XenServer Network stack Mode bridge

Instead of developing a dedicated network stack pattern on the web itself, XenServer uses existing network stack patterns for integration. There are two main types of XenServer network stacks: Bridge and Openvswitch mode. Bridge is a Linux-system technology, and Openvswitch is an open-source Virtual Switch software. In this article I would like to talk about bridge stack mode.

Bridge Chinese is called the Bridge, the Linux bridge is through a virtual bridge device to achieve bridging, the device can be bound to a number of Ethernet interface devices, thereby bridging them up. In general, Bridge is switch, so you have the most basic functions of switch:

• Packet forwarding: the ability to forward packets from one port to another;

• Learn and maintain the PDB (forwarding database). Each switch has a PDB, knowing that the input packet should be forwarded by that port, and if there is no corresponding record in the PDB, broadcast the packet to get all the port information.

Note: The main function of the PDB is to record the correspondence between the MAC address and the port. In Linxu Bridge, the PDB is managed and maintained by Hashtable.

in XenServer, a server server is virtualized into multiple virtual machines, and the above virtual machine devices are implemented through virtualization technology. That is, the above virtual machine CPU, memory and IO devices are virtual simulation, each virtual machine in general, there is a virtual card. Our physical server device may have only one real physical network card (and there may be more than one, of course). When all the virtual machines need to communicate with the external network, can only use this physical network card for the actual communication, which will make all the virtual machines will share the function of this physical network card, so xenserver to handle the virtual network card and physical network card between the different virtual machines and packet forwarding. Based on the BRIDGR network stack pattern, the XenServer bridge stack schema diagram shows:

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/78/0E/wKiom1Z0_GzQT7kzAACGageq7JM035.png "title=" 2.png " alt= "Wkiom1z0_gzqt7kzaacgageq7jm035.png"/>

This image is from the official Xen community

XenServer will create a Linux Bridge device in Domain0, generally the first device is named (Bridge Xenbr0), for the real physical network card, called peth# (physicaleth#), and we see on the graph, XenServer in Domain0, a corresponding virtual network interface is created for each virtual machine's virtual NIC, named VIFN.M (Virtual INTERFACE.M), where n represents the number of the VM, M represents the number of the virtual network card for the virtual machine that corresponds to the interface. For example vif0.0 corresponds to the first virtual network card of Domain0 eth0,vif1.0 corresponding to Domainu#1 's first virtual NIC eth0.

to be more intuitive, I drew a diagram myself, below:

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/78/0C/wKioL1Z0_JuQDrhqAABgQmt8zMA759.png "title=" 2.png " alt= "Wkiol1z0_juqdrhqaabgqmt8zma759.png"/>

We can see that the physical network card Peth and the virtual NIC interface vif are connected to bridge above, the physical network card is responsible for all internal packet transfer and forwarding to the external network. So what does bridging the bridge mean? For example, our virtual machine vif are bridged to the XENBR0 device above, corresponding to the above protocol stack can only see a device, is xenbr0 device. Because bridging is implemented at the data link layer, the upper layer does not need to care about bridging details. When the external network packet arrives at the physical NIC, it is processed by the network card driver in Domain0 and then passed to the Peth interface, and the Peth interface passes the data to bridge, the XENBR0 device, The processing code of the bridge device is then judged by the destination MAC address of the packet to be forwarded to that virtual interface vif, and then by the Xen virtualization layer to handle the packet transfer between the VIF and the virtual network card in the virtual machine. In turn, the message received from the eth0 is submitted to the bridge's processing code, where it is judged to be forwarded, discarded, or committed to the upper layer of the protocol stack.

As mentioned above, the packet transfer between the VIF and the virtual machine is carried out by the Xen virtualization layer, so how does it work? The delivery of virtual network cards in vif and virtual machines depends on the type of virtual machine, which is full virtualization or semi-virtualized.

For semi-virtualized, the OS of the virtual machine is modified, the virtual machine itself knows that it is virtual, its virtual machine network uses the technology of driving separation, what does it mean? That is, the virtual machine's virtual network card to communicate, need to have 2 parts of the driver, called front-end drive and back-end driver, wherein the front-end driver is located in the virtual machine, the back-end driver is located in the Domain0, the communication between them through the page Exchange technology to pass information. So in the semi-virtualized, vif does not do any manipulation and processing of the packets forwarded to him by bridge, but forwards them to the back-end program, which is processed by the virtual machine's virtual network card.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/78/0E/wKiom1Z0_LOyQPZEAABcjP3FfrM147.png "title=" 2.png " alt= "Wkiom1z0_loyqpzeaabcjp3ffrm147.png"/>

What if it's a full-virtualization approach? The full virtualization approach is referred to as HVM in XenServer.

In full virtualization mode, the virtual machine itself does not make any modifications to the OS, and he does not know that he is running on a virtualized environment or even that he is virtual. So in full virtualization, hardware virtualization is required to intercept virtual machine access to hardware devices, and the QEMU emulator is used to emulate the virtual machine's device, such as a virtual network card, which is an open-source emulator for a complete PC system. In addition to the emulation processor, QEMU allows you to simulate all necessary subsystems, such as networking hardware and video hardware. It also allows for advanced conceptual simulations such as symmetric multi-processing systems (up to 255 CPUs) and other processor architectures such as ARM and PowerPC. Interested friends can go to find information to understand, in the back I will also write some related QEMU article. The data exchange between the physical network card and the virtual network card is accomplished through the association between the VIF and QEMU analog devices.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/78/0E/wKiom1Z0_MugFZ6aAABXYUC1je8931.png "title=" 2.png " alt= "Wkiom1z0_mugfz6aaabxyuc1je8931.png"/>

Let's say xenserver what are the components of the network-related management system and how to manage them?

In XenServer, the components associated with the virtual network are:

• Xend

• Brctl

• Linux Bridge Module

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/78/0C/wKioL1Z0_PHwDdjJAABgjcdLQWE205.png "title=" 2.png " alt= "Wkiol1z0_phwddjjaabgjcdlqwe205.png"/>

The following components are described:

1. Xend: This is the most important component for Xen to provide management and control services externally. He is in the application layer, is the user manages the virtual machine The entrance, provides the external XML-RPC protocol the API.

2, Linux Bridge module: This is the module of the Linux bridge, loaded into the kernel when the system starts.

3, Brctl:linux Bridge in the Application Layer command-line tools, so and bridge-related operations are implemented through the tool, in XenServer, Xe command through XAPI to Brctl operation.

4, xe:xenserver command line management tools. Used to perform the XAPI of the command passed to the input.

5. A C language Library of Libxenctrl:xen, Xend accesses hypervisor by invoking the function of this library.

6, Privcmd:domain 0 in the driver. Libxenctrl through this program for down access.

7, Xen hypervisor:xenserver software Abstraction Layer, is responsible for running and hardware on the different virtual machines to provide CPU scheduling and memory allocation and other functions.

Finally, say the physical NIC bindings in bridge mode.

In a virtualized environment, a virtual machine on a physical server typically has more than one, and they share the resources of the network, regardless of how the virtual switch is set, and finally communicate through the physical network card of the server and externally. If the server has only one network card, then all the virtual machines are shared a physical link, when the physical link problems, resulting in all the virtual machine network, the business system is a big impact. Second, more than one virtual machine using Unified network card the same link, but also as a resource contention, and in a very large amount of traffic, the physical network card processing performance may not be able to handle so much traffic at the same time. Therefore, in the production environment, we need to provide a number of network cards to bind to improve the network redundancy and high availability.

In bridge mode, a maximum of 2 NIC bindings are supported, and no more than 2 physical NIC bindings are supported. A binding of more than 2 blocks requires the use of Openvswitch mode.

Shows a schema diagram of the bound NIC

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/78/0C/wKioL1Z0_QzDYiCGAABF1MEbk6w159.png "title=" 2.png " alt= "Wkiol1z0_qzdyicgaabf1mebk6w159.png"/>

This image is from the Xen community

VLAN-based network card architecture diagram

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/78/0C/wKioL1Z0_SGRUk8UAAAoRhIhPbs934.png "title=" 2.png " alt= "Wkiol1z0_sgruk8uaaaorhihpbs934.png"/>

This image is from the Xen community

Architecture diagram for NIC bindings:

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/78/0E/wKiom1Z0_Sqz3f7VAAArpNaU0oY676.png "title=" 2.png " alt= "Wkiom1z0_sqz3f7vaaarpnau0oy676.png"/>

This image is from the Xen community

Architecture diagram based on bound NIC and VLAN:

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/78/0E/wKiom1Z0_UTz5gKhAAAuCBo5KGA386.png "title=" 2.png " alt= "Wkiom1z0_utz5gkhaaaucbo5kga386.png"/>

This image is from the Xen community

This article is from "I take fleeting chaos" blog, please be sure to keep this source http://tasnrh.blog.51cto.com/4141731/1726327

XenServer Network stack Mode bridge