Cloud computing data center system, gateway, server, and packet processing method

Abstract

A cloud computing data center system includes a first server, a second server, a cloud management platform, and a switch. The first server includes a first computing node and a first distributed gateway. The first distributed gateway receives a management packet sent by the cloud management platform. The first distributed gateway records network information of the second VLAN. A first virtual machine sends a first service packet that carries service data to a second virtual machine. The first distributed gateway receives the first service packet, generates a second service packet by modifying the first service packet based on the network information of the second VLAN, and sends the second service packet to the switch. A second distributed gateway receives the second service packet forwarded by the switch, and sends the second service packet to the second virtual machine. In this way, network reliability may be improved.

Claims

1. A packet processing method for a distributed gateway, wherein the distributed gateway is connected to a first computing node by using a first peripheral component interconnect express (PCIe) link; the distributed gateway is connected to a switch; a first virtual machine is disposed on the first computing node; the first virtual machine is located in a first virtual local area network (VLAN); and the method comprises: receivin a management packet sent by a cloud management platform, wherein the management packet carries network information of a second VLAN; recordin the network information of the second VLAN; receivin a first service packet that carries service data and that is sent by the first virtual machine to a second virtual machine, wherein the second virtual machine is located in the second VLAN; generating a second service packet to reach the second VLAN based on the first service packet and the network information of the second VLAN, wherein the second service packet carries the service data; and sending the second service packet to the switch; wherein the distributed gateway comprises a network adapter controller and a network adapter; the network adapter is provided with a first physical function (PF), a first virtual function (VF), and a physical network port; the network adapter controller is connected to the first PF; the first virtual machine is connected to the first VF; and the physical network port is connected to the switch; wherein the receiving, by the distributed gateway, a first service packet that carries service data and that is sent by the first virtual machine to a second virtual machine further comprises: receiving, by the network adapter, the first service packet from the first VF; wherein a destination MAC address of the management packet is a MAC address of the network adapter controller; the network adapter records a third correspondence between the MAC address of the network adapter controller and the first PF; the receiving, by the distributed gateway, a management packet sent by the cloud management platform further comprises: receiving, by the network adapter, the management packet from the physical network port, selecting the first PF from the third correspondence based on the destination MAC address of the management packet, and forwarding the management packet to the first PF; and receiving, by the network adapter controller, the management packet from the first PF.

2. The method according to claim 1, wherein the generating a second service packet based on the first service packet and the network information of the second VLAN to that can reach the second VLAN comprises: forwarding, by the network adapter, the first service packet to the first PF; obtaining, by the network adapter controller, the first service packet from the first PF, modifying the first service packet based on the network information of the second VLAN to generate the second service packet, and sending the second service packet to the first PF; and sending, by the network adapter, the second service packet to the physical network port.

3. The method according to claim 1, wherein the recording the network information of the second VLAN comprises: obtaining, by the network adapter controller, the network information of the second VLAN from the management packet, and recording, by the distributed gateway, the network information of the second VLAN.

4. The method according to claim 1, wherein the first service packet is a VLAN packet; a destination address of the first service packet is a MAC address of the second virtual machine; a first VLAN identifier is set for the first VLAN network; a second VLAN identifier different from the first VLAN identifier is set for the second VLAN network; the network information of the second VLAN comprises a first correspondence between the MAC address of the second virtual machine and the second VLAN identifier; and the generating a second service packet based on the first service packet and the network information of the second VLAN to reach the second VLAN comprises: obtaining, by the distributed gateway, the second VLAN identifier from the first correspondence based on the destination MAC address of the first service packet; and setting, by the distributed gateway, the second VLAN identifier in the first service packet to generate the second service packet.

5. The method according to claim 1, wherein the first service packet is a VLAN packet; a destination MAC address of the first service packet is a MAC address of the second virtual machine; the network information of the second VLAN comprises a second correspondence between the MAC address of the second virtual machine and an IP address of another distributed gateway that is connected to a second computing node by using a second PCIe link; the second virtual machine is disposed on the second computing node; and the generating a second service packet based on the first service packet and the network information of the second VLAN to reach the second VLAN comprises: obtaining, by the distributed gateway, the IP address from the second correspondence based on the destination address of the first service packet; and encapsulating, by the distributed gateway, the first service packet into the second service packet, wherein the second service packet is an overlay packet, and a destination IP address of the second service packet is the IP address.

6. A distributed gateway, comprising a processor and a memory, wherein the distributed gateway is connected to a computing node on which a first virtual machine is disposed, the distributed gateway is connected to a switch, the first virtual machine is located in a first virtual local area network (VLAN), the memory stores a program instruction, and the program instruction is run by the processor, to that cause the processor to: receive a management packet sent by a cloud management platform, wherein the management packet carries network information of a second VLAN; record the network information of the second VLAN; receive a first service packet that carries service data and that is sent by the first virtual machine to a second virtual machine, wherein the second virtual machine is located in the second VLAN; modify the first service packet based on the network information of the second VLAN to generate a second service packet to reach the second VLAN, wherein the second service packet carries the service data; and send the second service packet to the switch; wherein the distributed gateway comprises a network adapter controller and a network adapter; the network adapter is provided with a first physical function (PF), a first virtual function (VF), and a physical network port; the network adapter controller is connected to the first PF; the first virtual machine is connected to the first VF; and the physical network port is connected to the switch; wherein the program instruction further causes the processor to: receive the first service packet from the first VF; wherein a destination MAC address of the management packet is a MAC address of the network adapter controller; the network adapter records a third correspondence between the MAC address of the network adapter controller and the first PF; wherein the receiving of the management packet sent by the cloud management platform further comprises: receiving, by the network adapter, the management packet from the physical network port, selecting the first PF from the third correspondence based on the destination MAC address of the management packet, and forward the management packet to the first PF; and receiving, by the network adapter controller, the management packet from the first PF.

