CN105099779B - Multi-tenant cloud platform framework - Google Patents

Multi-tenant cloud platform framework Download PDF

Info

Publication number
CN105099779B
CN105099779B CN201510454198.5A CN201510454198A CN105099779B CN 105099779 B CN105099779 B CN 105099779B CN 201510454198 A CN201510454198 A CN 201510454198A CN 105099779 B CN105099779 B CN 105099779B
Authority
CN
China
Prior art keywords
address
data packet
mac
access control
media access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510454198.5A
Other languages
Chinese (zh)
Other versions
CN105099779A (en
Inventor
闫国旗
都海峰
杨轩嘉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong three hundred and sixty degree e-commerce Co., Ltd.
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201510454198.5A priority Critical patent/CN105099779B/en
Publication of CN105099779A publication Critical patent/CN105099779A/en
Application granted granted Critical
Publication of CN105099779B publication Critical patent/CN105099779B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/58Association of routers
    • H04L45/586Association of routers of virtual routers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The host in a kind of cloud platform framework is described, including:At least one cloud host, arp response agency, internal switch, virtual router and external switch.Using the host in the cloud platform framework of the present invention, may be implemented to route data packet under the different host scene of rete mirabile section, rete mirabile section chummage hosting scenarios, the different host scene of same network segment and same network segment chummage hosting scenarios in multi-tenant cloud platform framework.

