In recent years, due to improvement in performance and reliability of servers, introduction of virtualization of server resources (server virtualization) has been widely spread at a data center and the like. Due to a technology for the server virtualization, a service that has been operated on an individual physical server is operated on a virtual machine, and this virtual machine is held in one physical server. The number of physical servers can be thereby reduced. This makes it possible to reduce the introduction and operation costs of the servers.
FIG. 15 shows an example of a network architecture of a data center before introduction of the server virtualization technology. Referring to FIG. 15, the network of the data center is broadly divided into three layers constituted from Top-of-Rack switches (ToR switches) 12 to which servers 10 are connected, aggregation switches 14 each of which connects the ToR switches 12, and core switches 16 each of which connects the aggregation switch 14 and a network outside the data center. Each server 10 is connected to a corresponding one of the ToR switches 12 through a network interface card (NIC) 18.
On the other hand, FIG. 16 shows a network architecture where the server virtualization technology has been introduced into the environment shown in FIG. 15. Referring to FIG. 16, one or more virtual machines 20 operate within each server 10. Each virtual machine 20 is connected to the network outside the server 10 through a virtual switch 22. The virtual switch 22 is a switch implemented by software. The virtual switch 22 connects each virtual machine 20 and the NIC 18. The virtual switch 22 provides to the virtual machine communication between the virtual machines 20 inside the server 10 and connection to the network outside the server 10. That is, in the data center where the server virtualization technology has been introduced, the architecture in which the network switch is further connected to each ToR switch 12 is formed.
In the server virtualization environment, there is overhead for virtualization. Thus, there is a problem that it is difficult to provide high communication performance to each virtual machine 20. In order to solve this problem, a CPU (Central Processing Unit), a chip set, and the NIC 18 have got to support I/O virtualization. As an example of a technology for supporting the I/O virtualization, an I/O virtualization technology such as SR-IOV (Single Route I/O Virtualization) or IOMMU (Input Output Memory Management Unit) is present.
Use of such a technology makes it possible for the virtual machine 20 to directly access the NIC 18 not through the virtual switch 22, so that the overhead for virtualization can be reduced. Consequently, high performance can be provided to the virtual machine 20.
FIG. 17 shows an architecture of the server 10 using the I/O virtualization technology. Referring to FIG. 17, some of the virtual machines 20 that operate in the server 10 are directly connected to the NIC 18 not through the virtual switches 22. Generally, in the server virtualization environment, the virtual switch 22 operates in a region for managing the server virtualization environment, referred to as a virtual machine monitor 24 or a hypervisor. The NIC 18 provides a plurality of interfaces in order to support the I/O virtualization. The NIC 18 includes a physical interface 180 for connection to the virtual machine monitor 24 and virtual interfaces 181 each for connection to the virtual machine 20. The plurality of the virtual interfaces 181 are provided for one NIC 18. Referring to FIG. 17, each of virtual machines denoted VMa and VMb out of the virtual machines 20 is directly connected the NIC 18 through the virtual interface 181.
As one of methods of utilizing the data center as described above, an IaaS (Infrastructure as a Service) is present. In the IaaS, physical resources of the data center are logically divided, using the server virtualization technology and a technology such as a VLAN (Virtual LAN), to provide environments of computers and networks for different users. To take an example, the computer environment is provided in the form of the virtual machine 20, while the network is provided in the form of the VLAN. Each user can introduce an OS (Operating System) into the virtual machine 20 and can causes the virtual machines 20 to communicate with each other through the network, thereby enabling implementation of some service.
In the environment such as the IaaS, a plurality of users use the same environment. Thus, appropriate assignment and isolation of computer resources and network resources are important. With respect to the network resources, for example, it is demanded that QoS control be executed for each user to cause communication of a certain user not to affect communication of a different user. When the I/O virtualization technology is not used, the QoS control can be executed by the virtual switch 22. As an example of the QoS control, there is a method of assigning frames or packets to a respective plurality of prioritized queues based on a value set in a CoS (Class of Service) field included in a MAC (Media Access Control) frame, or a ToS (Type of Service) field or a DSCP (DiffServ Code Point) field of an IP (Internet Protocol) packet. These values are set at a switch that servers as an entry of a segment of the network for which the QoS control is to be performed, based on information such as an IP address included in the IP header. The setting process of these values is referred to as marking. The switch schedules transfer of the frames or the packets or performs link bandwidth assignment, based on the priority of each queue. There is an advantage that, when the marking is performed by the virtual switch 22, the ToR switch 12 does not need to support the process of the marking, so that the construction cost of the data center can be reduced.
However, when the I/O virtualization technology is used, a frame or a packet for which setting of the QoS control that should have been originally executed by the virtual switch 22 is not performed will arrive at the ToR switch 12. Further, since each of the virtual machines 20 (denoted VMa and VMb in FIG. 17) that uses the I/O virtualization technology can directly transmit a packet to the network through the NIC 18, a packet that has been marked to be convenient for the user can be transmitted. To take an example, the user of the virtual machine VMa in FIG. 17 can also set all packets to have a highest priority. The packet that is normal in view of the format of the packet is transmitted from the server 10. Thus, the ToR switch 12 cannot determine whether or not the packet transmitted from the server 10 has passed through the virtual switch 22. Consequently, the QoS control that does not satisfy the QoS policy of a data center manager may be executed.
Further, the bandwidth of a physical link between the server 10 and the ToR switch 12 may not be appropriately shared among the users. As described above, when the I/O virtualization technology is used, the virtual machine 20 that uses the I/O virtualization technology can occupy the link because the QoS control to be provided by the virtual switch 22 does not function.
An example of a technology for solving the problem as described above is described in Patent Literature 1. According to the Patent Literature, I/O logical partitions that control I/O of virtual machines of a user are present between the virtual machines and I/O adapters that support the I/O virtualization. By controlling each I/O logical partition by a system manager according to a predetermined policy, appropriate I/O control can be provided to the virtual machine. The I/O logical partition is connected to a virtual interface of I/O devices.
Another example of the technology for solving the problem described above is described in Patent Literature 2. Patent Literature 2 describes a technology in which NICs are virtualized to be set as a plurality of prioritized virtual network devices. By assigning a traffic flow to each virtual network device based on the priority of the traffic flow, influence of a traffic flow with a low priority on a traffic flow with a high priority can be reduced.