7. The distributed gateway according to claim 6, wherein the program instruction further causes the processor to: forward the first service packet to the first PF; obtain the first service packet from the first PF, modify the first service packet based on the network information of the second VLAN to generate the second service packet, and send the second service packet to the first PF; and send the second service packet to the physical network port.

8. The distributed gateway according to claim 6, wherein the program instruction further causes the processor to: obtain the network information of the second VLAN from the management packet, and record the network information of the second VLAN.

9. The distributed gateway according to claim 6, wherein the first service packet is a VLAN packet; a destination address of the first service packet is a MAC address of the second virtual machine; a first VLAN identifier is set for the first VLAN network; a second VLAN identifier different from the first VLAN identifier is set for the second VLAN network; the network information of the second VLAN comprises a first correspondence between the MAC address of the second virtual machine and the second VLAN identifier; and the program instruction further causes the processor to: obtain the second VLAN identifier from the first correspondence based on the destination MAC address of the first service packet; and set the second VLAN identifier in the first service packet to generate the second service packet.

10. The distributed gateway according to claim 6, wherein the first service packet is a VLAN packet; a destination MAC address of the first service packet is a MAC address of the second virtual machine; the network information of the second VLAN comprises a second correspondence between the MAC address of the second virtual machine and an IP address of another distributed gateway that is connected to a second computing node by using a second PCIe link; the second virtual machine is disposed on the second computing node; and the program instruction further cause the processor to: obtain the IP address from the second correspondence based on the destination address of the first service packet; and encapsulate the first service packet into the second service packet, wherein the second service packet is an overlay packet, and a destination IP address of the second service packet is the IP address.

Description

BRIEF DESCRIPTION OF DRAWINGS

(1) FIG. 1 is a schematic structural diagram of a system of a cloud computing data center according to an embodiment of the present disclosure;

(2) FIG. 2 is another schematic structural diagram of a system of a cloud computing data center according to an embodiment of the present disclosure;

(3) FIG. 3 is a data interaction diagram of a packet processing method according to an embodiment of the present disclosure;

(4) FIG. 4 is another data interaction diagram of a packet processing method according to an embodiment of the present disclosure;

(5) FIG. 5 is another data interaction diagram of a packet processing method according to an embodiment of the present disclosure;

(6) FIG. 6 is another data interaction diagram of a packet processing method according to an embodiment of the present disclosure;

(7) FIG. 7 is a schematic structural diagram of hardware of a server 1 according to an embodiment of the present disclosure;

(8) FIG. 8 is a schematic structural diagram of an apparatus of a distributed gateway according to an embodiment of the present disclosure; and

(9) FIG. 9 is another schematic structural diagram of an apparatus of a distributed gateway according to an embodiment of the present disclosure.

DESCRIPTION OF EMBODIMENTS

(10) Terms used in the embodiments of the present disclosure are first explained.

(11) Cloud management platform: A cloud management platform is a platform configured to centrally manage virtual machines of a cloud computing network. The virtual machines of the cloud computing network are distributed in a plurality of computing nodes, and each computing node is provided with a cloud management platform client. The cloud management platform client is configured to collect state information of the virtual machine on the computing node on which the cloud management platform client is located, and report the state information to the cloud management platform. The cloud management platform is provided with a user interaction interface, and a user may obtain the state of the virtual machine by using the user interaction interface. The user may further configure a management operation that is for the virtual machine by using the user interaction interface. The cloud management platform may send a command corresponding to the management operation to the cloud management platform client, and the cloud management platform client may run this command to manage the virtual machine. For example, the cloud management platform may be, for example, an Openstack or a VMware vSphere.

(12) Overlay packet: An overlay packet is an Ethernet packet in which a virtual machine packet is encapsulated. The overlay packet includes an outer network address and an inner network address. The outer network address is a network address in a packet header of the Ethernet packet, and includes a source IP address, a destination IP address, a source MAC address, and a destination MAC address. The inner network address is a network address in a packet header of the virtual machine packet, and includes the source IP address, the destination IP address, the source MAC address, and the destination MAC address. An implementation of the overlay packet may be a virtual extensible local area network (VXLAN) packet, a network virtualization generic routing encapsulation (NVGRE) packet, or a stateless transport tunneling (STT) packet. It should be noted that, in the embodiments of the present disclosure, the overlay packet may be a VXLAN packet.

(13) Network adapter virtualization: Network adapter virtualization may include single-root input/output virtualization (SR-IOV) or multi-root input/output virtualization (MR-IOV). The network adapter virtualization is also referred to as network adapter passthrough. SR-IOV passthrough is used as an example. When the network adapter supports the SR-IOV, a network adapter on a host may be shared by several virtual machines running on the host by using an SR-IOV technology. When the host uses the network adapter supporting the SR-IOV, a network port of the network adapter may virtualize at least one physical function (PF) and a plurality of virtual functions (VF). The virtual machine on the host is connected to at least one VF. The network adapter contains a switching device that has a function of a switch. The switching device forwards a data packet based on a media access control (MAC) table, and is responsible for forwarding of a data packet between the PF, the VF, and a physical network port.