Description

Multi-tenant cloud platform framework
Technical field
The present invention relates to system for cloud computing, more particularly, to multi-tenant cloud platform framework.
Background technology
With the fast development of internet and cloud computing technology, how efficiently many IT companies all suffer to manage itself firmly The problem of part resource.For the network management of cloud computing large size computer room, one side physical network framework is not due to can It arbitrarily changes, the demand of upper-layer service development can not be adapted to very well;On the other hand, the demand of cloud computing multi-tenant scene is faced, Network Isolation is purely realized by physical equipment and is divided then time-consuming and laborious.For example, in the prior art scheme, mainly passing through VLAN modes realize that the network communication between different tenants is isolated, and are realized to network data by computer room physical network device Whole controls.However, the network architecture is highly coupled with hardware device, can not arbitrarily it change, the underaction in autgmentability.It is special It is not the diverse requirements that cannot be satisfied multi-tenant scene to network, and computer room maintenance work amoun is big, operation maintenance personnel needs are taken out More time maintenance network hardware setting.
Invention content
In order to solve the problems, such as that physical network device can not flexibly change, software defined network (SDN) and network virtualization (NFV) it flourishes in recent years, NFV realizes the forwarding and control of network packet based on the x86 platforms being widely used at present Function processed, SDN are a kind of realization methods of network virtualization, and core technology is by agreements such as OpenFlow by the network equipment Control plane is separated with data surface, and is the important directions of future network development.The present invention, which is proposed, to be realized based on SDN A kind of cloud computing multi-tenant scene overall network solution.
First aspect of the present invention it is proposed a kind of host in cloud platform framework, including:
At least one cloud host, is configured as:If the cloud host does not have the purpose media access control of data packet MAC Address, then the cloud host by internal switch to Address Resolution Protocol ARP response agent send ARP broadcast, pass through institute It states internal switch and receives the purpose to match with the purpose internet protocol address of data packet from arp response agency MAC Address encapsulates the data packet with the target MAC (Media Access Control) address received, and the data packet is sent to the internal friendship It changes planes;
The arp response agency is configured as when receiving the ARP broadcast from cloud host from internal switch, to Management server sends the purpose IP address of the data packet in received ARP broadcast, receives and counts from the management server According to the target MAC (Media Access Control) address that the purpose IP address of packet matches, and by the internal switch institute is sent to the cloud host State target MAC (Media Access Control) address;
The internal switch is configured as from the cloud host receiving data packet, if received from the cloud host The target MAC (Media Access Control) address of data packet is not the MAC Address of the first gateway of virtual router, then is controlled to software defined network SDN Device sends source MAC and the target MAC (Media Access Control) address of received data packet to ask the SDN controllers to determine and the source Whether the corresponding cloud host of MAC Address and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and institute Source MAC and the target MAC (Media Access Control) address are stated whether in the same host, when receiving instruction from the SDN controllers Cloud host corresponding with the source MAC and cloud host corresponding with the target MAC (Media Access Control) address have communication authority simultaneously And when the message of the source MAC and the target MAC (Media Access Control) address not in the same host, the data packet is sent to External switch;
Virtual router has the first gateway and the second gateway;And
Described external switch is configured as, when receiving data packet from the internal switch, passing through network tunnel The data packet is sent to another host.
Preferably, the cloud host is further configured to:If not receiving the data from arp response agency The target MAC (Media Access Control) address of packet, then not transmission data packet.
Preferably, the internal switch is further configured to:If the mesh of the data packet received from the cloud host MAC Address be the virtual router the first gateway MAC Address, then directly by the first gateway by the data packet turn Issue the virtual router;
Wherein, the virtual router is configured as:By the first gateway the number is received from the internal switch According to packet, the second gateway to match with the purpose IP address of the data packet is found according to routing table, by the mesh of the data packet MAC Address change into target MAC (Media Access Control) address corresponding with the destination IP address, the source MAC of the data packet is changed Become the MAC Address of second gateway, and the data packet is sent to by the inner exchanging by second gateway Machine;And
The internal switch is further configured to:The data packet is received from the virtual router, to the SDN Controller send source MAC and the target MAC (Media Access Control) address of received data packet with ask the SDN controllers determine with it is described The corresponding cloud host of source MAC and cloud host corresponding with the target MAC (Media Access Control) address whether have communication authority and Whether the source MAC and the target MAC (Media Access Control) address are in the same host, when receiving finger from the SDN controllers Show that cloud host corresponding with the source MAC and cloud host corresponding with the target MAC (Media Access Control) address have communication authority And when the message of the source MAC and the target MAC (Media Access Control) address not in the same host, the data packet is sent To described external switch.
Preferably, the virtual router is further configured to:If do not found according to routing table and the data packet The second gateway for matching of purpose IP address, then do not send the data packet.
Preferably, the internal switch is further configured to:If described being received from the virtual router The forwarding instruction for indicating the source MAC and the target MAC (Media Access Control) address is not received after data packet from the SDN controllers Or receive message and abandon instruction, then the data packet is not sent.
Preferably, the internal switch is further configured to:When from the SDN controllers receive instruction with it is described The corresponding cloud host of source MAC and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and described When message in the same host of source MAC and the target MAC (Media Access Control) address, the data packet is sent to and the mesh The second cloud host for matching of MAC Address.
Preferably, the internal switch is further configured to:When from the SDN controllers receive instruction with it is described The corresponding cloud host of source MAC and cloud host corresponding with the target MAC (Media Access Control) address do not have the message of communication authority When, the data packet is not forwarded.
Preferably, the virtual router is established by Linux NameSpaces mechanism.
Preferably, firewall protection is realized in the virtual router.
Preferably, network address translation nat feature is realized in the virtual router.
In the second aspect of the present invention, it is proposed that a kind of host routing data packet in cloud platform framework Method, including:
If at least one cloud host does not have the purpose MAC address of data packet, the cloud host By internal switch ARP broadcast is sent to Address Resolution Protocol ARP response agent;
The arp response agency is when receiving the ARP broadcast from cloud host from internal switch, to management server The purpose IP address for sending the data packet in received ARP broadcast, the purpose with data packet is received from the management server The target MAC (Media Access Control) address that internet protocol address matches, and institute is sent to the cloud host by the internal switch State target MAC (Media Access Control) address;
The cloud host receives the IP address phase with data packet by the internal switch from arp response agency The target MAC (Media Access Control) address matched encapsulates the data packet with the target MAC (Media Access Control) address received, and the data packet is sent to institute State internal switch;
