(19)
(11)EP 2 589 188 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
22.04.2020 Bulletin 2020/17

(21)Application number: 11730840.3

(22)Date of filing:  29.06.2011
(51)International Patent Classification (IPC): 
H04L 29/12(2006.01)
H04L 12/721(2013.01)
H04L 12/46(2006.01)
(86)International application number:
PCT/US2011/042467
(87)International publication number:
WO 2012/006198 (12.01.2012 Gazette  2012/02)

(54)

ASYMMETRIC NETWORK ADDRESS ENCAPSULATION

ASYMMETRISCHE NETZWERKADRESSENVERKAPSELUNG

ENCAPSULATION D'ADRESSE DE RÉSEAU ASYMÉTRIQUE


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(30)Priority: 07.03.2011 US 201161449918 P
08.11.2010 US 411324 P
17.08.2010 US 374514 P
29.06.2010 US 359736 P

(43)Date of publication of application:
08.05.2013 Bulletin 2013/19

(73)Proprietor: Huawei Technologies Co., Ltd.
Longgang District Shenzhen, Guangdong 518129 (CN)

(72)Inventors:
  • DUNBAR, Linda
    Plano Texas 75025 (US)
  • YIN, Guoli
    Ottawa Ontario K2G 6T6 (CA)
  • XIONG, Yijun
    Shenzen, Guangdong 518129 (CN)

(74)Representative: Gill Jennings & Every LLP 
The Broadgate Tower 20 Primrose Street
London EC2A 2ES
London EC2A 2ES (GB)


(56)References cited: : 
EP-A1- 2 489 172
  
  • ALBERT GREENBERG ET AL: "Towards a Next Generation Data Center Architecture: Scalability and Commoditization", SIGCOMM '08 : PROCEEDINGS OF THE 2008 SIGCOMM CONFERENCE AND CO-LOCATED WORKSHOPS NSDR'08, WOSN'08, MOBIARCH'08, NETECON'08, & PRESTO'08 ; SEATTLE, WA, USA, AUGUST 17 - 22, 2008, NEW YORK, NY : ACM, 17 August 2008 (2008-08-17), pages 57-62, XP007917545, ISBN: 978-1-60558-181-1
  • RADIA PERLMAN INTEL LABS DONALD EASTLAKE 3RD STELLAR SWITCHES DINESH G DUTT SILVANO GAI CISCO SYSTEMS ANOOP GHANWANI BROCADE: "RBridges: Base Protocol Specification; draft-ietf-trill-rbridge-protocol-16.txt", RBRIDGES: BASE PROTOCOL SPECIFICATION; DRAFT-IETF-TRILL-RBRIDGE-PROTOCOL-16.TXT, INTERNET ENGINEERING TASK FORCE, IETF; STANDARDWORKINGDRAFT, INTERNET SOCIETY (ISOC) 4, RUE DES FALAISES CH- 1205 GENEVA, SWITZERLAND, no. 16, 5 March 2010 (2010-03-05), pages 1-117, XP015067710, [retrieved on 2010-03-05]
  • "IEEE Standard for Local and metropolitan area networks Virtual Bridged Local Area Networks Amendment 7: Provider Backbone Bridges;IEEE Std 802.1ah-2008 (Amendment to IEEE Std 802.1Q-2005)", IEEE STANDARD, IEEE, PISCATAWAY, NJ, USA, 14 August 2008 (2008-08-14), pages C1-109, XP017602038, ISBN: 978-0-7381-5762-7
  
Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


Description

BACKGROUND



[0001] Modern communications and data networks are comprised of nodes that transport data through the network. The nodes may include routers, switches, bridges, or combinations thereof that transport the individual data packets or frames through the network. Some networks may offer data services that forward data frames from one node to another node across the network without using pre-configured routes on intermediate nodes. Other networks may forward the data frames from one node to another node across the network along pre-configured or pre-established paths.

SUMMARY



[0002] Aspects of the invention are provided in the claims.

BRIEF DESCRIPTION OF THE DRAWINGS



[0003] For a more complete understanding of this disclosure, reference is now made to the following brief description, taken in connection with the accompanying drawings and detailed description, wherein like reference numerals represent like parts.

FIG. 23 is a schematic diagram of an embodiment of a physical server.

FIG. 24 is a schematic diagram of an embodiment of an asymmetric network address encapsulation scheme.

FIG. 25 is a schematic diagram of an embodiment of an ARP processing scheme.

FIG. 26 is a schematic diagram of an embodiment of an extended ARP payload.


DETAILED DESCRIPTION



[0004] With server virtualization, a physical server may host more VMs, e.g., tens to hundreds of virtual end-stations or VMs. This may result in a substantial increase in the number of virtual hosts in a DC. For example, for a relatively large DC with about 50,000 severs, which may each support up to about 128 VMs, the total number of VMs in the DC may be equal to about 50,000x128 or about 6,400,000 VMs. To achieve dynamic allocation of resources across such large server pool, Ethernet-based Layer 2 networks may be used in DCs. Such a large Layer 2 network with potentially a substantial number of virtual hosts may pose new challenges to the underlying Ethernet technology. For instance, one issue may be MAC forwarding table scalability due to the flat MAC address space. Another issue may be handling a broadcast storm caused by ARP and other broadcast traffic.