(14) Virtual local area network (VLAN): A virtual local area network is a communication technology that logically divides a physical LAN into a plurality of broadcast domains.

(15) VLAN packet: A VLAN packet belongs to a layer 2 packet, and includes a destination MAC field, a source MAC field, a VLAN ID field, and a payload field. A VLAN packet also includes other fields that may not mentioned in the embodiments of the present disclosure, and are not described herein again.

(16) Virtual local area network identifier (VLAN ID): A virtual local area network identifier is a VID field of a VLAN packet. This field uniquely identifies one VLAN. A 12-bit VID may represent 4096 different values. One Ethernet may be divided into a maximum of 4094 VLANs other than VLANs of two reserved values.

(17) Referring to FIG. 1, FIG. 1 is a schematic structural diagram of a system of a cloud computing data center according to an embodiment of the present disclosure. As shown in FIG. 1, the cloud computing data center includes a server 1, a server 2, a server 3, a switch 4, and a cloud management platform 5.

(18) The server 1 includes a computing node 11 and a distributed gateway 12, the server 2 includes a computing node 21 and a distributed gateway 22, and the server 3 includes a computing node 31 and a distributed gateway 32. The computing node may be, for example, a physical host.

(19) It should be noted that, for ease of description, FIG. 1 shows only three servers. However, in a practical application, there may be another quantity of servers. This is not limited in this embodiment of the present disclosure.

(20) In some embodiments of the present disclosure, the distributed gateway may be connected to the computing node by using a peripheral component interconnect express (PCIe) interface. In addition, the distributed gateway may be connected to the switch by using a physical network port.

(21) The switch 4 may be, for example, a top of rack (TOR) switch. For example, the servers 1 to 3 may be disposed on a same rack, and are separately connected to TOR switches located on the top of the rack. In the cloud computing data center, one TOR switch is disposed on one rack, a plurality of blade servers are installed in each rack, and the racks are cross-rack connected by using the TOR switches.

(22) In some embodiments of the present disclosure, the switch 4 has a layer 3 forwarding function. For example, the switch 4 allows a layer 3 packet to pass through ports 41 to 43. The switch 4 further records a correspondence between an IP address in the server 1 and the port 41 connecting the switch 4 and the server 1. When the layer 3 packet is received, and if a destination IP address of the layer 3 packet is the IP address in the server 1, the switch 4 sends the layer 3 packet to the port 41, to implement the layer 3 forwarding function.

(23) Similarly, the switch 4 further records a correspondence between an IP address in the server 2 and the port 42 connecting the switch 4 and the server 2. When the layer 3 packet is received, and if the destination IP address of the layer 3 packet is the IP address in the server 2, the switch 4 sends the layer 3 packet to the port 42.

(24) The IP address in the server 1 includes an IP address of the distributed gateway 12, and the IP address in the server 2 includes an IP address of the distributed gateway 22.

(25) Further, the switch 4 may implement VLAN isolation. For example, the port 41 connecting the switch 4 and the server 1 is set to allow only a VLAN packet whose VLAN ID is 1 to enter the server 1, the port 42 connecting the switch 4 and the server 2 is set to allow only a VLAN packet whose VLAN ID is 2 to enter the server 2, and the port 43 connecting the switch 4 and the server 3 is set to allow only a VLAN packet whose VLAN ID is 3 to enter the server 3. A port 45 connecting the switch 4 and the cloud management platform 5 is set to allow only a VLAN packet whose VLAN ID is 5 to enter the cloud management platform 5.

(26) In some embodiments of the present disclosure, one VLAN is formed inside the server 1, and a VLAN ID of the VLAN is 1. One VLAN is formed inside the server 2, and a VLAN ID of the VLAN is 2. One VLAN is formed inside the server 3, and a VLAN ID of the VLAN is 3. The switch 4 is provided with the port 41, the port 42, the port 43, and the port 45. For example, after receiving the VLAN packet whose VLAN ID is 1, the switch 4 broadcasts the packet to each port, and only the port 41 allows the packet to pass through.

(27) In some embodiments of the present disclosure, the switch 4 is configured to ignore a destination MAC address of a packet, and select, based on only the VLAN ID, to which port the packet is to be sent. In some other examples of the present disclosure, the switch 4 may be configured to select the port based on the destination MAC address of the packet.

(28) In some embodiments of the present disclosure, the cloud management platform 5 may be disposed on one computing node, and is implemented by using software installed on the computing node; or the cloud management platform 5 may be implemented by using a dedicated network device. This is not limited in this embodiment of the present disclosure, and the servers 1 to 3 may communicate with the cloud management platform 5.

(29) Referring to FIG. 2, FIG. 2 is another schematic structural diagram of a system of a cloud computing data center according to an embodiment of the present disclosure. FIG. 2 is a further description of FIG. 1. In addition, for clarity of description, the server 3 in FIG. 1 is omitted in FIG. 2 and only structures of the server 1 and the server 2 are shown in FIG. 2.

(30) As shown in FIG. 2, the computing node 11 includes a first cloud management platform client 111, a virtual machine VM 1, and a virtual machine VM 2. The distributed gateway 12 includes a network adapter controller 121 and a network adapter 122. The network adapter controller 121 includes a second cloud management platform client 1211. The network adapter 122 supports a network adapter passthrough function. The network adapter 122 includes a switching apparatus 1221, a physical network port 1222, a PF 1, a PF 2, a VF 1, and a VF 2.

(31) For example, the switching apparatus 1221 may be implemented by using software, for example, Open vswitch.

