CN111092876B - Multi-host system, electronic device, storage medium, information processing method and apparatus for multi-host system - Google Patents
Multi-host system, electronic device, storage medium, information processing method and apparatus for multi-host system Download PDFInfo
- Publication number
- CN111092876B CN111092876B CN201911272794.6A CN201911272794A CN111092876B CN 111092876 B CN111092876 B CN 111092876B CN 201911272794 A CN201911272794 A CN 201911272794A CN 111092876 B CN111092876 B CN 111092876B
- Authority
- CN
- China
- Prior art keywords
- host
- data
- network card
- address
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/70—Virtual switches
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a multi-host system, and an information processing method and device for the multi-host system. The multi-host system comprises a plurality of hosts, wherein a first network card is arranged in a first host of the hosts, the first network card is configured to run a first sub-operating system, and a first virtual switch is configured in the first sub-operating system; the first host is connected with an external switch through the first network card; the first sub-operating system is configured to control data transmission of the first network card; a second network card is arranged in a second host computer of the plurality of host computers, the second network card is configured to run a second sub-operating system, and a second virtual switch is configured in the second sub-operating system; the second host is connected with the external switch through the second network card; the second sub-operating system is configured to control data transmission of the second network card. The embodiment of the application has better network isolation effect.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a multi-host system, and an information processing method and apparatus for the multi-host system.
Background
The network isolation technology means that two or more computers or networks realize information exchange and resource sharing with commonly connected resource providers on the basis of disconnection. There are many ways to isolate networks, such as using firewalls at the host system to isolate networks.
A Bare Metal Server (Bare Metal Server) is a special physical Server similar to a cloud, and has high-performance computing capacity on the basis of flexible flexibility. The computing performance of the bare metal server is not different from that of the traditional physical machine, and meanwhile, the bare metal server has the characteristic of safe physical isolation.
Many existing cloud platforms need to provide bare metal services, and need to directly provide a physical host system for a customer, and the host system is isolated from other host systems in the host system. However, when using a host system, the customer may modify the host system configuration, resulting in network risks.
The prior art can also perform network isolation by modifying switches, but modifying switches requires increased switch expense and frequent switch setup, resulting in risks.
Disclosure of Invention
In order to solve at least one problem in the prior art, embodiments of the present application provide a multi-host system, and an information processing method and apparatus applied to the multi-host system.
In a first aspect, embodiments of the present application provide a multi-host system, which includes a plurality of hosts, wherein,
a first network card is arranged in a first host of the multiple hosts, the first network card is configured to run a first sub-operating system, and a first virtual switch is configured in the first sub-operating system; the first host is connected with the external switch through a first network card; the first sub-operating system is configured to be capable of controlling data transmission of the first network card;
a second network card is arranged in a second host of the multiple hosts, the second network card is configured to run a second sub-operating system, and a second virtual switch is configured in the second sub-operating system; the second host is connected with the external switch through a second network card; the second sub-operating system is configured to be able to control data transmission of the second network card.
In one embodiment, a first sub-operating system running on a first network card can load a network port of a first host, so that the first host is connected with an external switch through the first network card;
the second sub-operating system running on the second network card can load the network port of the second host so that the second host is connected with the external switch through the second network card.
In one embodiment, a port of the first host and a port of the first network card are respectively mapped into the first sub-operating system, so that the first virtual switch can transmit data between the first host and the first network card;
and the port of the second host and the port of the second network card are respectively mapped into the second sub-operating system, so that the second virtual switch can transmit data between the second host and the second network card.
In a second aspect, an embodiment of the present application provides an information processing method for a multi-host system, where the information processing method is based on the multi-host system provided in any one of the embodiments of the present application, and the information processing method includes:
the first network card receives first data;
the first network card determines a source IP address carried by the first data;
and if the source IP address carried by the first data is the IP address of the second host, the first virtual switch does not process the first data.
In one embodiment, if the source IP address carried by the first data is the IP address of the data storage system, the first virtual switch forwards the first data to the first host.
In one implementation, the method provided in the embodiments of the present application further includes:
after the first host sends a data acquisition request, the first virtual switch in the first network card forwards the data acquisition request to the external switch;
according to the data acquisition request, the external switch sends second data acquired from the data storage system to the first network card;
after the first network card receives the second data, determining a target IP address carried by the second data;
and if the target IP address carried by the second data is not the IP address of the first host, the first virtual switch does not process the second data.