The internal switch receives the data packet from the cloud host, if the data packet received from the cloud host Target MAC (Media Access Control) address be not virtual router the first gateway MAC Address, then to software defined network SDN controllers send The source MAC and target MAC (Media Access Control) address of received data packet are to ask the SDN controllers to determine and the source MAC Whether corresponding cloud host and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and the source MAC Whether address and the target MAC (Media Access Control) address indicate and the source in the same host when being received from the SDN controllers The corresponding cloud host of MAC Address and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and the source When message not in the same host of MAC Address and the target MAC (Media Access Control) address, the data packet is sent to external exchange Machine;And
Described external switch receives the data packet from the internal switch, and by network tunnel by the number It is sent to another host according to packet.
Preferably, the method further includes:If the cloud host does not receive the data from arp response agency The target MAC (Media Access Control) address of packet, then the cloud host not transmission data packet.
Preferably, the method further includes:
If the target MAC (Media Access Control) address for the data packet that the internal switch is received from the cloud host is the virtual flow-line The data packet is then directly transmitted to the virtual router by the MAC Address of the first gateway of device by the first gateway;
The virtual router receives the data packet by the first gateway from the internal switch, is looked for according to routing table The second gateway to match to the purpose IP address with the data packet, by the target MAC (Media Access Control) address of the data packet change into The source MAC of the data packet is changed into second gateway by the corresponding target MAC (Media Access Control) address in the destination IP address MAC Address, and the data packet is sent to by the internal switch by second gateway;
The internal switch receives the data packet from the virtual router, is connect to SDN controllers transmission The source MAC and target MAC (Media Access Control) address of the data packet of receipts are opposite with the source MAC to ask the SDN controllers to determine Whether the cloud host and cloud host corresponding with the target MAC (Media Access Control) address answered have communication authority and the source MAC With the target MAC (Media Access Control) address whether in the same host, indicated and the source MAC when being received from the SDN controllers The corresponding cloud host in address and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and the source MAC When message not in the same host of address and the target MAC (Media Access Control) address, the data packet is sent to external switch; And
Described external switch receives the data packet from the internal switch, and by network tunnel by the number It is sent to another host according to packet.
Preferably, the method further includes:If the virtual router is not found and the data packet according to routing table The second gateway for matching of purpose IP address, then the virtual router do not send the data packet.
Preferably, the method further includes:If the internal switch from the virtual router described in receiving The forwarding instruction for indicating the source MAC and the target MAC (Media Access Control) address is not received after data packet from the SDN controllers Or receive message and abandon instruction, then the internal switch does not send the data packet.
Preferably, the method further includes:
When the internal switch receives instruction cloud master corresponding with the source MAC from the SDN controllers Machine and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and the source MAC and the purpose MAC When message in same host, the data packet is sent to and the target MAC (Media Access Control) address according to the target MAC (Media Access Control) address The the second cloud host to match.
Preferably, the method further includes:
When the internal switch receives instruction cloud master corresponding with the source MAC from the SDN controllers When machine and cloud host corresponding with the target MAC (Media Access Control) address do not have the message of communication authority, the data packet is not forwarded.
Preferably, the virtual router is established by Linux NameSpaces mechanism.
Preferably, firewall protection is realized in the virtual router.
Preferably, network address translation nat feature is realized in the virtual router.
In the third aspect of the present invention, it is proposed that the host in a kind of cloud platform framework, including:
External switch is configured as through network tunnel received data packet, and the data packet is transmitted to inside Interchanger;
The internal switch is configured as sending the source of received data packet to software defined network SDN controllers MAC address and target MAC (Media Access Control) address and source internet protocol IP address and purpose IP address are described to ask SDN controllers determine the port for sending the data packet in the internal switch, receive and indicate from the SDN controllers The message of port in the internal switch for sending the data packet, and sent out the data packet by the port It is sent to the recipient's cloud host to match with the target MAC (Media Access Control) address;And
Recipient's cloud host is configured as receiving the data packet from the internal switch by the port.
In the fourth aspect of the present invention, it is proposed that a kind of host routing data packet in cloud platform framework Method, including:
By network tunnel received data packet at external switch, and the data packet is transmitted to inner exchanging Machine;
The source media that received data packet is sent to software defined network SDN controllers at the internal switch are visited Control MAC Address and target MAC (Media Access Control) address and source internet protocol IP address and purpose IP address are asked to ask the SDN to control Device determines the port for sending the data packet in the internal switch, and it is described interior to receive instruction from the SDN controllers The message of port in portion's interchanger for sending the data packet, and by the port by the data packet be sent to Recipient's cloud host that the target MAC (Media Access Control) address matches;And
Recipient's cloud host receives the data packet by the port from the internal switch.
In the fifth aspect of the present invention, it is proposed that a kind of cloud platform framework, including it is multiple according to above-mentioned first aspect and Host, management server and software defined network SDN controllers in three aspects described in either side, wherein
The management server be configured as from the arp response act on behalf of receive ARP broadcast, according to the ARP broadcast and The arp response acts on behalf of the identifier lookup local pool of the host at place to obtain the target MAC (Media Access Control) address of data packet, and The target MAC (Media Access Control) address is sent to the arp response agency;And
The SDN controllers are configured as receiving from the internal switch corresponding with the source MAC to determination Cloud host and cloud host corresponding with the target MAC (Media Access Control) address whether have communication authority and the source MAC and The target MAC (Media Access Control) address whether the request in the same host, and to the internal switch send instruction with it is described The corresponding cloud host of source MAC and cloud host corresponding with the target MAC (Media Access Control) address whether have communication authority and The source MAC and the target MAC (Media Access Control) address whether the message in the same host.
In the sixth aspect of the present invention, it is proposed that a kind of method in cloud platform framework, including according to above-mentioned second aspect With the method described in either side in fourth aspect, and further include:
The management server is acted on behalf of from the arp response receives ARP broadcast, is rung according to ARP broadcast and the ARP The identifier lookup local pool of host where should acting on behalf of is to obtain the target MAC (Media Access Control) address of data packet, and by the mesh MAC Address be sent to arp response agency;And
The SDN controllers are received from the internal switch to determining cloud host corresponding with the source MAC Whether corresponding cloud host has communication authority and the source MAC and the purpose with the target MAC (Media Access Control) address MAC Address whether the request in the same host, and to the internal switch send instruction with the source MAC Whether corresponding cloud host and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and the source MAC Address and the target MAC (Media Access Control) address whether the message in the same host.
The present invention provides one by means of the x86 platforms and SDN technologies that are widely present for cloud computing computer room multi-tenant scene The landing solution of the network virtualization and Network Isolation of kind high flexibility.Pass through virtual subnet, virtual router and net The mechanism such as network tunnel make the network formed between tenant's cloud host and the physical network of computer room level decouple and come, to make own On a complete software defined network network, the flexibility of management greatly improves cloud host work.
Description of the drawings