(32) In addition, an operating system may run on the computing node 11, and the first cloud management platform client 111 may be installed in the operating system as third-party software. The first cloud management platform client 111 may be, for example, a nova agent component of an openstack, and the nova agent component may communicate with a nova component of the cloud management platform 5. An operating system may also run on the network adapter controller 121, and a second cloud management platform client 1211 may be installed in the operating system as third-party software. The second cloud management platform client 1211 may be, for example, a neutron agent component of the openstack, and the neutron agent component may communicate with a neutron component of the cloud management platform 5. It should be noted that the computing node 11 may be, for example, an X86 platform-based physical server, and the network adapter controller 121 may be, for example, an ARM platform-based intelligent board card based on.

(33) In some embodiments of the present disclosure, the distributed gateway 12 includes the network adapter controller 121 and the network adapter 122 that are connected to each other. The network adapter controller 121 and the network adapter 122 may be connected by using a PCIe interface. The network adapter controller 121 has a better computing capability than the network adapter 122, to implement fast packet processing, for example, cross-network transmission implemented based on a management packet. In addition, the network adapter 122 has the passthrough function. The PF 1 of the network adapter 122 is passed through to the network adapter controller 121, and the network adapter controller 121 is connected to the PF 1 of the network adapter 122. The VF 1 of the network adapter 122 is passed through to the VM 1, and the VM 1 is connected to the VF 1 of the network adapter 122.

(34) Further, the physical network port 1222 is connected to the port 41 of the switch 4. The operating system of the computing node 11 is connected to the PF 2, and the first cloud management platform client 111 running on the operating system of the computing node 11 may be connected to the network adapter 122 by using the PF 2.

(35) The server 2 and the server 1 have a similar structure. For details, refer to FIG. 2. Details are not described herein again.

(36) In addition, in some embodiments of the present disclosure, the first cloud management platform client 111 and a third cloud management platform client 211 pre-record a VLAN ID 5, and communicate with the cloud management platform 5 based on the VLAN ID 5.

(37) In addition, the cloud management platform 5 pre-records a MAC address of a network adapter controller 221 and a MAC address of the network adapter controller 121. The cloud management platform 5 communicates with the network adapter controller 221 based on the MAC address of the network adapter controller 221, and communicates with the network adapter controller 121 based on the MAC address of the network adapter controller 121.

(38) Further, a MAC table of the switching apparatus 1221 records: a VLAN ID 1; a correspondence between a MAC address of the VM 1 and the VF 1; a correspondence between a MAC address of the VM 2 and the VF 2; a correspondence between a MAC address of the computing node 11 and the PF 2; and a correspondence between the MAC address of the network adapter controller 121 and the PF 1.

(39) When the switching apparatus 1221 cannot find a MAC address of a received packet in the local MAC table, the switching apparatus 1221 sends the packet to the PF 1. When determining that a VLAN ID of the packet is not 1, the switching apparatus 1221 sends the packet to the physical network port 1222.

(40) Further, if the switching apparatus 1221 receives the layer 3 packet from the physical network port 1222, the switching apparatus 1221 first forwards the layer 3 packet to the PF 1.

(41) Similarly, a MAC table of the switching apparatus 2221 records: a VLAN ID 2; a correspondence between a MAC address of a VM 3 and a VF 3; a correspondence between a MAC address of a VM 4 and a VF 4; a correspondence between a MAC address of a computing node 21 and a PF 4; and a correspondence between the MAC address of the network adapter controller 221 and a PF 3.

(42) When the switching apparatus 2221 cannot find the MAC address of the received packet in the local MAC table, the switching apparatus 2221 sends the packet to the PF 3. When determining that the VLAN ID of the packet is not 2, the switching apparatus 2221 sends the packet to a physical network port 2222.

(43) Further, if the switching apparatus 2221 receives the layer 3 packet from the physical network port 2222, the switching apparatus 2221 first forwards the layer 3 packet to the PF 3.

(44) In addition, in some embodiments of the present disclosure, the distributed gateway has a function of the network adapter, and an IP address of the distributed gateway may be used as an IP address that is of the computing node connected to the distributed gateway by using a PCIe link and that is exposed to an external network.

(45) Referring to FIG. 3, FIG. 3 is a data interaction diagram of a packet processing method according to an embodiment of the present disclosure. As shown in FIG. 3, the packet processing method includes the following steps.

(46) Step S1: A third cloud management platform client 211 obtains a VLAN ID 2 and a MAC address of a VM 3.

(47) The VLAN ID 2 is an identifier of a VLAN in which the VM 3 is located. A VM 1 and the VM 3 belong to different virtual local area networks, and a VLAN ID of the VM 1 is different from a VLAN ID of the VM 3.

(48) Step S2: The third cloud management platform client 211 sends a first registration packet to a network adapter 222.

(49) The first registration packet may be, for example, a VLAN packet, a VLAN ID of the first registration packet is a VLAN ID 5, and a payload of the first registration packet carries the VLAN ID 2 and the MAC address of the VM 3.

(50) The third cloud management platform client 211 sends the first registration packet to a PF 4 of the network adapter 222. A switching apparatus 2221 of the network adapter 222 obtains the first registration packet from the PF 4, determines that the VLAN ID of the first registration packet is not the VLAN ID 2, and sends the first registration packet to a physical network port 2222.

(51) Step S3: The switching apparatus 2221 sends the first registration packet to a port 42 of a switch 4 by using the physical network port 1222.

