLAN identifier in the same LAN can communicate; the method comprises the following steps:
receiving a tunnel message;
decapsulating the tunnel message to obtain an inner layer message, and acquiring a VLAN (virtual local area network) identifier and a LAN (local area network) identifier carried by the tunnel message;
detecting whether the LAN identification carried by the tunnel message is the same as the LAN identification corresponding to the target virtual machine indicated by the inner layer message;
and if the VLAN identifier and the PVID of the target virtual machine indicated by the inner layer message are the same, processing the message according to the VLAN identifier and the PVID of the target virtual machine indicated by the inner layer message.
Optionally, the processing the packet according to the VLAN id and the PVID of the destination virtual machine indicated by the inner layer packet includes:
checking whether the VLAN identification is the same as the PVID of the target virtual machine indicated by the inner layer message;
if not, inserting the VLAN identification into the inner layer message, and sending the inner layer message inserted with the VLAN identification to the target virtual machine;
and if the inner layer messages are the same, sending the inner layer messages to the target virtual machine.
According to a third aspect of the present application, there is provided a message forwarding apparatus, applied to a virtual switch on a host in a cloud computing network, wherein virtual machines in the cloud computing network are divided into different LANs, virtual machines in the same LAN are divided into different VLANs, and virtual machines with the same VLAN identifier in the same LAN can communicate; the device comprises:
the first receiving unit is used for receiving a message sent by a local virtual machine; the message carries the VLAN identification of the VLAN where the local virtual machine is located;
a first obtaining unit, configured to obtain, from the recorded VLAN MASK and PVID corresponding to each virtual machine, the VLAN MASK and PVID corresponding to a local virtual machine;
and the forwarding unit is used for forwarding the message according to the VLAN identifier carried by the message and the LAN identifier of the LAN where the local virtual machine is located when the VLAN corresponding to the VLAN MASK is determined to contain the VLAN indicated by the PVID.
Optionally, the forwarding unit is configured to, when forwarding the packet according to the VLAN identifier carried by the packet and the LAN identifier of the LAN where the local virtual machine is located, search a flow table entry corresponding to a destination address of the packet in a preset flow table; acquiring a LAN identifier and a VLAN identifier of a destination virtual machine, which are indicated by a destination address of the message and recorded in the table entry of the flow table; detecting whether the LAN identification corresponding to the local virtual machine is matched with the LAN identification corresponding to the target host machine or not and whether the VLAN identification corresponding to the local virtual machine is matched with the VLAN identification corresponding to the target host machine or not; and if the messages are matched, forwarding the messages to the target virtual machine.
Optionally, when forwarding the packet to the destination virtual machine, the forwarding unit is configured to perform tunnel encapsulation on the packet to form a tunnel packet, and add the LAN identifier and the VLAN identifier corresponding to the local virtual machine to a tunnel header of the tunnel packet; and forwarding the tunnel message to a destination virtual machine.
According to a fourth aspect of the present application, there is provided a message forwarding apparatus, which is applied to a virtual switch on a host in a cloud computing network, virtual machines in the cloud computing network are divided into different LANs, virtual machines in the same LAN are divided into different VLANs, and virtual machines with the same VLAN identifier in the same LAN can communicate; the device comprises:
a second receiving unit, configured to receive a tunnel packet;
the second obtaining unit is used for decapsulating the tunnel message to obtain an inner layer message and obtaining a VLAN (virtual local area network) identifier and a LAN (local area network) identifier carried by the tunnel message;
a detecting unit, configured to detect whether the LAN identifier carried in the tunnel packet is the same as the LAN identifier corresponding to the destination virtual machine indicated by the inner layer packet;
and the processing unit is used for processing the message according to the VLAN identification and the PVID of the target virtual machine indicated by the inner layer message if the VLAN identification and the PVID are the same.
Optionally, the processing unit is configured to check whether the PVID of the destination virtual machine indicated by the VLAN identifier and the inner layer packet is the same when processing the packet according to the PVID of the destination virtual machine indicated by the VLAN identifier and the inner layer packet; if not, inserting the VLAN identification into the inner layer message, and sending the inner layer message inserted with the VLAN identification to the target virtual machine; and if the inner layer messages are the same, sending the inner layer messages to the target virtual machine.
According to the description, different virtual machines in the same LAN can be divided into different VLANs according to user requirements, and the virtual switch on the host machine forwards the VLAN identification and the LAN identification according to the position of the message sending party, so that the communication between the message sending party and the message receiving party can be realized when the LAN identifications and the VLAN identifications of the message sending party and the message receiving party are both consistent, and the communication between the message sending party and the message receiving party is forbidden when the LAN identifications and the VLAN identifications of the message sending party and the message receiving party are not consistent. Briefly, the isolation of different virtual data centers is achieved through LAN identification, and isolation of different virtual machines in one virtual data center is achieved through VLAN identification.
Drawings
Fig. 1 is a schematic diagram illustrating a networking architecture of a cloud computing network according to an exemplary embodiment of the present application;
fig. 2 is a flowchart illustrating a message forwarding method according to an exemplary embodiment of the present application;
FIG. 3 is a schematic diagram of a tunnel head construction according to an exemplary embodiment of the present application;
fig. 4 is a flowchart illustrating another message forwarding method according to an exemplary embodiment of the present application;
FIG. 5 is a diagram illustrating a hardware configuration of an electronic device according to an exemplary embodiment of the present application;
fig. 6 is a block diagram of a message forwarding apparatus according to an exemplary embodiment of the present application;
fig. 7 is a block diagram of a message forwarding apparatus according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The application aims to provide a message forwarding method to achieve communication or isolation between different virtual machines of the same virtual machine data center.
During implementation, the Virtual machines of the same Virtual data center are usually in the same LAN (Local Area Network), and different Virtual machines in the same LAN can be divided into different VLANs according to user requirements, so that the Virtual machines in the same VLAN (Virtual Local Area Network) can realize communication, and the Virtual machines in different VLANs can realize isolation.
