CN117155875A

CN117155875A - Method and device for applying virtual switch based on Openstack

Info

Publication number: CN117155875A
Application number: CN202311204231.XA
Authority: CN
Inventors: 高雨; 李飞; 李亚洁; 田晋丞; 刘无敌; 刘琼; 姜海昆; 范宇
Original assignee: Changyang Technology Beijing Co ltd
Current assignee: Changyang Technology Beijing Co ltd
Priority date: 2023-09-18
Filing date: 2023-09-18
Publication date: 2023-12-01

Abstract

The invention provides a method and a device for applying a virtual switch based on Openstack, which relate to the technical field of virtual networks, and the method comprises the following steps: creating a target virtual machine in an Openstack; the target virtual machine comprises a mirror image of the virtual switch; establishing connection between a target virtual machine and other virtual machines in the Openstack; the target virtual machine and other virtual machines run on different nodes; and realizing communication between other virtual machines according to the target virtual machine and the connection. The method provided by the scheme can apply the virtual switch in the Openstack, and improves the user experience.

Description

Method and device for applying virtual switch based on Openstack

Technical Field

The present invention relates to the field of virtual network technologies, and in particular, to a method and an apparatus for applying a virtual switch based on Openstack.

Background

OpenStack is an open-source cloud computing management platform project and is a combination of a series of software open-source projects. The network is one of the most important resources of Openstack, and without the network, the virtual machine will be isolated. The most main function of the network service of Openstack is to provide network connection for the virtual machine instance, however, current obenstack does not support to create a virtual switch, and the traditional physical switch has the problems of higher cost, troublesome wiring, inconvenient movement and the like, and is not suitable for being used in a cloud scene.

Disclosure of Invention

The embodiment of the invention provides a method and a device for applying a virtual switch based on Openstack.

In a first aspect, an embodiment of the present invention provides a method for applying a virtual switch based on Openstack, including:

creating a target virtual machine in an Openstack; the target virtual machine comprises a mirror image of a virtual switch;

establishing connection between the target virtual machine and other virtual machines; the target virtual machine and the other virtual machines run on different nodes;

and realizing communication between the other virtual machines according to the target virtual machine and the connection.

Optionally, before the connection between the target virtual machine and the other virtual machine is established, the method further includes:

acquiring configuration information of each node; the configuration information comprises a virtual machine, a port, a first network bridge and a second network bridge;

for each of the nodes, performing: establishing connection between the virtual machine and the port so that the virtual machine sends out data packets through the port, and establishing connection between the port and the first network bridge and connection between the first network bridge and the second network bridge; the virtual machine is the target virtual machine or the other virtual machines; and the second bridges of the different nodes are connected through an internal network.

Optionally, the establishing a connection between the target virtual machine and other virtual machines includes:

starting the target virtual machine;

determining a first node where the target virtual machine is located, a second node where the other virtual machines are located, a first port connected with the target virtual machine, and a second port connected with the other virtual machines;

in the second node, modifying a target MAC address on a first network bridge by the data packet sent by the other virtual machines through the second port, and forwarding the modified data packet to a second network bridge; wherein the target MAC address is the MAC address of the first port;

forwarding the modified data packet to the first node via the internal network;

in the first node, the modified data packet enters the target virtual machine through the target MAC address after passing through a second network bridge and a first network bridge in the first node, so that unidirectional connection from the other virtual machines to the target virtual machine is realized.

in the first node, modifying a target MAC address on a first network bridge by a data packet sent by the target virtual machine through the first port, and forwarding the modified data packet to a second network bridge; wherein the target MAC address is the MAC address of the second port;

forwarding the modified data packet to the second node via the internal network;

in the second node, the modified data packet enters the other virtual machines through the target MAC address after passing through a second network bridge and a first network bridge in the second node, so that unidirectional connection from the target virtual machine to the other virtual machines is realized.

Optionally, the enabling communication between the other virtual machines according to the target virtual machine and the connection includes:

acquiring a communication request between any two other virtual machines;

according to the communication request, sending a data packet sent by one other virtual machine to the target virtual machine through the connection through the target virtual machine, and sending the data packet to the other virtual machine through the connection to complete the communication request; and the MAC address of the data packet sent out from the target virtual machine is the MAC address of a port connected with the other virtual machine.