[0005] One approach to reduce the size of the MAC forwarding table, also referred to herein as a FDB, in the core of the network may be using network address encapsulation, e.g., according to IEEE 802.1ah and TRILL. The network address encapsulations of 802.1ah and TRILL are described in IEEE P802.1ah/D4.2 standard and IETF draft draft-ietf-trill-rbridge-protol-12-txt, respectively, both of which are incorporated herein by reference. With network address encapsulation, the number of FDB entries in core switches may be reduced to the total number of switches (including edge and core) in the network, independent of the number of VMs. For example, with about 20 servers per edge switch, the number of edge switches in a network of about 50,000 servers may be equal to about 50,000/20 or about 2,500. However, with data path MAC address learning, the FDB size of edge switches (e.g., ToR switches in DCs) may be about the same as when network address encapsulation is not used, which may be substantially large.

[0006] Even with selective MAC learning at ToR switches, the FDB size may still be substantially large. For example, if a ToR switch has about 40 downstream ports, a pair of ToR switches may have up to about 40 dual-homed servers connected to the ToR switches. If a server supports up to about 128 VMs, a ToR switch may have about 128x40/2 or about 2,560 VMs connected to the ToR switch in normal operation, e.g., when the TOR switches handle about the same number of VMs. The number of VMs may increase to about 5,120 if one ToR switch fails. If each VM communicates on average with about 10 remote VMs simultaneously, the ToR switch FDB size (e.g., number of entries) may be at least proportional to about 2,560 (local VMs) + 2,560x10 (remote VMs) + 2,500 (ToR switches) or about 30,660 entries, which may be further doubled in the failure scenario.

[0007] The network address encapsulations in 802.1ah and TRILL may be symmetric. Specifically, the same switches, such as edge switches, may perform the address encapsulation. The problem with the symmetric network address encapsulations in 802.1ah and TRIL is that an edge switch needs to keep track of the remote VMs that communicate with local VMs. The number of the remote VMs may vary substantially. One solution proposed by A. Greenberg et al. in a paper entitled "Towards a Next Generation Data Center Architecture: Scalability and Commoditization", published in PRESTO 08, is to move the network address encapsulation procedure inside the VMs, thus reducing the switch FDB size to its minimum, which may be equal to the sum of the number of local VMs and the number of edge switches in the network (e.g., equal to about 2,560 + 2,500 or about 5,060 entries in the above example). A drawback of this approach is the change of guest operation system (OS) protocol stack.

[0008] Instead, moving the network address encapsulation to a virtual switch of a physical server (e.g., inside a hypervisor) may reduce the edge switch FDB size and avoid changing the guest OS protocol stack, as described further below. Such a network address encapsulation is referred to herein as asymmetric network address encapsulation since address decapsulation is still done elsewhere in edge switches. This mechanism of asymmetric network address encapsulation may reduce the amount of addresses maintained in the FDBs of intermediate/edge switches or routers.

[0009] The asymmetric network address encapsulation scheme is implemented in a Layer 2 network that comprises edge and core switches, such as in the different network embodiments described above. For instance, the edge switches may correspond to ToR switches in DCs. Each edge switch is assigned a unique ID, which is a MAC address (as in 802.1ab). The network is configured to forward a frame based on the destination edge switch ID carried in the header of the frame from an ingress edge switch to the egress edge switch. The frame may be forwarded inside the network using any transport technology. The asymmetric network address encapsulation scheme may be similar to the address encapsulation scheme in 802.1ah, also referred as MAC-in-MAC. MAC learning may be disabled in the network but enabled on the edge switch server facing ports. The terms server, end-station, and host may be used interchangeably herein. The terms virtual server, VM, virtual end-station, and virtual host may also be used interchangeably herein.

[0010] In MAC-in-MAC, there are two types of MAC addresses: the MAC addresses assigned to edge switches, also referred to as network addresses or backbone MAC (B-MAC) addresses, and the MAC addresses used by VMs, also referred to as customer MAC (C-MAC) addresses. FIG. 23 illustrates an embodiment of a typical physical server 2300, which may be a dual-homed server in a DC. The physical server 2300 comprises a virtual switch 2310, a plurality of VMs 2340, and a plurality of physical Network Interface Cards (pNICs) 2350. The virtual switch 2310 comprises an ARP proxy 2330 and a FDB 2320, which comprises a local FDB 2322 and a remote FDB 2324. The virtual switch 2310 may be located inside a hypervisor of the physical server 2300. The virtual switch 2310 is connected to the VMs via a plurality of corresponding virtual Network Interface Cards (NICs) 2342 of the VMs 2340 and a plurality of corresponding virtual switch ports 2312 of the virtual switch 2310. The virtual switch 2310 is connected to the pNICs 2312 via a plurality of corresponding virtual switch trunk ports 2314 of the virtual switch 2310. The pNICs 2350 may serve as uplinks or trunks for the virtual switch 2310. The physical server 2300 is connected to a plurality of edge switches 2360 via corresponding pNICs 2350 of the physical server 2300. Thus, the edge switches 2360 is connected via the components of the physical server 2300 (the pNICs 2350 and the virtual switch 2310) to the VMs 2340. The components of the physical server 2300 may be arranged as shown in FIG 23.