Fig. 1 shows showing for subnet in multi-tenant cloud platform framework according to an embodiment of the invention and virtual router It is intended to;
Fig. 2 shows the schematic diagrames of multi-tenant cloud platform framework according to an embodiment of the invention;
Fig. 3 shows the schematic diagram of the host in multi-tenant cloud platform framework according to an embodiment of the invention;And
Fig. 4 A~4D show it is according to an embodiment of the invention multi-tenant cloud platform framework routing data packet not Same scene.
Specific implementation mode
First, the function of the subnet and virtual router in multi-tenant cloud platform framework is described referring to Fig.1.In multi-tenant cloud In platform architecture, by logical subnetwork (hereinafter referred to as " subnet ") to manage the cloud host resource of user, and set based on subnet Communications boundary (as shown in Figure 1) between each cloud host.Cloud host is the web hosting service that cloud computing manufacturer provides a user, Cloud host belongs to the service of Iaas levels.User need to specify when creating subnet subnet IP without Route Selection in class field (CIDR), to be the subnet cloud host assignment IP address.Virtual router can be based on to realize across subnetwork communicating, network address Convert the functions such as (NAT) and fire wall.If it is desired to the communication between realizing multiple subnets of same user, then it only need to be by this A little gateway is linked to the same virtual router (vRouter).The number of cloud host between different hosts machine is encapsulated by network tunnel According to packet, upper layer physical network device is avoided to perceive and learn lower stratus host information, to logically ensure cloud mainframe network With the independence of physical network.SDN controllers can accurately control communication license and data flow between each cloud host.
The function of various components in cloud platform framework is described referring to Fig. 2.Cloud platform framework includes management server 210, SDN controllers 220, host agency 230, virtual switch, virtual router and arp response agency.
Management server 210 is for all related hosts under the overall leadership and cloud host information, and its major function includes:To Host agency 230 issues behavior command, is controlled come cloud host to each host and thereon;And it externally provides The control Application Program Interface (API) of RESTFUL styles, for applications of plugging into (APP).
SDN controllers 220 are responsible for issuing control instruction to virtual switch, and its major function includes:Based on tenant Communication license between subnet judgement cloud host;And to specify opposite end IP across the network tunnel of host dynamic.
Host agency 230 is the Agent operated on host, and its major function includes:It receives and responds The instruction that management server issues;Establish and safeguard the virtual network environment on host, which includes cloud master Machine Microsoft Loopback Adapter, virtual switch and virtual router;And the resource metrics information of acquisition host and each cloud host, and and When report and early warning.
Virtual switch is the interchanger based on software realization, and current most commonly used virtual switch software is OpenvSwitch.The major function of virtual switch includes:Data packet forwarding strategy is obtained from SDN controllers, and is followed successively by pass Join cloud host and data exchanging function is provided;And it is supported to provide network communication tunnel across the communication of host.
Virtual router is by the virtual router of Linux NameSpace Mechanism establishings, and its major function includes: Gateway and three-layer routing service are provided for the cloud host in each subnet;Outer net is accessed for cloud host, and network N AT functions are provided;With And the security strategy specified according to user, provide firewall services for each associated container.
Arp response agency is responsible for the local cloud host broadcast of response, and its major function includes:For cloud inside this host The ARP broadcast that host is sent out provides response;And obtain arp response data from management server.
Cloud platform framework is mainly established in the following manner.First, management server is established.Management server is entire The control brain of network of computer room framework, its rear end are based on each tenant of database purchase, subnet, cloud host and the relevant letter of network Breath.Management server sends corresponding host according to API Calls and instructs, and realizes the setting to host cluster.
Then, virtual switch on host is arranged by host Agent.It is each in same host in order to ensure Communication efficiency between cloud host, and facilitate debugging thing and north and south flow, two virtual friendships are all established on every host It changes planes (internal switch (switch_inner) in referenced in schematic 3 and external switch (switch_outer)), switch_ Inner interchangers are mainly used to realize that the network communication between local cloud host, switch_outer are mainly used to send and receive Across the network flow of host.Flow between wherein switch_outer and other hosts needs to encapsulate by network tunnel, Reason for doing so is that different tenants may establish the subnet of identical private ip section, although these IP repeated are to each rent Family is sightless, but but will produce route flapping problem for network of computer room equipment, therefore is patrolled to shield cloud host Subnet is collected to the visibility of upper layer device, has to be put into the tunnels such as VXLAN across the flow of host and transmit.
Then, virtual router on host is arranged by host Agent.It needs to establish inside virtual router The gateway of each association subnet, if the same virtual router of two sub-network correlations of same tenant, passes through the virtual road Communication across subnet is realized by device.For example, if a certain virtual router is associated with tri- subnets of A, B, C, then the virtual road By then needing respectively these three subnets to establish a gateway inside device, so as to the intercommunication between these three subnets.In addition, due to cloud The IP that host is distributed is the privately owned network segment, can not directly access outer net, this programme in virtual router by realizing NAT work( It can ensure that cloud host is able to access that outer net.Meanwhile the firewall protection provided cloud host is also realized in virtual router.
Next, establishing the arp response agency on host.Although different tenants may use identical IP sections of subnet, But the corresponding MAC Address of each of which IP must be fixed for a certain tenant, this requires the clouds to each tenant Host A RP broadcast can respond accurate MAC Address, and arp response agency is exactly to be arranged to solve this demand.In addition In order to ensure ARP proxy response authority, when cloud host send out ARP broadcast when, by virtual switch by broadcast packet only It is sent on the port of arp response agency, can also greatly reduce the number of broadcast times of computer room level in this way, reduce the wind of broadcast storm Danger.
Finally, SDN controllers are set.One main purpose of SDN network is realized to network equipment spirit by software Living effectively to control, the virtual switch on each host is required for one SDN controller of association after start-up, all by void The packet path of quasi- interchanger forwarding will be judged forward by controller.Controller mainly does the judgement of three aspects:On Whether the packet of report, which allows, forwards, which the IP of opposite end host is when which switch port and across host forwarding are walked in forwarding One.
In order to ensure the high-performance and High Availabitity of whole system, management server and SDN controllers will be with the shapes of cluster Formula externally provides service.
The structure of host 1 in cloud platform framework is described below with reference to Fig. 3 and Fig. 4.Host includes at least one Cloud host, internal switch (switch_inner), virtual router (vRouter), external switch (switch_outer), And arp response agency.At least one cloud host includes the first cloud host (cloud host 1 as shown in Figure 4).
When by 1 transmission data packet of host, if the first cloud host is configured as the first cloud host and does not have data The target MAC (Media Access Control) address of packet, then the first cloud host acted on behalf of to arp response by internal switch and send ARP broadcast, pass through internal hand over It changes planes and receives the target MAC (Media Access Control) address to match with the purpose internet protocol address of data packet from arp response agency, with being connect The target MAC (Media Access Control) address encapsulated data packet of receipts, and deliver a packet to internal switch.Alternatively, the first cloud host by into One step is configured to:If the target MAC (Media Access Control) address of data packet is not received from arp response agency, not transmission data packet.