Optionally, the method further comprises:

generating an auxiliary flow table according to the communication between the connection and the other virtual machines; the auxiliary flow table comprises a MAC address conversion record table of ports under connection or communication.

Optionally, the method further comprises:

acquiring the MAC address of the port;

judging whether the MAC address is positioned in a white list library according to a user request;

if yes, establishing connection between the target virtual machine and other virtual machines according to the MAC address of the port.

In a second aspect, an embodiment of the present invention further provides an apparatus for applying a virtual switch based on Openstack, including:

the management module is used for creating a target virtual machine in the Openstack; the target virtual machine comprises a mirror image of a virtual switch;

the function realization module is used for establishing connection between the target virtual machine and other virtual machines; the target virtual machine and the other virtual machines run on different nodes; and communication between the other virtual machines is realized according to the target virtual machine and the connection.

Optionally, the management module is further configured to obtain configuration information of each node; the configuration information comprises a virtual machine, a port, a first network bridge and a second network bridge;

In a third aspect, an embodiment of the present invention further provides a computing device, including a memory and a processor, where the memory stores a computer program, and when the processor executes the computer program, the method for implementing any one of the foregoing methods for applying a virtual switch based on Openstack.

In a fourth aspect, an embodiment of the present invention further provides a computer readable storage medium, on which a computer program is stored, where the computer program, when executed in a computer, causes the computer to perform the method of applying a virtual switch based on Openstack as described in any one of the above.

The embodiment of the invention provides a method and a device for applying a virtual switch based on Openstack, wherein the method adopts an image of an open source virtual switch, packages the image in a target virtual machine, creates the target virtual machine in the Openstack, establishes connection between the target virtual machine and other virtual machines, enables the target virtual machine to serve as the virtual switch, and is used for simulating connection lines of a physical layer switch so as to realize communication connection between other virtual machines through the target virtual machine. Therefore, the virtual switch can be applied to the Openstack, so that the configuration is flexible, the wiring is convenient, and the use experience of a user can be further improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a flow chart of a method for applying virtual switches based on Openstack according to an embodiment of the present invention;

fig. 2 is a virtual switch service architecture according to an embodiment of the present invention;

FIG. 3 is a schematic diagram illustrating a communication process between virtual machines according to an embodiment of the present invention;

FIG. 4 is a hardware architecture diagram of a computing device according to one embodiment of the invention;

fig. 5 is a device structure diagram of an Openstack application virtual switch according to an embodiment of the present invention.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments, and all other embodiments obtained by those skilled in the art without making any inventive effort based on the embodiments of the present invention are within the scope of protection of the present invention.

The following is a concept of the present invention, and as shown in fig. 1, an embodiment of the present invention provides a method for applying a virtual switch based on Openstack, where the method includes:

step 100, creating a target virtual machine in Openstack; the target virtual machine comprises a mirror image of a virtual switch;

102, establishing connection between the target virtual machine and other virtual machines; the target virtual machine and the other virtual machines run on different nodes;

and 104, realizing communication between the other virtual machines according to the target virtual machine and the connection.

In the embodiment of the invention, the mirror image of the open source virtual switch is adopted, the mirror image is packaged in the target virtual machine, the target virtual machine is created in the Openstack, and the connection between the target virtual machine and other virtual machines is established, so that the target virtual machine is used as the virtual switch to simulate the connection line of the physical layer switch, and the communication connection between other virtual machines is realized through the target virtual machine. Therefore, the virtual switch can be applied to the Openstack, so that the configuration is flexible, the wiring is convenient, and the use experience of a user can be further improved.

The manner in which the individual steps shown in fig. 1 are performed is described below.

In step 100, when the target virtual machine is created, the CPU, the memory, the hard disk size, and the number of interfaces of the target virtual machine may be selected according to the user requirements.

After step 100, before step 102, further includes:

It should be noted that, the connection interface is called and established according to the user's requirement, and the port id of the switch and the port id of the virtual machine to be connected are provided. The target virtual machine operates on a dedicated network node, other virtual machines operate on other network nodes or computing nodes, and different virtual machines all operate on different nodes; other virtual machines are other virtual devices in addition to the target virtual machine, including but not limited to virtual machines, virtual routers, virtual firewalls. Each node includes a number of ports therein.