When forwarding, when a virtual switch on a host machine receives a message sent by a local virtual machine, acquiring VLAN MASK and PVID corresponding to the local virtual machine from recorded VLAN MASK (virtual local area network MASK) and PVID (Port-base VLAN ID, Port-based VLAN identification) corresponding to each virtual machine on the host machine; and when determining that the VLAN corresponding to the VLAN MASK contains the VLAN indicated by the PVID, forwarding the message according to the VLAN identification carried by the message and the LAN identification of the LAN where the local virtual machine is located.
Therefore, the virtual switch on the host machine forwards the message according to the VLAN identification and the LAN identification where the message sending party is located, so that the communication between the message sending party and the message receiving party can be realized when the LAN identifications and the VLAN identifications of the message sending party and the message receiving party are matched, and the communication between the message sending party and the message receiving party is forbidden when the LAN identifications and the VLAN identifications of the message sending party and the message receiving party are not matched. Briefly, the isolation of different virtual data centers is achieved through LAN identification, and isolation of different virtual machines in one virtual data center is achieved through VLAN identification.
Referring to fig. 1, fig. 1 is a schematic diagram of a network architecture of a cloud computing network according to an exemplary embodiment of the present application.
Assuming that the cloud computing network is as shown in fig. 1, the cloud computing network has a large number of hosts in practical application. The host Machine comprises at least one Virtual Machine (VM) and a Virtual switch, wherein the VM is used for carrying out service processing, and the Virtual switch is used for carrying out communication between local VMs and cross-device communication of VMs.
In addition, the cloud computing network also comprises a user configuration server. The user configuration server can provide user configuration service for users and sends user configuration information to the host machine so that the host machine can perform configuration according to the user configuration information.
The cloud computing network is merely exemplary and not particularly limited.
As shown in fig. 1, assume that the cloud computing network includes host 161, host 162, host 163, and host 164.
Host 161 includes virtual switch 151, VM111, VM117, VM 114; VM111, VM117, VM114 are connected to virtual switch 151, respectively;
host 162 includes virtual switch 152, VM112, VM 119; VM112 and VM119 are connected to virtual switch 152;
host 163 includes virtual switch 153, VM118, VM 115; VM118, VM115 are connected to virtual switch 153, respectively;
host 164 includes virtual switch 154, VM116, VM113, VM 110; VM116, VM113, and VM110 are connected to virtual switch 154, respectively.
The virtual switches on the host machines are connected through the intranet switch, and cross-host machine communication is achieved. For example, as shown in fig. 1, virtual switch 151, virtual switch 152, virtual switch 153, and virtual switch 154 are all connected to an intranet switch, and communication between the virtual switches is realized through the intranet switch.
The following describes the message forwarding method proposed in the present application in detail from two aspects of how to configure a VLAN on a virtual machine and how to forward a message using the LAN and VLAN of the virtual machine.
How to configure VLANs on virtual machines
In the present application, the user configuration server provides the user with a service of dividing VLANs in the virtual data center that the user rents.
A user may rent one virtual data center on a user configuration server and then the user may configure each virtual machine in the virtual data center with a VLAN.
And the user configuration server converts the VLAN configured for the virtual machine by the user into a VLAN MASK aiming at each virtual machine in the virtual data center. And then, issuing the virtual machine identification of each virtual machine and the VLAN MASK corresponding to the virtual machine to the host machine where each virtual machine is located.
When the host receives the virtual machine identifier on the host and the VLAN MASK corresponding to the virtual machine, the host determines the VLAN corresponding to the virtual machine according to the VLAN MASK, and then configures the VLAN and a port mode (such as a trunk port or an access port) for a port on the virtual machine and connected to a virtual switch, so as to divide the virtual machine into the VLANs.
For example, referring to FIG. 1, assume that the virtual data center leased by the user includes VM110-VM119 in FIG. 1. The LANs on which VM110-VM119 are located are the same.
Assuming that the user divides VM111, VM112, VM113 into VLAN2 and VLAN3, the user configuration server may determine that the VLAN MASK corresponding to VM111, VM112, VM113 is 6.
In determining VLAN MASK, VLAN2 and VLAN3 may be represented by binary numbers. For example, the VLAN id may be represented by a bit number id of a binary number. For example, assume that the first bit of the binary number from right to left represents VLAN1, the second bit represents VLAN2, the third bit represents VLAN3, and so on. When a VM belongs to a VLAN, the value of the binary number and the bit number corresponding to the VLAN is set to be 1, and the number of other bits is set to be 0. In this example, since VM111, VM112, and VM113 are divided into VLAN2 and VLAN3, VLAN2 and VLAN3 are binary denoted by 110, and 110 is denoted by decimal by 6, so VLAN MASK corresponding to VLAN2 and VLAN3 is 6.
Assuming again that the user divides VM114, VM115, and VM116 into VLAN4 and VLAN6, the user configuration server may determine that the VLANs MASK for VM114, VM115, and VM116 are 40.
Assuming that the user divides VM117, VM118 into VLAN1, the user configuration server may determine that the VLAN MASK corresponding to VM117, VM118 is 1.
Assuming that the user divides VM119 and VM110 into VLAN3 and VLAN4, the user configuration server may determine that the VLAN MASK corresponding to VM119 and VM110 is 12.
Thus, the correspondence relationship between the virtual machine and the VLAN MASK generated by the user configuration server is shown in table 1.
Figure 11532DEST_PATH_IMAGE002
The user configuration server may then present table 1 to the hosts on which VM110-VM119 are located (i.e., host 161, host 162, host 163, and host 164).
For host 161, since the VLAN MASK corresponding to VM111 is 6, and reverts to binary number 110, host 161 may determine that VM111 is divided into VLAN2 and VLAN 3. Since being divided into two VLANs, host 161 can set a port on VM111 to which virtual machine switch 151 is connected as a trunk port and set a child port on the port, set the port as VLAN2 and the child port as VLAN3, or set the port as VLAN3 and the child port as VLAN 2.