(52) Step S4: The switch 4 receives the first registration packet from the port 42, and sends the first registration packet to a port 45 based on the VLAN ID 5 of the first registration packet. A cloud management platform 5 receives the first registration packet from the port 45.

(53) It should be noted that, in some embodiments of the present disclosure, a first cloud management platform client 111 may also obtain a VLAN ID and a MAC address of a virtual machine on a computing node 11 and report the VLAN ID and the MAC address to the cloud management platform 5, which is not limited in the present disclosure.

(54) Step S5: The cloud management platform 5 obtains the VLAN ID 2 and the MAC address of the VM 3 from the payload of the first registration packet, and configures network information of a second VLAN based on the VLAN ID 2 and the MAC address of the VM 3. The network information of the second VLAN includes a first correspondence between the VLAN ID 2 of the second VLAN and the MAC address of the VM 3 located in the second VLAN.

(55) For example, the cloud management platform 5 provides a user interaction interface. A user selects on the user interaction interface and configures the network information of the second VLAN for the computing node 11, so that the network information of the second VLAN is applicable to all virtual machines on the computing node 11.

(56) Step S6: The cloud management platform 5 sends a first management packet to the port 45 of the switch 4.

(57) The first management packet is the VLAN packet, a destination address of the first management packet is a MAC address of a network adapter controller 121, a VLAN ID of the first management packet is 1, and a payload of the first management packet carries the network information of the second VLAN.

(58) Step S7: The switch 4 sends the first management packet to a physical network port 1222 of a network adapter 122 based on the VLAN ID 1 of the first management packet.

(59) Step S8: The network adapter 122 sends the first management packet to the network adapter controller 121.

(60) A switching apparatus 1221 of the network adapter 122 obtains the first management packet from the physical network port 1222, selects a PF 1 based on the destination MAC address of the first management packet, and sends the first management packet to the PF 1. A second cloud management platform client 1211 of the network adapter controller 121 obtains the first management packet from the PF 1.

(61) Step S9: The third cloud management platform client 1211 obtains the network information of the second VLAN from the first management packet, and records the network information of the second VLAN.

(62) In conclusion, the third cloud management platform client 1211 may record the network information of the second VLAN of all the virtual machines configured by the user on the computing node 11, and subsequently, cross-VLAN communication may be implemented by using the network information of the second VLAN.

(63) It should be noted that, in some embodiments of the present disclosure, the first cloud management platform client 111 may also obtain the VLAN ID 1 and a MAC address of the VM 1, and report the VLAN ID 1 and the MAC of the VM 1 as network information of a first VLAN to the cloud management platform 5.

(64) Referring to FIG. 4, FIG. 4 is another data interaction diagram of a packet processing method according to an embodiment of the present disclosure. FIG. 4 is a continuation of FIG. 3. The packet processing method further includes the following steps.

(65) Step S10: The VM 1 sends a first service packet to the network adapter 122.

(66) The first service packet is the VLAN packet, a source MAC address of the first service packet is the MAC address of the VM 1, a destination MAC address of the first service packet is the MAC address of the VM 3, and a payload of the first service packet carries service data. In some embodiments of the present disclosure, before the VM 1 sends the first service packet to the VM 3, the VLAN ID of the VLAN network in which the VM 3 is located is unknown. Therefore, the VM 1 sets a VLAN ID of the first service packet to null, and the VM 1 sends the first service packet to a VF 1.

(67) Step S11: The network adapter 122 forwards the first service packet to the network adapter controller 121.

(68) The network adapter 122 obtains the first service packet from the VF 1, determines that the destination MAC address of the first service packet, namely, the MAC address of the VM 3, is not locally, and forwards the first service packet to the PF 1.

(69) Step S12: The network adapter controller 121 modifies the first service packet based on the network information of the second VLAN.

(70) The third cloud management platform client 1211 may obtain the first service packet from the PF 1, obtain the VLAN ID 2 from the network information of the second VLAN based on the destination MAC address of the first service packet, and set the VLAN ID of the first service packet to the VLAN ID 2. Therefore, a second service packet that carries the VLAN ID 2 is generated, and a payload of the second service packet carries the service data.

(71) The port 42 connecting the switch 4 and a server 2 allows only a packet with the VLAN ID 2 to pass through. If the first service packet is directly sent to the switch 4, the switch 4 determines that the VLAN ID carried in the first service packet is null, and broadcasts the first service packet to all ports of the switch 4. Because the port 42 allows only the packet with the VLAN ID 2 to pass through, the port 42 does not send the first service packet to the server 2.

(72) Therefore, the third cloud management platform client 1211 in some embodiments of the present disclosure modifies the first service packet to the second service packet, to ensure that the switch 4 can send the second service packet to the server 2 by using the port 42.

(73) Step S13: The network adapter controller 121 sends the second service packet to the network adapter 122.

(74) The network adapter controller 121 sends the second service packet to the PF 1, and the switching apparatus 1221 of the network adapter 122 obtains the second service packet from the PF 1.

(75) Step S14: The network adapter 122 sends the second service packet to the switch 4.

(76) The switching apparatus 1221 of the network adapter 122 determines that a VLAN ID of the second service packet is not 1, and sends the second service packet to the physical network port 1222.

(77) Step S15: The switch 4 receives the second service packet from a port 41, and forwards the second service packet to the network adapter 222.

(78) The switch 4 sends the second service packet to the port 42 based on the VLAN ID 2 of the second service packet, so that the second service packet reaches a physical network port 2222.

(79) Step S16: The network adapter 222 forwards the second service packet to the VM 3.

(80) The switching apparatus 2221 of the network adapter 222 obtains the second service packet from the physical network port 2222, selects a VF 3 based on a destination MAC address of the second service packet, and sends the second service packet to the VF 3. The VM 3 obtains the second service packet from the VF 3. The VM 3 may obtain the service data from the payload of the second service packet, to perform service processing based on the service data.

(81) Because a distributed gateway 12 modifies the first service packet to the second service packet configured with the VLAN ID 2, the second service packet may be successfully transmitted to the server 2 by using the switch 4, thereby implementing cross-VLAN communication.

(82) The foregoing embodiments show a process in which the distributed gateway implements cross-VLAN packet transmission. It should be noted that, in the embodiments of the present disclosure, the distributed gateway may also implement encapsulation of an overlay packet, to implement large layer 2 cross-network communication. For details, refer to FIG. 5. FIG. 5 is another data interaction diagram of a packet processing method according to an embodiment of the present disclosure.

(83) As shown in FIG. 5, the packet processing method includes the following steps.

(84) Step S17: A third cloud management platform client 211 obtains a MAC address of a VM 3.

(85) Step S18: The third cloud management platform client 211 obtains an IP address of a network adapter controller 221.

(86) It should be noted that, in some embodiments of the present disclosure, the IP address of the network adapter controller 221 may be used as external IP addresses of a distributed gateway 22 and a computing node.

(87) Step S19: The third cloud management platform client 211 generates a second registration packet, and sends the second registration packet to a network adapter 222.

(88) The second registration packet is a VLAN packet, a payload of the second registration packet carries the MAC address of the VM 3 and an IP address of the distributed gateway 12, and a VLAN ID of the second registration packet is 5.

(89) The third cloud management platform client 211 sends the second registration packet to a PF 4.

(90) Step S20: The network adapter 222 sends a second registration packet to a switch 4.

(91) A switching apparatus 2221 of the network adapter 222 obtains the second registration packet from the PF 4, determines that the VLAN ID of the second registration packet is not 2, and sends the second registration packet to a physical network port 2222.

(92) Step S21: The switch 4 forwards the second registration packet to a cloud management platform 5 based on the VLAN ID 5 of the second registration packet.

(93) The switch 4 receives the second registration packet from a port 42 connecting the switch 4 and the physical network port 2222, and sends the second registration packet to a port 45 based on the VLAN ID 5 of the second registration packet. The cloud management platform 5 receives the second registration packet from the port 45.

(94) It should be noted that, in some embodiments of the present disclosure, a first cloud management platform client 111 may also obtain a MAC address of a virtual machine on a computing node 21 and an IP address of the computing node 21, and report the MAC address and the IP address to the cloud management platform 5, which is not limited in this embodiment of the present disclosure.

(95) Step S22: The cloud management platform 5 receives the second registration packet, obtains the MAC address of the VM 3 and the IP address of the computing node 21 from the second registration packet, and configures network information of a second VLAN. The network information of the second VLAN includes a correspondence between the MAC address of the VM 3 and the IP address of the computing node 21.

(96) Optionally, a user may configure the network information of the second VLAN for the computing node 11 by using the cloud management platform 5.

(97) Step S23: The cloud management platform 5 generates a second management packet, and sends the second management packet to the switch 4.

(98) The second management packet may be the VLAN packet, a destination MAC address of the second management packet is a MAC address of a network adapter controller 121, a VLAN ID carried in the second management packet is 1. The MAC address and the VLAN ID may be defined by the user. If the user wants to perform forwarding configuration on all virtual machines on the computing node 11, the MAC address of the network adapter controller 121 that is connected to the computing node 11 and a VLAN ID 2 that is allowed to pass through a port 41 of the switch 4 may be selected by using the cloud management platform 5.

(99) Step S24: The switch 4 sends the second management packet to a network adapter 122.

(100) The switch 4 sends the second management packet to the port 41 based on the VLAN ID 1 of the second management packet, and the port 41 allows the second management packet to enter a physical network port 1222 of the network adapter 122.

(101) Step S25: The network adapter 122 sends the second management packet to the network adapter controller 121.

(102) A switching apparatus 1221 of the network adapter 122 obtains the second management packet from the physical network port 1222, selects a PF 1 based on the destination MAC address of the second management packet, and sends the second management packet to the PF 1.

(103) Step S26: The network adapter controller 121 obtains the network information of the second VLAN from the second management packet, and records the network information of the second VLAN.

(104) A third cloud management platform client 1211 of the network adapter controller 121 obtains the second management packet from the PF 1, obtains the network information of the second VLAN carried in the second management packet, and records the network information of the second VLAN.

(105) It should be noted that, in some embodiments of the present disclosure, the first cloud management platform client 111 may also obtain a MAC address of a VM 1 and an IP address of the computing node 11, and report the MAC address of the VM 1 and the IP address of the computing node 11 as network information of a first VLAN to the cloud management platform 5.

(106) Referring to FIG. 6, FIG. 6 is another data interaction diagram of a packet processing method according to an embodiment of the present disclosure. FIG. 6 is a continuation of FIG. 5. Following FIG. 5, the packet processing method further includes the following steps.

(107) Step S27: The VM 1 sends a third service packet to the network adapter 122.

(108) The third service packet is the VLAN packet, a source MAC address of the third service packet is the MAC address of the VM 1, a destination MAC address of the third service packet is the MAC address of the VM 3, and a payload of the third service packet carries service data. The VM 1 does not know a VLAN ID of a VLAN network in which the VM 3 is located, a VLAN ID of the third service packet is null, and the VM 1 sends the third service packet to a VF 1.

(109) Step S28: The network adapter 122 forwards the third service packet to the network adapter controller 121.

(110) The network adapter 122 obtains the third service packet from the VF 1, determines that the MAC address of the VM 3 is not locally, and forwards the third service packet to the PF 1.

(111) Step S29: The network adapter controller 121 modifies the third service packet based on the network information of the second VLAN.

(112) The third cloud management platform client 1211 obtains the third service packet from the PF 1, obtains an IP address of the distributed gateway 12 from the network information of the second VLAN based on the destination MAC address of the third service packet, and encapsulates the third service packet into an overlay packet. A destination IP address of the overlay packet is the IP address of the computing node 21, and a destination MAC address of the overlay packet is a MAC address of a next-hop device of the computing node 21. The overlay packet carries the third service packet.

(113) For example, the overlay packet may be a VXLAN packet.

(114) Step S30: The network adapter controller 121 sends the overlay packet to the network adapter 122.

(115) The third cloud management platform client 1211 of the network adapter controller 121 sends the overlay packet to the PF 1, and the switching apparatus 1221 of the network adapter 122 obtains the overlay packet from the PF 1.

(116) Step S31: The network adapter 122 sends the overlay packet to the switch 4.

(117) The switching apparatus 1221 of the network adapter 122 determines that the destination MAC address of the overlay packet is not locally, and sends the overlay packet to the physical network port 1222, so that the overlay packet reaches the switch 4.

(118) Step S32: The switch 4 receives the overlay packet from the port 41, and forwards the overlay packet to the network adapter 222.

(119) The switch 4 sends the overlay packet to the port 42 based on the destination IP address of the overlay packet, and the switching apparatus 2221 obtains the overlay packet from a physical port 2222.

(120) Step S33: The network adapter 222 forwards the overlay packet to a network adapter controller 221.

(121) The switching apparatus 2221 of the network adapter 222 obtains the overlay packet from the physical network port 2222, selects a PF 3 based on the destination IP address of the overlay packet, and sends the overlay packet to the PF 3.

(122) Step S34: The network adapter controller 221 decapsulates the overlay packet to obtain the third service packet carried in the overlay packet.

(123) A fourth cloud management platform client 2211 of the network adapter controller 221 obtains the overlay packet from the PF 3, and decapsulates the overlay packet to obtain the third service packet carried in the overlay packet.

(124) Step S35: The network adapter controller 221 sends the third service packet to the network adapter 222.

(125) The fourth cloud management platform client 2211 of the network adapter controller 221 sends the third service packet to the PF 3.

(126) Step S36: The network adapter 222 sends the third service packet to the VM 3.

(127) The switching apparatus 2221 of the network adapter 222 obtains the third service packet from the PF 3, selects a VF 3 based on the destination MAC address of the third service packet, and sends the third service packet to the VF 3. The VM 3 obtains the third service packet from the VF 3, obtains the service data from the payload of the third service packet, and performs service processing based on the service data.

(128) Because a distributed gateway 12 modifies the third service packet to the overlay packet, the overlay packet may be successfully transmitted to a server 2 by using the switch 4, to implement cross-VLAN communication.

(129) In conclusion, when a local distributed gateway of a server is faulty, only a local VM of the server is affected. Being configured with distributed gateways, other servers are not affected. A network is not affected by a single faulty distributed gateway.

(130) In some embodiments of the present disclosure, the distributed gateway 12 of a server 1 is implemented by using the network adapter controller 121 and the network adapter 122. The network adapter controller 121, the network adapter 122, and the computing node 11 may be connected to each other by using a PCIe link. For details, refer to FIG. 7. FIG. 7 is a schematic structural diagram of hardware of a server 1 according to an embodiment of the present disclosure.

(131) As shown in FIG. 7, a PCIe interface 1103 of a computing node 11 is connected to a PCIe interface 12103 of a network adapter controller 121, to form a PCIe link. A PCIe interface 1104 of the computing node 11 is connected to a PCIe interface 12203 of a network adapter 122, to form the PCIe link. A PCIe interface 12104 of the network adapter controller 121 is connected to a PCIe interface 12204 of the network adapter 122, to form the PCIe link.

(132) The computing node 11 may supply power to the network adapter controller 121 by using the PCIe interface 1103, and supply power to the network adapter 122 by using the PCIe interface 1104. The network adapter 122 may provide a passthrough function for the computing node 11 by using the PCIe link on which the PCIe interface 12203 is located. The network adapter 122 may further provide the passthrough function by using the PCIe link on which the PCIe interface 12204 is located. A processor 1101 may be one or more processors of an X86 architecture with a powerful computing capability, a processor 12101 may be a processor of an ARM architecture with a relatively strong computing capability, and a processor 12201 may be a processor with a common computing capability.

(133) A distributed gateway 22 also has a similar structure, and details are not described herein.

(134) It should be noted that, in some other examples of the present disclosure, a distributed gateway may also be independently implemented by using a smart network adapter, for example, a physical network port and a switching apparatus are integrated into a network adapter controller, which is not limited in this embodiment of the present disclosure.

(135) Referring to FIG. 8, FIG. 8 is a schematic structural diagram of an apparatus of a distributed gateway according to an embodiment of the present disclosure.

(136) As shown in FIG. 8, the distributed gateway includes: a receiving module 411, configured to receive a management packet sent by a cloud management platform, where the management packet carries network information of a second VLAN; a recording module 413, configured to record the network information of the second VLAN, where the receiving module 411 is further configured to receive a first service packet that carries service data and that is sent by a first virtual machine to a second virtual machine, and the second virtual machine is located in the second VLAN; a conversion module 414, configured to modify the first service packet based on the network information of the second VLAN to generate a second service packet that can reach the second VLAN, where the second service packet carries the service data; and a sending module 412, configured to send the second service packet to a switch. A function of each functional module is also described in the embodiments shown in FIG. 1 to FIG. 6, and details are not described herein again.

(137) Referring to FIG. 9, FIG. 9 is another schematic structural diagram of an apparatus of a distributed gateway according to an embodiment of the present disclosure.

(138) As shown in FIG. 9, the distributed gateway may include a processing unit 421 and a communications interface 422. The processing unit 421 is configured to execute functions defined by an operating system running on a physical server and various software programs. For example, implementing a function of a virtual switch. The communications interface 422 is configured to communicate and interact with another computing node. Another device may be another physical server. The communications interface 422 may be a network adapter. Optionally, the physical server may further include an input/output interface 423. The input/output interface 423 is connected to an input/output device, and the input/output interface 423 is configured to receive input information and output an operation result. The input/output interface 423 may be a mouse, a keyboard, a display, a CD-ROM drive, or the like. Optionally, the physical server may further include a secondary memory 424, which is generally referred to as an external memory. A storage medium of the secondary memory 424 may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, an optical disc), a semiconductor medium (for example, a solid-state drive), or the like. The processing unit 421 may have a plurality of implementation forms. For example, the processing unit 421 may include a processor 4212 and a memory 4211. The processor 4212 performs, based on a program instruction stored in the memory 4211, related operations of the distributed gateway 12 or the distributed gateway 22 in the embodiments shown in FIG. 2 to FIG. 4. The processor 4212 may be a central processing unit (CPU) or a graphics processing unit (GPU). The processor 4212 may be a single-core processor or a multi-core processor. The processing unit 421 may also be independently implemented by using a logic device with built-in processing logic, for example, a field programmable gate array (FPGA) or a digital signal processor (DSP).

(139) It may be clearly understood by a person skilled in the art that, for the purpose of convenient and brief description, for a detailed working process of the foregoing system, apparatus, and unit, refer to a corresponding process in the foregoing method embodiments, and details are not described herein again.

(140) Further, in another embodiment of the present disclosure, a container may be used to replace a virtual machine. This is not limited in this embodiment of the present disclosure.

(141) It should be noted that any apparatus embodiment described above is merely exemplary. The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on a plurality of network units. Some or all of the processes may be selected based on actual requirements to achieve the objectives of the solutions of the embodiments. In addition, in the accompanying drawings of the apparatus embodiments provided by the present disclosure, connection relationships between processes indicate that the modules have communication connections with each other, which may be implemented as one or more communications buses or signal cables. A person of ordinary skill in the art may understand and implement the embodiments of the present disclosure without creative efforts.

(142) Based on the description of the foregoing implementations, the person skilled in the art may clearly understand that the present disclosure may be implemented by software in addition to necessary universal hardware, or by dedicated hardware, including a dedicated integrated circuit, a dedicated CPU, a dedicated memory, a dedicated component, and the like. Generally, any functions that can be performed by a computer program can be easily implemented by using corresponding hardware. Moreover, a hardware structure used to achieve a same function may be of various forms, for example, in a form of an analog circuit, a digital circuit, a dedicated circuit, or the like. However, as for the present disclosure, software program implementation is a better implementation in most cases. Based on such an understanding, the technical solutions of the present disclosure essentially or the part contributing to the prior art may be implemented in a form of a software product. The software product is stored in a readable storage medium, such as a floppy disk, a USB flash drive, a removable hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disc of a computer, and includes several instructions for instructing a computer device (which may be a personal computer, a host, a network device, and the like) to perform the methods described in the embodiments of the present disclosure.

(143) It may be clearly understood by the person skilled in the art that, for the detailed working process of the foregoing system, apparatus, and unit, refer to the corresponding process in the foregoing method embodiments, and details are not described herein again.

(144) The foregoing descriptions are merely implementations, but are not intended to limit the protection scope of the inventions disclosure herein. Any variation or replacement readily figured out by the person skilled in the art within the technical scope disclosed in the present disclosure shall fall within the protection scope of the claimed inventions. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Cloud computing data center system, gateway, server, and packet processing method

Assignee

Inventors

Cpc classification

Classification Explorer

H04L12/4637

ELECTRICITY

Classification Explorer

G06F2009/45595

PHYSICS

Classification Explorer

H04L47/2408

ELECTRICITY

Classification Explorer

H04L12/4679

ELECTRICITY

Classification Explorer

H04L45/66

ELECTRICITY

Classification Explorer

G06F2009/45579

PHYSICS

Classification Explorer

H04L45/745

ELECTRICITY

Classification Explorer

G06F9/45558

PHYSICS

International classification

Classification Explorer

H04L47/24

ELECTRICITY

Classification Explorer

G06F9/455

PHYSICS

Classification Explorer

H04L12/46

ELECTRICITY

Classification Explorer

H04L45/00

ELECTRICITY

Classification Explorer

H04L45/745

ELECTRICITY

Classification Explorer

H04L47/2408

ELECTRICITY

Abstract

Claims

Description