WO2016107594A1 - Accessing external network from virtual network - Google Patents

Accessing external network from virtual network Download PDF

Info

Publication number
WO2016107594A1
WO2016107594A1 PCT/CN2015/100064 CN2015100064W WO2016107594A1 WO 2016107594 A1 WO2016107594 A1 WO 2016107594A1 CN 2015100064 W CN2015100064 W CN 2015100064W WO 2016107594 A1 WO2016107594 A1 WO 2016107594A1
Authority
WO
WIPO (PCT)
Prior art keywords
external network
flow
network gateway
mac address
logical
Prior art date
Application number
PCT/CN2015/100064
Other languages
French (fr)
Inventor
Yuan Song
Jiajia FU
Original Assignee
Hangzhou H3C Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co., Ltd. filed Critical Hangzhou H3C Technologies Co., Ltd.
Publication of WO2016107594A1 publication Critical patent/WO2016107594A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/42Centralised routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/64Routing or path finding of packets in data switching networks using an overlay routing layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches

Definitions

  • SDN Software defined networks
  • a SDN such as an OpenFlow
  • a SDN may extend forwarding modes of the layer 2 switch and the layer 3 switch, so that the layer 2 switch and the layer 3 switch can not only perform forwarding based on a Media Access Control (MAC) address and forwarding based on an Internet Protocol (IP) address, but can also perform flow forwarding based on packet header description.
  • MAC Media Access Control
  • IP Internet Protocol
  • a control plane can be separated from a forwarding device, and decisions of all forwarding actions can be migrated from a switch to a SDN controller.
  • FIG. 1 is a flowchart illustrating a method for accessing an external network from a virtual network according to an example of the present disclosure.
  • FIG. 2 is a diagram illustrating a process of creating a logical external network gateway when accessing an external network from a virtual network according to an example of the present disclosure.
  • FIG. 3 is a diagram illustrating a process of distributing a routing table and an Address Resolution Protocol (ARP) entry when accessing an external network from a virtual network according to an example of the present disclosure.
  • ARP Address Resolution Protocol
  • FIG. 4 is a diagram illustrating a process of distributing a static flow table when accessing an external network from a virtual network according to an example of the present disclosure.
  • FIG. 5 is a diagram illustrating a process of forwarding a flow accessing an external network when accessing the external network from a virtual network according to an example of the present disclosure.
  • FIG. 6 is a diagram illustrating the structure of an apparatus for accessing an external network from a virtual network according to an example of the present disclosure.
  • FIG. 7 is a diagram illustrating the hardware structure of a controller according to an example of the present disclosure.
  • FIG. 8 is a diagram illustrating the structure of a flow routing apparatus according to an example of the present disclosure.
  • FIG. 9 is a diagram illustrating the hardware structure of a Virtual Machine (VM) according to an example of the present disclosure.
  • VM Virtual Machine
  • FIG. 10 is a diagram illustrating the structure of a flow forwarding apparatus according to an example of the present disclosure.
  • FIG. 11 is a diagram illustrating the hardware structure of a switch according to an example of the present disclosure.
  • the present disclosure is described by referring mainly to an example thereof.
  • numerous specific details are set forth in order to provide a thorough understanding of the present disclosure. It will be readily apparent however, that the present disclosure may be practiced without limitation to these specific details. In other instances, some methods and structures have not been described in detail so as not to unnecessarily obscure the present disclosure.
  • the terms “a” and “an” are intended to denote at least one of a particular element.
  • the term “includes” means includes but not limited to, the term “including” means including but not limited to.
  • the term “based on” means based at least in part on.
  • a software defined network such as an OpenFlow network, includes a controller and a switch.
  • the controller distributes a flow table to the switch, and the switch checks and forwards a packet according to the flow table.
  • Each flow entry in the flow table includes a header field, an active counter and zero, one or more actions.
  • the switch checks each packet according to the flow table. If the header field of a packet matches the header field of a flow entry in the flow table, the switch processes the packet according to the flow entry. If the header field of the packet does not match any flow entry in the flow table, the switch forwards the packet to the controller via a safe channel, and then the controller decides an action for the packet.
  • a virtual machine is a virtual computer that is hosted on a physical computing device.
  • a physical computing device such as a server, may be virtualized into a plurality of virtual machines each of which acts as an independent server.
  • the SDN network may be applied to a virtual network to forward flows.
  • a virtual network is a computer network that consists, at least in part, of virtual network links.
  • a virtual network link is a link that does not consist of a physical (wired or wireless) connection between two computing devices but is implemented using methods of network virtualization.
  • the network virtualization is based on vSwitch technology.
  • the virtual network may be virtual switch inside a physical device which connects VMs hosted in the physical device, or may be a distributed virtual switch which spans several physical devices and connects VMs in the several physical devices.
  • an external network gateway may be set between the virtual network and the external network.
  • the external network gateway is a border gateway, which is the boundary of internal network (i.e. the virtual network) and external network (such as the Internet) .
  • the external network gateway connects the virtual network to the external network, so as to implement connection between the virtual network and the external network.
  • the virtual network may be an Overlay network.
  • the next hop of the VM is a VM gateway.
  • a source VM determines whether the destination IP address of a packet and the IP address of the source VM belong to the same network segment. If the destination IP address of the packet and the IP address of the source VM belong to the same network segment, the source VM sends the packet to the destination IP address. If the destination IP address of the packet and the IP address of the source VM do not belong to the same network segment, the source VM sets the destination MAC address of the packet as the MAC address of the VM gateway in the default routing, and sets the destination IP address of the packet as the IP address of an accessed object.
  • a destination IP address to be accessed by the VM is an IP address of the external network, and thus the IP address of the VM and the IP address of the external network do not belong to the same network segment. Accordingly, the VM sets the destination MAC address of a packet as the MAC address of a VM gateway in default routing, and sets the destination IP address of the packet as the IP address of an accessed object. Afterwards, the VM sends the packet to a switch, and the switch performs flow entry matching for the packet. If the packet matches a flow entry, the switch forwards the packet according to the flow entry.
  • the switch sends the packet to a controller via a safe channel, and then the controller may process the packet. Accordingly, the switch sends to the controller an initial packet of a flow not matching any flow entry, and then the controller selects routing for the flow.
  • the controller distributes a flow table to the switch.
  • the flow table may indicate the switch to forward the flow to be sent to the destination IP address to a gateway of the external network. After the flow table is distributed, the switch may perform flow entry matching for the flow to be sent to the destination IP address, and then forwards the flow to the gateway of the external network. Afterwards, the gateway of the external network forwards the flow to the external network.
  • the IP address of a VM is 2.2.2.20
  • the next hop of the VM in default routing is a gateway whose IP address is 2.2.2.1. If the VM whose IP address is 2.2.2.20 is to access a server in a physical network, where the IP address of the server is 1.1.1.1, a method for accessing the physical network from the virtual network is implemented as follows.
  • the VM recognizes that the IP address 1.1.1.1 of the server and the IP address of the VM do not belong to the same network segment.
  • the VM sets the destination MAC address of a packet as the MAC address of the next hop of the VM in the default routing and sets the destination IP address of the packet as the IP address of an accessed object.
  • the VM sets the destination MAC address of the packet as the MAC address of the gateway whose IP address is 2.2.2.1., and sets the destination IP address of the packet as the IP address 1.1.1.1 of the server.
  • the VM sends the packet to the switch.
  • the switch checks the flow table distributed by the controller, finds that there is no flow entry matching the IP address 1.1.1.1, and thus sends the packet to the controller via a safe channel. Afterwards, the controller processes the packet.
  • the controller distributes the flow table to the switch, and the flow table indicates that the packet whose destination IP address is 1.1.1.1 is to be sent to a gateway A of the external network.
  • the switch forwards the packet to the gateway A of the external network because the switch has the flow entry matching the IP address 1.1.1.1.
  • Examples of the present disclosure provide a method and apparatus for accessing an external network from a virtual network.
  • the controller will not become a bottleneck, thereby improving system performance.
  • FIG. 1 is a flowchart illustrating a method for accessing an external network from a virtual network according to an example of the present disclosure. The method may be applied to a controller. As shown in FIG. 1, the method includes following blocks.
  • routing information and ARP entry information are distributed to a VM.
  • the routing information indicates that the next hop of a flow to be sent to the external network is a pre-created logical external network gateway, and the ARP entry information includes the MAC address of the logical external network gateway.
  • Pre-created means that the gateway is configured in advance, at a time prior to sending the routing and ARP information.
  • the logical external network gateway may be configured by the controller.
  • the logical external network gateway is a fake gateway address which is used to identify the flow to make it match the flow table and be redirected to an actual external network gateway.
  • the actual external network gateway is a real physical border gateway which forwards flows between the internal network and the external network actually.
  • a flow table is distributed to a switch.
  • the flow table indicates that a flow whose destination MAC address is the MAC address of the logical external network gateway is to be forwarded to an actual external network gateway.
  • the method further includes pre-creating the logical external network gateway for a network segment that is in the virtual network and is to interwork with the external network.
  • the VM since the VM has the routing information for indicating that the flow to be sent to the external network is to be sent to the logical external network gateway, the VM can attach a tag on the flow according to the routing information. Since the switch has a flow table for indicating the forwarding of the flow attached with the tag, the switch forwards the flow attached with the tag to the actual external network gateway according to the flow table after recognizing the flow attached with the tag. Accordingly, it is unnecessary to send to the controller the initial packet of the flow to be sent to the external network, thereby avoiding that the controller becomes the bottleneck and improving system performance.
  • the flow table in the switch is configured based on the MAC address of the logical external network gateway, and the logical external network gateway is created based on a network segment instead of a single IP address. Accordingly, for each logical external network gateway, it is unnecessary to distribute a flow table for each IP address of the external network, but necessary to distribute one flow table to the switch. In this case, the number of distributed flow tables may be reduced, a flow table matching efficiency may be increased and system performance may be improved.
  • the controller creates one logical external network gateway for each network segment that is in the virtual network and is to interwork with the external network, so as to conveniently perform IP address matching for each network segment and manage each logical external network gateway.
  • the controller After creating the logical external network gateway, the controller distributes the routing information and the ARP entry information to the VM.
  • the routing information indicates that the next hop of the flow to be sent to the external network is the logical external network gateway.
  • the ARP entry information includes the MAC address of the logical external network gateway.
  • the routing information distributed to the VM indicates that the next hop of the flow to be sent to the external network is a logical external network gateway corresponding to the network segment to which the VM belongs. For example, VM1-VM3 belong to a network segment 1, VM4-VM6 belong to a network segment 2, a logical external network gateway 1 is created for the network segment 1 and a logical external network gateway 2 is created for the network segment 2.