Since VM117 has a corresponding VLAN MASK of 1, reverting to a binary number of 1, host 161 may determine that VM117 is partitioned in VLAN 1. Being divided among 1 VLAN, host 161 can set the port connecting virtual machine switch 151 on VM117 as an access port and set the port as VLAN 1.
Since VM114 corresponds to VLAN MASK of 40, which is reduced to binary number of 101000, host 161 may determine that VM114 is partitioned between VLAN4 and VLAN 6. Being divided into two VLANs, host 161 may set the port on VM114 connecting virtual machine switch 151 to trunk port and set a subport on that port, set that port to VLAN4, set a subport to VLAN6, or set that port to VLAN6, set a subport to VLAN 4.
Similarly, host 162 may determine that VM112 is partitioned between VLAN2 and VLAN3 based on the value 6 of VLAN MASK. Host 162 may set the port on VM112 to which virtual machine switch 152 is connected to a trunk port and set a child port on that port, set that port to VLAN2, set a child port to VLAN3, or set that port to VLAN3 and a child port to VLAN 2.
Host 162 may determine that VM119 is partitioned between VLAN3 and VLAN4 based on the value 12 of VLAN MASK. The host may set the port on VM119 connected to virtual machine switch 152 as trunk port and set the child port on the port, set the port as VLAN3 and the child port as VLAN4, or set the port as VLAN4 and the child port as VLAN 3.
Similarly, host 163 may determine that VM118 is classified in VLAN1 based on the value 1 of VLAN MASK. Host 163 may set the port on VM118 to which virtual machine switch 153 is connected to an access port, which is set to VLAN 1.
Host 163 may determine that VM115 is partitioned between VLAN4 and VLAN6 based on the value 40 of VLAN MASK. The host may set the port on VM115 to which virtual machine switch 153 is connected as a trunk port and set a child port on the port, set the port as VLAN4 and the child port as VLAN6, or set the port as VLAN6 and the child port as VLAN 4.
Similarly, host 164 may determine that VM116 is divided between VLAN4 and VLAN6 based on the value 40 of VLAN MASK. The host may set the port on VM116 connecting virtual machine switch 154 to trunk port and set a child port on the port, set the port to VLAN4, set the child port to VLAN6, or set the port to VLAN6 and set the child port to VLAN 4.
Host 164 may determine that VM113 is divided between VLAN2 and VLAN3 based on the value 6 of VLAN MASK. The host may set the port on VM113 connecting virtual machine switch 154 to trunk port and set a child port on the port, set the port to VLAN2 and the child port to VLAN3, or set the port to VLAN3 and the child port to VLAN 2.
Host 164 may determine that VM110 is partitioned between VLAN3 and VLAN4 based on the value 12 of VLAN MASK. The host may set the port on VM110 connecting to virtual machine switch 154 as trunk port and set the child port on that port, set the port as VLAN3 and the child port as VLAN4, or set the port as VLAN4 and the child port as VLAN 3.
From the above information it can be seen that:
1. VLAN3 in the virtual data center is divided within (VM111, VM112, VM113) and (VM119, VM110), so communication can be realized;
2. both (VM114, VM115, VM116) and (VM119, VM110) are divided by VLAN4 in the virtual data center, so can communicate;
3. since the VLANs of (VM117, VM118) and (VM111, VM112, VM113) (VM114, VM115, VM116) (VM119, VM110) are different, the subnet in which (VM117, VM118) is located cannot communicate with the other three subnets.
4. Since the VLANs in which (VM111, VM112, VM113) and (VM114, VM115, VM116) are located are not the same, the two subnets cannot communicate.
In addition, the PVID corresponding to each virtual machine may be one VLAN of at least one VLAN in which the virtual machine is located. For example, since the VM111 is divided into VLAN2 and VLAN3, the PVID corresponding to the VM111 may be a PVID indicating VLAN2 or a PVID indicating VLAN 3.
The following describes the message forwarding method provided in the present application in detail.
Referring to fig. 2, fig. 2 is a flowchart illustrating a message forwarding method according to an exemplary embodiment of the present application, where the method is applicable to a virtual machine switch on a host, and the method is a flow of a message sender. The method can comprise the following steps:
step 201: receiving a message sent by a local virtual machine; the message carries the VLAN identification of the VLAN where the local virtual machine is located.
Step 202: and acquiring the VLAN MASK and the PVID corresponding to the local virtual machine from the recorded VLAN MASK and the recorded PVID corresponding to each virtual machine.
In implementation, as illustrated in the above description, the host records the correspondence between the virtual machine identifier and the VLAN MASK and PVID. The virtual switch can search the VLAN MASK and PVID corresponding to the local virtual machine in the correspondence.
For example, still taking fig. 1 as an example, assume that the local virtual machine is VM 111.
The correspondence between the virtual machine identifier recorded on host 161 and the VLAN MASK and PVID is shown in table 2.
Figure 375343DEST_PATH_IMAGE004
After receiving the packet sent by VM111, virtual switch 151 may look up, in table 2 recorded on host 161, VLAN MASK (i.e. 6) and PVID (i.e. 2) corresponding to VM 111.
Step 203: and when determining that the VLAN corresponding to the VLAN MASK contains the VLAN indicated by the PVID, forwarding the message according to the VLAN identification carried by the message and the LAN identification of the LAN where the local virtual machine is located.
Step 203 is explained in detail below through step 2031 to step 2032.
Step 2031: the virtual switch detects whether the VLAN corresponding to the VLAN MASK corresponding to the local virtual machine contains the VLAN indicated by the PVID.
It should be noted that, in general, the VLAN indicated by the VLAN MASK includes the VLAN indicated by the PVID. Therefore, after receiving the message sent by the local virtual machine, the virtual machine switch performs the detection in step 202, mainly to detect whether the VLAN configured on the local virtual machine is reasonable.
