Scalable policy management in an edge virtual bridging (EVB) environment

摘要

Embodiments of the invention relate to scalable policy management in an edge virtual bridging (EVB) environment. One embodiment includes a system including a physical end station including a hypervisor, wherein the physical end station creates at least one virtual machine (VM). A virtual station interface (VSI) database is coupled to a VM manager server. The VSI database stores policy information comprising one or more rules for different VM types and access rules. A policy management module is coupled to a switch adjacent to the physical end station. The policy management module generates a first table using at least a portion of the policy information, generates a second table with a portion of VM information received from the hypervisor for the VM, and uses the first table and the second table to retrieve and apply rules for the VM.

主权项

1. A computer program product comprising a computer-readable hardware storage medium having program code embodied therewith, the program code being executable by a switch to implement a method for scalable policy management in an edge virtual bridging (EVB) system, the method comprising:
fetching, by the switch, information from a virtual station interface (VSI) database; generating, by the switch, a first table for multiple different virtual machine (VM) types with at least a portion of the information from the VSI database; receiving, by the switch, a message including VM information for a created VM, wherein the VM information for the created VM comprises VSI type identification (ID) and a virtual local area network (VLAN) ID; generating, by the switch, a second table including the VM information and using information from the VSI database for the multiple different VM types; validating, by the switch, the message using a value of the VSI type ID to perform a lookup of the fetched VSI database; retrieving, by the switch, the address of the created VM from the first table based on using the VSI type ID and the network ID; retrieving, by the switch, rules associated with the retrieved address of the created VM and the VSI type ID from the second table; and applying, by the switch, the associated rules for the created VM.