  • routing information distributed to VM1-VM3 indicates that the next hop of the flow to be sent to the external network is the logical external network gateway 1
  • routing information distributed to VM4-VM6 indicates that the next hop of the flow to be sent to the external network is the logical external network gateway 2.
  • the VM processes the flow according to the routing information and the ARP entry information.
  • the VM determines whether the destination IP address of the flow is an internal address of the virtual network or an address of the external network. If the destination IP address of the flow is the address of the external network, the VM sets the destination MAC address of the flow as the MAC address of the next hop of the VM in the default routing, i.e., the MAC address of the logical external network gateway. If the destination IP address of the flow is the internal address of the virtual network, the VM sets the destination MAC address of the flow as the MAC address of the next hop in internal routing of the virtual network.
  • the MAC address of the logical external network gateway may be set as a pre-configured MAC address, for example, a pre-configured special character.
  • the controller distributes a flow table.
  • the flow table indicates the switch to modify the destination MAC address of a flow whose destination MAC address is the MAC address of the logical external network gateway to the MAC address of an actual external network gateway corresponding to the logical external network gateway, and the switch forwards the flow to the actual external network gateway.
  • the MAC address of the logical external network gateway is set as the pre-configured MAC address, it is convenient to manage each logical external network gateway.
  • MAC addresses of multiple logical external network gateways corresponding to the same actual external network gateway may be set as the same MAC address, and MAC addresses of multiple logical external network gateways corresponding to different actual external network gateways may be set as different MAC addresses, so as to manage each logical external network gateway conveniently. Since the MAC addresses of multiple logical external network gateways corresponding to the same actual external network gateway are the same, for the multiple logical external network gateways, the controller distributes one flow table to the switch.
  • the flow table may indicate the switch to modify the destination MAC address of a flow whose destination MAC address is the MAC address of the multiple logical external network gateways to the MAC address of the actual external network gateway corresponding to the multiple logical external network gateways. Afterwards, the switch forwards the flow to the actual external network gateway. In this case, the number of distributed flow tables may be reduced, and the flow table matching efficiency may be improved.
  • the MAC addresses of the logical external network gateway 1 and the logical external network gateway 2 may be set as one value, for example, set as BB, and the MAC addresses of the logical external network gateway 3 and the logical external network gateway 4 may be set as another value, for example, set as EE.
  • a MAC address usually has 6 bytes or 8 bytes, and is represented with hex. For convenience of description, the MAC addresses are represented with BB and EE.
  • the controller distributes a flow table 1 to the switch for the logical external network gateway 1 and the logical external network gateway 2, and the flow table indicates the switch to modify the destination MAC address of a flow whose destination MAC address is BB to the MAC address of the actual external network gateway 1.
  • the controller distributes a flow table 2 to the switch for the logical external network gateway 3 and the logical external network gateway 4, and the flow table indicates the switch to modify the destination MAC address of a flow whose destination MAC address is EE to the MAC address of the actual external network gateway 2.
  • the MAC address of each logical external network gateway may be set as the MAC address of an actual external network gateway corresponding to the logical external network gateway.
  • the switch after receiving a flow whose destination MAC address is the MAC address of the logical external network gateway, the switch does not modify the destination MAC address of the flow but forwards the flow to the actual external network gateway corresponding to the logical external network gateway. If the flow table distributed to the switch by the controller does not contain an action of modifying the destination MAC address, the switch does not modify the destination MAC address when forwarding the flow according to the flow table.
  • FIGs. 2-5 a method for accessing an external network from a virtual network is described according to examples of the present disclosure.
  • a logical external network gateway is created on a controller of a distributed switch, and a MAC address is allocated to the logical external network gateway.
  • the controller distributes a routing table and an ARP entry to a VM, and the routing table indicates that a flow to be sent to a network segment of the external network is to be forwarded to the logical external network gateway.
  • the controller distributes a static flow table to the switch, and the static flow table indicates that the flow to be sent to the logical external network gateway is to be forwarded to an actual external network gateway.
  • the flow table is generated after an initial packet is sent to the controller, and thus is called a dynamic flow table.
  • the static flow table is distributed according to configuration (for example, a network segment in the virtual network) without needing flow triggering, and have been generated before a flow is generated.
  • the VM modifies the destination MAC address of the flow to be sent to the network segment of the external network to the MAC address of the logical external network gateway according to the routing table, and then sends to the switch the flow to be sent to the network segment of the external network.
  • the switch forwards the flow to be sent to the network segment of the external network to the actual external network gateway according to the static flow table.
  • FIG. 2 is a diagram illustrating a process of creating a logical external network gateway when accessing an external network from a virtual network according to an example of the present disclosure.
  • a logical external network gateway is created on a controller.
  • a logical external network gateway whose IP address is 2.2.2.2 is created in FIG. 2.
  • the controller may set one logical external network gateway for each network segment that is to interwork with an external network.
  • the controller may set the MAC address of the logical external network gateway as a predefined value.
  • MAC addresses of multiple logical external network gateways corresponding to the same actual external network gateway may be set as the same MAC address, for example, set as BB.
  • BB represents the MAC address of the logical external network gateways.
  • the logical external network gateway may be managed conveniently.
  • the controller may set the MAC address of the logical external network gateway as the MAC address of the actual external network gateway corresponding to the logical external network gateway. For example, in FIG. 2, the MAC address of the logical external network gateway is set as the MAC address of an actual external network gateway A.
  • FIG. 3 is a diagram illustrating a process of distributing a routing table and an ARP entry when accessing an external network from a virtual network according to an example of the present disclosure.
  • the controller distributes the routing table and the ARP entry to the VM.
  • the routing table indicates that the next hop of the VM in default routing is the logical external network gateway and the next hop of the VM in the internal routing of the virtual network is an original gateway of the VM.
  • the MAC address of the logical external network gateway in the ARP entry is BB.
  • the controller distributes the routing table and the ARP entry to the VM whose IP address is 2.2.2.20
  • the next hop of the VM in the default routing is changed to the logical external network gateway 2.2.2.2 from the original gateway 2.2.2.1, and the next hop of the VM in the internal routing of the virtual network is still the original gateway 2.2.2.1.
  • the controller may interwork with a configuration module that is in the VM and can receive the routing table and the ARP entry.
  • the configuration module of the VM may be VM tools for monitoring the state and process of the VM and configuring the IP address of the VM.
  • the controller may interwork with the VM tools to distribute the routing table and the ARP entry to the VM tools.
  • FIG. 4 is a diagram illustrating a process of distributing a static flow table when accessing an external network from a virtual network according to an example of the present disclosure.
  • the controller distributes a static flow table to a vSwitch corresponding to a VM.
  • the static flow table indicates the vSwitch to modify destination MAC addresses of all packets whose destination MAC addresses are BB to the MAC address of an actual external network gateway A, and the vSwitch forwards the flow to the actual external network gateway A.
  • the process of modifying the destination MAC addresses may be omitted.
  • FIG. 5 is a diagram illustrating a process of forwarding a flow accessing an external network when accessing the external network from a virtual network according to an example of the present disclosure.
  • the next hop of the VM in the default routing is the logical external network gateway. Accordingly, when the VM is to access an address of the external network, for example, access a server whose IP address is 1.1.1.1, the VM finds that the IP address matches the default routing, and thus sets the destination IP address of a packet as 1.1.1.1, and sets the destination MAC address of the packet as the MAC address of the logical external network gateway after checking the ARP entry.
  • the vSwitch performs matching for the packet according to a distributed flow entry whose destination MAC address is BB. According to the flow entry, the vSwitch modifies the destination MAC address of the packet to the MAC address of the actual external network gateway A, and then forwards the packet to the actual external network gateway A.
  • FIGS. 2-5 The examples shown in FIGS. 2-5 are described based on a case that one logical external network gateway is created and there is one actual external network gateway.
  • one logical external network gateway is created for each network segment, and the routing information indicates that the logical external network gateway is the next hop of the VM in the network segment in the default routing.
  • VM1-VM3 belong to a network segment 1
  • VM4-VM6 belong to a network segment 2
  • a logical external network gateway 1 is created for the network segment 1
  • a logical external network gateway 2 is created for the network segment 2.
  • the routing information distributed to VM1-VM3 indicates that the next hop of a flow to be sent to the external network is the logical external network gateway 1
  • the routing information distributed to VM4-VM6 indicates that the next hop of a flow to be sent to the external network is the logical external network gateway 2.
  • the flow table distributed to the switch by the controller indicates that the flow is to be forwarded to the actual external network gateway corresponding to the logical external network gateway to which the destination MAC address of the flow belongs. For example, suppose the logical external network gateway 1 and the logical external network gateway 2 correspond to the actual external network gateway 1, and the logical external network gateway 3 and the logical external network gateway 4 correspond to the actual external network gateway 2.
  • the controller distributes the flow table 1, and the flow table 1 indicates that a flow whose destination MAC address is the MAC addresses of the logical external network gateway 1 and the logical external network gateway 2 is to be forwarded to the actual external network gateway 1.
  • the controller also distributes the flow table 2, and the flow table 2 indicates that a flow whose destination MAC address is the MAC addresses of the logical external network gateway 3 and the logical external network gateway 4 is to be forwarded to the actual external network gateway 2.
  • the controller of the distributed switch may interwork with a module that runs in the VM and can receive the routing table and the ARP entry. For example, the controller distributes the routing table and the ARP entry to a configuration module such as VM tools.
  • the routing table indicates that the next hop of the VM in the default routing is the logical external network gateway, and the ARP entry indicates the MAC address of the next hop of the VM in the default routing.
  • a tag may be attached on a packet accessing the external network. That is, the destination MAC address of the packet accessing the external network is set as the MAC address of the logical external network gateway.
  • the controller also distributes the static flow table to the switch, and the static flow table indicates the switch to forward the packet attached with the tag to the logical external network gateway.
  • the VM has the routing information for indicating that the flow to be sent to the external network is to be sent to the logical external network gateway, and thus the VM may attach a tag on the flow according to the routing information.