If the VLAN corresponding to the VLAN MASK corresponding to the local virtual machine includes the VLAN indicated by the PVID, it indicates that the VLAN configuration on the local virtual machine is reasonable, and at this time, step 2032 may be performed; if the VLAN corresponding to the VLAN MASK corresponding to the local virtual machine does not include the VLAN indicated by the PVID, it indicates that the VLAN configuration on the local virtual machine is not reasonable, and at this time, the packet may be discarded without forwarding the packet.
Step 2032: and forwarding the message according to the VLAN identification carried by the message and the LAN identification of the LAN where the local virtual machine is located.
When the method is implemented, a flow table is recorded on the host, and information such as a destination address, a LAN identifier where the destination address is located, a VLAN identifier, a next hop and the like is recorded in the flow table. The flow table is indicated here as an example and is not particularly limited.
Here, the LAN ID may be a LAN ID, the VLAN ID may be a VLAN ID, and the like, and the LAN ID and the VLAN ID are merely exemplary and are not specifically limited.
Then, the virtual switch may look up, in the flow table, a flow table entry whose destination address is the destination address carried by the packet. Then, the virtual switch may obtain the LAN identifier and the VLAN identifier recorded in the found flow table entry, as the LAN identifier and the VLAN identifier where the destination virtual machine indicated by the destination address of the packet is located.
Then, the virtual switch may determine the LAN identifier corresponding to the local virtual machine switch from among the virtual switches and the LAN identifiers corresponding thereto recorded on the local host.
Then, the virtual switch may detect whether the LAN identifier where the local virtual machine is located matches the LAN identifier where the destination host is located, and whether the VLAN identifier where the local virtual machine is located (i.e., the VLAN identifier carried in the received message) matches the VLAN identifier where the destination host is located.
If the LAN identifier of the local virtual machine is matched with (for example, consistent with) the LAN identifier of the destination host, and the VLAN identifier of the local virtual machine is matched with (for example, consistent with) the VLAN identifier of the destination host, it indicates that the local virtual machine and the destination virtual machine are in the same LAN and VLAN, and the local virtual machine and the destination virtual machine can communicate. Therefore, under this condition, the virtual switch may send the packet to the destination virtual machine according to the found flow table entry.
If the LAN identification of the local virtual machine is not matched with the LAN identification of the destination host machine, or the VLAN identification of the local virtual machine is not matched with the VLAN identification of the destination host machine, the fact that the local virtual machine and the destination virtual machine are in different LANs and VLANs indicates that the local virtual machine and the destination virtual machine cannot communicate. Therefore, in this case, the packet may be discarded without being processed.
In addition, in practical application, the VLAN id and the LAN id are usually carried in an inner header of a packet, and after the packet is received by a forwarding device, the forwarding device will remove the VLAN id of the packet and process the packet, and after the packet is processed, the VLAN id of the packet is added, which may involve the problems of encapsulation and decapsulation of the packet and tampering of the VLAN attribute of the packet.
Therefore, in order to prevent the message from being encapsulated and de-encapsulated frequently in the forwarding process, the working pressure of the forwarding equipment is reduced. In this embodiment of the present application, after the virtual switch performs tunnel encapsulation on the packet, the LAN identifier and the VLAN identifier where the local virtual machine is located may be carried in a tunnel header. Therefore, the generated tunnel message cannot be frequently encapsulated and decapsulated by the intermediate device or tampered by the intermediate device in the forwarding process.
As shown in fig. 3, the format body shown in fig. 3 is a format body of a tunnel header.
The tunnel header may be a VXLAN (Virtual eXtensible Local Area Network) tunnel header, and the tunnel message may be a VXLAN tunnel message. The method sets a LAN identification field and a VLAN identification field in a reserved field in a tunnel header.
The LAN identification field is used to fill in the sending-end virtual machine (i.e. the LAN identification where the local virtual machine is located, as described above), and the VLAN identification field is used to fill in the sending-end virtual machine (i.e. the VLAN identification where the local virtual machine is located, as described above).
The introduction of the flow of the transmitting end is completed above.
The following describes the receiving end process.
Referring to fig. 4, fig. 4 is a flowchart of a message forwarding method according to an exemplary embodiment of the present application, where the method may be applied to a virtual switch on a host, and may include the following steps:
step 401: receiving a tunnel message;
in implementation, the virtual switch may receive tunnel packets sent by other virtual switches.
Step 402: decapsulating the tunnel message to obtain an inner layer message, and acquiring a VLAN (virtual local area network) identifier and a LAN (local area network) identifier carried by the tunnel message;
the virtual switch can decapsulate the tunnel message, remove the tunnel header of the tunnel message, and obtain the inner layer message.
In addition, the virtual switch can also obtain the VLAN identification and the LAN identification carried by the tunnel header of the tunnel message.
Step 403: and detecting whether the LAN identification carried by the tunnel message is the same as the LAN identification of the target virtual machine indicated by the inner layer message.
And recording the corresponding relation between each virtual machine and the LAN identification, the VLAN MASK, the PVID information and the like of the virtual machine on the host machine where the virtual switch is positioned. The virtual switch acquires the destination address of the inner layer message, and then searches the information such as the LAN identification, the VLAN identification, the PVID and the like corresponding to the destination virtual machine indicated by the destination address in the corresponding relation.
Then, the virtual switch may detect whether the LAN identifier carried in the tunnel message is the same as the LAN identifier of the LAN where the destination virtual machine is located. If the LAN identification carried by the tunnel message is the same as the LAN identification of the LAN where the target virtual machine is located, the fact that the original virtual machine and the target virtual machine which send the inner layer message are in the same virtual data center is indicated, and the two virtual machines can communicate. In this case, the process of step 404 may be performed. If the LAN identifier carried in the tunnel message is different from the LAN identifier of the LAN where the destination virtual machine is located, it indicates that the original virtual machine and the destination virtual machine which send the inner layer message are not in the same virtual data center, and they cannot communicate with each other, so the inner layer message is discarded in this case.