[0011] For load balancing, traffic may be distributed to the trunks (pNICs 2350) based on the virtual port IDs or VM source C-MAC addresses of the traffic. Each VM 2340 has a virtual NIC 2342 with a uniquely assigned C-MAC address. A VM 2340 may send traffic to an edge switch 2360 during normal operation. For example, a first VM 2340 (VM1) may send a plurality of frames intended to external VMs in other physical servers in the network (not shown) via a corresponding first edge switch 2350 (edge switch X). A second edge switch 2360 (edge switch R) may be a backup for edge switch X. When edge switch X becomes unreachable due to a failure (e.g., the corresponding pNIC 2350 fails, the link between the pNIC 2350 and edge switch X fails, or edge switch X fails), the virtual switch 2310 may then send the frames to edge switch R.

[0012] In the FDB 2320, the local FDB 2322 corresponds to the local VMs (VMs 2340) and comprises a plurality of C-MAC destination addresses (C-MAC DAs), a plurality of VLAN IDs, and a plurality of associated virtual switch port IDs. The C-MAC DAs and VLAN IDs are used to look up the local FDB 2322 to obtain the corresponding virtual switch port IDs. The remote FDB 2324 corresponds to external VMs (in other physical servers) and comprises a plurality of B-MAC destination addresses (B-MAC DAs) and a plurality of C-MAC DAs associated with the B-MAC DAs. The C-MAC DAs are used to look up the remote FDB 2324 by the local VMs to obtain the corresponding B-MAC DAs. The remote FDB 2324 may be populated by the ARP proxy 2330, as described below.

[0013] Based on the asymmetric address encapsulation, an Ethernet frame from a VM 2340 may be untagged or tagged. If the frame is untagged, the VLAN ID assigned to the corresponding virtual switch port 2312 may be used. In the upstream direction from the VM 2340 to an edge switch 2360, the virtual switch 2310 performs the following steps after receiving an Ethernet frame from the VM 2340:

Step 1: Use C-MAC DA and VLAN ID in the table lookup of the local FDB 2322. If a match is found, forward the frame to the virtual switch port 2312 that is specified in the matched FDB entry (by the virtual switch port ID). Else, go to step 2.

Step 2: Use C-MAC DA in the table lookup of the remote FDB 2324. If a match is found, perform a MAC-in-MAC encapsulation based asymmetric network address encapsulation (described below) and forward the frame to the virtual switch trunk port 2314 that is associated with the C-MAC SA in the frame. Else, go to step 3.

Step 3: Discard the frame and send an enhanced ARP request to an ARP server in the network (not shown).



[0014] FIG. 24 illustrates an embodiment of an asymmetric network address encapsulation scheme 2400 that may be used in the physical server. Based on the asymmetric network address encapsulation scheme 2400, a VM 2402 sends in the upstream direction, a frame intended to another external or remote VM in another physical server in the network (not shown). The frame comprises a C-MAC DA (B) 2410 of the remote VM, a C-MAC SA (A) 2412 of the VM 2402, a C-VLAN ID 2414 for the VLAN of the VM 2402, data or payload 2416, and a Frame Check Sequence (FCS) 2418. The VM 2402 sends the frame to a virtual switch 2404.

[0015] The virtual switch 2404 (in the same physical server) receives the frame from the VM 2402. The virtual switch 2404 processes the frame and add a header to the frame to obtain a MAC-in-MAC frame. The header comprises a B-MAC DA (Y) 2420, a B-MAC SA (0) 2422, a B-VLAN ID 2424, and an Instance Service ID (I-SID) 2426. The B-MAC address (Y) is associated with the C-MAC DA (B) 2410 in an edge switch 2406. The B-MAC address(Y) indicates the location of the remote VM that has the C-MAC address (B). The B-MAC SA 2422 may be set to zero by the virtual switch 2404. The B-VLAN ID 2424 is set to the C-VLAN ID 2414. The I-SID 2426 may be optional and may not be used in the header if the Ethernet frame is only sent to the C-MAC DA (B). The virtual switch 2404 then sends the MAC-in-MAC frame to the edge switch 2406.

[0016] The edge switch 2406 (connected to the physical server) receives the MAC-in-MAC frame from the virtual switch 2404. The edge switch 2406 processes the header of the MAC-in-MAC frame to obtain a new header in the MAC-in-MAC frame. The new header comprises a B-MAC DA (Y) 2440, a B-MAC SA (X) 2442, a B-VLAN ID 2444, and an I-SID 2446. The B-MAC SA (X) 2442 is set to the B-MAC address (X) of the edge switch 2406. The B-VLAN ID 2444 may be changed if necessary to match a VLAN in the network. The remaining fields of the header may not be changed. The edge switch 2406 then forwards the new MAC-in-MAC frame based on the B-MAC DA (Y) 2442 and possibly the B-VAN ID 2444 via the network core 2408, e.g., a core network or a network core district.