  • the switch has a flow table for indicating the forwarding of the flow attached with the tag. Accordingly, after recognizing the flow attached with the tag, the switch forwards the flow attached with the tag to the actual external network gateway according to the flow table. Accordingly, it is unnecessary to send to the controller the initial packet of the flow to be sent to the external network, thereby avoiding that the controller becomes the bottleneck and improving system performance.
  • the flow table in the switch is configured based on the MAC address of the logical external network gateway, and the logical external network gateway is created based on a network segment instead of a single IP address. Accordingly, for each logical external network gateway, it is unnecessary to distribute a flow table for each IP address of the external network, but necessary to distribute one flow table to the switch. In this case, the number of distributed flow tables may be reduced, a flow table matching efficiency may be increased and system performance may be improved.
  • examples of the present disclosure also provide an apparatus for accessing an external network from a virtual network, a flow routing apparatus and a flow forwarding apparatus.
  • FIG. 6 is a diagram illustrating the structure of an apparatus for accessing an external network from a virtual network according to an example of the present disclosure.
  • the apparatus may be applied to a controller shown in FIG. 7.
  • the apparatus includes a logical external network gateway creating module 801, a routing distributing module 802 and a flow table distributing module 803.
  • the logical external network gateway creating module 801 may create a logical external network gateway.
  • the routing distributing module 802 may distribute routing information and ARP entry information to a VM.
  • the routing information indicates that the next hop of a flow to be sent to the external network is the logical external network gateway, and the ARP entry information includes the MAC address of the logical external network gateway.
  • the flow table distributing module 803 may distribute a flow table to a switch.
  • the flow table indicates that a flow whose destination MAC address is the MAC address of the logical external network gateway is to be forwarded to an actual external network gateway.
  • Each network segment that is in the virtual network and is to interwork with the external network corresponds to one logical external network gateway.
  • MAC addresses of multiple logical external network gateways corresponding to the same actual external network gateway are the same, and MAC addresses of multiple logical external network gateways corresponding to different actual external network gateways are different.
  • the logical external network gateway creating module 801 may set the MAC address of the logical external network gateway as a pre-configured MAC address.
  • the flow table may further indicate that the destination MAC address of a flow whose destination MAC address is the MAC address of the logical external network gateway is modified to the MAC address of an actual external network gateway corresponding to the logical external network gateway, and then the flow is forwarded to the actual external network gateway.
  • the logical external network gateway creating module 801 may set the MAC address of each logical external network gateway as the MAC address of an actual external network gateway corresponding to the logical external network gateway.
  • the routing information is distributed to each VM in the network segment and indicates that the next hop in the default routing is a logical external network gateway created for the network segment.
  • the routing information further indicates that the next hop in internal routing of the virtual network is an internal gateway of the virtual network.
  • FIG. 7 is a diagram illustrating the hardware structure of a controller according to an example of the present disclosure. As shown in FIG. 7, the controller includes a non-transitory storage 701 and a processor 702. The above hardware components are connected to each other via buses.
  • the non-transitory storage 701 may store machine readable instructions, including logical external network gateway creating instructions, routing distributing instructions and flow table distributing instructions. When the machine readable instructions are executed by the processor 702, the functions of the apparatus shown in FIG. 6 can be implemented.
  • the processor 702 may communicate with the non-transitory storage 701, read and execute the machine readable instructions stored in the non-transitory storage 701 to implement the functions of the apparatus shown in FIG. 6.
  • FIG. 8 is a diagram illustrating the structure of a flow routing apparatus according to an example of the present disclosure. The apparatus may be applied to a VM shown in FIG. 9.
  • the flow routing apparatus includes a routing receiving module 1001, a flow recognizing module 1002 and a flow routing module 1003.
  • the routing receiving module 1001 may receive routing information and ARP entry information.
  • the routing information indicates that the next hop of a flow to be sent to an external network is a pre-created logical external network gateway, and the ARP entry information includes the MAC address of the logical external network gateway.
  • the flow recognizing module 1002 may recognize the flow to be sent to the external network.
  • the flow routing module 1003 may route the flow to be sent to the external network to the logical external network gateway.
  • the routing information may be distributed to each VM in the network segment and indicate that the next hop in default routing is the logical external network gateway created for the network segment and the next hop in internal routing is an internal gateway of a virtual network.
  • the flow recognizing module 1002 may recognize whether the destination IP address of a flow is an address of the external network or an internal address of the virtual network when the destination IP address of the flow and the IP address of the VM do not belong to the same network segment.
  • the flow routing module 1003 may set the destination MAC address of the flow as the MAC address of the next hop in the default routing when the destination IP address of the flow is the address of the external network, and set the destination MAC address of the flow as the MAC address of the next hop in the internal routing when the destination IP address of the flow is the internal address of the virtual network.
  • FIG. 9 is a diagram illustrating the hardware structure of a VM according to an example of the present disclosure.
  • the VM includes a non-transitory storage 901 and a processor 902.
  • the above hardware components are connected to each other via buses.
  • the non-transitory storage 901 may store machine readable instructions, including routing receiving instructions, flow recognizing instructions and flow routing instructions. When the machine readable instructions are executed by the processor 902, the functions of the apparatus shown in FIG. 8 can be implemented.
  • the processor 902 may communicate with the non-transitory storage 901, read and execute the machine readable instructions stored in the non-transitory storage 901 to implement the functions of the apparatus shown in FIG. 8.
  • FIG. 10 is a diagram illustrating the structure of a flow forwarding apparatus according to an example of the present disclosure. The apparatus may be applied to a switch shown in FIG. 11.
  • the flow forwarding apparatus includes a flow table receiving module 1201, a flow recognizing module 1202 and a flow forwarding module 1203.
  • the flow table receiving module 1201 may receive a flow table.
  • the flow table indicates that a flow whose destination MAC address is the MAC address of a logical external network gateway is to be forwarded to an actual external network gateway.
  • the flow recognizing module 1202 may recognize the flow whose destination MAC address is the MAC address of the logical external network gateway.
  • the flow forwarding module 1203 may forward the flow whose destination MAC address is the MAC address of the logical external network gateway to the actual external network gateway.
  • the MAC address of the logical external network gateway may be a pre-configured MAC address.
  • the flow table may further indicate that the destination MAC address of the flow whose destination MAC address is the MAC address of the logical external network gateway is modified to the MAC address of an actual external network gateway corresponding to the logical external network gateway, and then the flow is forwarded to the actual external network gateway.
  • the flow forwarding module 1203 may modify the destination MAC address of the flow whose destination MAC address is the MAC address of the logical external network gateway to the MAC address of the actual external network gateway corresponding to the logical external network gateway, and then the flow is forwarded to the actual external network gateway.
  • FIG. 11 is a diagram illustrating the hardware structure of a switch according to an example of the present disclosure. As shown in FIG. 11, the switch includes a non-transitory storage 1101 and a processor 1102. The above hardware components are connected to each other via buses.
  • the non-transitory storage 1101 may store machine readable instructions, including flow table receiving instructions, flow recognizing instructions and flow forwarding instructions. When the machine readable instructions are executed by the processor 1102, the functions of the apparatus shown in FIG. 10 can be implemented.
  • the processor 1102 may communicate with the non-transitory storage 1101, read and execute the machine readable instructions stored in the non-transitory storage 1101 to implement the functions of the apparatus shown in FIG. 10.
  • the controller creates a logical external network gateway for each network segment that is in the virtual network and is to interwork with the external network, and distributes the routing information and the ARP entry information to the VM.
  • the routing information indicates that the next hop of the flow to be sent to the external network is the logical external network gateway.
  • the ARP entry information includes the MAC address of the logical external network gateway.
  • the controller distributes a flow table to the switch. The flow table indicates that the flow whose destination MAC address is the MAC address of the logical external network gateway is to be forwarded to an actual external network gateway.
  • an actual external network gateway is set, by which the virtual network can be connected to the external network.
  • a flow passes through the actual external network gateway when accessing the external network.
  • the actual external network gateway may be a physical external network gateway or a virtual external network gateway.
  • a logical external network gateway is created for a network segment that is in the virtual network and is to interwork with the external network.
  • the controller distributes routing information and ARP entry information to the VM, and distributes a flow table to the switch.
  • the routing information indicates that the next hop of a flow to be sent to an external network is the logical external network gateway
  • the flow table indicates that a flow whose destination MAC address is the MAC address of the logical external network gateway is to be forwarded to an actual external network gateway.
  • the VM sets the destination MAC address of the flow to be sent to the external network as the MAC address of the logical external network gateway according to the routing information and the ARP entry information, thereby attaching a tag on the flow to be sent to the external network.
  • the switch After the VM sends the flow attached with the tag to the switch, the switch recognizes the flow attached with the tag, i.e., the flow whose destination MAC address is the MAC address of the logical external network gateway, and forwards the flow to the actual external network gateway according to the flow table, thereby sending the flow to the external through the actual external network gateway.
  • the VM has the routing information for indicating that the flow to be sent to the external network is to be sent to the logical external network gateway, and thus the VM may attach a tag on the flow according to the routing information.
  • the switch has a flow table for indicating the forwarding of the flow attached with the tag. Accordingly, after recognizing the flow attached with the tag, the switch forwards the flow attached with the tag to the actual external network gateway according to the flow table. Accordingly, it is unnecessary to send to the controller the initial packet of the flow to be sent to the external network, thereby avoiding that the controller becomes the bottleneck and improving system performance.
  • the flow table in the switch is configured based on the MAC address of the logical external network gateway, and the logical external network gateway is created based on a network segment instead of a single IP address. Accordingly, for each logical external network gateway, it is unnecessary to distribute a flow table for each IP address of the external network, but necessary to distribute one flow table to the switch. In this case, the number of distributed flow tables may be reduced, a flow table matching efficiency may be increased and system performance may be improved.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A controller distributes routing information and Address Resolution Protocol (ARP) entry information to a Virtual Machine (VM). The routing information indicates that a next hop of a flow to be sent to the external network is a pre-created logical external network gateway, and the ARP entry information comprises a Media Access Control (MAC) address of the logical external network gateway. The controller distributes a flow table to a switch. The flow table indicates that a flow whose destination MAC address is the MAC address of the logical external network gateway is to be forwarded to an actual external network gateway.