Arp response agency is configured as, when receiving the ARP broadcast from cloud host from internal switch, taking to management The purpose IP address for the data packet being engaged in the received ARP broadcast of device transmission, the purpose with data packet is received from management server The target MAC (Media Access Control) address that IP address matches, and target MAC (Media Access Control) address is sent to the first cloud host by internal switch.
Internal switch is configured as from the first cloud host receiving data packet, if the data packet received from the first cloud host Target MAC (Media Access Control) address be not virtual router the first gateway MAC Address (same network segment situation), then to SDN controllers send The source MAC and target MAC (Media Access Control) address of received data packet are corresponding with source MAC to ask SDN controllers to determine Whether cloud host and cloud host corresponding with target MAC (Media Access Control) address have communication authority and source MAC and target MAC (Media Access Control) address Whether in the same host, when receiving instruction cloud host corresponding with source MAC and and purpose from SDN controllers The corresponding cloud host of MAC Address has communication authority and source MAC and target MAC (Media Access Control) address be not in the same host Message when, deliver a packet to external switch (the different host situation of same network segment, as shown in Figure 4 C).Alternatively, internal Interchanger, which is further configured to work as from SDN controllers, receives instruction cloud host corresponding with source MAC and and purpose The corresponding cloud host of MAC Address has communication authority and source MAC and target MAC (Media Access Control) address are in the same host When message, the second cloud host (the same network segment chummage masters scenario, such as figure to match with target MAC (Media Access Control) address is delivered a packet to Shown in 4A).Alternatively, internal switch is further configured to opposite with source MAC when receiving instruction from SDN controllers When the cloud host and cloud host corresponding with target MAC (Media Access Control) address answered do not have the message of communication authority, data packet is not forwarded.Its In, virtual router has the first gateway and the second gateway.
External switch is configured as when receiving data packet from internal switch, is sent out data packet by network tunnel It is sent to another host.
Alternatively, internal switch is further configured to:If the purpose MAC for the data packet that the first cloud host receives Location is the MAC Address (rete mirabile section) of the first gateway of virtual router, then data packet is directly transmitted to void by the first gateway Quasi- router.
Virtual router is configured as receiving data packet from internal switch by the first gateway, is found according to routing table The second gateway to match with the purpose IP address of data packet changes into the target MAC (Media Access Control) address of data packet and purpose IP address The source MAC of data packet is changed into the MAC Address of the second gateway, and passes through the second net by corresponding target MAC (Media Access Control) address Pass delivers a packet to internal switch.Alternatively, virtual router is further configured to:If do not looked for according to routing table The second gateway to match to the purpose IP address with data packet, then not transmission data packet.
Internal switch is further configured to, from virtual router received data packet, be received to the transmission of SDN controllers Data packet source MAC and target MAC (Media Access Control) address to ask SDN controllers to determine corresponding with source MAC cloud host With with target MAC (Media Access Control) address corresponding cloud host whether have communication authority and source MAC and target MAC (Media Access Control) address whether In the same host, when receiving instruction cloud host corresponding with source MAC and with purpose MAC from SDN controllers The corresponding cloud host in location has communication authority and source MAC and target MAC (Media Access Control) address not disappearing in the same host When breath, external switch (the different host situation of rete mirabile section, as shown in Figure 4 D) is delivered a packet to.Alternatively, inner exchanging Machine is further configured to when receiving instruction cloud host corresponding with source MAC and with purpose MAC from SDN controllers The corresponding cloud host in location has communication authority and the message of source MAC and target MAC (Media Access Control) address in the same host When, deliver a packet to the second cloud host (the rete mirabile section chummage masters scenario, such as Fig. 4 B institutes to match with target MAC (Media Access Control) address Show).Alternatively, internal switch is further configured to:It is corresponding with source MAC when receiving instruction from SDN controllers Cloud host and cloud host corresponding with target MAC (Media Access Control) address when not having the message of communication authority, do not forward data packet.Alternatively Ground, internal switch are further configured to:If do not connect from SDN controllers after receiving data packet from virtual router It receives the forwarding instruction of instruction source MAC and target MAC (Media Access Control) address or receives message and abandon instruction, then not transmission data packet.
In the present embodiment, virtual router is established by Linux NameSpaces mechanism.In virtual router Realize firewall protection and/or nat feature.
When by 2 received data packet of host, external switch is configured as through network tunnel received data packet, and And data packet is transmitted to internal switch;
The source media that internal switch is configured as sending received data packet to software defined network SDN controllers are visited Ask control MAC Address and target MAC (Media Access Control) address and source internet protocol IP address and purpose IP address to ask SDN controllers true Determine the port for being used for transmission data packet in internal switch, is received in instruction internal switch from SDN controllers for sending number According to the message of the port of packet, and the recipient's cloud host to match with target MAC (Media Access Control) address is delivered a packet to by port; And
Recipient's cloud host is configured as through port from internal switch received data packet.
The method that the 1 routing data packet of host in cloud platform framework is described below with reference to Fig. 3 and Fig. 4.
When by 1 transmission data packet of host, if the first cloud host at least one cloud host does not have data The target MAC (Media Access Control) address of packet, then the first cloud host by internal switch to arp response act on behalf of send ARP broadcast;Arp response generation It manages when receiving the ARP broadcast from cloud host from internal switch, is sent to management server in received ARP broadcast Data packet purpose IP address, the target MAC (Media Access Control) address to match with the purpose IP address of data packet is received from management server, And target MAC (Media Access Control) address is sent to the first cloud host by internal switch;First cloud host is rung by internal switch from ARP The target MAC (Media Access Control) address that the IP address of reception and data packet matches should be acted on behalf of, with the target MAC (Media Access Control) address encapsulation of data received Packet, and deliver a packet to internal switch;Internal switch is from the first cloud host receiving data packet, if from the first cloud The target MAC (Media Access Control) address for the data packet that host receives is not the MAC Address of the first gateway of virtual router, then to SDN controllers It is opposite with source MAC to ask SDN controllers to determine to send source MAC and the target MAC (Media Access Control) address of received data packet Whether the cloud host and cloud host corresponding with target MAC (Media Access Control) address answered have communication authority and source MAC and purpose MAC Address whether in the same host, when from SDN controllers receive instruction cloud host corresponding with source MAC and with The corresponding cloud host of target MAC (Media Access Control) address has communication authority and source MAC and target MAC (Media Access Control) address be not in the same host When message in machine, external switch is delivered a packet to;And external switch is from internal switch received data packet, and And another host is delivered a packet to by network tunnel.
If the first cloud host does not receive the target MAC (Media Access Control) address of data packet from arp response agency, the first cloud host is not Transmission data packet.
If the target MAC (Media Access Control) address for the data packet that internal switch is received from the first cloud host is the first of virtual router Data packet is then directly transmitted to virtual router by the MAC Address of gateway by the first gateway;Virtual router passes through the first net It closes from internal switch received data packet, the second gateway to match with the purpose IP address of data packet is found according to routing table, The target MAC (Media Access Control) address of data packet is changed into target MAC (Media Access Control) address corresponding with purpose IP address, by the source MAC of data packet The MAC Address of the second gateway is changed into location, and delivers a packet to internal switch by the second gateway;Internal switch From virtual router received data packet, the source MAC and target MAC (Media Access Control) address of received data packet are sent to SDN controllers To ask whether SDN controllers determine cloud host corresponding with source MAC and cloud host corresponding with target MAC (Media Access Control) address Have communication authority and source MAC and target MAC (Media Access Control) address whether in the same host, is received when from SDN controllers To indicate cloud host corresponding with source MAC and cloud host corresponding with target MAC (Media Access Control) address have communication authority and When message not in the same host of source MAC and target MAC (Media Access Control) address, external switch is delivered a packet to;With And external switch delivers a packet to another host from internal switch received data packet, and by network tunnel Machine.
If virtual router does not find the second gateway to match with the purpose IP address of data packet according to routing table, Virtual router not transmission data packet.
If internal switch does not receive instruction source after receiving data packet from virtual router from SDN controllers The forwarding of MAC Address and target MAC (Media Access Control) address instructs or receives message and abandons instruction, then internal switch not transmission data packet.
When internal switch from SDN controllers receive instruction cloud host corresponding with source MAC and with purpose MAC When the corresponding cloud host in address has communication authority and message in same host of source MAC and purpose MAC, root The the second cloud host to match with target MAC (Media Access Control) address is delivered a packet to according to target MAC (Media Access Control) address.
When internal switch from SDN controllers receive instruction cloud host corresponding with source MAC and with purpose MAC When the corresponding cloud host in address does not have the message of communication authority, data packet is not forwarded.
In the present embodiment, virtual router is established by Linux NameSpaces mechanism.In virtual router Realize firewall protection and/or nat feature.
When by 2 received data packet of host, by network tunnel received data packet at external switch, and will Data packet is transmitted to internal switch;
The source media interviews control of received data packet is sent to software defined network SDN controllers at internal switch MAC Address and target MAC (Media Access Control) address processed and source internet protocol IP address and purpose IP address are to ask in the determination of SDN controllers It is used for the port of transmission data packet in portion's interchanger, is received in instruction internal switch from SDN controllers and is used for transmission data packet Port message, and the recipient's cloud host to match with target MAC (Media Access Control) address is delivered a packet to by port;And
Recipient's cloud host is by port from internal switch received data packet.
Fig. 2 is turned to, cloud platform framework will be described in detail with reference to Fig. 2.In addition to above with reference to the host described in Fig. 3 and 4 Except structure, in cloud platform framework, management server, which is configured as acting on behalf of from arp response, receives ARP broadcast, wide according to ARP The identifier lookup local pool with the host where arp response agency is broadcast to obtain the target MAC (Media Access Control) address of data packet, and Target MAC (Media Access Control) address is sent to arp response agency;And SDN controllers be configured as from internal switch receive to determine with Whether the corresponding cloud host of source MAC and cloud host corresponding with target MAC (Media Access Control) address have communication authority and source MAC Address and target MAC (Media Access Control) address whether the request in the same host, and internally interchanger sends instruction with source MAC The corresponding cloud host in location and cloud host corresponding with target MAC (Media Access Control) address whether have communication authority and source MAC and Target MAC (Media Access Control) address whether the message in the same host.
The method in cloud platform framework is described in detail next, with reference to Fig. 2.In addition to above with reference to the place described in Fig. 3 and Fig. 4 Except the method for host routing data packet, further include in the method for cloud platform framework routing data packet:Management server from Arp response agency receives ARP broadcast, the identifier lookup local address of the host where ARP broadcast and arp response agency Target MAC (Media Access Control) address is sent to arp response agency by pond to obtain the target MAC (Media Access Control) address of data packet;And SDN controllers It is received from internal switch to determining cloud host corresponding with source MAC and cloud host corresponding with target MAC (Media Access Control) address Whether have communication authority and source MAC and target MAC (Media Access Control) address whether the request in the same host, and inwardly Portion's interchanger, which is sent, indicates whether cloud host corresponding with source MAC and cloud host corresponding with target MAC (Media Access Control) address have Standby communication authority and source MAC and target MAC (Media Access Control) address whether the message in the same host.
The present invention has the following advantages:The utilization rate to cheap x86 resources is promoted by NFV and SDN;It reduces to computer room object The reason network facilities directly relies on, and is convenient for the flexible control of network data;By logical subnetwork and SDN network, it is realized with a low cost Access isolation between tenant's cloud host;By distributed virtual router, the communication between the same tenant's cloud host of dynamic control, with And reinforcing is to the safety guarantee of each cloud host;And network of computer room broadcast is effectively reduced by arp response agency, reduce broadcast wind The possibility mutually detected between sudden and violent risk and tenant.
Above detailed description has elaborated inspection method and system by using schematic diagram, flow chart and/or example Numerous embodiments.In the case where this schematic diagram, flow chart and/or example include one or more functions and/or operation, It will be understood by those skilled in the art that each function and/or operation in this schematic diagram, flow chart or example can be by various Structure, hardware, software, firmware or substantially their arbitrary combination to realize individually and/or jointly.In one embodiment, If the stem portion of theme described in the embodiment of the present invention can pass through application-specific integrated circuit (ASIC), field programmable gate array (FPGA), digital signal processor (DSP) or other integrated formats are realized.However, those skilled in the art will appreciate that The some aspects of embodiments disclosed herein can equally be realized in integrated circuits on the whole or partly, be embodied as The one or more computer programs run on one or more computer are (for example, be embodied as in one or more computer The one or more programs run in system), it is embodied as the one or more program (examples run on the one or more processors Such as, it is embodied as the one or more programs run in one or more microprocessors), it is embodied as firmware, or substantially real It is now the arbitrary combination of aforesaid way, and those skilled in the art will be provided with design circuit and/or write-in is soft according to the disclosure The ability of part and/or firmware code.In addition, it would be recognized by those skilled in the art that the mechanism of theme described in the disclosure can be made It is distributed for the program product of diversified forms, and no matter actually is used for executing the concrete type of the signal bearing medium of distribution How, the exemplary embodiment of theme described in the disclosure is applicable in.The example of signal bearing medium includes but not limited to:It is recordable Type medium, such as floppy disk, hard disk drive, compact-disc (CD), digital versatile disc (DVD), digital magnetic tape, computer storage; And transmission type media, such as number and/or analogue communication medium are (for example, optical fiber cable, waveguide, wired communications links, channel radio Believe link etc.).
Although exemplary embodiment describing the present invention with reference to several, it is to be understood that, term used is explanation and shows Example property, term and not restrictive.The spirit or reality that can be embodied in a variety of forms without departing from invention due to the present invention Matter, it should therefore be appreciated that above-described embodiment is not limited to any details above-mentioned, and should be spiritual defined by appended claims Accompanying is all should be with the whole variations and remodeling widely explained, therefore fallen into claim or its equivalent scope in range to weigh Profit requires to be covered.

Claims (22)

1. the host in a kind of cloud platform framework, including:
At least one cloud host, is configured as:If the cloud host is with not having the purpose media access control MAC of data packet Location, then the cloud host by internal switch to Address Resolution Protocol ARP response agent send ARP broadcast, by described interior The purpose MAC that portion's interchanger is received from arp response agency and the purpose internet protocol address of data packet matches Location encapsulates the data packet with the target MAC (Media Access Control) address received, and the data packet is sent to the internal switch;
The arp response agency is configured as when receiving the ARP broadcast from cloud host from internal switch, to management Server sends the purpose IP address of the data packet in received ARP broadcast, from management server reception and data packet The target MAC (Media Access Control) address that matches of purpose IP address, and the mesh is sent to the cloud host by the internal switch MAC Address;
The internal switch is configured as from the cloud host receiving data packet, if the data received from the cloud host The target MAC (Media Access Control) address of packet is not the MAC Address of the first gateway of virtual router, then is sent out to software defined network SDN controllers Source MAC and the target MAC (Media Access Control) address of received data packet are sent to ask the SDN controllers to determine with the source MAC Whether the corresponding cloud host in location and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and the source Whether MAC Address and the target MAC (Media Access Control) address are in the same host, when receiving instruction and institute from the SDN controllers It states the corresponding cloud host of source MAC and cloud host corresponding with the target MAC (Media Access Control) address has communication authority and institute When stating the message of source MAC and the target MAC (Media Access Control) address not in the same host, the data packet is sent to outside Interchanger;
Virtual router has the first gateway and the second gateway;And
Described external switch is configured as when receiving data packet from the internal switch, by network tunnel by institute It states data packet and is sent to another host.
2. host according to claim 1, wherein the cloud host is further configured to:If not from the ARP Response agent receives the target MAC (Media Access Control) address of the data packet, then not transmission data packet.
3. host according to claim 1, wherein the internal switch is further configured to:If from described The target MAC (Media Access Control) address for the data packet that cloud host receives is the MAC Address of the first gateway of the virtual router, then directly passes through The data packet is transmitted to the virtual router by the first gateway;
Wherein, the virtual router is configured as:The data packet is received from the internal switch by the first gateway, The second gateway to match with the purpose IP address of the data packet is found according to routing table, by the purpose MAC of the data packet Address modification is target MAC (Media Access Control) address corresponding with the destination IP address, and the source MAC of the data packet is changed into institute The MAC Address of the second gateway is stated, and the data packet is sent to by the internal switch by second gateway;And
The internal switch is further configured to:The data packet is received from the virtual router, is controlled to the SDN Device sends source MAC and the target MAC (Media Access Control) address of received data packet to ask the SDN controllers to determine and the source Whether the corresponding cloud host of MAC Address and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and institute Source MAC and the target MAC (Media Access Control) address are stated whether in the same host, when receiving instruction from the SDN controllers Cloud host corresponding with the source MAC and cloud host corresponding with the target MAC (Media Access Control) address have communication authority simultaneously And when the message of the source MAC and the target MAC (Media Access Control) address not in the same host, the data packet is sent to Described external switch.
4. host according to claim 3, wherein the virtual router is further configured to:If according to road It does not find the second gateway to match with the purpose IP address of the data packet by table, does not then send the data packet.
5. host according to claim 3, wherein the internal switch is further configured to:If from institute It states after virtual router receives the data packet and does not receive the instruction source MAC and institute from the SDN controllers It states the forwarding instruction of target MAC (Media Access Control) address or receives message and abandon instruction, then do not send the data packet.
6. host according to any one of claim 1 to 5, wherein the internal switch is further configured to: When from the SDN controllers receive corresponding with the source MAC cloud host of instruction and with the target MAC (Media Access Control) address phase Corresponding cloud host has communication authority and the source MAC and the target MAC (Media Access Control) address are in the same host When message, the data packet is sent to the second cloud host to match with the target MAC (Media Access Control) address.
7. host according to any one of claim 1 to 5, wherein the internal switch is further configured to: When from the SDN controllers receive corresponding with the source MAC cloud host of instruction and with the target MAC (Media Access Control) address phase When corresponding cloud host does not have the message of communication authority, the data packet is not forwarded.
8. host according to any one of claim 1 to 5, wherein the virtual router is named by Linux Space machine is established.
9. host according to any one of claim 1 to 5, wherein realize fire prevention in the virtual router Wall is protected.
10. host according to any one of claim 1 to 5, wherein realize network in the virtual router Address conversion nat feature.
11. a kind of method for the host routing data packet in cloud platform framework, including:
If at least one cloud host does not have the purpose MAC address of data packet, the cloud host passes through Internal switch sends ARP broadcast to Address Resolution Protocol ARP response agent;
The arp response agency sends when receiving the ARP broadcast from cloud host from internal switch to management server The purpose IP address of data packet in the ARP broadcast received, receives from the management server and is interconnected with the purpose of data packet The target MAC (Media Access Control) address that fidonetFido IP address matches, and the mesh is sent to the cloud host by the internal switch MAC Address;
The cloud host is matched by the internal switch from the IP address of arp response agency reception and data packet Target MAC (Media Access Control) address encapsulates the data packet with the target MAC (Media Access Control) address received, and the data packet is sent in described Portion's interchanger;
The internal switch receives the data packet from the cloud host, if the mesh of the data packet received from the cloud host MAC Address be not virtual router the first gateway MAC Address, then to software defined network SDN controllers transmission connect The source MAC and target MAC (Media Access Control) address of the data packet of receipts are opposite with the source MAC to ask the SDN controllers to determine Whether the cloud host and cloud host corresponding with the target MAC (Media Access Control) address answered have communication authority and the source MAC With the target MAC (Media Access Control) address whether in the same host, indicated and the source MAC when being received from the SDN controllers The corresponding cloud host in address and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and the source MAC When message not in the same host of address and the target MAC (Media Access Control) address, the data packet is sent to external switch; And
Described external switch receives the data packet from the internal switch, and by network tunnel by the data packet It is sent to another host.
12. according to the method for claim 11, further including:If the cloud host is not acted on behalf of from the arp response and is received To the target MAC (Media Access Control) address of the data packet, then the cloud host not transmission data packet.
13. according to the method for claim 11, further including:
If the target MAC (Media Access Control) address for the data packet that the internal switch is received from the cloud host is the virtual router The data packet is then directly transmitted to the virtual router by the MAC Address of the first gateway by the first gateway;
The virtual router receives the data packet by the first gateway from the internal switch, according to routing table find with The second gateway that the purpose IP address of the data packet matches, by the target MAC (Media Access Control) address of the data packet change into it is described The source MAC of the data packet is changed into the MAC of second gateway by the corresponding target MAC (Media Access Control) address of purpose IP address Address, and the data packet is sent to by the internal switch by second gateway;
The internal switch receives the data packet from the virtual router, is received to SDN controllers transmission The source MAC and target MAC (Media Access Control) address of data packet are corresponding with the source MAC to ask the SDN controllers to determine Whether cloud host and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and the source MAC and institute Target MAC (Media Access Control) address is stated whether in the same host, is indicated and the source MAC when being received from the SDN controllers Corresponding cloud host and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and the source MAC When with message of the target MAC (Media Access Control) address not in the same host, the data packet is sent to external switch;And
Described external switch receives the data packet from the internal switch, and by network tunnel by the data packet It is sent to another host.
14. according to the method for claim 13, further including:If the virtual router is not found according to routing table and institute The second gateway that the purpose IP address of data packet matches is stated, then the virtual router does not send the data packet.
15. according to the method for claim 13, further including:If the internal switch connects from the virtual router It receives not receiving from the SDN controllers after the data packet and indicates the source MAC and the target MAC (Media Access Control) address Forwarding instruction receives message discarding instruction, then the internal switch does not send the data packet.
16. the method according to any one of claim 11 to 15, further includes:When the internal switch is from the SDN Controller, which receives, indicates cloud host corresponding with the source MAC and cloud master corresponding with the target MAC (Media Access Control) address When equipment is for message in same host of communication authority and the source MAC and the purpose MAC, according to the mesh MAC Address the data packet is sent to the second cloud host to match with the target MAC (Media Access Control) address.
17. the method according to any one of claim 11 to 15, further includes:
When the internal switch from the SDN controllers receive corresponding with the source MAC cloud host of instruction and When cloud host corresponding with the target MAC (Media Access Control) address does not have the message of communication authority, the data packet is not forwarded.
18. the method according to any one of claim 11 to 15, wherein the virtual router is ordered by Linux Name space mechanism is established.
19. the method according to any one of claim 11 to 15, wherein realize fire prevention in the virtual router Wall is protected.
20. the method according to any one of claim 11 to 15, wherein realize network in the virtual router Address conversion nat feature.
21. a kind of cloud platform framework, including multiple hosts according to any one of claim 1 to 10, management service Device and software defined network SDN controllers, wherein
The management server, which is configured as acting on behalf of from the arp response, receives ARP broadcast, is broadcasted according to the ARP and described The identifier lookup local pool of host where arp response agency is to obtain the target MAC (Media Access Control) address of data packet, and by institute It states target MAC (Media Access Control) address and is sent to the arp response agency;And
The SDN controllers are configured as receiving to determining cloud corresponding with the source MAC from the internal switch Whether host and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and the source MAC and described Target MAC (Media Access Control) address whether the request in the same host, and to the internal switch send instruction with the source MAC Whether the corresponding cloud host in address and cloud host corresponding with the target MAC (Media Access Control) address have communication authority and the source MAC Address and the target MAC (Media Access Control) address whether the message in the same host.
22. a kind of method in cloud platform framework includes the method according to any one of claim 11 to 20, and also Including:
The management server is acted on behalf of from the arp response receives ARP broadcast, according to ARP broadcast and the arp response generation The identifier lookup local pool of host where managing is to obtain the target MAC (Media Access Control) address of data packet, and by the purpose MAC Address is sent to the arp response agency;And
The SDN controllers from the internal switch receive to determine corresponding with source MAC cloud host and with Whether the corresponding cloud host of target MAC (Media Access Control) address is with having communication authority and the source MAC and the purpose MAC Location whether the request in the same host, and to the internal switch send instruction it is opposite with the source MAC Whether the cloud host and cloud host corresponding with the target MAC (Media Access Control) address answered have communication authority and the source MAC With the target MAC (Media Access Control) address whether the message in the same host.
CN201510454198.5A 2015-07-29 2015-07-29 Multi-tenant cloud platform framework Active CN105099779B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510454198.5A CN105099779B (en) 2015-07-29 2015-07-29 Multi-tenant cloud platform framework

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510454198.5A CN105099779B (en) 2015-07-29 2015-07-29 Multi-tenant cloud platform framework

Publications (2)

Publication Number Publication Date
CN105099779A CN105099779A (en) 2015-11-25
CN105099779B true CN105099779B (en) 2018-10-12

Family

ID=54579395

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510454198.5A Active CN105099779B (en) 2015-07-29 2015-07-29 Multi-tenant cloud platform framework

Country Status (1)

Country Link
CN (1) CN105099779B (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105591820B (en) * 2015-12-31 2020-05-08 北京轻元科技有限公司 High-extensible container network management system and method
CN105515978B (en) * 2016-01-08 2018-11-02 盛科网络(苏州)有限公司 Realize the method and device of distributed routing, physical host access
CN105955885B (en) * 2016-04-28 2018-06-29 中国农业银行股份有限公司 A kind of workflow automation tests system and method
CN106059915A (en) * 2016-07-20 2016-10-26 赛特斯信息科技股份有限公司 System and method for implementing limitation of north-south traffic of tenants based on SDN controller
CN106375112A (en) * 2016-08-25 2017-02-01 浪潮(北京)电子信息产业有限公司 Dedicated software defined network system
CN107948086A (en) * 2016-10-12 2018-04-20 北京金山云网络技术有限公司 A kind of data packet sending method, device and mixed cloud network system
CN106789667B (en) * 2016-11-21 2021-01-01 华为技术有限公司 Data forwarding method, related equipment and system
CN106850434B (en) * 2017-03-31 2020-08-25 联想(北京)有限公司 VXLAN transmission control method, system and processing equipment
CN107071045A (en) * 2017-05-08 2017-08-18 深信服科技股份有限公司 A kind of resource scheduling system based on multi-tenant
CN109802985B (en) * 2017-11-17 2021-01-29 北京金山云网络技术有限公司 Data transmission method, device, equipment and readable storage medium
CN108322391B (en) * 2017-12-29 2020-08-25 中国银联股份有限公司 Data transmission method based on flow table
CN109347715B (en) * 2018-07-17 2021-03-30 中国银联股份有限公司 Private network access method and system for external tenant
CN108989110A (en) * 2018-07-20 2018-12-11 浪潮电子信息产业股份有限公司 A kind of construction method and its relevant device of VPC network model
CN108900637A (en) * 2018-08-08 2018-11-27 北京百度网讯科技有限公司 Method for transmitting information and device
CN109361764B (en) * 2018-11-29 2021-02-05 杭州数梦工场科技有限公司 Service access method, device and equipment of inter-VPC and readable storage medium
CN110290174B (en) * 2019-05-24 2021-02-05 华为技术有限公司 Control method and control node of main master cluster
CN110912797B (en) * 2019-11-18 2021-12-24 新华三大数据技术有限公司 Method and device for forwarding broadcast message
CN112134778B (en) * 2020-09-25 2022-10-28 优刻得科技股份有限公司 Dynamic routing method, system, device and medium in hybrid cloud scenario
CN113452806B (en) * 2021-06-24 2022-10-04 上海道客网络科技有限公司 Container adaptation SDN network management method and system based on Kubernets system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103888369A (en) * 2014-04-10 2014-06-25 何顺民 Ethernet communication method and system and SDN exchanger
CN104205055A (en) * 2012-03-29 2014-12-10 瑞典爱立信有限公司 Implementing EPC in cloud computer with OPENFLOW data plane
CN104767676A (en) * 2014-01-03 2015-07-08 华为技术有限公司 Data message forwarding method and data message forwarding system in software defined network (SDN)
CN104780088A (en) * 2015-03-19 2015-07-15 杭州华三通信技术有限公司 Service message transmission method and equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8873398B2 (en) * 2011-05-23 2014-10-28 Telefonaktiebolaget L M Ericsson (Publ) Implementing EPC in a cloud computer with openflow data plane

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104205055A (en) * 2012-03-29 2014-12-10 瑞典爱立信有限公司 Implementing EPC in cloud computer with OPENFLOW data plane
CN104767676A (en) * 2014-01-03 2015-07-08 华为技术有限公司 Data message forwarding method and data message forwarding system in software defined network (SDN)
CN103888369A (en) * 2014-04-10 2014-06-25 何顺民 Ethernet communication method and system and SDN exchanger
CN104780088A (en) * 2015-03-19 2015-07-15 杭州华三通信技术有限公司 Service message transmission method and equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于OpenFlow网络的数据流管控系统的设计与实现;周昭;《中国优秀硕士学位论文全文数据库(信息科技辑)》;20150415(第04期);正文第6页第2.2节、图2-1、图2-2 *

Also Published As

Publication number Publication date
CN105099779A (en) 2015-11-25

Similar Documents

Publication Publication Date Title
CN105099779B (en) Multi-tenant cloud platform framework
US11863625B2 (en) Routing messages between cloud service providers
US10516590B2 (en) External health checking of virtual private cloud network environments
CN115699698B (en) Loop prevention in virtual L2 networks
US20230396540A1 (en) Address resolution using multiple designated instances of a logical router
JP6306640B2 (en) Providing logical networking capabilities for managed computer networks
US9781037B2 (en) Method and apparatus for advanced statistics collection
US8396946B1 (en) Managing integration of external nodes into provided computer networks
US9491002B1 (en) Managing communications involving external nodes of provided computer networks
US8988983B1 (en) Managing failure behavior for computing nodes of provided computer networks
CN116210204A (en) System and method for VLAN switching and routing services
US11757773B2 (en) Layer-2 networking storm control in a virtualized cloud environment
CN104639372A (en) Correlation method and system for overlay network based on SDN (Software Defined Network) and physical network
JP5679343B2 (en) Cloud system, gateway device, communication control method, and communication control program
CN116982306A (en) Extending IP addresses in overlay networks
CN116982295A (en) Packet flow in cloud infrastructure based on cached and non-cached configuration information
CN116724546A (en) RDMA (RoCE) cloud-scale multi-tenancy for converged Ethernet
US20230370371A1 (en) Layer-2 networking storm control in a virtualized cloud environment
CN116648892A (en) Layer 2networking storm control in virtualized cloud environments
CN116848827A (en) Invalidating cached flow information in cloud infrastructure
CN116648691A (en) Layer 2network using access control lists in virtualized cloud environments
CN116711270A (en) Layer 2networking information in virtualized cloud environments
CN116830547A (en) Layer 2networking spanning ports in virtualized cloud environments
CN117561705A (en) Routing policies for graphics processing units
JP2024503319A (en) Layer 2 networking information in virtualized cloud environments

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20191125

Address after: 100176 room 222, 2f, building C, No. 18, Kechuang 11th Street, Beijing Economic and Technological Development Zone, Daxing District, Beijing

Patentee after: Beijing Jingdong three hundred and sixty degree e-commerce Co., Ltd.

Address before: 100080 floor 1-4, west section 1-4, east section 11C, west area, Xishan Creative Park, No. 65, xingshikou Road, Haidian District, Beijing

Co-patentee before: Beijing Jingdong Century Commerce Co., Ltd.

Patentee before: Beijing Jingdong Shangke Information Technology Co., Ltd.

TR01 Transfer of patent right