[0017] In the downstream direction, the edge switch 2406 receives a MAC-in-MAC frame from the network core 2408 and performs a frame decapsulation. The MAC-in-MAC comprises a header and an original frame sent from the remote VM to the VM 2402. The header comprises a B-MAC DA (X) 2460 for the edge switch 2406, a B-MAC SA (Y) 2462 that corresponds to remote VM and the edge switch 2406, a B-VLAN ID 2464 of the VLAN of the remote VM, and an I-SID 2466. The original frame of the remote VM comprises a C-MAC DA (A) 2470 for the VM 2402, a C-MAC SA (B) 2472 of the remote VM, a C-VLAN ID 2474 associated with the VM 2402, data or payload 2476, and a FCS 2478. The edge switch 2406 removes the header from the MAC-in-MAC frame and forwards the remaining original frame to the virtual switch 2404. The edge switch 2406 looks up its forwarding table using C-MAC DA (A) 2470 and C-VLAN ID 2474 to get an outgoing switch port ID and forward the original frame out on the physical server facing or connected to the corresponding switch port. In turn, the virtual switch 2404 forwards the original frame to the VM 2402. The virtual switch 2404 rewards the original frame to the VM 2402 based on the C-MAC DA (A) 2470 and the C-VLAN ID 2474.

[0018] The forwarding tables in the edge switch 2406 may include a local FDB and a remote FDB. The local FDB may be used for forwarding frames for local VMs and may be populated via MAC learning and indexed by the C-MAC DA and C-VLAN ID in the received frame. The remote FDB may be used for forwarding frames to remote VMs and may be populated by a routing protocol or a centralized control/management plane and indexed by the B-MAC DA and possibly the B-VLAN ID in the received frame.

[0019] In the asymmetric address encapsulation scheme 2400, the MAC-in-MAC encapsulation is performed at the virtual switch 2404, while the MAC-in-MAC de-capsulation is performed at the edge switch 2406. As such, the FDB size in the edge switches may be substantially reduced and become more manageable even for a substantially large Layer 2 network, e.g., in a mega DC. The remote FDB size in the virtual switch 2404 may depend on the number of remote VMs in communication with the local VMs, e.g., the VM 2402. For example, if a virtual switch supports about 128 local VMs and each local VM on average communicates with about 10 remote VMs concurrently, the remote FDB may comprise about 128x10 or about 1,289 entries.

[0020] FIG. 25 illustrates an embodiment of an ARP processing scheme 2500 that may be used in the physical server 2300. Based on the ARP processing scheme 2500, a VM 2502 may broadcast an ARP request for a remote VM. The ARP request may comprise a C-MAC DA (BC) 2510 that indicates a broadcast message, a C-MAC SA (A) 2512 of the VM 2502, a C-VLAN ID 2514 for the VLAN of the VM 2502, ARP payload 2516, and a FCS 2518.

[0021] A virtual switch 2504 (in the same physical server), which may be configured to intercept all ARP messages from local VMs, may intercept the ARP request for a remote VM. An ARP proxy in the virtual switch 2504 may process the ARP request and add a header to the frame to obtain a unicast extended ARP (ERAP) message. The frame may be encapsulated using MAC-in-MAC, e.g., similar to the asymmetric network address encapsulation scheme 2400. The header may comprise a B-MAC DA 2520, a B-MAC SA (0) 2522, a B-VLAN ID 2524, and an I-SID 2526. The B-MAC DA 2520 may be associated with an ARP server 2508 in the network. The B-VLAN ID 2524 may be set to the C-VLAN ID 2514. The I-SID 2526 may be optional and may not be used. The EARP message may also comprise a C-MAC DA (Z) 2528, a C-MAC SA (A) 2530, a C-VLAN ID 2532, an EARP payload 2534, and a FCS 2536. The ARP proxy may replace the C-MAC DA (BC) 2510 and the ARP payload 2516 in the received frame with the C-MAC DA (Z) 2528 for the remote VM and the EARP payload 2534, respectively, in the EARP message. The virtual switch 2504 may then send the EARP message to the edge switch 2506.

[0022] The edge switch 2506 may process the header in the EARP message to obtain a new header. The new header may comprise a B-MAC DA (Y) 2540, a B-MAC SA (X) 2542, a B-VLAN ID 2544, and an I-SID 2546. The B-MAC SA (X) 2542 may be set to the B-MAC address (X) of the edge switch 2506. The B-VLAN ID 2544 may be changed if necessary to match a VLAN in the network. The remaining fields of the header may not be changed. The edge switch 2506 may then forward the new EARP message to the ARP server 2508 in the network.

