The present invention relates to internet protocol (IP) information of virtual machines, and more particularly, to a method and apparatus for synchronizing IP information in migration of virtual machines.
With development of virtualization technologies, a virtual machine is able to provide various applications with services just like a real independent computer. As a virtual machine obtains its operating environment completely through software simulation, a plurality of virtual machines may be installed in a single physical platform, e.g., a server, and the plurality of virtual machines may operate separately and independently. Like a conventional host, a virtual machine obtains its IP addresses via a Dynamic Host Configuration Protocol (DHCP) to communicate with an external network.
FIG. 1 shows a structure diagram of a typical virtual machine network. Three physical platforms, i.e., servers A, B, and C, respectively, within a single subnet are shown in FIG. 1. A hypervisor runs at the lowest layer of each physical platform; by the hypervisor, one or more virtual machines may be installed as required. For instance, in the example in FIG. 1, three virtual machines are installed in server A, i.e., VM1, VM2, and VM3, respectively. One and two virtual machines are installed respectively in server B and server C.
In a typical network connection structure, respective servers are connected to (Ethernet) switches through ports and then connected to a network via the switches. For instance, in the example of FIG. 1, server A and server B are connected to a same switch 1 respectively through port 1 and port 2, while server C is connected to another switch 2 through port 3. When a virtual machine needs to connect with an external network, it first requests an IP address to a Dynamic Host Configuration Protocol (DHCP) server within the same subnet through a switch to which it is connected. In response to the request of the virtual machine, the DHCP server assigns an IP address for the requesting virtual machine in various assigning manners. Request and assignment of the IP address are realized via DHCP messages. In this process, a switch may execute a DHCP snooping mechanism to monitor a DHCP data packet between the virtual machine and the DHCP server. Through the DHCP snooping, the switch may build a trust list which records IP information of the virtual machine carried by the switch.
FIG. 2 shows a typical example of a trust list. In this typical example, the trust list includes a plurality of entries, each of which records IP relevant information of a virtual machine. Specifically, each entry records a MAC address, an assigned IP address, connecting port, corresponding Virtual Local Area Network (VLAN) identity as well as corresponding lease time of a virtual machine. Correspondingly, in the example of FIG. 1, the switch 1 uses a trust list similar to that in FIG. 2 to record IP relevant information of virtual machines VM1-VM4 it carries, and the switch 2 records IP relevant information of virtual machines VM5 and VM6 it carries. Furthermore, based on a built trust list, the switch may execute various safety related applications, such as IP Source Guide, dynamic ARP checking, etc., to allow only the traffic data which accords with the trust list to enter the switch.
On the other hand, in order to improve security and continuity of data storage, various data centers employ cross-platform or cross-site virtual machines for execution and management. In a plurality of conditions such as site maintenance, power adjustment, loads balancing between sites, it needs to migrate a virtual machine carried in the platform, that is, to move the virtual machines from one physical system to a different physical system. Currently, most corporations which provide host virtualization have their own specific virtual machine migration tools and support live migration of virtual machines.
In the process of migrating a virtual machine from a physical platform to another physical platform, switches related to the virtual machine need to update the network configuration thereof. As to static configuration, such as an Access Control List (ACL), Quality of Service (QoS), VLAN, etc., the prior art has given some methods to detect migration of a virtual machine and configure the static policies immediately. However, information such as an IP address obtained by a virtual machine from a DHCP server is generated dynamically by the virtual machine in a running process. The migration tools in the prior art cannot dynamically migrate the information generated dynamically in such a way, i.e., together with migration of the virtual machine. This may lead to virtual machine network service disruptions. For instance, when virtual machine VM1 is migrated from server A to server B, the connecting port thereof is changed from port 1 to port 2. As the port changes, IP relevant information of the VM1 does not comply with the records in the trust list maintained by switch 1 anymore, and thus security applications of switch 1 shall discard traffic data of VM1. When the virtual machine VM1 is migrated from server A to server C, switch 2 cannot find IP relevant information corresponding to the VM1 in the trust list it maintains, and thus it also rejects traffic data of VM1. Therefore, the network service related to VM1 would be disrupted.
In order to avoid network service disruptions caused by migration of a virtual machine, the prior art puts forward a solution of adding a migration bit. The solution is based on the Virtual Station Interface (VSI) Discovery and Configuration Protocol (VDP) under the IEEE 802.1Qbg standard. Specifically, a migration bit is added into the VDP request to indicate whether the virtual machine is migrated. Thus, when the virtual machine migrates, the switch into which the virtual machine migrates will receive a VDP request with the migration bit. Then, the switch will send a LeaseQuery with MAC address of the virtual machine to a DHCP server and recreate a trust list according to the message returned from the DHCP server. However, such a solution has the following disadvantages. As the switch needs to resend a request to a DHCP server and wait for the response, there must be a time delay. Particularly, when a virtual machine is migrated between different ports of a same switch, the request and response cause unnecessary waiting time. Furthermore, the request and response above are sent in the form of UDP data packets, which are at risk of being lost. Once data packets are lost, network service of the virtual machine would be seriously affected.
Therefore, it is desirable to have an improved solution which can synchronize IP relevant information of virtual machines in the process of migration of the virtual machines, so as to eliminate or reduce the time related to virtual machine network service disruptions and improve service performance of the virtual machines.