Description

ACCESSING EXTERNAL NETWORK FROM VIRTUAL NETWORK Background
Software defined networks (SDN) such as OpenFlow networks enable a fine-grained flow forwarding capability for layer 2 and layer 3 switches. A SDN, such as an OpenFlow, may extend forwarding modes of the layer 2 switch and the layer 3 switch, so that the layer 2 switch and the layer 3 switch can not only perform forwarding based on a Media Access Control (MAC) address and forwarding based on an Internet Protocol (IP) address, but can also perform flow forwarding based on packet header description. Through the SDN, a control plane can be separated from a forwarding device, and decisions of all forwarding actions can be migrated from a switch to a SDN controller.
Brief Description of the Drawings
Features of the present disclosure are illustrated by way of example and not limited in the following figure (s) , in which like numerals indicate like elements, in which:
FIG. 1 is a flowchart illustrating a method for accessing an external network from a virtual network according to an example of the present disclosure.
FIG. 2 is a diagram illustrating a process of creating a logical external network gateway when accessing an external network from a virtual network according to an example of the present disclosure.
FIG. 3 is a diagram illustrating a process of distributing a routing table and an Address Resolution Protocol (ARP) entry when accessing an external network from a virtual network according to an example of the present disclosure.
FIG. 4 is a diagram illustrating a process of distributing a static flow table when accessing an external network from a virtual network according to an example of the present disclosure.
FIG. 5 is a diagram illustrating a process of forwarding a flow accessing an external network when accessing the external network from a virtual network according to an example of the present disclosure.
FIG. 6 is a diagram illustrating the structure of an apparatus for accessing an external network from a virtual network according to an example of the present disclosure.
FIG. 7 is a diagram illustrating the hardware structure of a controller according to an example of the present disclosure.
FIG. 8 is a diagram illustrating the structure of a flow routing apparatus according to an example of the present disclosure.
FIG. 9 is a diagram illustrating the hardware structure of a Virtual Machine (VM) according to an example of the present disclosure.
FIG. 10 is a diagram illustrating the structure of a flow forwarding apparatus according to an example of the present disclosure.
FIG. 11 is a diagram illustrating the hardware structure of a switch according to an example of the present disclosure.
Detailed Description
For simplicity and illustrative purposes, the present disclosure is described by referring mainly to an example thereof. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure. It will be readily apparent however, that the present disclosure may be practiced without limitation to these specific details. In other instances, some methods and structures have not been described in detail so as not to unnecessarily obscure the present disclosure. Throughout the present disclosure, the terms “a” and “an” are intended to denote at least one of a particular element. As used herein, the term “includes” means includes but not limited to, the term “including” means including but not limited to. The term “based on” means based at least in part on.
A software defined network (SDN) , such as an OpenFlow network, includes a controller and a switch. The controller distributes a flow table to the switch, and the switch checks and forwards a packet according to the flow table.
Each flow entry in the flow table includes a header field, an active counter and zero, one or more actions.
The switch checks each packet according to the flow table. If the header field of a packet matches the header field of a flow entry in the flow table, the switch  processes the packet according to the flow entry. If the header field of the packet does not match any flow entry in the flow table, the switch forwards the packet to the controller via a safe channel, and then the controller decides an action for the packet.
A virtual machine (VM) is a virtual computer that is hosted on a physical computing device. A physical computing device, such as a server, may be virtualized into a plurality of virtual machines each of which acts as an independent server.
The SDN network may be applied to a virtual network to forward flows. In some examples of the present disclosure, a virtual network is a computer network that consists, at least in part, of virtual network links. A virtual network link is a link that does not consist of a physical (wired or wireless) connection between two computing devices but is implemented using methods of network virtualization. In this case, the network virtualization is based on vSwitch technology. The virtual network may be virtual switch inside a physical device which connects VMs hosted in the physical device, or may be a distributed virtual switch which spans several physical devices and connects VMs in the several physical devices.
In order for a device in a virtual network to access an external network such as a physical network or another virtual network, an external network gateway may be set between the virtual network and the external network. In some examples of the present disclosure, the external network gateway is a border gateway, which is the boundary of internal network (i.e. the virtual network) and external network (such as the Internet) . The external network gateway connects the virtual network to the external network, so as to implement connection between the virtual network and the external network. When a device in the virtual network is to access a server in the external network, a flow is forwarded to the external network gateway first and then the flow is forwarded by the external network gateway into the external network.
In various examples of the present disclosure, the virtual network may be an Overlay network. In the Overlay network, in default routing of each virtual machine (VM) , the next hop of the VM is a VM gateway. A source VM determines whether the destination IP address of a packet and the IP address of the source VM belong to the same network segment. If the destination IP address of the packet and the IP address of the source VM belong to the same network segment, the source VM sends the packet to the destination IP address. If the destination IP address of the packet and the IP address of the source VM do not belong to the same network segment, the source VM sets the  destination MAC address of the packet as the MAC address of the VM gateway in the default routing, and sets the destination IP address of the packet as the IP address of an accessed object.
When a VM is to access an external network from a virtual network, a destination IP address to be accessed by the VM is an IP address of the external network, and thus the IP address of the VM and the IP address of the external network do not belong to the same network segment. Accordingly, the VM sets the destination MAC address of a packet as the MAC address of a VM gateway in default routing, and sets the destination IP address of the packet as the IP address of an accessed object. Afterwards, the VM sends the packet to a switch, and the switch performs flow entry matching for the packet. If the packet matches a flow entry, the switch forwards the packet according to the flow entry. If the packet does not match any flow entry, the switch sends the packet to a controller via a safe channel, and then the controller may process the packet. Accordingly, the switch sends to the controller an initial packet of a flow not matching any flow entry, and then the controller selects routing for the flow. When finding that the flow is to access the external network from the virtual network, the controller distributes a flow table to the switch. The flow table may indicate the switch to forward the flow to be sent to the destination IP address to a gateway of the external network. After the flow table is distributed, the switch may perform flow entry matching for the flow to be sent to the destination IP address, and then forwards the flow to the gateway of the external network. Afterwards, the gateway of the external network forwards the flow to the external network.
Referring to FIG. 2, the IP address of a VM is 2.2.2.20, and the next hop of the VM in default routing is a gateway whose IP address is 2.2.2.1. If the VM whose IP address is 2.2.2.20 is to access a server in a physical network, where the IP address of the server is 1.1.1.1, a method for accessing the physical network from the virtual network is implemented as follows.
The VM recognizes that the IP address 1.1.1.1 of the server and the IP address of the VM do not belong to the same network segment. The VM sets the destination MAC address of a packet as the MAC address of the next hop of the VM in the default routing and sets the destination IP address of the packet as the IP address of an accessed object. In this example, the VM sets the destination MAC address of the packet as the MAC address of the gateway whose IP address is 2.2.2.1., and sets the destination  IP address of the packet as the IP address 1.1.1.1 of the server. Afterwards, the VM sends the packet to the switch. The switch checks the flow table distributed by the controller, finds that there is no flow entry matching the IP address 1.1.1.1, and thus sends the packet to the controller via a safe channel. Afterwards, the controller processes the packet.
The controller distributes the flow table to the switch, and the flow table indicates that the packet whose destination IP address is 1.1.1.1 is to be sent to a gateway A of the external network.
If the VM is to send another packet to the IP address 1.1.1.1, the switch forwards the packet to the gateway A of the external network because the switch has the flow entry matching the IP address 1.1.1.1.
In a virtual network in which flows are forwarded based on a Software Defined Network (SDN) , when the above mentioned method for accessing the external network from the virtual network is adopted, initial packets of all flows accessing the external network are sent to the controller. When a large number of flows access the external network, the controller will become a bottleneck. Since the flow table in the switch is configured based on a destination IP address, when there are a large number of accessed nodes in the external network, the controller will distribute a large number of flow tables to the switch, which causes a low flow table matching efficiency and affects the performance of the switch.
Examples of the present disclosure provide a method and apparatus for accessing an external network from a virtual network. By the method and the apparatus, the controller will not become a bottleneck, thereby improving system performance.
FIG. 1 is a flowchart illustrating a method for accessing an external network from a virtual network according to an example of the present disclosure. The method may be applied to a controller. As shown in FIG. 1, the method includes following blocks.
At block 101, routing information and ARP entry information are distributed to a VM. The routing information indicates that the next hop of a flow to be sent to the external network is a pre-created logical external network gateway, and the ARP entry information includes the MAC address of the logical external network gateway. Pre-created means that the gateway is configured in advance, at a time prior to sending the routing and ARP information. For instance the logical external network gateway may be configured by the controller. In some examples of the present disclosure, the logical external network gateway is a fake gateway address which is used to identify the flow to  make it match the flow table and be redirected to an actual external network gateway. The actual external network gateway is a real physical border gateway which forwards flows between the internal network and the external network actually.
At block 102, a flow table is distributed to a switch. The flow table indicates that a flow whose destination MAC address is the MAC address of the logical external network gateway is to be forwarded to an actual external network gateway.
In an example of the present disclosure, the method further includes pre-creating the logical external network gateway for a network segment that is in the virtual network and is to interwork with the external network.
In an example of the present disclosure, since the VM has the routing information for indicating that the flow to be sent to the external network is to be sent to the logical external network gateway, the VM can attach a tag on the flow according to the routing information. Since the switch has a flow table for indicating the forwarding of the flow attached with the tag, the switch forwards the flow attached with the tag to the actual external network gateway according to the flow table after recognizing the flow attached with the tag. Accordingly, it is unnecessary to send to the controller the initial packet of the flow to be sent to the external network, thereby avoiding that the controller becomes the bottleneck and improving system performance.
In various examples of the present disclosure, the flow table in the switch is configured based on the MAC address of the logical external network gateway, and the logical external network gateway is created based on a network segment instead of a single IP address. Accordingly, for each logical external network gateway, it is unnecessary to distribute a flow table for each IP address of the external network, but necessary to distribute one flow table to the switch. In this case, the number of distributed flow tables may be reduced, a flow table matching efficiency may be increased and system performance may be improved.
The controller creates one logical external network gateway for each network segment that is in the virtual network and is to interwork with the external network, so as to conveniently perform IP address matching for each network segment and manage each logical external network gateway.
After creating the logical external network gateway, the controller distributes the routing information and the ARP entry information to the VM. The routing information indicates that the next hop of the flow to be sent to the external network is the  logical external network gateway. The ARP entry information includes the MAC address of the logical external network gateway.