[0023] The ARP server 2508 may process the received EARP message and return an EARP reply to the edge switch 2506. The EARP reply may comprise a header and an ARP frame. The header may comprise a B-MC DA (X) 2560 for the edge switch 2506, a B-MAS SA 2562 of the ARP server 2508, a B-VLAN ID 2564, and an I-SID 2566. The ARP frame may comprise a C-MAC DA (A) 2568 for the VM 2502, a C-MAC SA (Z) 2570 for the requested remote VM, a C-VLAN ID 2572, an EARP payload 2574, and a FCS 2576. The edge switch 2506 may decapsulate the EARP message by removing the header and then forward the ARP frame to the virtual switch 2504. The virtual switch 2504 may process the ARP frame and send an ARP reply accordingly to the VM 2502. The ARP reply may comprise a C-MAC DA (A) 2590 for the VM 2502, a C-MAC SA (B) 2592 associated with remote VM's location, a C-VLAN ID 2594, an ARP payload 2596, and a FCS 2598.

[0024] The ARP proxy in the virtual switch 2504 may also use the EARP message to populate the remote FDB in the edge switch2506. The ARP proxy may populate an entry in the FDB table with a remote C-MAC and remote switch B-MAC pair, which may be found in the EARP payload 2574. The C-MAC and remote switch B-MAC may be found in a sender hardware address (SHA) field and a sender location address (SLA) field, respectively, in the EARP payload 2574.

[0025] A hypervisor in the physical server that comprises the virtual switch 2504 may also register a VM, e.g., the local VM 2502 or a remote VM, with the ARP server 2508 in a similar manner of the ARP processing scheme 2500. In this case, the virtual switch 2504 may send a unicast EARP frame to the ARP server 2508 with all the sender fields equal to all the target fields. Another way to register the VM is described in U.S. Provisional Patent Application No. 61/389,747 by Y. Xiong et al. entitled "A MAC Address Delegation Scheme for Scalable Ethernet Networks with Duplicated Host IP Addresses," which is incorporated herein by reference as if reproduced in its entirety. This scheme may handle the duplicated IP address scenario.

[0026] FIG. 26 illustrates an embodiment of an EARP payload 2600 that may be used in the ARP processing scheme 2500, such as the EARP payload 2574. The EARP payload 2600 may comprise a hardware type (HTYPE) 2610, a protocol type (PTYPE) 2612, a hardware address length (HLEN) 2614, a protocol address length (PLEN) 2616, an operation field (OPER) 2618, a SHA 2620, a sender protocol address (SPA) 2622, a target hardware address (THA) 2624, and a target protocol address (TPA) 2626, which may be elements of a typical ARP message. Additionally, the EARP payload 2600 may comprise a SLA 2628 and a target location address (TLA) 2630. FIG. 6 also shows the bit offset for each field in the EARP payload 2600, which also indicates the size of each field in bits.

[0027] One issue with using the ARP server (e.g., the ARP server 2508) and disabling MAC learning in the network is the case where a VM becomes unreachable due to a failure of its edge switch or the link connecting the ARP server to the edge switch. In this case, it may take some time for the virtual switch to know the new location of a new or replacement edge switch for the VM. For example, if the edge switch X in the physical server 2300 becomes unreachable, the virtual switch 2310 may forward frames from VM1 to the edge switch R, which may become the new location for VM1.

[0028] To reduce the time for updating the remote FDB in a virtual switch 2310 about the new location of a VM, a gratuitous EARP message may be used. The virtual switch 2310 may first send a gratuitous EARP message to the edge switch R in a MAC-in-MAC encapsulation frame, including a B-MAC DA set to broadcast address (BC). In the gratuitous EARP message, the SHA (e.g., SHA 2620) may be set equal to the THA (e.g., THA 2624), the SPA (e.g., SPA 2622) may be set equal to the TPA (e.g., TPA 2626), and the SLA (e.g., SLA 2628) may be set equal to TLA (e.g., TLA 2630). The edge switch R may then send the gratuitous EARP message to a plurality of or to all other edge switches in the network, e.g., via a distribution tree. When an edge switch receives the gratuitous EARP message, the edge switch may decapsulate the message and send the message out on the edge switch's server facing ports. When a virtual switch then receives the gratuitous EARP message, the virtual switch may update its remote FDB if the SHA already exists in the remote FDB. The ARP server in the network may update the new location of the affected VM in the same way.

[0029] The asymmetric network address encapsulation scheme described above uses the MAC-in-MAC encapsulation.


