Live migration of a virtual machine means that a virtual machine in a running state migrates from one physical host to another physical host.
To maintain secure running of a virtual machine, for each virtual machine, a dynamic host configuration protocol snooping (DHCP SNOOPING) binding table needs to be stored on a forwarding switch that controls the virtual machine, where the binding table records configuration information required for live migration of the virtual machine. Unreliable DHCP configuration information is filtered out by using the binding table, thereby ensuring secure running of the virtual machine.
A DHCP SNOOPING feature is incompatible with a mechanism of live migration of a virtual machine; when live migration occurs, a virtual machine itself cannot sense the live migration, and therefore the virtual machine to which the live migration occurs does not actively initiate a DHCP procedure; after the virtual machine migrates to another physical host, no DHCP SNOOPING binding table is stored on a forwarding switch that controls the physical host; and in this case, after the live migration, the virtual machine is online on a new physical host, which is identified as an Internet protocol/media access control (IP/MAC) address forgery attack, thereby causing that the virtual machine fails to access a network.