If there are multiple network segments that are to interwork with the external network in the virtual network and one logical external network gateway has been created for each network segment, the routing information distributed to the VM indicates that the next hop of the flow to be sent to the external network is a logical external network gateway corresponding to the network segment to which the VM belongs. For example, VM1-VM3 belong to a network segment 1, VM4-VM6 belong to a network segment 2, a logical external network gateway 1 is created for the network segment 1 and a logical external network gateway 2 is created for the network segment 2. Accordingly, routing information distributed to VM1-VM3 indicates that the next hop of the flow to be sent to the external network is the logical external network gateway 1, and routing information distributed to VM4-VM6 indicates that the next hop of the flow to be sent to the external network is the logical external network gateway 2.
The VM processes the flow according to the routing information and the ARP entry information. When the destination IP address of the flow and the IP address of the VM do not belong to the same network segment, the VM determines whether the destination IP address of the flow is an internal address of the virtual network or an address of the external network. If the destination IP address of the flow is the address of the external network, the VM sets the destination MAC address of the flow as the MAC address of the next hop of the VM in the default routing, i.e., the MAC address of the logical external network gateway. If the destination IP address of the flow is the internal address of the virtual network, the VM sets the destination MAC address of the flow as the MAC address of the next hop in internal routing of the virtual network.
The MAC address of the logical external network gateway may be set as a pre-configured MAC address, for example, a pre-configured special character. The controller distributes a flow table. The flow table indicates the switch to modify the destination MAC address of a flow whose destination MAC address is the MAC address of the logical external network gateway to the MAC address of an actual external network gateway corresponding to the logical external network gateway, and the switch forwards the flow to the actual external network gateway.
After the MAC address of the logical external network gateway is set as the pre-configured MAC address, it is convenient to manage each logical external network  gateway.
In an example of the present disclosure, MAC addresses of multiple logical external network gateways corresponding to the same actual external network gateway may be set as the same MAC address, and MAC addresses of multiple logical external network gateways corresponding to different actual external network gateways may be set as different MAC addresses, so as to manage each logical external network gateway conveniently. Since the MAC addresses of multiple logical external network gateways corresponding to the same actual external network gateway are the same, for the multiple logical external network gateways, the controller distributes one flow table to the switch. The flow table may indicate the switch to modify the destination MAC address of a flow whose destination MAC address is the MAC address of the multiple logical external network gateways to the MAC address of the actual external network gateway corresponding to the multiple logical external network gateways. Afterwards, the switch forwards the flow to the actual external network gateway. In this case, the number of distributed flow tables may be reduced, and the flow table matching efficiency may be improved.
For example, suppose the logical external network gateway 1 and the logical external network gateway 2 correspond to the actual external network gateway 1, and a logical external network gateway 3 and a logical external network gateway 4 correspond to the actual external network gateway 2. Accordingly, the MAC addresses of the logical external network gateway 1 and the logical external network gateway 2 may be set as one value, for example, set as BB, and the MAC addresses of the logical external network gateway 3 and the logical external network gateway 4 may be set as another value, for example, set as EE. A MAC address usually has 6 bytes or 8 bytes, and is represented with hex. For convenience of description, the MAC addresses are represented with BB and EE. The controller distributes a flow table 1 to the switch for the logical external network gateway 1 and the logical external network gateway 2, and the flow table indicates the switch to modify the destination MAC address of a flow whose destination MAC address is BB to the MAC address of the actual external network gateway 1. The controller distributes a flow table 2 to the switch for the logical external network gateway 3 and the logical external network gateway 4, and the flow table indicates the switch to modify the destination MAC address of a flow whose destination MAC address is EE to the MAC address of the actual external network gateway 2.
In another example, the MAC address of each logical external network gateway may be set as the MAC address of an actual external network gateway corresponding to the logical external network gateway. In this case, after receiving a flow whose destination MAC address is the MAC address of the logical external network gateway, the switch does not modify the destination MAC address of the flow but forwards the flow to the actual external network gateway corresponding to the logical external network gateway. If the flow table distributed to the switch by the controller does not contain an action of modifying the destination MAC address, the switch does not modify the destination MAC address when forwarding the flow according to the flow table.
Referring to FIGs. 2-5, a method for accessing an external network from a virtual network is described according to examples of the present disclosure.
Referring to FIG. 2, a logical external network gateway is created on a controller of a distributed switch, and a MAC address is allocated to the logical external network gateway.
Referring to FIG. 3, the controller distributes a routing table and an ARP entry to a VM, and the routing table indicates that a flow to be sent to a network segment of the external network is to be forwarded to the logical external network gateway.
Referring to FIG. 4, the controller distributes a static flow table to the switch, and the static flow table indicates that the flow to be sent to the logical external network gateway is to be forwarded to an actual external network gateway. In a conventional Overlay network, the flow table is generated after an initial packet is sent to the controller, and thus is called a dynamic flow table. In the example of the present disclosure, the static flow table is distributed according to configuration (for example, a network segment in the virtual network) without needing flow triggering, and have been generated before a flow is generated.
Referring to FIG. 5, after the VM has the routing table for indicating that the flow to be sent to the network segment of the external network is to be sent to the logical external network gateway, and the switch has the static flow table for indicating that the flow to be sent to the logical external network gateway is to be forwarded to the actual external network gateway, the VM modifies the destination MAC address of the flow to be sent to the network segment of the external network to the MAC address of the logical external network gateway according to the routing table, and then sends to the switch the  flow to be sent to the network segment of the external network. The switch forwards the flow to be sent to the network segment of the external network to the actual external network gateway according to the static flow table.
FIG. 2 is a diagram illustrating a process of creating a logical external network gateway when accessing an external network from a virtual network according to an example of the present disclosure.
As shown in FIG. 2, a logical external network gateway is created on a controller. For example, a logical external network gateway whose IP address is 2.2.2.2 is created in FIG. 2. The controller may set one logical external network gateway for each network segment that is to interwork with an external network.
The controller may set the MAC address of the logical external network gateway as a predefined value. MAC addresses of multiple logical external network gateways corresponding to the same actual external network gateway may be set as the same MAC address, for example, set as BB. For example, “BB” in FIG. 2 represents the MAC address of the logical external network gateways.
After the MAC address of the logical external network gateway is set as the predefined value, the logical external network gateway may be managed conveniently.
The controller may set the MAC address of the logical external network gateway as the MAC address of the actual external network gateway corresponding to the logical external network gateway. For example, in FIG. 2, the MAC address of the logical external network gateway is set as the MAC address of an actual external network gateway A.
FIG. 3 is a diagram illustrating a process of distributing a routing table and an ARP entry when accessing an external network from a virtual network according to an example of the present disclosure.
In FIG. 3, the controller distributes the routing table and the ARP entry to the VM. The routing table indicates that the next hop of the VM in default routing is the logical external network gateway and the next hop of the VM in the internal routing of the virtual network is an original gateway of the VM. The MAC address of the logical external network gateway in the ARP entry is BB.
Referring to FIG. 3, after the controller distributes the routing table and the ARP entry to the VM whose IP address is 2.2.2.20, the next hop of the VM in the default routing is changed to the logical external network gateway 2.2.2.2 from the original  gateway 2.2.2.1, and the next hop of the VM in the internal routing of the virtual network is still the original gateway 2.2.2.1.
In an example, the controller may interwork with a configuration module that is in the VM and can receive the routing table and the ARP entry. For example, the configuration module of the VM may be VM tools for monitoring the state and process of the VM and configuring the IP address of the VM. The controller may interwork with the VM tools to distribute the routing table and the ARP entry to the VM tools.
FIG. 4 is a diagram illustrating a process of distributing a static flow table when accessing an external network from a virtual network according to an example of the present disclosure.
The controller distributes a static flow table to a vSwitch corresponding to a VM.The static flow table indicates the vSwitch to modify destination MAC addresses of all packets whose destination MAC addresses are BB to the MAC address of an actual external network gateway A, and the vSwitch forwards the flow to the actual external network gateway A.
If the MAC address of the logical external network gateway has been set as the MAC address of the actual external network gateway A, the process of modifying the destination MAC addresses may be omitted.
FIG. 5 is a diagram illustrating a process of forwarding a flow accessing an external network when accessing the external network from a virtual network according to an example of the present disclosure.
The next hop of the VM in the default routing is the logical external network gateway. Accordingly, when the VM is to access an address of the external network, for example, access a server whose IP address is 1.1.1.1, the VM finds that the IP address matches the default routing, and thus sets the destination IP address of a packet as 1.1.1.1, and sets the destination MAC address of the packet as the MAC address of the logical external network gateway after checking the ARP entry.
As shown in a packet flow in FIG. 5, after the packet arrives at the vSwitch, the vSwitch performs matching for the packet according to a distributed flow entry whose destination MAC address is BB. According to the flow entry, the vSwitch modifies the destination MAC address of the packet to the MAC address of the actual external network gateway A, and then forwards the packet to the actual external network gateway A.
The examples shown in FIGS. 2-5 are described based on a case that one  logical external network gateway is created and there is one actual external network gateway.
If there are multiple network segments that are to interwork with the external network in the virtual network, one logical external network gateway is created for each network segment, and the routing information indicates that the logical external network gateway is the next hop of the VM in the network segment in the default routing. For example, VM1-VM3 belong to a network segment 1, VM4-VM6 belong to a network segment 2, a logical external network gateway 1 is created for the network segment 1 and a logical external network gateway 2 is created for the network segment 2. Accordingly, the routing information distributed to VM1-VM3 indicates that the next hop of a flow to be sent to the external network is the logical external network gateway 1, and the routing information distributed to VM4-VM6 indicates that the next hop of a flow to be sent to the external network is the logical external network gateway 2.
If there are multiple actual external network gateways in the virtual network, the flow table distributed to the switch by the controller indicates that the flow is to be forwarded to the actual external network gateway corresponding to the logical external network gateway to which the destination MAC address of the flow belongs. For example, suppose the logical external network gateway 1 and the logical external network gateway 2 correspond to the actual external network gateway 1, and the logical external network gateway 3 and the logical external network gateway 4 correspond to the actual external network gateway 2. The controller distributes the flow table 1, and the flow table 1 indicates that a flow whose destination MAC address is the MAC addresses of the logical external network gateway 1 and the logical external network gateway 2 is to be forwarded to the actual external network gateway 1. The controller also distributes the flow table 2, and the flow table 2 indicates that a flow whose destination MAC address is the MAC addresses of the logical external network gateway 3 and the logical external network gateway 4 is to be forwarded to the actual external network gateway 2.
In the example of the present disclosure, the controller of the distributed switch may interwork with a module that runs in the VM and can receive the routing table and the ARP entry. For example, the controller distributes the routing table and the ARP entry to a configuration module such as VM tools. The routing table indicates that the next hop of the VM in the default routing is the logical external network gateway, and the ARP entry indicates the MAC address of the next hop of the VM in the default routing. In  this way, a tag may be attached on a packet accessing the external network. That is, the destination MAC address of the packet accessing the external network is set as the MAC address of the logical external network gateway. The controller also distributes the static flow table to the switch, and the static flow table indicates the switch to forward the packet attached with the tag to the logical external network gateway.