In step 102, establishing a connection between the target virtual machine and other virtual machines includes:

starting the target virtual machine;

forwarding the modified data packet to the first node via the internal network;

In step 102, the establishing a connection between the target virtual machine and the other virtual machines includes:

Preferably, the first bridge is an int bridge and the second bridge is a vlan bridge. In the embodiment of the present invention, it should be noted that, the target virtual machine and other virtual machines are both located under the same cloud pool, and it is not necessary to enter the configuration of the target virtual machine (i.e. the switch).

Specifically, in a preferred embodiment, in the virtual switch service architecture shown in fig. 2, the virtual switch is a target virtual machine, running on a dedicated network node, vm1, vm2, vm3, and vm4 are all other virtual machines, vm1 and vm2 are running on the computing node 1, vm3 and vm4 are running on the computing node 2, and the following is a specific procedure for establishing a connection: taking vm1 as an example, a packet destined for a target virtual machine: modifying a target MAC address into the MAC address of a downlink port tap1 of a target virtual machine on a br-int (first bridge) of a ovs bridge by a data packet sent by a port tap3 connected with vm1 on a computing node 1, forwarding the data packet to a br-vlan bridge (second bridge), and sending the data packet to a network node from the computing node 1 through an internal network; after receiving a message sent by vm1 to a target virtual machine, a network node strips a vlan on a br-int bridge (a first bridge) of the network node, and enters the target virtual machine through a port tap1, so that unidirectional connection from the vm1 to the target virtual machine is realized;

and forwarding the data packet sent by the target virtual machine: in the network node, the message sent from the port tap1 modifies the MAC address of which the target MAC address is vm1, modifies vlan in the network node into vlan of the network where vm1 is located, sends the vlan to br-vlan bridge (second bridge) of the network node, and normally forwards the vlan to the computing node 1 on br-vlan bridge; at the computing node 1, the br-vlan bridge receives the data packet addressed to vm1, forwards the data packet to the br-int bridge (first bridge), and strips the data packet addressed to vm1 from the vlan at the br-int bridge, and the destination MAC address is the MAC address of vm1, so that the data packet is addressed to vm1, thereby realizing unidirectional connection from the destination virtual machine to vm 1. Thus, a bi-directional connection of the target virtual machine to vm1 is established through the above actions.

In step 104, implementing communication between the other virtual machines according to the target virtual machine and the connection, including:

acquiring a communication request between any two other virtual machines;

In a preferred embodiment, the communication between the other virtual machines is implemented according to the target virtual machine and the connection, including:

acquiring and sending communication requests between other virtual machines and receiving the communication requests between the other virtual machines;

establishing bidirectional connection of other virtual machines and the target virtual machine, and receiving the bidirectional connection of the other virtual machines and the target virtual machine;

forwarding a target data packet sent by the other virtual machine to a third port connected with the target virtual machine to enter the target virtual machine based on the bidirectional connection of the other virtual machine and the target virtual machine; then the target data packet is sent out again by a fourth port connected with the target virtual machine, and the target data packet sent out by the fourth port is forwarded to the other virtual machine based on the bidirectional connection of the other virtual machines and the target virtual machine; the target virtual machine is connected with the third port and the fourth port respectively, and the MAC address of the target data packet sent again from the target virtual machine is the MAC address of the fourth port.

In a preferred embodiment, further comprising: generating an auxiliary flow table according to the communication between the connection and the other virtual machines; the auxiliary flow table comprises a MAC address conversion record table of ports under connection or communication.

In the invention, an auxiliary flow table is added to maintain a MAC address conversion record table of a target virtual machine serving as a switch, and the consistency of the communication MAC addresses of the two communication parties is ensured. Specifically, taking fig. 2 as an example, the auxiliary flow tables are respectively: a network node modifies a data packet with a source MAC address of vm1MAC address into a MAC address of a port tap1 on br-int; the computing node 1 changes the MAC address of the source MAC address of port tap1 back to the MAC address of vm1 on the br-vlan.