Step 404: and if the VLAN identifier and the PVID of the target virtual machine indicated by the inner layer message are the same, processing the message according to the VLAN identifier and the PVID of the target virtual machine indicated by the inner layer message.
It should be noted that, as the processing flow of the inner layer message corresponding to the destination virtual machine is that, if the inner layer message has a VLAN identifier, the message is processed according to the VLAN identifier carried in the inner layer message, and if the inner layer message does not have a VLAN identifier, the PVID configured by the destination virtual machine is added to the inner layer message for processing.
Based on this, in order to reduce the workload of the virtual switch, the virtual switch may check whether the VLAN id carried in the tunnel packet is the same as the PVID of the destination virtual machine indicated by the inner layer packet.
If the VLAN id carried by the tunnel packet is different from the PVID of the destination virtual machine indicated by the inner layer packet, the VLAN id carried by the tunnel packet needs to be taken as the reference, and at this time, the virtual switch may insert the VLAN id carried by the tunnel packet into the inner layer packet (for example, an MAC address of the inner layer packet), and send the inner layer packet into which the VLAN id is inserted to the destination virtual machine.
If the VLAN identifier carried by the tunnel message is the same as the PVID of the target virtual machine indicated by the inner layer message, the inner layer message can be directly sent to the target virtual machine, and the target virtual machine adds the PVID to the inner layer message for processing. Therefore, the operation of inserting VLAN identification into the virtual switch is avoided, and the workload of the virtual switch is reduced.
According to the description, different virtual machines in the same LAN can be divided into different VLANs according to user requirements, and the virtual switch on the host machine forwards the VLAN identification and the LAN identification according to the position of the message sending party, so that the communication between the message sending party and the message receiving party can be realized when the LAN identifications and the VLAN identifications of the message sending party and the message receiving party are both consistent, and the communication between the message sending party and the message receiving party is forbidden when the LAN identifications and the VLAN identifications of the message sending party and the message receiving party are not consistent. Briefly, the isolation of different virtual data centers is achieved through LAN identification, and isolation of different virtual machines in one virtual data center is achieved through VLAN identification.
Still taking fig. 1 as an example, the following describes in detail the message forwarding method provided in the present application by using a specific example.
Assume that the cloud computing network includes host 161, host 162, host 163, and host 164.
Host 161 includes virtual switch 151, VM111, VM117, VM 114; VM111, VM117, VM114 are connected to virtual switch 151, respectively;
host 162 includes virtual switch 152, VM112, VM 119; VM112 and VM119 are connected to virtual switch 152;
host 163 includes virtual switch 153, VM118, VM 115; VM118, VM115 are connected to virtual switch 153, respectively;
host 164 includes virtual switch 154, VM116, VM113, VM 110; VM116, VM113, and VM110 are connected to virtual switch 154, respectively.
The virtual switches on the host machines are connected through the intranet switch, and cross-host machine communication is achieved. For example, as shown in fig. 1, virtual switch 151, virtual switch 152, virtual switch 153, and virtual switch 154 are all connected to an intranet switch, and communication between the virtual switches is realized through the intranet switch.
Assume that VM111 communicates with VM 119. VM111 is in the same LAN (i.e., LAN 2) as VM 119.
It is assumed that the VLAN MASK, PVID and VLAN id of VM111 and VM119 are shown in table 3.
Figure DEST_PATH_IMAGE006
Assume that VM111 sends a message to VM 119. The destination address in the message is the address of VM119, and the VLAN identifier carried in the message is VLAN 3.
VM111 sends the message to virtual switch 151.
After receiving the packet, the virtual switch 151 records the VLAN MASK (i.e., 6) and the PVID (i.e., 2) corresponding to the VM111 from the local host 161.
Then, virtual switch 151 may determine the VLAN indicated by the VLAN MASK to which VM111 corresponds. Since the VLAN MASK corresponding to VM111 is 6 in this example, which translates into a binary number of 110, the VLANs indicated by the VLAN MASK corresponding to VM111 are VLAN2 and VLAN 3.
The virtual switch 151 may determine whether the VLAN indicated by the VLAN MASK corresponding to the VM111 contains the VLAN indicated by the PVID corresponding to the VM 111. In this example, the VLANs indicated by the VLAN MASK corresponding to the VM111 include VLAN2 and VLAN 3. The VLAN indicated by the PVID corresponding to VM111 is VLAN 2. As can be seen, the VLAN indicated by the VLAN MASK corresponding to the VM111 contains the VLAN indicated by the PVID corresponding to the VM 111.
Then, the virtual switch 151 may look up a flow table entry whose destination address is the VM119 address in the locally recorded flow table. Assume that the table entry at the lookup is as shown in table 4.
Figure DEST_PATH_IMAGE008
Virtual switch 151 may then detect whether the VLAN id carried in the packet (i.e., 3) matches the VLAN id (including VLAN 3) of VM119 in the found flow table entry (i.e., table 4). In addition, virtual switch 151 can also detect whether the LAN id (i.e., LAN 2) on which VM111 is located matches the LAN id (i.e., LAN 2) on which VM119 is located.
In this example, the VLAN id (i.e. 3) carried in the packet matches the VLAN id (including VLAN 3) where VM119 is located in the found flow table entry (i.e. table 4), and the LAN id (i.e. LAN 2) where VM111 is located matches the LAN id (i.e. LAN 2) where VM119 is located. Therefore, the virtual switch 151 encapsulates a tunnel header for the packet, and carries the VLAN id in the packet and the LAN id where the VM111 is located in the tunnel header.
The virtual switch 151 may encapsulate an outer UDP header outside the tunnel header, an IP header outside the outer UDP header, and an outer ethernet header outside the outer IP header, thereby forming a tunnel packet.