In an example of the present disclosure, the VM has the routing information for indicating that the flow to be sent to the external network is to be sent to the logical external network gateway, and thus the VM may attach a tag on the flow according to the routing information. The switch has a flow table for indicating the forwarding of the flow attached with the tag. Accordingly, after recognizing the flow attached with the tag, the switch forwards the flow attached with the tag to the actual external network gateway according to the flow table. Accordingly, it is unnecessary to send to the controller the initial packet of the flow to be sent to the external network, thereby avoiding that the controller becomes the bottleneck and improving system performance.
In various examples of the present disclosure, the flow table in the switch is configured based on the MAC address of the logical external network gateway, and the logical external network gateway is created based on a network segment instead of a single IP address. Accordingly, for each logical external network gateway, it is unnecessary to distribute a flow table for each IP address of the external network, but necessary to distribute one flow table to the switch. In this case, the number of distributed flow tables may be reduced, a flow table matching efficiency may be increased and system performance may be improved.
Based on the above method, examples of the present disclosure also provide an apparatus for accessing an external network from a virtual network, a flow routing apparatus and a flow forwarding apparatus.
FIG. 6 is a diagram illustrating the structure of an apparatus for accessing an external network from a virtual network according to an example of the present disclosure. The apparatus may be applied to a controller shown in FIG. 7.
As shown in FIG. 6, the apparatus includes a logical external network gateway creating module 801, a routing distributing module 802 and a flow table distributing module 803.
The logical external network gateway creating module 801 may create a logical external network gateway.
The routing distributing module 802 may distribute routing information and ARP entry information to a VM. The routing information indicates that the next hop of a flow to be sent to the external network is the logical external network gateway, and the ARP entry information includes the MAC address of the logical external network gateway.
The flow table distributing module 803 may distribute a flow table to a switch. The flow table indicates that a flow whose destination MAC address is the MAC address of the logical external network gateway is to be forwarded to an actual external network gateway.
Each network segment that is in the virtual network and is to interwork with the external network corresponds to one logical external network gateway. MAC addresses of multiple logical external network gateways corresponding to the same actual external network gateway are the same, and MAC addresses of multiple logical external network gateways corresponding to different actual external network gateways are different.
The logical external network gateway creating module 801 may set the MAC address of the logical external network gateway as a pre-configured MAC address.
The flow table may further indicate that the destination MAC address of a flow whose destination MAC address is the MAC address of the logical external network gateway is modified to the MAC address of an actual external network gateway corresponding to the logical external network gateway, and then the flow is forwarded to the actual external network gateway.
The logical external network gateway creating module 801 may set the MAC address of each logical external network gateway as the MAC address of an actual external network gateway corresponding to the logical external network gateway.
The routing information is distributed to each VM in the network segment and indicates that the next hop in the default routing is a logical external network gateway created for the network segment.
The routing information further indicates that the next hop in internal routing of the virtual network is an internal gateway of the virtual network.
FIG. 7 is a diagram illustrating the hardware structure of a controller according to an example of the present disclosure. As shown in FIG. 7, the controller includes a non-transitory storage 701 and a processor 702. The above hardware  components are connected to each other via buses.
The non-transitory storage 701 may store machine readable instructions, including logical external network gateway creating instructions, routing distributing instructions and flow table distributing instructions. When the machine readable instructions are executed by the processor 702, the functions of the apparatus shown in FIG. 6 can be implemented.
The processor 702 may communicate with the non-transitory storage 701, read and execute the machine readable instructions stored in the non-transitory storage 701 to implement the functions of the apparatus shown in FIG. 6.
FIG. 8 is a diagram illustrating the structure of a flow routing apparatus according to an example of the present disclosure. The apparatus may be applied to a VM shown in FIG. 9.
As shown in FIG. 8, the flow routing apparatus includes a routing receiving module 1001, a flow recognizing module 1002 and a flow routing module 1003.
The routing receiving module 1001 may receive routing information and ARP entry information. The routing information indicates that the next hop of a flow to be sent to an external network is a pre-created logical external network gateway, and the ARP entry information includes the MAC address of the logical external network gateway.
The flow recognizing module 1002 may recognize the flow to be sent to the external network.
The flow routing module 1003 may route the flow to be sent to the external network to the logical external network gateway.
The routing information may be distributed to each VM in the network segment and indicate that the next hop in default routing is the logical external network gateway created for the network segment and the next hop in internal routing is an internal gateway of a virtual network.
The flow recognizing module 1002 may recognize whether the destination IP address of a flow is an address of the external network or an internal address of the virtual network when the destination IP address of the flow and the IP address of the VM do not belong to the same network segment.
The flow routing module 1003 may set the destination MAC address of the flow as the MAC address of the next hop in the default routing when the destination IP  address of the flow is the address of the external network, and set the destination MAC address of the flow as the MAC address of the next hop in the internal routing when the destination IP address of the flow is the internal address of the virtual network.
FIG. 9 is a diagram illustrating the hardware structure of a VM according to an example of the present disclosure. As shown in FIG. 9, the VM includes a non-transitory storage 901 and a processor 902. The above hardware components are connected to each other via buses.
The non-transitory storage 901 may store machine readable instructions, including routing receiving instructions, flow recognizing instructions and flow routing instructions. When the machine readable instructions are executed by the processor 902, the functions of the apparatus shown in FIG. 8 can be implemented.
The processor 902 may communicate with the non-transitory storage 901, read and execute the machine readable instructions stored in the non-transitory storage 901 to implement the functions of the apparatus shown in FIG. 8.
FIG. 10 is a diagram illustrating the structure of a flow forwarding apparatus according to an example of the present disclosure. The apparatus may be applied to a switch shown in FIG. 11.
As shown in FIG. 10, the flow forwarding apparatus includes a flow table receiving module 1201, a flow recognizing module 1202 and a flow forwarding module 1203.
The flow table receiving module 1201 may receive a flow table. The flow table indicates that a flow whose destination MAC address is the MAC address of a logical external network gateway is to be forwarded to an actual external network gateway.
The flow recognizing module 1202 may recognize the flow whose destination MAC address is the MAC address of the logical external network gateway.
The flow forwarding module 1203 may forward the flow whose destination MAC address is the MAC address of the logical external network gateway to the actual external network gateway.
The MAC address of the logical external network gateway may be a pre-configured MAC address.
The flow table may further indicate that the destination MAC address of the flow whose destination MAC address is the MAC address of the logical external network  gateway is modified to the MAC address of an actual external network gateway corresponding to the logical external network gateway, and then the flow is forwarded to the actual external network gateway.
The flow forwarding module 1203 may modify the destination MAC address of the flow whose destination MAC address is the MAC address of the logical external network gateway to the MAC address of the actual external network gateway corresponding to the logical external network gateway, and then the flow is forwarded to the actual external network gateway.
FIG. 11 is a diagram illustrating the hardware structure of a switch according to an example of the present disclosure. As shown in FIG. 11, the switch includes a non-transitory storage 1101 and a processor 1102. The above hardware components are connected to each other via buses.
The non-transitory storage 1101 may store machine readable instructions, including flow table receiving instructions, flow recognizing instructions and flow forwarding instructions. When the machine readable instructions are executed by the processor 1102, the functions of the apparatus shown in FIG. 10 can be implemented.
The processor 1102 may communicate with the non-transitory storage 1101, read and execute the machine readable instructions stored in the non-transitory storage 1101 to implement the functions of the apparatus shown in FIG. 10.
In the examples of the present disclosure, the controller creates a logical external network gateway for each network segment that is in the virtual network and is to interwork with the external network, and distributes the routing information and the ARP entry information to the VM. The routing information indicates that the next hop of the flow to be sent to the external network is the logical external network gateway. The ARP entry information includes the MAC address of the logical external network gateway. The controller distributes a flow table to the switch. The flow table indicates that the flow whose destination MAC address is the MAC address of the logical external network gateway is to be forwarded to an actual external network gateway.
In the examples of the present disclosure, an actual external network gateway is set, by which the virtual network can be connected to the external network. A flow passes through the actual external network gateway when accessing the external network. The actual external network gateway may be a physical external network gateway or a virtual external network gateway. In the examples of the present disclosure,  a logical external network gateway is created for a network segment that is in the virtual network and is to interwork with the external network. The controller distributes routing information and ARP entry information to the VM, and distributes a flow table to the switch. The routing information indicates that the next hop of a flow to be sent to an external network is the logical external network gateway, the flow table indicates that a flow whose destination MAC address is the MAC address of the logical external network gateway is to be forwarded to an actual external network gateway. The VM sets the destination MAC address of the flow to be sent to the external network as the MAC address of the logical external network gateway according to the routing information and the ARP entry information, thereby attaching a tag on the flow to be sent to the external network. After the VM sends the flow attached with the tag to the switch, the switch recognizes the flow attached with the tag, i.e., the flow whose destination MAC address is the MAC address of the logical external network gateway, and forwards the flow to the actual external network gateway according to the flow table, thereby sending the flow to the external through the actual external network gateway.
In an example of the present disclosure, the VM has the routing information for indicating that the flow to be sent to the external network is to be sent to the logical external network gateway, and thus the VM may attach a tag on the flow according to the routing information. The switch has a flow table for indicating the forwarding of the flow attached with the tag. Accordingly, after recognizing the flow attached with the tag, the switch forwards the flow attached with the tag to the actual external network gateway according to the flow table. Accordingly, it is unnecessary to send to the controller the initial packet of the flow to be sent to the external network, thereby avoiding that the controller becomes the bottleneck and improving system performance.
In various examples of the present disclosure, the flow table in the switch is configured based on the MAC address of the logical external network gateway, and the logical external network gateway is created based on a network segment instead of a single IP address. Accordingly, for each logical external network gateway, it is unnecessary to distribute a flow table for each IP address of the external network, but necessary to distribute one flow table to the switch. In this case, the number of distributed flow tables may be reduced, a flow table matching efficiency may be increased and system performance may be improved.
Although described specifically throughout the entirety of the instant disclosure, representative examples of the present disclosure have utility over a wide range of applications, and the above discussion is not intended and should not be construed to be limiting, but is offered as an illustrative discussion of aspects of the disclosure.
What has been described and illustrated herein is an example along with some of its variations. The terms, descriptions and figures used herein are set forth by way of illustration only and are not meant as limitations. Many variations are possible within the spirit and scope of the subject matter, which is intended to be defined by the following claims --and their equivalents --in which all terms are meant in their broadest reasonable sense unless otherwise indicated.

Claims (15)

  1. A method for accessing an external network from a virtual network, applied to a controller and comprising:
    distributing routing information and Address Resolution Protocol (ARP) entry information to a Virtual Machine (VM) , wherein the routing information indicates that a next hop of a flow to be sent to the external network is a pre-created logical external network gateway, and the ARP entry information comprises a Media Access Control (MAC) address of the logical external network gateway; and
    distributing a flow table to a switch, wherein the flow table indicates that a flow whose destination MAC address is the MAC address of the logical external network gateway is to be forwarded to an actual external network gateway.
  2. The method of claim 1, wherein each network segment that is in the virtual network and is to interwork with the external network corresponds to one logical external network gateway, and the routing information is distributed to each VM in the network segment and indicates that a next hop in default routing is the logical external network gateway created for the network segment and a next hop in internal routing is an internal gateway of the virtual network; and
    MAC addresses of multiple logical external network gateways corresponding to the same actual external network gateway are the same, and MAC addresses of multiple logical external network gateways corresponding to different actual external network gateways are different.
  3. The method of claim 1, wherein the MAC address of the logical external network gateway is a pre-configured MAC address; the flow table further indicates that a destination MAC address of a flow whose destination MAC address is the MAC address of the logical external network gateway is modified to a MAC address of the actual external network gateway corresponding to the logical external network gateway, and the flow is forwarded to the actual external network gateway.
  4. The method of claim 2, wherein a MAC address of each of multiple logical external network gateways corresponding to different actual external network gateways is set as a MAC address of an actual external network gateway corresponding to the logical external network gateway, so that the switch forwards, after receiving the flow whose destination MAC address is the MAC address of the logical external network gateway, the  flow to the actual external network gateway corresponding to the logical external network gateway rather than modifying the destination MAC address of the flow.
  5. An apparatus for accessing an external network from a virtual network, comprising a logical external network gateway creating module, a routing distributing module and a flow table distributing module;
    the logical external network gateway creating module is to create a logical external network gateway;
    the routing distributing module is to distribute routing information and Address Resolution Protocol (ARP) entry information to a Virtual Machine (VM) , wherein the routing information indicates that a next hop of a flow to be sent to the external network is a pre-created logical external network gateway, and the ARP entry information comprises a Media Access Control (MAC) address of the logical external network gateway; and
    the flow table distributing module is to distribute a flow table to a switch, wherein the flow table indicates that a flow whose destination MAC address is the MAC address of the logical external network gateway is to be forwarded to an actual external network gateway.
  6. The apparatus of claim 5, wherein each network segment that is in the virtual network and is to interwork with the external network corresponds to one logical external network gateway, the routing information is distributed to each VM in the network segment and indicates that a next hop in default routing is the logical external network gateway created for the network segment and a next hop in internal routing is an internal gateway of the virtual network; and
    MAC addresses of multiple logical external network gateways corresponding to the same actual external network gateway are the same, and MAC addresses of multiple logical external network gateways corresponding to different actual external network gateways are different.
  7. The apparatus of claim 5, wherein the logical external network gateway creating module is to set the MAC address of the logical external network gateway as a pre-configured MAC address; the flow table further indicates that a destination MAC address of a flow whose destination MAC address is the MAC address of the logical external network gateway is modified to a MAC address of the actual external network gateway corresponding to the logical external network gateway, and the flow is forwarded  to the actual external network gateway.
  8. The apparatus of claim 6, wherein the logical external network gateway creating module is to set a MAC address of each of multiple logical external network gateways corresponding to different actual external network gateways as a MAC address of an actual external network gateway corresponding to the logical external network gateway, so that the switch forwards, after receiving the flow whose destination MAC address is the MAC address of the logical external network gateway, the flow to the actual external network gateway corresponding to the logical external network gateway rather than modifying the destination MAC address of the flow.
  9. A flow routing apparatus, applied to a Virtual Machine (VM) and comprising a routing receiving module, a flow recognizing module and a flow routing module;
    the routing receiving module is to receive routing information and Address Resolution Protocol (ARP) entry information, wherein the routing information indicates that a next hop of a flow to be sent to an external network is a pre-created logical external network gateway, and the ARP entry information includes a Media Access Control (MAC) address of the logical external network gateway;
    the flow recognizing module is to recognize the flow to be sent to the external network; and
    the flow routing module is to route the flow to be sent to the external network to the logical external network gateway.
  10. The flow routing apparatus of claim 9, wherein each network segment that is in a virtual network and is to interwork with the external network corresponds to one logical external network gateway, and for each VM in the network segment, the routing information indicates that a next hop in default routing is the logical external network gateway created for the network segment and a next hop in internal routing is an internal gateway of the virtual network;
    the flow recognizing module is to recognize whether a destination IP address of a flow is an address of the external network or an internal address of the virtual network when the destination IP address of the flow and an IP address of the VM do not belong to the same network segment; and
    the flow routing module is to set a destination MAC address of the flow as a MAC address of the next hop in the default routing when the destination IP address of the flow is the address of the external network, and set the destination MAC address of the flow as  a MAC address of the next hop in the internal routing when the destination IP address of the flow is the internal address of the virtual network.
  11. A flow forwarding apparatus, applied to a switch and comprising a flow table receiving module, a flow recognizing module and a flow forwarding module;
    the flow table receiving module is to receive a flow table, wherein the flow table indicates that a flow whose destination Media Access Control (MAC) address is a MAC address of a logical external network gateway is to be forwarded to an actual external network gateway;
    the flow recognizing module is to recognize the flow whose destination MAC address is the MAC address of the logical external network gateway; and
    the flow forwarding module is to forward the flow whose destination MAC address is the MAC address of the logical external network gateway to the actual external network gateway.
  12. The flow forwarding apparatus of claim 11, wherein the MAC address of the logical external network gateway is a pre-configured MAC address; the flow table further indicates that the destination MAC address of the flow whose destination MAC address is the MAC address of the logical external network gateway is modified to a MAC address of an actual external network gateway corresponding to the logical external network gateway, and the flow is forwarded to the actual external network gateway; and
    the flow forwarding module is to modify the destination MAC address of the flow whose destination MAC address is the MAC address of the logical external network gateway to the MAC address of the actual external network gateway corresponding to the logical external network gateway, and the flow is forwarded to the actual external network gateway.
  13. A non-transitory storage, comprising machine readable instructions, which are executed by a processor of a controller to implement a process of:
    distributing routing information and Address Resolution Protocol (ARP) entry information to a Virtual Machine (VM) , wherein the routing information indicates that a next hop of a flow to be sent to the external network is a pre-created logical external network gateway, and the ARP entry information comprises a Media Access Control (MAC) address of the logical external network gateway; and
    distributing a flow table to a switch, wherein the flow table indicates that a flow whose destination MAC address is the MAC address of the logical external network  gateway is to be forwarded to an actual external network gateway.
  14. The non-transitory storage of claim 13, wherein each network segment that is in the virtual network and is to interwork with the external network corresponds to one logical external network gateway, and the routing information is distributed to each VM in the network segment and indicates that a next hop in default routing is the logical external network gateway created for the network segment and a next hop in internal routing is an internal gateway of the virtual network; and
    MAC addresses of multiple logical external network gateways corresponding to the same actual external network gateway are the same, and MAC addresses of multiple logical external network gateways corresponding to different actual external network gateways are different.
  15. The non-transitory storage of claim 14, wherein the MAC address of the logical external network gateway is a pre-configured MAC address; the flow table further indicates that a destination MAC address of a flow whose destination MAC address is the MAC address of the logical external network gateway is modified to a MAC address of the actual external network gateway corresponding to the logical external network gateway, and the flow is forwarded to the actual external network gateway.
PCT/CN2015/100064 2014-12-31 2015-12-31 Accessing external network from virtual network WO2016107594A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410854404.7A CN105812340B (en) 2014-12-31 2014-12-31 A kind of method and apparatus of virtual network access outer net
CN201410854404.7 2014-12-31