Claims

1. A system comprising:

a physical server, comprising a plurality of local virtual machines, VMs (2402), and a virtual switch (2404);

wherein the virtual switch is connected to the VMs via a plurality of corresponding virtual switch ports of the virtual switch, and

a plurality of edge switches (2606) connected to the virtual switch via virtual trunk ports of the virtual switch connected to physical Network Interface Cards, pNICS, of the physical server wherein the virtual switch comprises an FDB, which comprises a local and a remote FDB, wherein the local FDB comprises a plurality of MAC addresses of local VMs, local C-MACs, located on the physical server, a plurality of corresponding VLAN IDs and a plurality of associated virtual switch port IDs and wherein the remote FDB comprises the MAC addressees, B-MACs, of said plurality of edge switches, and a plurality of MAC addresses of remote VMs, remote C-MACs, associated with the B-MACs,

wherein the system is configured such that, when a first local VM (2402) has a frame intended for a second VM, the first local VM (2402) sends the frame intended for the second VM to the virtual switch (2404), the frame comprising a first header with the MAC address of the second VM as destination address, the MAC address of the first local VM as source address and a first VLAN-ID for the VLAN of the first local VM, data or payload (2416), and a frame check sequence (2418), wherein after receiving the frame the virtual switch is configured to use the MAC address of the second virtual machine and the first VLAN ID for a table lookup in the local FDB, and, if a match is found, forward the frame to virtual switch port, which is specified in the matched FDB entry; else use the MAC address of the second virtual machine for a table lookup in the remote FDB, and if a match is found, perform a MAC-in-MAC encapsulation and forward the encapsulated frame to the trunk port that is associated with the MAC address of the first local VM else discard the frame and send an enhanced address resolution protocol, ARP, request to an ARP server;

wherein the MAC-in-MAC encapsulation comprises adding a second header to the frame to obtain a MAC-in-MAC frame, the second header comprising the MAC address of an first edge server associated with the MAC address of the second VM as destination address, and a VLAN ID set to said first VLAN ID,

wherein when the MAC-in-MAC frame is forwarded to said trunk port, the corresponding edge switch is configured to receive the MAC-in-MAC frame from the virtual switch via the trunk port, and is further configured to process the second header of the MAC-in-MAC frame; wherein processing the second header comprises replacing the MAC source address of the second header with the MAC address of the node and forwarding the MAC-in-MAC frame with the processed header via the network core to the second VM on another physical server; and the system is further configured such that, when a second frame is received by said first edge switch from the core network, the second MAC-in-MAC frame comprising a third header and an original frame sent by a remote VM, the third header comprising the MAC address of the edge switch as destination address, the MAC address of the edge switch that corresponds to the remote VM as source address, the original frame comprising the MAC address of a second local VM as destination address, the MAC address of said remote VM as source address, a VLAN ID associated with the remote VM, data or payload, and an FCS, the edge switch is configured to remove the third header from the MAC-in-MAC frame, to look up a switch port ID in a forwarding table using the MAC address of the second local VM in the original frame and the VLAN ID, and to forward the original frame to the virtual switch corresponding to said switch port ID, and the virtual switch is configured to forward the original frame to the local virtual machine based on the MAC address of the second local VM contained as destination address in the original frame.


 
2. The apparatus of claim 1, wherein forwarding tables of the edge switch (2406) comprise a local forwarding database (FDB) for local virtual machines, and a remote FDB for remote virtual machines.
 
3. The apparatus of claim 2, wherein the FDB of the edge switch (2406) comprises entries for local virtual machines.
 
4. The apparatus of claim 1, wherein the virtual switch (2404) comprises an Address Resolution Protocol (ARP) proxy configured to handle ARP/Neighbour Discovery (ND) requests from the local virtual machines.
 


Ansprüche

1. System, das Folgendes aufweist:

einen physischen Server, mehrere lokale virtuelle Maschinen, VMs (2402), und einen virtuellen Schalter (2404) aufweisend;

wobei der virtuelle Schalter über mehrere entsprechende virtuelle Schaltanschlüsse des virtuellen Schalters mit den VMs verbunden ist, und

mehrere Randschalter (2606), verbunden mit dem virtuellen Schalter über virtuelle Bündelungsanschlüsse des virtuellen Schalters, verbunden mit physischen Netzwerkschnittstellenkarten, pNICS, des physischen Servers, wobei der virtuelle Schalter eine FDB aufweist, die eine lokale und eine abgesetzte FDB aufweist, wobei die lokale FDB mehrere MAC-Adressen von lokalen VMs, lokale C-MACs, befindlich auf dem physischen Server, mehrere entsprechende VLAN-IDs und mehrere zugehörige virtuelle Schaltanschluss-IDs aufweist, und wobei die abgesetzte FDB die MAC-Adressen, B-MACs, der mehreren Randschalter und mehrere MAC-Adressen von abgesetzten VMs, abgesetzte C-MACs, in Verbindung mit den B-MACs, aufweist, wobei das System so ausgebildet ist, dass, wenn eine erste lokale VM (2402) einen Rahmen hat, der für eine zweite VM bestimmt ist, die erste lokale VM (2402) den Rahmen, der für die zweite VM bestimmt ist, an den virtuellen Schalter (2404) sendet, wobei der Rahmen einen ersten Kopf mit der MAC-Adresse der zweiten VM als Zieladresse, der MAC-Adresse der ersten lokalen VM als Quelladresse und eine erste VLAN-ID für das VLAN der ersten lokalen VM, Daten oder Nutzdaten (2416) und eine Rahmenprüfsequenz (2418) aufweist, wobei nach Empfangen des Rahmens der virtuelle Schalter dazu ausgebildet ist, die MAC-Adresse der zweiten virtuellen Maschine und die erste VLAN-ID für eine Tabellensuche in der lokalen FDB zu verwenden und, wenn eine Übereinstimmung gefunden wird, den Rahmen an den virtuellen Schaltanschluss weiterzuleiten, der in dem übereinstimmenden FDB-Eintrag angegeben ist; andernfalls die MAC-Adresse der zweiten virtuellen Maschine für eine Tabellensuche in der abgesetzten FDB zu verwenden und, wenn eine Übereinstimmung gefunden wird, eine MAC-in-MAC-Verkapselung durchzuführen und den verkapselten Rahmen an den Bündelungsanschluss weiterzuleiten, der mit der MAC-Adresse der ersten lokalen VM verbunden ist, andernfalls den Rahmen zu verwerfen und eine erweiterte Adressauflösungsprotokoll(ARP)-Anforderung an einen ARP-Server zu senden;

wobei die MAC-in-MAC-Verkapselung Hinzufügen eines zweiten Kopfes zu dem Rahmen zum Erhalten eines MAC-in-MAC-Rahmens aufweist, wobei der zweite Kopf die MAC-Adresse eines ersten Randservers in Verbindung mit der MAC-Adresse der zweiten VM als Zieladresse und eine VLAN-ID, die auf die erste VLAN-ID gesetzt ist, aufweist,

wobei, wenn der MAC-in-MAC-Rahmen an den Bündelungsanschluss weitergeleitet wird, der entsprechende Randschalter dazu ausgebildet ist, den MAC-in-MAC-Rahmen von dem virtuellen Schalter über den Bündelungsanschluss zu erhalten, und ferner dazu ausgebildet ist, den zweiten Kopf des MAC-in-MAC-Rahmens zu verarbeiten; wobei Verarbeiten des zweiten Kopfes Ersetzen der MAC-Quelladresse des zweiten Kopfes durch die MAC-Adresse des Knotens und Weiterleiten des MAC-in-MAC-Rahmens mit dem verarbeiteten Kopf über den Netzwerkkern an die zweite VM auf einem anderen physischen Server aufweist; und wobei das System ferner so ausgebildet ist, dass, wenn ein zweiter Rahmen durch den ersten Randschalter vom Kernnetzwerk empfangen wird, der zweite MAC-in-MAC-Rahmen einen dritten Kopf und einen ursprünglichen Rahmen, gesendet durch eine abgesetzte VM, aufweist, wobei der dritte Kopf die MAC-Adresse des Randschalters als Zieladresse, die MAC-Adresse des Randschalters, der der abgesetzten VM entspricht, als Quelladresse aufweist, wobei der ursprüngliche Rahmen die MAC-Adresse einer zweiten lokalen VM als Zieladresse, die MAC-Adresse der abgesetzten VM als Quelladresse, eine VLAN-ID in Verbindung mit der abgesetzten VM, Daten oder Nutzdaten und eine FCS aufweist, wobei der Randschalter dazu ausgebildet ist, den dritten Kopf von dem MAC-in-MAC-Rahmen zu entfernen, eine Schaltanschluss-ID in einer Weiterleitungstabelle unter Verwendung der MAC-Adresse der zweiten lokalen VM im ursprünglichen Rahmen und der VLAN-ID nachzuschlagen und den ursprünglichen Rahmen an den virtuellen Schalter weiterzuleiten, der der Schaltanschluss-ID entspricht, und wobei der virtuelle Schalter dazu ausgebildet ist, den ursprünglichen Rahmen basierend auf der MAC-Adresse der zweiten lokalen VM, die als Zieladresse im ursprünglichen Rahmen enthalten ist, an die lokale virtuelle Maschine weiterzuleiten.


 
2. Einrichtung nach Anspruch 1, wobei Weiterleitungstabellen des Randschalters (2406) eine lokale Weiterleitungsdatenbank (FDB) für lokale virtuelle Maschinen und eine abgesetzte FDB für abgesetzte virtuelle Maschinen aufweisen.
 
3. Einrichtung nach Anspruch 2, wobei die FDB des Randschalters (2406) Einträge für lokale virtuelle Maschinen aufweist.
 
4. Einrichtung nach Anspruch 1, wobei der virtuelle Schalter (2404) einen Adressauflösungsprotokoll-Proxy (ARP, Address Resolution Protocol) aufweist, der dazu ausgebildet ist, ARP/ND-Anforderungen (Neighbour Discovery, Nachbarschaftsentdeckung) von den lokalen virtuellen Maschinen zu behandeln.
 


Revendications

1. Système comprenant :

un serveur physique, comprenant une pluralité de machines virtuelles locales, VM (2402) et un commutateur virtuel (2404) ;

le commutateur virtuel étant connecté aux VM par l'intermédiaire d'une pluralité de ports de commutateur virtuel correspondants du commutateur virtuel, et

une pluralité de commutateurs de périphérie (2606) connectés au commutateur virtuel par l'intermédiaire de ports de jonction virtuels du commutateur virtuel connectés à des cartes d'interface réseau physiques, pNICS, du serveur physique, le commutateur virtuel comprenant une FDB, qui comprend une FDB locale et une FDB distante, la FDB locale comprenant une pluralité d'adresses MAC de VM locales, C-MAC locales, situées sur le serveur physique, une pluralité d'ID de VLAN correspondants et une pluralité d'ID de port de commutateur virtuel associés et, la FDB distante comprenant les adresses MAC, B-MAC, de ladite pluralité de commutateurs de périphérie, et une pluralité d'adresses MAC de VM distantes, C-MAC distantes, associées avec les B-MAC,

le système étant configuré de telle sorte que, lorsqu'une première VM locale (2402) possède une trame destinée à une deuxième VM, la première VM locale (2402) envoie la trame destinée à la deuxième VM au commutateur virtuel (2404), la trame comprenant un premier en-tête avec l'adresse MAC de la deuxième VM comme adresse de destination, l'adresse MAC de la première VM locale comme adresse source et un premier ID de VLAN pour le VLAN de la première VM locale, données ou charge utile (2416), et une séquence de vérification de trame (2418), après réception de la trame, le commutateur virtuel étant configuré pour utiliser l'adresse MAC de la deuxième machine virtuelle et le premier ID de VLAN pour une consultation de table dans la FDB locale, et, si une correspondance est trouvée, transférer la trame au port de commutateur virtuel, qui est spécifié dans l'entrée FDB correspondante ; sinon utiliser l'adresse MAC de la deuxième machine virtuelle pour une consultation de table dans la FDB distante, et si une correspondance est trouvée, effectuer une encapsulation MAC-in-MAC et transférer la trame encapsulée au port de jonction qui est associé à l'adresse MAC de la première machine virtuelle locale, ou écarter la trame et envoyer une requête de protocole de résolution d'adresses amélioré, ARP à un serveur ARP ;

l'encapsulation MAC-in-MAC comprenant l'ajout d'un deuxième en-tête à la trame pour obtenir une trame MAC-in-MAC, le deuxième en-tête comprenant l'adresse MAC d'un premier serveur de périphérie associé à l'adresse MAC de la deuxième VM comme adresse de destination, et un ID de VLAN défini sur ledit premier ID de VLAN, lorsque la trame MAC-in-MAC est transférée audit port de jonction, le commutateur de périphérie correspondant étant configuré pour recevoir la trame MAC-in-MAC provenant du commutateur virtuel par l'intermédiaire du port de jonction, et étant en outre configuré pour traiter le deuxième en-tête de la trame MAC-in-MAC ; le traitement du deuxième en-tête comprenant le remplacement de l'adresse source MAC du deuxième en-tête par l'adresse MAC du nœud et le transfert de la trame MAC-in-MAC avec l'en-tête traité par l'intermédiaire du noyau réseau à la deuxième VM sur un autre serveur physique ; et le système étant en outre configuré de telle sorte que, lorsqu'une deuxième trame est reçue par ledit premier commutateur de périphérie à partir du réseau central, la deuxième trame MAC-in-MAC comprenant un troisième en-tête et une trame originale envoyée par une VM distante, le troisième en-tête comprenant l'adresse MAC du commutateur de périphérie comme adresse de destination, l'adresse MAC du commutateur de périphérie qui correspond à la VM distante comme adresse source, la trame originale comprenant l'adresse MAC d'une deuxième VM locale comme adresse de destination, l'adresse MAC de ladite VM distante comme adresse source, un ID de VLAN associé à la VM distante, aux données ou à la charge utile, et un FCS, le commutateur de périphérie étant configuré pour supprimer le troisième en-tête de la trame MAC-in-MAC, pour rechercher un ID de port de commutateur dans une table de transfert en utilisant l'adresse MAC de la deuxième VM locale dans la trame originale et l'ID de VLAN, et pour transférer la trame originale au commutateur virtuel correspondant audit ID de port de commutateur, et le commutateur virtuel étant configuré pour transférer la trame originale à la machine virtuelle locale sur la base de l'adresse MAC du deuxième VM local contenue comme adresse de destination dans la trame originale.


 
2. Appareil selon la revendication 1, les tables de transfert du commutateur de périphérie (2406) comprenant une base de données de transfert locale (FDB) pour les machines virtuelles locales, et une FDB distante pour les machines virtuelles distantes.
 
3. Appareil selon la revendication 2, la FDB du commutateur de périphérie (2406) comprenant des entrées pour des machines virtuelles locales.
 
4. Appareil selon la revendication 1, le commutateur virtuel (2404) comprenant un proxy de protocole de résolution d'adresse, ARP, configuré pour traiter les requêtes ARP/Découverte de voisins (ND) provenant des machines virtuelles locales.
 




Drawing

















Cited references

REFERENCES CITED IN THE DESCRIPTION



This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

Patent documents cited in the description




Non-patent literature cited in the description