Virtual switch 151 may send the tunnel message to virtual switch 152 on host 162.
After receiving the tunnel packet, the host 162 may remove the outer ethernet header, the outer IP header, and the outer UDP header of the tunnel packet, and then send the packet with the tunnel header to the virtual switch 152.
The virtual switch 152 parses the tunnel header, obtains the VLAN identifier (i.e., VLAN 3) and the LAN identifier (LAN 2) carried in the tunnel header, and removes the tunnel of the packet with the tunnel header to obtain the packet.
The virtual switch 152 may look up a flow table entry corresponding to the destination address of the packet (i.e., the address of the VM 119) in the locally recorded flow table. The LAN id and VLAN id where VM119 is located are obtained from this flow table entry.
Virtual switch 152 may then detect whether the LAN identification carried by the tunnel header (i.e., LAN 2) and the LAN identification in which VM119 is located (i.e., LAN 2) are consistent. In this example, the two are identical. The virtual switch 152 further detects whether the PVID corresponding to the VM119 is the same as the VLAN id carried by the tunnel header.
And if the PVID corresponding to the VM119 is the same as the VLAN identifier carried by the tunnel header, sending the message to the VM 119.
If the PVID corresponding to the VM119 is not the same as the VLAN id carried by the tunnel header, the VLAN id carried by the tunnel header is added to the MAC header of the packet and sent to the VM 119.
Referring to fig. 5, fig. 5 is a hardware structure diagram of an electronic device according to an exemplary embodiment of the present application.
The electronic device includes: a communication interface 501, a processor 502, a machine-readable storage medium 503, and a bus 504; wherein the communication interface 501, the processor 502 and the machine-readable storage medium 503 are in communication with each other via a bus 504. The processor 502 may perform the message forwarding method described above by reading and executing machine-executable instructions in the machine-readable storage medium 503 corresponding to the message forwarding control logic.
The machine-readable storage medium 503 referred to herein may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: volatile memory, non-volatile memory, or similar storage media. In particular, the machine-readable storage medium 503 may be a RAM (random Access Memory), a flash Memory, a storage drive (e.g., a hard disk drive), a solid state disk, any type of storage disk (e.g., a compact disk, a DVD, etc.), or similar storage medium, or a combination thereof.
Referring to fig. 6, fig. 6 is a block diagram of a message forwarding apparatus according to an exemplary embodiment of the present application;
the device is applied to a virtual switch on a host machine in a cloud computing network, virtual machines in the cloud computing network are divided into different LANs, virtual machines in the same LAN are divided into different VLANs, and the virtual machines with the same VLAN identification in the same LAN can communicate; the device comprises:
a first receiving unit 601, configured to receive a message sent by a local virtual machine; the message carries the VLAN identification of the VLAN where the local virtual machine is located;
a first obtaining unit 602, configured to obtain, from the recorded VLAN MASK and PVID corresponding to each virtual machine, the VLAN MASK and the PVID corresponding to a local virtual machine;
a forwarding unit 603, configured to forward the packet according to the VLAN identifier carried in the packet and the LAN identifier of the LAN where the local virtual machine is located, when it is determined that the VLAN corresponding to the VLAN MASK includes the VLAN indicated by the PVID.
Optionally, the forwarding unit 603 is configured to, when forwarding the packet according to the VLAN identifier carried by the packet and the LAN identifier of the LAN where the local virtual machine is located, search a flow table entry corresponding to the destination address of the packet in a preset flow table; acquiring a LAN identifier and a VLAN identifier of a destination virtual machine, which are indicated by a destination address of the message and recorded in the table entry of the flow table; detecting whether the LAN identification corresponding to the local virtual machine is matched with the LAN identification corresponding to the target host machine or not and whether the VLAN identification corresponding to the local virtual machine is matched with the VLAN identification corresponding to the target host machine or not; and if the messages are matched, forwarding the messages to the target virtual machine.
Optionally, the forwarding unit 603 is configured to, when forwarding the packet to the destination virtual machine, tunnel-encapsulate the packet to form a tunnel packet, and add the LAN identifier and the VLAN identifier corresponding to the local virtual machine to a tunnel header of the tunnel packet; and forwarding the tunnel message to a destination virtual machine.
Referring to fig. 7, fig. 7 is a block diagram of a message forwarding apparatus according to an exemplary embodiment of the present application;
the device is applied to a virtual switch on a host machine in a cloud computing network, virtual machines in the cloud computing network are divided into different LANs, virtual machines in the same LAN are divided into different VLANs, and the virtual machines with the same VLAN identification in the same LAN can communicate; the device comprises:
a second receiving unit 701, configured to receive a tunnel packet;
a second obtaining unit 702, configured to decapsulate the tunnel packet to obtain an inner layer packet, and obtain a VLAN identifier and a LAN identifier carried in the tunnel packet;
a detecting unit 703, configured to detect whether the LAN identifier carried in the tunnel packet is the same as the LAN identifier corresponding to the destination virtual machine indicated by the inner layer packet;
and the processing unit 704 is configured to process the packet according to the VLAN id and the PVID of the destination virtual machine indicated by the inner layer packet if the VLAN id is the same as the PVID of the destination virtual machine indicated by the inner layer packet.
Optionally, the processing unit is configured to check whether the PVID of the destination virtual machine indicated by the VLAN identifier and the inner layer packet is the same when processing the packet according to the PVID of the destination virtual machine indicated by the VLAN identifier and the inner layer packet; if not, inserting the VLAN identification into the inner layer message, and sending the inner layer message inserted with the VLAN identification to the target virtual machine; and if the inner layer messages are the same, sending the inner layer messages to the target virtual machine.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.

Claims (10)

1. The message forwarding method is applied to a virtual switch on a host machine in a cloud computing network, virtual machines in the cloud computing network are divided into different LANs, virtual machines in the same LAN are divided into different VLANs, and the virtual machines with the same VLAN identification in the same LAN can communicate; the method comprises the following steps:
receiving a message sent by a local virtual machine; the message carries the VLAN identification of the VLAN where the local virtual machine is located;
acquiring VLAN MASK and PVID corresponding to a local virtual machine from the recorded VLAN MASK and PVID corresponding to each virtual machine;
and when determining that the VLAN corresponding to the VLAN MASK contains the VLAN indicated by the PVID, forwarding the message according to the VLAN identification carried by the message and the LAN identification of the LAN where the local virtual machine is located.
2. The method according to claim 1, wherein said forwarding the packet according to the VLAN id carried by the packet and the LAN id of the LAN where the local virtual machine is located comprises:
searching a flow table entry corresponding to the destination address of the message in a preset flow table;
acquiring a LAN identifier and a VLAN identifier of a destination virtual machine, which are indicated by a destination address of the message and recorded in the table entry of the flow table;
detecting whether the LAN identification corresponding to the local virtual machine is matched with the LAN identification corresponding to the target host machine or not and whether the VLAN identification corresponding to the local virtual machine is matched with the VLAN identification corresponding to the target host machine or not;
and if the messages are matched, forwarding the messages to the target virtual machine.
3. The method of claim 2, wherein forwarding the message to a destination virtual machine comprises:
tunnel packaging is carried out on the message to form a tunnel message, and the LAN identification and the VLAN identification corresponding to the local virtual machine are added into a tunnel head of the tunnel message;
and forwarding the tunnel message to a destination virtual machine.
4. The message forwarding method is applied to a virtual switch on a host machine in a cloud computing network, virtual machines in the cloud computing network are divided into different LANs, virtual machines in the same LAN are divided into different VLANs, and the virtual machines with the same VLAN identification in the same LAN can communicate; the method comprises the following steps:
receiving a tunnel message;
decapsulating the tunnel message to obtain an inner layer message, and acquiring a VLAN (virtual local area network) identifier and a LAN (local area network) identifier carried by the tunnel message;
detecting whether the LAN identification carried by the tunnel message is the same as the LAN identification corresponding to the target virtual machine indicated by the inner layer message;
and if the VLAN identifier and the PVID of the target virtual machine indicated by the inner layer message are the same, processing the message according to the VLAN identifier and the PVID of the target virtual machine indicated by the inner layer message.
5. The method according to claim 4, wherein the processing the packet according to the VLAN id and the PVID of the destination virtual machine indicated by the inner layer packet includes:
checking whether the VLAN identification is the same as the PVID of the target virtual machine indicated by the inner layer message;
if not, inserting the VLAN identification into the inner layer message, and sending the inner layer message inserted with the VLAN identification to the target virtual machine;
and if the inner layer messages are the same, sending the inner layer messages to the target virtual machine.
6. The message forwarding device is applied to a virtual switch on a host machine in a cloud computing network, virtual machines in the cloud computing network are divided into different LANs, virtual machines in the same LAN are divided into different VLANs, and the virtual machines with the same VLAN identification in the same LAN can communicate; the device comprises:
the first receiving unit is used for receiving a message sent by a local virtual machine; the message carries the VLAN identification of the VLAN where the local virtual machine is located;
a first obtaining unit, configured to obtain, from the recorded VLAN MASK and PVID corresponding to each virtual machine, the VLAN MASK and PVID corresponding to a local virtual machine;
and the forwarding unit is used for forwarding the message according to the VLAN identification carried by the message and the LAN identification of the LAN where the local virtual machine is located when the VLAN corresponding to the VLAN MASK is determined to contain the VLAN indicated by the PVID.
7. The apparatus according to claim 6, wherein the forwarding unit, when forwarding the packet according to the VLAN identifier carried by the packet and the LAN identifier of the LAN where the local virtual machine is located, is configured to search, in a preset flow table, a flow table entry corresponding to a destination address of the packet; acquiring a LAN identifier and a VLAN identifier of a destination virtual machine, which are indicated by a destination address of the message and recorded in the table entry of the flow table; detecting whether the LAN identification corresponding to the local virtual machine is matched with the LAN identification corresponding to the target host machine or not and whether the VLAN identification corresponding to the local virtual machine is matched with the VLAN identification corresponding to the target host machine or not; and if the messages are matched, forwarding the messages to the target virtual machine.
8. The apparatus according to claim 7, wherein the forwarding unit, when forwarding the packet to a destination virtual machine, is configured to tunnel the packet to form a tunnel packet, and add a LAN identifier and a VLAN identifier corresponding to the local virtual machine to a tunnel header of the tunnel packet; and forwarding the tunnel message to a destination virtual machine.
9. The message forwarding device is applied to a virtual switch on a host machine in a cloud computing network, virtual machines in the cloud computing network are divided into different LANs, virtual machines in the same LAN are divided into different VLANs, and the virtual machines with the same VLAN identification in the same LAN can communicate; the device comprises:
a second receiving unit, configured to receive a tunnel packet;
the second obtaining unit is used for decapsulating the tunnel message to obtain an inner layer message and obtaining a VLAN (virtual local area network) identifier and a LAN (local area network) identifier carried by the tunnel message;
a detecting unit, configured to detect whether the LAN identifier carried in the tunnel packet is the same as the LAN identifier corresponding to the destination virtual machine indicated by the inner layer packet;
and the processing unit is used for processing the message according to the VLAN identification and the PVID of the target virtual machine indicated by the inner layer message if the VLAN identification and the PVID are the same.
10. The apparatus according to claim 9, wherein the processing unit, when processing the packet according to the VLAN id and the PVID of the destination virtual machine indicated by the inner layer packet, is configured to check whether the PVID of the destination virtual machine indicated by the VLAN id and the inner layer packet is the same; if not, inserting the VLAN identification into the inner layer message, and sending the inner layer message inserted with the VLAN identification to the target virtual machine; and if the inner layer messages are the same, sending the inner layer messages to the target virtual machine.
CN202210360404.6A 2022-04-07 2022-04-07 Multi-subnet communication method and device Active CN114448752B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210360404.6A CN114448752B (en) 2022-04-07 2022-04-07 Multi-subnet communication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210360404.6A CN114448752B (en) 2022-04-07 2022-04-07 Multi-subnet communication method and device

Publications (2)

Publication Number Publication Date
CN114448752A true CN114448752A (en) 2022-05-06
CN114448752B CN114448752B (en) 2022-09-09

Family

ID=81359817

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210360404.6A Active CN114448752B (en) 2022-04-07 2022-04-07 Multi-subnet communication method and device

Country Status (1)

Country Link
CN (1) CN114448752B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1474564A (en) * 2002-08-05 2004-02-11 ��Ϊ�������޹�˾ Communication method between virtual local area webs
CN101494610A (en) * 2009-03-12 2009-07-29 福建星网锐捷网络有限公司 Method for processing message and switch
CN103731349A (en) * 2012-10-16 2014-04-16 杭州华三通信技术有限公司 Method for conducting Ethernet virtualized message transmission between interconnection neighbors and edge device
US20140153442A1 (en) * 2011-08-05 2014-06-05 Huawei Technologies Co., Ltd. Method, Device, and System for Packet Processing
CN106302191A (en) * 2016-08-29 2017-01-04 杭州华三通信技术有限公司 A kind of message forwarding method and device
CN106375206A (en) * 2016-08-31 2017-02-01 杭州迪普科技有限公司 Message forwarding method and device
US20180123827A1 (en) * 2016-10-28 2018-05-03 Brocade Communications Systems, Inc. Rule-based network identifier mapping
CN108337192A (en) * 2017-12-28 2018-07-27 华为技术有限公司 Message communication method and apparatus in a kind of cloud data center
CN109218161A (en) * 2018-10-24 2019-01-15 郑州云海信息技术有限公司 A kind of method and device of virtual switch forwarding data
US20210320872A1 (en) * 2018-12-26 2021-10-14 Huawei Technologies Co., Ltd. Cloud computing data center system, gateway, server, and packet processing method
CN114095460A (en) * 2022-01-20 2022-02-25 杭州优云科技有限公司 Message broadcasting method and device

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1474564A (en) * 2002-08-05 2004-02-11 ��Ϊ�������޹�˾ Communication method between virtual local area webs
CN101494610A (en) * 2009-03-12 2009-07-29 福建星网锐捷网络有限公司 Method for processing message and switch
US20140153442A1 (en) * 2011-08-05 2014-06-05 Huawei Technologies Co., Ltd. Method, Device, and System for Packet Processing
CN103731349A (en) * 2012-10-16 2014-04-16 杭州华三通信技术有限公司 Method for conducting Ethernet virtualized message transmission between interconnection neighbors and edge device
CN106302191A (en) * 2016-08-29 2017-01-04 杭州华三通信技术有限公司 A kind of message forwarding method and device
CN106375206A (en) * 2016-08-31 2017-02-01 杭州迪普科技有限公司 Message forwarding method and device
US20180123827A1 (en) * 2016-10-28 2018-05-03 Brocade Communications Systems, Inc. Rule-based network identifier mapping
CN108337192A (en) * 2017-12-28 2018-07-27 华为技术有限公司 Message communication method and apparatus in a kind of cloud data center
CN109218161A (en) * 2018-10-24 2019-01-15 郑州云海信息技术有限公司 A kind of method and device of virtual switch forwarding data
US20210320872A1 (en) * 2018-12-26 2021-10-14 Huawei Technologies Co., Ltd. Cloud computing data center system, gateway, server, and packet processing method
CN114095460A (en) * 2022-01-20 2022-02-25 杭州优云科技有限公司 Message broadcasting method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
邵鹏飞等: "PVID在VLAN配置中的作用及影响分析", 《实验室研究与探索》 *
韩志勇等: "华为S5700三层交换机VLAN间通信配置策略探讨", 《通讯世界》 *

Also Published As

Publication number Publication date
CN114448752B (en) 2022-09-09

Similar Documents

Publication Publication Date Title
EP3544240B1 (en) Data processing
CN109218178B (en) Message processing method and network equipment
CN111512601B (en) Segmented routing network processing of packets
US11979322B2 (en) Method and apparatus for providing service for traffic flow
CN108259291B (en) VXLAN message processing method, device and system
CN104704778B (en) Method and system for virtual and physical network integration
US20130124750A1 (en) Network virtualization without gateway function
EP2893676B1 (en) Packet forwarding
EP3197107B1 (en) Message transmission method and apparatus
US11539659B2 (en) Fast distribution of port identifiers for rule processing
US9031072B2 (en) Methods and apparatus to route fibre channel frames using reduced forwarding state on an FCOE-to-FC gateway
EP1903723A1 (en) Method and apparatus for transmitting message
CN109729012B (en) Unicast message transmission method and device
WO2021083332A1 (en) Method, apparatus and system for sending message
CN107659484B (en) Method, device and system for accessing VXLAN network from VLAN network
CN108390812B (en) Message forwarding method and device
US11159342B2 (en) MAC address synchronization
CN107634893B (en) Method and device for processing Media Access Control (MAC) address advertisement route
CN114095460B (en) Message broadcasting method and device
CN111669422B (en) Message transmission method and device
CN114448752B (en) Multi-subnet communication method and device
US20230115034A1 (en) Packet verification method, device, and system
JP7322088B2 (en) Packet detection method and first network device
EP3913865B1 (en) Message decapsulation method and device, message encapsulation method and device, electronic device, and storage medium
CN106302264A (en) Unicast message interoperability methods between Dune switched line clamp and flexibly cable card board and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant