| 主权项 |
1. A program product, comprising:
a tangible data storage device; and program code stored within the tangible data storage device that, when processed by a physical data processing system, causes the physical data processing system to:
instantiate, by a virtual machine monitor (VMM), a virtual machine (VM) separate from and hosted by the VMM, wherein the VM is configured as a virtual input/output server (VIOS) that provides input/output services for network communication;implement, in the VMM, a virtual switch, a virtual network, and a virtual router;perform routing and switching, utilizing the virtual switch and the virtual router of the VMM, for network communication between a plurality of other VMs on the virtual network;receive, by the VIOS, a packet of network communication between the plurality of other VMs on the virtual network and determine, by the VIOS by reference to a policy data structure of the VIOS, a disposition of the packet of network communication, wherein the disposition is dropping the packet;cache, in a flow cache of the VMM, the disposition determined by the VIOS, wherein the disposition is cached in the flow cache in association with a key identifying a packet flow containing the packet; andthereafter, access, by the VMM, the determined disposition in the flow cache and apply, by the VMM, the determined disposition to a subsequent packet in a same packet flow as the packet without reference to the policy data structure of the VIOS. |