In one embodiment, the method further comprises:
and if the target IP address carried by the second data is the IP address of the first host, the first virtual switch forwards the second data to the first host.
In a third aspect, an embodiment of the present application provides an information processing apparatus for a multi-host system, where the information processing apparatus is based on the multi-host system provided in any one of the embodiments of the present application, and the information processing apparatus includes:
the data receiving module is used for receiving first data through the first network card;
a sending address determining module, configured to determine, through the first network card, a source IP address carried by the first data;
and the sending address analysis module is used for enabling the first virtual switch to not process the first data if the source IP address carried by the first data is the IP address of the second host.
In one embodiment, the apparatus further comprises:
a first data transmission module, configured to forward the first data to the first host through the first virtual switch if a source IP address carried by the first data is an IP address of the data storage system.
In one embodiment, the apparatus further comprises:
a request forwarding module, configured to forward, after the first host sends a data acquisition request, the data acquisition request to the external switch through the first virtual switch in the first network card;
the forwarding module is used for sending second data acquired from the data storage system to the first network card through the external switch according to the data acquisition request;
a target address determining module, configured to determine a target IP address carried by the second data after the first network card receives the second data;
and the target address analysis module is used for enabling the first virtual switch to not process the second data if the target IP address carried by the second data is not the IP address of the first host.
In one embodiment, the apparatus further comprises:
and a second data transmission module, configured to forward, by the first virtual switch, the data to the first host if a target IP address carried by the second data is an IP address of the first host.
In a fourth aspect, an embodiment of the present application provides an electronic device, including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to cause the at least one processor to perform a method provided by any one of the embodiments of the present application.
In a fifth aspect, embodiments of the present application provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform a method provided by any one of the embodiments of the present application.
One embodiment in the above application has the following advantages or benefits: according to the embodiment of the application, the first network card is configured to run the first sub-operating system, the second network card is configured to run the second sub-operating system, the first sub-operating system controls data transmission of the first network card, and the second sub-operating system controls data transmission of the second network card, so that when data are transmitted to the network card, if the data do not meet the set IP address condition, the network card can stop transmission. The data security problem caused by the host address configuration modified by the host user is prevented, and a good isolation effect is achieved.
Other effects of the above-described alternative will be described below with reference to specific embodiments.
Drawings
The drawings are included to provide a better understanding of the present solution and are not intended to limit the present application. Wherein:
FIG. 1 is a schematic diagram of the main components of a multi-host system according to a first embodiment of the present application;
FIG. 2 is a flow chart illustrating an information processing method for a multi-host system according to a second embodiment of the present application;
FIG. 3 is a flowchart illustrating an information processing method for a multi-host system according to a third embodiment of the present application;
FIG. 4 is a diagram illustrating a fourth embodiment of an information processing apparatus for a multi-host system according to the present application;
FIG. 5 is a diagram illustrating an information processing apparatus for a multi-host system according to a fifth embodiment of the present application;
FIG. 6 is a diagram illustrating a structure of an information processing apparatus for a multi-host system according to a sixth embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device according to a seventh embodiment of the present application.
Detailed Description
The following description of the exemplary embodiments of the present application, taken in conjunction with the accompanying drawings, includes various details of the embodiments of the application for the understanding of the same, which are to be considered exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The embodiment of the present application first provides an information processing method for a multi-host system, which is applied to the multi-host system shown in fig. 1. The multi-host system includes a plurality of hosts, wherein,
a first network card 12 is arranged in a first host 11 of the multiple hosts, the first network card 12 is configured to run a first sub-operating system 13, and a first virtual switch 14 is configured in the first sub-operating system 13; the first host 11 is connected to the external switch 15 via the first network card 12. The first sub-operating system 13 is configured to be able to control the data transmission of the first network card 12. The external switch 15 is used to transfer data between the data storage system 16 and the first host 11.
Still referring to fig. 1, a second network card 110 is disposed in a second host 18 of the plurality of hosts, the second network card 110 is configured to run a second sub-operating system 111, and a second virtual switch 112 is configured in the second sub-operating system 111; the second host 18 is connected with the external switch 15 through a second network card 110; the second sub operating system 111 is configured to be able to control data transmission of the second network card 110; the external switch 15 is also used to transfer data between the data storage system 16 and the second host 18.
In one embodiment, a first sub-operating system running on a first network card can load a network port of a first host, so that the first host is connected with an external switch through the first network card;
the second sub-operating system running on the second network card can load the network port of the second host so that the second host is connected with the external switch through the second network card.
Under the condition that the first sub-operating system controls data transmission of the first network card and the second sub-operating system controls data transmission of the second network card, connection between the first host port and the external switch and connection between the second host port and the external switch are respectively established in the first sub-operating system and the second sub-operating system, so that data transmission between the first host and the external switch can be controlled by the first sub-operating system, and data transmission between the second host and the external switch can be controlled by the second sub-operating system.
In one embodiment, a port of the first host and a port of the first network card are respectively mapped into the first sub-operating system, so that the first virtual switch can transmit data between the first host and the first network card;
and the port of the second host and the port of the second network card are respectively mapped into the second sub-operating system, so that the second virtual switch can transmit data between the second host and the second network card.
An embodiment of the present application further provides an information processing method for a multi-host system, where the information processing method is based on the multi-host system provided in any embodiment of the present application, and as shown in fig. 2, the information processing method includes: :
step S21: the first network card receives first data;
step S22: the first network card determines a source IP address carried by the first data;
step S23: and if the source IP address carried by the first data is the IP address of the second host, the first virtual switch does not process the first data.
In this embodiment, the first network card may be a Smart Nic (Smart network card), and the first network card may be configured in an embedded ownership (ECPF) mode, in which resources of the first network card are occupied and controlled by a first operating subsystem of the first network card. The second network card may be the same as the first network card.
In an embodiment of the application, the first host may request data from the data storage system through the first network card and the external switch. The data storage system responds to the data acquisition request of the first host, sends out data, and sends the data to the first host through the external switch.
During network communication, if a user of a first host modifies the configuration to change the address of the first host to the address of the data storage system, a data request from a second host may be sent to the first host. In the embodiment of the application, when the sending address of the data received by the first network card is the IP address of the second host, the data is not processed, so that the situation that the data of the second host is leaked due to the fact that the user of the first host modifies the address is avoided.
In one implementation, the method provided in the embodiments of the present application further includes: and if the source IP address carried by the first data is the IP address of the data storage system, the first virtual switch forwards the first data to the first host.
In one implementation, as shown in fig. 3, the method provided in the embodiment of the present application further includes:
step S31: after a first host sends a data acquisition request, a first virtual switch in a first network card forwards the data acquisition request to an external switch;
step S32: according to the data acquisition request, the external switch sends second data acquired from the data storage system to the first network card;
step S33: after the first network card receives the second data, determining a target IP address carried by the second data;
step S34: and if the target IP address carried by the second data is not the IP address of the first host, the first virtual switch does not process the second data.
When a host in a multi-host system acquires data through a network card and an external switch, if a user of a first host changes the IP address of the host into another second host, the data returned to the second host by the data storage system is sent to the first host, which causes the data security problem. In the embodiment of the application, the first network card is configured to run the first sub-operating system, the first sub-operating system is configured to be in an embedded ownership mode, data and resources of the first network card are controlled by the first sub-operating system, and the first sub-operating system can determine whether the network card forwards the data or not.
In one embodiment, the method further comprises:
and if the target IP address carried by the second data is consistent with the preset IP address, the first virtual switch forwards the second data to the first host.
In the embodiment of the application, the first virtual switch plays a role of a virtual switch in the first subsystem, and when the IP address meets the set condition, the first virtual switch forwards data between the set ports.
In an example of the present application, the first sub operating system and the second sub operating system may be embedded operating systems, and run on a Smart NIC Smart network card. The core of Smart NIC Smart network card is to assist CPU (Central Processing Unit) to process network load through FPGA (Field Programmable Gate Array).
When network connection is carried out, corresponding sub-operating systems are respectively started on chips of a first network card and a second network card, and the first sub-operating system and the second sub-operating system are configured to be in an embedded ownership mode. In the ECPF Mode, resources and functions of the first network card and the second network card are owned and controlled by an embedded ARM (Asynchronous Response Mode) subsystem. The first host and the second host can still use the original network functions of the respective network cards, but the privileges are limited. And only after the driver program at the first network card or the second network card side is loaded and the configuration of the network card is completed, the corresponding driver program at the first host or the second host side can be loaded. The network card operating system in ECPF mode controls and configures the network card embedded switch, which means that traffic to and from the host interface always falls on the operating system side of the network card. If data transmission is stopped at the network card, the traffic path to and from the host interface is interrupted.