Publications (1)

Publication Number Publication Date
WO2016107594A1 true WO2016107594A1 (en) 2016-07-07

Family

ID=56284309

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/100064 WO2016107594A1 (en) 2014-12-31 2015-12-31 Accessing external network from virtual network

Country Status (2)

Country Link
CN (1) CN105812340B (en)
WO (1) WO2016107594A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3525423A4 (en) * 2016-11-09 2019-08-14 Huawei Technologies Co., Ltd. Packet processing method in cloud computing system, host, and system
US10491517B2 (en) 2016-11-09 2019-11-26 Huawei Technologies Co., Ltd. Packet processing method in cloud computing system, host, and system

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107517129B (en) * 2017-08-25 2020-04-03 杭州迪普科技股份有限公司 Method and device for configuring uplink interface of equipment based on OpenStack
CN109787877B (en) * 2017-11-10 2020-12-25 智邦科技股份有限公司 Box type switch, network interface card and management method for packet transfer
CN107733800A (en) * 2017-11-29 2018-02-23 郑州云海信息技术有限公司 A kind of SDN message transmitting method and its device
CN108600415A (en) * 2018-05-28 2018-09-28 郑州云海信息技术有限公司 A kind of virtual network accesses method, system and the SDN controllers of outer net
CN115225634B (en) * 2022-06-17 2023-10-20 北京百度网讯科技有限公司 Data forwarding method, device and computer program product under virtual network
CN115378868B (en) * 2022-08-18 2023-09-19 中电云数智科技有限公司 System and method for realizing message processing based on SNAT resource pool
CN115473766B (en) * 2022-08-22 2024-01-26 苏州思萃工业互联网技术研究所有限公司 Vip implementation method and system based on distributed gateway
CN115426313B (en) * 2022-08-31 2023-08-18 中电云数智科技有限公司 NAT optimization device and method based on OVN virtual machine network
CN115529270B (en) * 2022-11-23 2023-04-11 广东睿江云计算股份有限公司 Physical and virtual network fusion method and device, computer equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457439A (en) * 2011-12-07 2012-05-16 中标软件有限公司 Virtual switching system and method of cloud computing system
CN102801715A (en) * 2012-07-30 2012-11-28 华为技术有限公司 Method for virtual machine migration in network, gateway and system
US20130250951A1 (en) * 2012-03-22 2013-09-26 Brocade Communications Systems, Inc. Overlay tunnel in a fabric switch
US20130266019A1 (en) * 2012-04-09 2013-10-10 Futurewei Technologies, Inc. L3 Gateway for VXLAN
CN104052666A (en) * 2013-03-14 2014-09-17 杭州华三通信技术有限公司 Method and apparatus for realizing host route reachability

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103023827B (en) * 2012-11-23 2017-04-19 杭州华三通信技术有限公司 Data forwarding method for virtualized data centre and realization equipment of data forwarding method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457439A (en) * 2011-12-07 2012-05-16 中标软件有限公司 Virtual switching system and method of cloud computing system
US20130250951A1 (en) * 2012-03-22 2013-09-26 Brocade Communications Systems, Inc. Overlay tunnel in a fabric switch
US20130266019A1 (en) * 2012-04-09 2013-10-10 Futurewei Technologies, Inc. L3 Gateway for VXLAN
CN102801715A (en) * 2012-07-30 2012-11-28 华为技术有限公司 Method for virtual machine migration in network, gateway and system
CN104052666A (en) * 2013-03-14 2014-09-17 杭州华三通信技术有限公司 Method and apparatus for realizing host route reachability

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3525423A4 (en) * 2016-11-09 2019-08-14 Huawei Technologies Co., Ltd. Packet processing method in cloud computing system, host, and system
US10491517B2 (en) 2016-11-09 2019-11-26 Huawei Technologies Co., Ltd. Packet processing method in cloud computing system, host, and system
US11005755B2 (en) 2016-11-09 2021-05-11 Huawei Technologies Co., Ltd. Packet processing method in cloud computing system, host, and system

Also Published As

Publication number Publication date
CN105812340A (en) 2016-07-27
CN105812340B (en) 2019-01-08

Similar Documents

Publication Publication Date Title
WO2016107594A1 (en) Accessing external network from virtual network
US10541913B2 (en) Table entry in software defined network
US9674088B1 (en) Receive packet steering for virtual networks
EP3091696B1 (en) Method and device for implementing virtual machine communication
US20170237655A1 (en) Forwarding Data Packets In Software Defined Networks
US10333845B2 (en) Forwarding data packets
US20150358232A1 (en) Packet Forwarding Method and VXLAN Gateway
TWI531908B (en) A method of supporting virtual machine migration with Software Defined Network (SDN)
US10572291B2 (en) Virtual network management
US20170317850A1 (en) Layer-3 Forwarding in VXLAN
US9716687B2 (en) Distributed gateways for overlay networks
JP2014135721A (en) Device and method for distributing traffic of data center network
US10848432B2 (en) Switch fabric based load balancing
US20140325637A1 (en) Supporting IP Address Overlapping Among Different Virtual Networks
US9860170B2 (en) Method, device, and system for packet routing in a network
US10313154B2 (en) Packet forwarding
US11165703B2 (en) Prefix-based fat flows
US20190356632A1 (en) Method and system for network traffic steering towards a service device
US10313275B2 (en) Packet forwarding
EP3198808B1 (en) Local packet switching at a satellite device
US9218356B2 (en) Systems and methods for accelerating networking functionality
US11252070B2 (en) Adaptive polling in software-defined networking (SDN) environments
US10313926B2 (en) Large receive offload (LRO) processing in virtualized computing environments
WO2016173196A1 (en) Method and apparatus for learning address mapping relationship
US9853891B2 (en) System and method for facilitating communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15875270

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15875270

Country of ref document: EP

Kind code of ref document: A1