Specifically, in an embodiment, in a schematic communication process between virtual machines as shown in fig. 3, a virtual switch is a target virtual machine, and operates on a dedicated network node, vm1, vm2, vm3, and vm4 are all other virtual machines, and vm1 and vm2 operate on a computing node 1, and the target virtual machine is connected with two ports of tap1 and tap2, a port connected with vm1 is tap3, and a port connected with vm2 is tap4; vm3 and vm4 run on the computing node 2, the port connected with vm3 is tap5, and the port connected with vm4 is tap6. Wherein, the switch port connected with vm1 is tap1, and the switch port connected with vm3 is tap2. Taking vm1 to access vm3 as an example, the process a changes the target MAC address of a data packet sent from vm1 into the MAC address of the tap1 port of the target virtual machine; b, modifying the vlan to be a vlan of the network where the vm1 is located, and transmitting the vlan to the network node; the process c forwards the br-vlan to the br-int normally; and d, stripping the data packet from the vlan, changing the target MAC address back to the MAC address of the vm1, and sending the data packet to the tap1 of the target virtual machine to finish the process of entering the data packet from the vm1 into the target virtual machine. The e process sends the data packet forwarded by the target virtual machine out of the tap2 port, and the target MAC address is modified into the MAC address of vm 3; f, modifying the source MAC address into the MAC address of the tap1 port of the target virtual machine, and transmitting the MAC address to the computing node 2; the g process changes the source MAC address back to the MAC address of vm1 at compute node 2; and h, stripping the vlan in the process, sending the vlan to vm3, and completing the whole process of the request direction, wherein the packet returning flow is similar. It should be noted that, the MAC address is modified in the f process and the h process to generate the auxiliary flow table, so as to ensure that the communication MAC addresses of the two communication parties are consistent. In the whole communication process of the invention, the ip and MAC addresses of the opposite sides are always perceived between vm1 and vm3, the modification of the data packet is not perceived, and the data packet is consistent with the actual physical scene.

The virtual switch is introduced into the Openstack, so that the functional blank is filled. And compared with a physical switch, the switch is more flexible in configuration, more convenient in wiring and lower in cost. And meanwhile, compared with other virtual switches, the interactive page can be provided for users, and user experience consistent with the physical switch is provided.

In a preferred embodiment, further comprising:

acquiring the MAC address of the port;

In the invention, when receiving a communication request of a user to any two other virtual machines, the MAC addresses of the ports connected with the other virtual machines and the MAC addresses of the ports of the target virtual machine connected with the other virtual machines are respectively acquired, and when the MAC addresses of the ports are all positioned in a white list library, the trust of the information of the ports is confirmed, the connection between the target virtual machine and the other virtual machines is further established, and the network security is improved. And if the MAC address of the port of the target virtual machine connected with the other virtual machines is not in the white list library, acquiring the MAC addresses of other available ports connected with the target virtual machine, and when the MAC address is in the white list library, establishing connection between the target virtual machine and the other virtual machines based on the other available ports. If the MAC addresses of the ports connected with other virtual machines are not located in the white list library, calculating the similarity between the MAC addresses and each MAC address in the white list library, and if the number of the MAC addresses with the similarity larger than a preset threshold value is larger than the preset number, the MAC addresses are considered to be trusted, and connection between the target virtual machine and the other virtual machines is established. Specifically, if the preset threshold is 85 and the preset number is 70, for the MAC address 1, the number of MAC addresses calculated to have a similarity greater than 85 is 80, and 80 is greater than 70, and the MAC address 1 is considered to be trusted.

As shown in fig. 4 and fig. 5, an embodiment of the present invention provides an apparatus for applying a virtual switch based on Openstack. The apparatus embodiments may be implemented by software, or may be implemented by hardware or a combination of hardware and software. In terms of hardware, as shown in fig. 4, a hardware architecture diagram of a computing device where an Openstack application virtual switch-based apparatus is located according to an embodiment of the present invention is shown, where in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 4, the computing device where the apparatus is located in the embodiment may generally include other hardware, such as a forwarding chip responsible for processing a packet, and so on. Taking a software implementation as an example, as shown in fig. 5, as a device in a logic sense, the device is formed by reading a corresponding computer program in a nonvolatile memory into a memory by a CPU of a computing device where the device is located. The device for applying the virtual switch based on Openstack provided in this embodiment includes:

a management module 500, configured to create a target virtual machine in Openstack; the target virtual machine comprises a mirror image of a virtual switch;

a function implementation module 502, configured to establish a connection between the target virtual machine and another virtual machine; the target virtual machine and the other virtual machines run on different nodes; and communication between the other virtual machines is realized according to the target virtual machine and the connection.

In some embodiments, the management module 500 may be used to perform the above-described step 100, and the function implementation module 502 may be used to perform the above-described steps 102 and 104.

In some specific embodiments, the management module 500 is further configured to perform the following operations:

In some specific embodiments, the function implementation module 502 is further configured to perform the following operations:

starting the target virtual machine;

forwarding the modified data packet to the first node via the internal network;

in the first node, the modified data packet passes through a second network bridge and a first network bridge in the first node and then enters the target virtual machine through the target MAC address;

in the second node, the modified data packet enters the other virtual machines through the target MAC address after passing through a second network bridge and a first network bridge in the second node, so that bidirectional connection from the target virtual machine to the other virtual machines is realized.

acquiring a communication request between any two other virtual machines;

In some embodiments, the apparatus further comprises a database module for performing the following operations:

acquiring the MAC address of the port;

It should be understood that the architecture illustrated in the embodiments of the present invention does not constitute a specific limitation on an apparatus for applying virtual switches based on Openstack. In other embodiments of the invention, an Openstack application virtual switch-based device may include more or fewer components than shown, or may combine certain components, or may split certain components, or may have a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

The content of information interaction and execution process between the modules in the device is based on the same conception as the embodiment of the method of the present invention, and specific content can be referred to the description in the embodiment of the method of the present invention, which is not repeated here.

The embodiment of the invention also provides a computing device, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the method for applying the virtual switch based on the Openstack in any embodiment of the invention when executing the computer program.

The embodiment of the invention also provides a computer readable storage medium, and the computer readable storage medium stores a computer program, and when the computer program is executed by a processor, the computer program causes the processor to execute the method for applying the virtual switch based on Openstack in any embodiment of the invention.

Specifically, a system or apparatus provided with a storage medium on which a software program code realizing the functions of any of the above embodiments is stored, and a computer (or CPU or MPU) of the system or apparatus may be caused to read out and execute the program code stored in the storage medium.

In this case, the program code itself read from the storage medium may realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code form part of the present invention.

Examples of the storage medium for providing the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD+RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer by a communication network.

The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, or device.

Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).

Further, it should be apparent that the functions of any of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform part or all of the actual operations based on the instructions of the program code.

Further, it is understood that the program code read out by the storage medium is written into a memory provided in an expansion board inserted into a computer or into a memory provided in an expansion module connected to the computer, and then a CPU or the like mounted on the expansion board or the expansion module is caused to perform part and all of actual operations based on instructions of the program code, thereby realizing the functions of any of the above embodiments.

It is noted that relational terms such as first and second, and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one …" does not exclude the presence of additional identical elements in a process, method, article or apparatus that comprises the element.

Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: various media in which program code may be stored, such as ROM, RAM, magnetic or optical disks.

Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. A method for applying a virtual switch based on Openstack, comprising:

establishing connection between the target virtual machine and other virtual machines in the Openstack; the target virtual machine and the other virtual machines run on different nodes;

2. The method of claim 1, further comprising, prior to the establishing the connection between the target virtual machine and the other virtual machines in the Openstack:

3. The method of claim 2, wherein the establishing a connection between the target virtual machine and the other virtual machines comprises:

starting the target virtual machine;

forwarding the modified data packet to the first node via the internal network;

4. A method according to claim 3, wherein said establishing a connection between said target virtual machine and other virtual machines comprises:

5. The method of claim 2, wherein said enabling communication between said other virtual machines in accordance with said target virtual machine and said connection comprises:

acquiring a communication request between any two other virtual machines;

6. The method according to any one of claims 3 to 5, further comprising:

7. An apparatus for applying a virtual switch based on Openstack, comprising:

8. The apparatus of claim 7, wherein the device comprises a plurality of sensors,

the management module is further used for acquiring configuration information of each node; the configuration information comprises a virtual machine, a port, a first network bridge and a second network bridge;

9. A computing device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the method of any of claims 1-6 when the computer program is executed.

10. A computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of claims 1-6.