After the first host and the second host are in butt joint with respective virtual switches through network ports, data paths from the first network card and the second network card to target addresses are established through the respective virtual switches; isolating a data path from the first host to the second host in the first virtual switch of the first network card.
In one embodiment, still referring to fig. 1, after the first host system 17 is started, the first sub-os 13 of the first network card is also started, the port of the first host 11 is mapped into the first sub-os 13, and the port of the first network card 12 is also mapped into the first sub-os 13. The first virtual switch 14 runs in the first sub-operating system 13, and realizes information transmission between the port of the first network card 12 and the port of the first host 11. The first sub-operating system 13 controls the resources and functions of the first network card 12, that is, the function of the first network card 12 for transmitting information and the transmitted information are controlled by the first sub-operating system 13, and the information sent to the first host 11 by the external switch 15 passes through the first sub-operating system 13.
Further, the first host 11 and the first network card 12 are both mapped with ports in the first sub-operating system 13, and data transmission between the first sub-operating system 13 and the first host passes through the first virtual switch 14. Transceiving addresses (such as a target IP address and a source IP address) can be configured in the first virtual switch 14, and when a receiving address (such as the target IP address) of data received by the first virtual switch 14 is consistent with the configured receiving address of the first virtual switch 14, the first virtual switch 14 allows the data to be further transmitted. When the sending address (such as the source IP address) of the data received by the first virtual switch 14 is consistent with the sending address configured by the first virtual switch 14, the first virtual switch 14 allows the data to be further transmitted.
In another embodiment, still referring to fig. 1, the multi-host system may further include a second host 18, a second network card 110 is disposed in the second host 18, and the second network card 110 may also be a Smart Nic network card and configured to run a second sub-operating system 111. The second sub operating system 111 is provided with a second virtual switch 112, and the second network card 110 is connected to the external switch 15. After the second host system 19 is started, the second sub-os 111 of the second network card 110 is also started, the port of the second host 18 is mapped into the second sub-os 111, and the port of the second network card 110 is also mapped into the second sub-os 111. The second virtual switch 112 runs in the second sub-operating system 111, and realizes information transmission between the port of the second network card 110 and the port of the second host 18.
Further, the second host 18 and the second network card 110 are both mapped with ports in the second sub-operating system 111, and data transmission between the second host and the second network card 111 passes through the second virtual switch 112. A receiving address of the data and a sending address of the data may be configured in the second virtual switch 112, and when the receiving address of the data received by the second virtual switch 112 coincides with the configured receiving address of the second virtual switch 112, the second virtual switch 112 allows the data to be further transmitted. When the sending address of the data received by the second virtual switch 112 is consistent with the sending address configured by the second virtual switch 112, the second virtual switch 112 allows the data to be further transmitted.
The following are specific examples of the present application.
Example 1, the receive address configured by the first virtual switch is an address of the first host. The sending address configured by the first virtual switch is an address of the data storage system. The first host generates a data request, which is generated from a system of the first host, and the data request is sent to a port of the first host, which is mounted in the first sub-operating system, through a port (address 10.0.0.1) of the first host, sent to a port of the first network card, which is mounted in the first sub-operating system, through a first virtual switch (OVS), and then sent to a data storage system of a back end through an external switch. The response of the data storage system to the data request is sent to the first network card through the external switch, and then reaches the port of the first host from the port mounted in the first sub-operating system, the first virtual switch and the port mounted in the first sub-operating system by the first host, namely reaches the first host system. And discarding the data once the first virtual switch receives the data with the address inconsistent with the address of the first host port, for example, the received address carried by the received data is the address of the second host.
Example 2, the receive address configured by the second virtual switch is an address of the second host. The sending address configured by the second virtual switch is the address of the data storage system. The second host generates a data request, which is generated from the system of the second host, sent to the port of the second host mounted in the second sub-operating system through the port (address 10.0.0.2) of the second host, sent to the external switch through the second virtual switch (OVS), and finally reaches the data storage system at the back end. The response of the data storage system to the data request reaches the second network card through the external switch, reaches the second virtual switch from the second network card port in the second sub-operating system of the second network card, then reaches the port of the second host mounted in the second sub-operating system, and finally is sent to the second host port. And discarding the data once the second virtual switch receives the data with the address inconsistent with the address of the second host port, for example, the received address carried by the received data is the first host.
Example 3, the receive address configured by the first virtual switch is an address of the first host. The sending address configured by the first virtual switch is an address of the data storage system. And if the first virtual switch receives data of a non-backend storage system with a sending address, for example, the sending address carried by the received data is the address of the second host, discarding the data.
Example 4, the receive address configured by the second virtual switch is an address of the second host. The sending address configured by the second virtual switch is the address of the data storage system. And if the second virtual switch receives data of a non-backend storage system with a sending address, for example, the sending address carried by the received data is the address of the first host, discarding the data.
An embodiment of the present application further provides an information processing apparatus for a multi-host system, where the information processing apparatus is based on the multi-host system provided in any one of the embodiments of the present application, and as shown in fig. 4, the information processing apparatus includes:
a data receiving module 41, configured to receive first data through a first network card;
a sending address determining module 42, configured to determine, through the first network card, a source IP address carried by the first data;
the sending address analyzing module 43 is configured to enable the first virtual switch to disregard the first data if the source IP address carried by the first data is the IP address of the second host.
In one embodiment, the apparatus further comprises:
a first data transmission module, configured to forward the first data to the first host through the first virtual switch if a source IP address carried by the first data is an IP address of the data storage system.
In one embodiment, as shown in fig. 5, the apparatus further comprises:
the request forwarding module 51 is configured to forward a data acquisition request to an external switch through a first virtual switch in a first network card after the first host sends the data acquisition request;
the forwarding module 52 is configured to send, according to the data acquisition request, the second data acquired from the data storage system to the first network card through the external switch;
the target address determining module 53 is configured to determine a target IP address carried by the second data after the first network card receives the second data;
and the target address analysis module 54 is configured to, if the target IP address carried by the second data is not the IP address of the first host, cause the first virtual switch to disregard the second data.
In one embodiment, as shown in fig. 6, the apparatus further comprises:
and the data transmission module 61 is configured to, if the target IP address carried by the second data is the IP address of the first host, forward the second data to the first host by the first virtual switch.
The functions of each module in each apparatus in the embodiments of the present invention may refer to the corresponding description in the above method, and are not described herein again.
According to an embodiment of the present application, an electronic device and a readable storage medium are also provided.
As shown in fig. 7, it is a block diagram of an electronic device according to an information processing method of an embodiment of the present application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the present application that are described and/or claimed herein.
As shown in fig. 7, the electronic apparatus includes: one or more processors 701, a memory 702, and interfaces for connecting the various components, including a high-speed interface and a low-speed interface. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the electronic device, including instructions stored in or on the memory to display Graphical information for a Graphical User Interface (GUI) on an external input/output device, such as a display device coupled to the Interface. In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each device providing portions of the necessary operations (e.g., as a server array, a group of blade servers, or a multi-processor system). In fig. 7, one processor 701 is taken as an example.
The memory 702 is a non-transitory computer readable storage medium as provided herein. The memory stores instructions executable by the at least one processor, so that the at least one processor executes the information processing method provided by the application. The non-transitory computer-readable storage medium of the present application stores computer instructions for causing a computer to execute the information processing method provided by the present application.
The memory 702, which is a non-transitory computer-readable storage medium, may be used to store non-transitory software programs, non-transitory computer-executable programs, and modules, such as program instructions/modules corresponding to the information processing method in the embodiment of the present application (for example, the data receiving module 41, the transmission address determining module 42, and the transmission address analyzing module 43 shown in fig. 4). The processor 701 executes various functional applications of the server and data processing by executing non-transitory software programs, instructions, and modules stored in the memory 702, that is, implements the information processing method in the above-described method embodiment.
The memory 702 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the information processing electronic device, and the like. Further, the memory 702 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 702 may optionally include memory located remotely from processor 701, which may be connected to information handling electronics via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The electronic device of the information processing method may further include: an input device 703 and an output device 704. The processor 701, the memory 702, the input device 703 and the output device 704 may be connected by a bus or other means, and fig. 7 illustrates an example of a connection by a bus.
The input device 703 may receive input numeric or character information and generate key signal inputs related to user settings and function control of the information processing electronic apparatus, such as a touch screen, a keypad, a mouse, a track pad, a touch pad, a pointing stick, one or more mouse buttons, a track ball, a joystick, or other input devices. The output devices 704 may include a display device, auxiliary lighting devices (e.g., LEDs), and tactile feedback devices (e.g., vibrating motors), among others. The Display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) Display, and a plasma Display. In some implementations, the display device can be a touch screen.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, Integrated circuitry, Application Specific Integrated Circuits (ASICs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having a display device (e.g., a CRT (Cathode Ray Tube) or LCD (liquid crystal display) monitor) for displaying information to the user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, and the present invention is not limited thereto as long as the desired results of the technical solutions disclosed in the present application can be achieved.
The above-described embodiments should not be construed as limiting the scope of the present application. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. A multi-host system comprising a plurality of hosts, wherein,
a first network card is arranged in a first host computer in the plurality of host computers, the first network card is configured to run a first sub-operating system, and a first virtual switch is configured in the first sub-operating system; the first host is connected with an external switch through the first network card; the first sub-operating system is configured to be capable of controlling data transmission of the first network card; the external switch is used for transmitting data between the data storage system and the first host;
a second network card is arranged in a second host computer of the plurality of host computers, the second network card is configured to run a second sub-operating system, and a second virtual switch is configured in the second sub-operating system; the second host is connected with the external switch through the second network card; the second sub-operating system is configured to be capable of controlling data transmission of the second network card; the external switch is also used to transfer data between the data storage system and the second host.
2. The system of claim 1, wherein,
the first sub-operating system running on the first network card can load a network port of the first host so as to enable the first host to be connected with the external switch through the first network card;
the second sub-operating system running on the second network card can load the network port of the second host, so that the second host is connected with the external switch through the second network card.
3. The system of claim 1, wherein the port of the first host and the port of the first network card are mapped into the first sub-operating system, respectively, such that the first virtual switch is capable of transmitting data between the first host and the first network card;
and the port of the second host and the port of the second network card are respectively mapped into the second sub-operating system, so that the second virtual switch can transmit data between the second host and the second network card.
4. An information processing method for a multi-host system, the information processing method being based on the multi-host system according to any one of claims 1 to 3, the information processing method comprising:
the first network card receives first data;
the first network card determines a source IP address carried by the first data;
and if the source IP address carried by the first data is the IP address of the second host, the first virtual switch does not process the first data.
5. The method of claim 4, further comprising:
and if the source IP address carried by the first data is the IP address of the data storage system, the first virtual switch forwards the first data to the first host.
6. The method of claim 4, further comprising:
after the first host sends a data acquisition request, the first virtual switch in the first network card forwards the data acquisition request to the external switch;
according to the data acquisition request, the external switch sends second data acquired from the data storage system to the first network card;
after the first network card receives the second data, determining a target IP address carried by the second data;
and if the target IP address carried by the second data is not the IP address of the first host, the first virtual switch does not process the second data.
7. The method of claim 6, further comprising:
and if the target IP address carried by the second data is the IP address of the first host, the first virtual switch forwards the second data to the first host.
8. An information processing apparatus for a multi-host system, the information processing apparatus being based on the multi-host system according to any one of claims 1 to 3, the information processing apparatus comprising:
the data receiving module is used for receiving first data through the first network card;
a sending address determining module, configured to determine, through the first network card, a source IP address carried by the first data;
and the sending address analysis module is used for enabling the first virtual switch to not process the first data if the source IP address carried by the first data is the IP address of the second host.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 4-7.
10. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 4-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911272794.6A CN111092876B (en) | 2019-12-12 | 2019-12-12 | Multi-host system, electronic device, storage medium, information processing method and apparatus for multi-host system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911272794.6A CN111092876B (en) | 2019-12-12 | 2019-12-12 | Multi-host system, electronic device, storage medium, information processing method and apparatus for multi-host system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111092876A CN111092876A (en) | 2020-05-01 |
| CN111092876B true CN111092876B (en) | 2021-10-01 |
Family
ID=70395433
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911272794.6A Active CN111092876B (en) | 2019-12-12 | 2019-12-12 | Multi-host system, electronic device, storage medium, information processing method and apparatus for multi-host system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111092876B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112968867A (en) * | 2021-01-29 | 2021-06-15 | 北京首都在线科技股份有限公司 | Access control method, system, physical host and communication equipment |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109302466A (en) * | 2018-09-18 | 2019-02-01 | 华为技术有限公司 | Data processing method, related equipment and computer storage medium |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8726093B2 (en) * | 2010-06-30 | 2014-05-13 | Oracle America, Inc. | Method and system for maintaining direct hardware access in the event of network interface card failure |
| WO2013074827A1 (en) * | 2011-11-15 | 2013-05-23 | Nicira, Inc. | Architecture of networks with middleboxes |
| JP6605713B2 (en) * | 2016-11-09 | 2019-11-13 | 華為技術有限公司 | Packet processing method, host and system in cloud computing system |
| CN107278362B (en) * | 2016-11-09 | 2019-04-05 | 华为技术有限公司 | Method, host and system for message processing in cloud computing system |
| CN108243118B (en) * | 2016-12-27 | 2020-06-26 | 华为技术有限公司 | Method and physical host for forwarding packets |
| CN108259629B (en) * | 2016-12-28 | 2021-07-23 | 阿里巴巴集团控股有限公司 | Virtual internet protocol address switching method and device |
| CN107135134B (en) * | 2017-03-29 | 2019-09-13 | 广东网金控股股份有限公司 | Private network access method and system based on virtual switch and SDN technology |
| CN110417573A (en) * | 2019-05-20 | 2019-11-05 | 华为技术有限公司 | A kind of method and system of data transmission |
-
2019
- 2019-12-12 CN CN201911272794.6A patent/CN111092876B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109302466A (en) * | 2018-09-18 | 2019-02-01 | 华为技术有限公司 | Data processing method, related equipment and computer storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111092876A (en) | 2020-05-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7970852B2 (en) | Method for moving operating systems between computer electronic complexes without loss of service | |
| CN111327720A (en) | Network address conversion method, device, gateway equipment and storage medium | |
| US10942729B2 (en) | Upgrade of firmware in an interface hardware of a device in association with the upgrade of driver software for the device | |
| US20120215946A1 (en) | Discovery and configuration of device configurations | |
| US11023406B2 (en) | Preservation of port control block information related to logins and states of remote ports during a code load in an embedded port | |
| CN106557444B (en) | Method and device for realizing SR-IOV network card and method and device for realizing dynamic migration | |
| US10901725B2 (en) | Upgrade of port firmware and driver software for a target device | |
| US10579579B2 (en) | Programming interface operations in a port in communication with a driver for reinitialization of storage controller elements | |
| US10606780B2 (en) | Programming interface operations in a driver in communication with a port for reinitialization of storage controller elements | |
| CN112235417B (en) | Method and device for sending debugging instruction | |
| CN112286851B (en) | Server main board, server, control method, electronic device and readable medium | |
| CN110659246A (en) | Container-based file mounting method, device and electronic device | |
| CN111866092B (en) | Method, apparatus, electronic device and readable storage medium for message transmission | |
| US10623341B2 (en) | Configuration of a set of queues for multi-protocol operations in a target driver | |
| CN111092876B (en) | Multi-host system, electronic device, storage medium, information processing method and apparatus for multi-host system | |
| US10659348B2 (en) | Holding of a link in an optical interface by a lower level processor until authorization is received from an upper level processor | |
| CN111966471B (en) | Access method, device, electronic equipment and computer storage medium | |
| CN111770211A (en) | A kind of SNAT method, apparatus, electronic equipment and storage medium | |
| US20170039147A1 (en) | Access of virtual machines to storage area networks | |
| CN111416860B (en) | Transaction processing method and device based on block chain, electronic equipment and medium | |
| US20200257642A1 (en) | Seamless i/o in fibre channel point to point topology while a storage port is changed | |
| CN111008041A (en) | Command processing method, apparatus, electronic device and storage medium for host | |
| CN112925482B (en) | Data processing method, device, system, electronic equipment and computer storage medium | |
| CN115269497A (en) | Method and apparatus for configuring network file system | |
| CN112835837A (en) | Method, related apparatus and computer program product for establishing a data connection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |