CN105721487A - Information processing method and electronic equipment - Google Patents

Information processing method and electronic equipment Download PDF

Info

Publication number
CN105721487A
CN105721487A CN201610128726.2A CN201610128726A CN105721487A CN 105721487 A CN105721487 A CN 105721487A CN 201610128726 A CN201610128726 A CN 201610128726A CN 105721487 A CN105721487 A CN 105721487A
Authority
CN
China
Prior art keywords
address
packet
destination address
intranet
virtual machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610128726.2A
Other languages
Chinese (zh)
Other versions
CN105721487B (en
Inventor
吴娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201610128726.2A priority Critical patent/CN105721487B/en
Publication of CN105721487A publication Critical patent/CN105721487A/en
Application granted granted Critical
Publication of CN105721487B publication Critical patent/CN105721487B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention discloses an information processing method and electronic equipment. The information processing method comprises the following steps: determining whether a destination address of a data packet is a specified Internet protocol (IP) address or not, wherein the specified IP address is an Intranet IP address of equipment in a subnet which is connected with a first specified router; if the destination address is the specified IP address, determining an address attribute of the destination address; determining whether a source address of the data packet is an IP address of a second specified router or not, wherein the second specified router is a router for connecting Intranet with Extranet; and when the source address is not the IP address of the second specified router, determining whether to transmit the data packet to the destination address or not according to the address attribute of the destination address.

Description

Information processing method and electronic equipment
Technical field
The present invention relates to communications field art, particularly relate to a kind of information processing method and electronic equipment.
Background technology
At present than the network model of more typical many tenants virtualized environment.Each tenant can create multiple privately owned subnet, and being positioned at the virtual machine within same subnet can intercommunication.Each tenant creates and safeguards an independent virtual router, connects subnet and the external network of different tenant.
If the virtual machine in subnet has extranet access authority, then can distribute outer net Internet protocol (InternetProtocol for this virtual machine, IP) address, if virtual machine has accesses the authority of other subnets in Intranet, just distributes IP address of internal network for this virtual machine.
IP address of internal network thus can be utilized directly to access other subnets, but problem that may be present is, directly accessing between Intranet, some safety problems may be related to, therefore how to ensure the safety when mutually accessing of the subnet between different tenant, it is that prior art needs the further problem solved.
Summary of the invention
In view of this, embodiment of the present invention expectation provides a kind of information processing method and electronic equipment, the problem that at least part of safety solving mutually to access between subnet is low.
For reaching above-mentioned purpose, the technical scheme is that and be achieved in that:
Embodiment of the present invention first aspect provides a kind of information processing method, including:
Whether the destination address determining packet is specify internet protocol address;Wherein, described assigned I P address is the IP address of internal network of the equipment in the subnet that the first Designated Router connects;
If described destination address is described assigned I P address, it is determined that the address properties of described destination address;
Determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;
When the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address.
Based on such scheme, described method also includes:
When the IP address that described source address is described second Designated Router, it is determined that send described packet to described destination address.
Based on such scheme, described when the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address, including:
When described source address is not described second Designated Router IP address, and described address properties shows when described destination address accesses for refusal Intranet, it is determined that do not send described packet to described destination address.
Based on such scheme, described when the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address, including:
When described source address is not described second Designated Router IP address, and described address properties shows, when described destination address accesses for restriction Intranet, to inquire about the access rights of described source address;
When described source address has access rights, it is determined that send described packet to described receiving terminal;
When described source address does not have access rights, it is determined that do not send described packet to described receiving terminal.
Based on such scheme, described when the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address, including:
When the IP address that described source address is not described second Designated Router, and when described address properties shows described destination address for allowing Intranet to access, it is determined that send described packet to described destination address.
Embodiment of the present invention second aspect provides a kind of information processing method, and described method includes:
The distribution request of the Intranet internet protocol address of sink virtual machine;
Respond described distribution request, obtain the Intranet access rights of virtual machine;
According to described Intranet access rights, distribute IP address of internal network for described virtual machine and address properties is set;
Described IP address of internal network and described address properties are sent to the subnet router at described virtual machine place.
Based on such scheme, described method also includes:
Respond described distribution request, obtain the extranet access authority of virtual machine;
If virtual machine has extranet access authority, then it is described virtual machine distribution outer net IP address, and sets up the mapping relations of described outer net IP address and described IP address of internal network.
The embodiment of the present invention third aspect provides a kind of electronic equipment, including:
First storage medium, is used for storing the first executable code;
First processor, it is connected with described first storage medium, it is possible to be used for reading and perform described first executable code, wherein, when described first processor performs described first executable code, it is possible to for determining that whether the destination address of packet is specify internet protocol address;Wherein, described assigned I P address is the IP address of internal network of the equipment in the subnet that the first Designated Router connects;If described destination address is described assigned I P address, it is determined that the address properties of described destination address;Determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;When the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address.
Based on such scheme, described first processor, additionally it is possible to by performing described first executable code, for when the IP address that described source address is described second Designated Router, it is determined that send described packet to described destination address.
Based on such scheme, described first processor, can also pass through to perform described first executable code, for not being described second Designated Router IP address when described source address, and described address properties shows when described destination address accesses for refusal Intranet, it is determined that do not send described packet to described destination address.
Based on such scheme, described first processor, it is possible to by performing described first executable code, specifically for not being described second Designated Router IP address when described source address, and described address properties shows, when described destination address accesses for restriction Intranet, to inquire about the access rights of described source address;When described source address has access rights, it is determined that send described packet to described receiving terminal;When described source address does not have access rights, it is determined that do not send described packet to described receiving terminal.
Based on such scheme, described first processor, can pass through to perform described first executable code, during specifically for not being the IP address of described second Designated Router when described source address, and described address properties is when showing described destination address for allowing Intranet to access, it is determined that send described packet to described destination address.
Embodiment of the present invention fourth aspect provides a kind of electronic equipment, including:
Second storage medium, is used for storing the second executable code;
Second processor, is connected with described second storage medium, it is possible to be used for reading and perform described second executable code,
Communication interface, is connected with described second storage medium and described second processing unit respectively;
Wherein, when described second processor performs described second executable code, it is possible to for controlling the distribution request of the Intranet internet protocol address of communication interface sink virtual machine;Respond described distribution request, obtain the Intranet access rights of virtual machine;According to described Intranet access rights, distribute IP address of internal network for described virtual machine and address properties is set;And control described communication unit described IP address of internal network and described address properties are sent to the subnet router at described virtual machine place.
Based on such scheme, described second processor, by performing described second executable code, it is additionally operable to respond described distribution request, obtains the extranet access authority of virtual machine;If virtual machine has extranet access authority, then it is described virtual machine distribution outer net IP address, and sets up the mapping relations of described outer net IP address and described IP address of internal network.
The information processing method of embodiment of the present invention offer and electronic equipment, the destination address of packet and the address properties of destination address will be extracted, utilize the mutual access to control between subnet of the destination address attribute, between so comparable minimizing subnet when not past the second Designated Router or other safety equipment, directly mutually access, in Intranet, the phenomenon that the safety caused is low.
Accompanying drawing explanation
The schematic flow sheet of the first information processing method that Fig. 1 provides for the embodiment of the present invention;
The structural representation of a kind of network architecture that Fig. 2 provides for the embodiment of the present invention;
The schematic flow sheet of the second information processing method that Fig. 3 provides for the embodiment of the present invention;
The schematic flow sheet of the third information processing method that Fig. 4 provides for the embodiment of the present invention;
The schematic flow sheet of the 4th kind of information processing method that Fig. 5 provides for the embodiment of the present invention;
The structural representation of the first electronic equipment that Fig. 6 provides for the embodiment of the present invention;
The structural representation of the second electronic equipment that Fig. 7 provides for the embodiment of the present invention;
The structural representation of the third electronic equipment that Fig. 8 provides for the embodiment of the present invention.
Detailed description of the invention
Below in conjunction with Figure of description and specific embodiment technical scheme done and further elaborate.
Embodiment one:
As it is shown in figure 1, the present embodiment provides a kind of information processing method, including:
Step S110: whether the destination address determining packet is specify internet protocol address;Wherein, described assigned I P address is the IP address of internal network of the equipment in the subnet that the first Designated Router connects;
Step S120: if described destination address is described assigned I P address, it is determined that the address properties of described destination address;
Step S130: determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;
According to the address properties of described destination address, step S140: when the IP address that described source address is not described second Designated Router, determines whether that described destination address sends described packet.
Information processing method described in the present embodiment can be the method being applied in subnet router.Can being provided with multiple subnet in an Intranet in the present embodiment, subnet here can be referred to as again private network, and the virtual machine in two subnets can not do not accessed mutually by subnet router.
In the present embodiment after subnet router receives a packet, destination address is extracted from packet, judge whether destination address is be sent to subnet router itself, if not issuing subnet router itself, and be destined to the equipment such as virtual machine within the subnet that this subnet router connects, then need access is conducted interviews control.Described assigned I P address is the IP address of the equipment such as the virtual machine in the subnet that described first Designated Router connects in step s 110.The IP address of usual described virtual machine can be dynamic or semi-static distribution.Can store in sub-network router in step s 110 and have described assigned I P address, step S110 can pass through search, it is determined that whether described destination address is assigned I P address.
This time will perform step S120, it is determined that the address properties of destination address.The address properties of object here address can be used for characterizing the access rights that this destination address is accessed by other virtual machines.
Described step S110 judges that whether described destination address is the IP address of the equipment such as virtual machine in the subnet that connects of this subnet router, if entering step S120, otherwise performs flow process termination.
To determine whether the source address of packet is the second Designated Router in step s 130, the second Designated Router here is the router connecting Intranet with outer net, and the packets need being equivalent to Intranet is transferred to outer net, it is necessary to by the router of this one-level.Described Intranet can be the LAN of the enterprise such as company, school or group in the present embodiment.Described outer net can be the network beyond this LAN.
If it is determined that the source address of this packet is not the IP address of the second Designated Router in step S140, represent that this packet is not transmitted the packet into Intranet by outer net through the second Designated Router, then determine whether to send the packet to the virtual machine that destination address is corresponding according to destination address.
In the present embodiment, if packet is to enter, from outer net, the subnet that the first Designated Router connects, then represent that packet has already been through the safety filtering process of the second Designated Router, represent that current data packet is comparatively safe, then now directly can sending described packet to destination address, the equipment such as the virtual machine in such subnet is just able to receive that this packet.If the source address of packet is not the address of the second Designated Router, and originate from the router of other subnets, packet carried out Intranet and was transmitted this time, have not gone through the second Designated Router or be arranged on the safety equipment of Intranet and outer net intersection and carried out safety filtering and process, it is probably unsafe, then needs to determine whether that destination address sends this packet according to geological property.
The present embodiment also provides for another information processing method, and described method also includes:
When described source address be not the IP address of described second Designated Router and determine send described packet to described destination address time, adopt the first safe handling mechanism to process described packet;When described source address is the IP address of described second Designated Router, the second safe handling mechanism is adopted to process described packet;Wherein, the safe class of described first safe handling mechanism is lower than the safe class of described second safe handling mechanism.In the present embodiment, described first safe handling mechanism can be the filtration treatment not carrying out fire wall, directly send described packet to destination address, if described packet is outer net incoming data bag certainly, at current subnet router node, the second safe handling mechanism is then adopted to carry out the process of packet, for instance, add fire wall and be controlled.That is like this, avoid mutually transmitting under relatively low safe handling mechanism of the invalid data bags such as the viral packet between different sub-network, then adopt the security control of above-mentioned steps S110 to step S140 in the present embodiment, process relative to directly packet being carried out the safety filterings such as virus scan, possibility can accelerate the transmission of packet between Intranet different sub-network, there is no the subnet of access rights privately across subnetwork access with limit, improve the safety that between different sub-network, virtual machine accesses mutually.
Embodiment two:
As it is shown in figure 1, the present embodiment provides a kind of information processing method, including:
Step S110: whether the destination address determining packet is specify internet protocol address;Wherein, described assigned I P address is the IP address of internal network of the equipment in the subnet that the first Designated Router connects;
Step S120: if described destination address is described assigned I P address, it is determined that the address properties of described destination address;
Step S130: determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;
According to the address properties of described destination address, step S140: when the IP address that described source address is not described second Designated Router, determines whether that described destination address sends described packet.
Described method also includes:
When the IP address that described source address is described second Designated Router, it is determined that send described packet to described destination address.
The present embodiment is progress one improvement of embodiment one, when defining the IP address of second Designated Router when source address is certain in the present embodiment, show that this packet is to enter into Intranet from outer net, need to access the packet of some subnet in this Intranet, now, it is determined that send described packet to destination address.If the electronic equipment performing the present embodiment said method is subnet router, then directly send described packet to the equipment of the destination addresses such as the virtual machine in the subnet of its connection.
If Intranet described in the present embodiment is the network for being leased to client built by cloud platform, then the corresponding subnet of a usual tenant, different sub-network is probably and is subordinate to different tenants, it is also possible to can be subordinate to different departments or the different business of same tenant.These sub-operational lines are likely to originally externally browse for netizen, if user conducts interviews from outer net, safety filtering equipment by Intranet Yu outer net, and second Designated Router fire wall process, the packet entering into Intranet this time is comparatively safe, therefore can directly access described destination address, this time, described subnet router just sent after packet to destination address determining, packet is transmitted directly to destination address, ensure the safety mutually accessed between different sub-network in Intranet on the one hand, also ensure the smooth and easy access of outer net simultaneously.
Embodiment three:
As it is shown in figure 1, the present embodiment provides a kind of information processing method, including:
Step S110: whether the destination address determining packet is specify internet protocol address;Wherein, described assigned I P address is the IP address of internal network of the equipment in the subnet that the first Designated Router connects;
Step S120: if described destination address is described assigned I P address, it is determined that the address properties of described destination address;
Step S130: determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;
According to the address properties of described destination address, step S140: when the IP address that described source address is not described second Designated Router, determines whether that described destination address sends described packet.
Described step S140 comprises the steps that
When described source address is not described second Designated Router IP address, and described address properties shows when described destination address accesses for refusal Intranet, it is determined that do not send described packet to described destination address.
The address date of the IP address of the equipment such as a certain virtual machine in the subnet that if subnet router connects in the present embodiment is set to refusal Intranet access, subnet router will be determined not to the described destination address described packet of transmission.Described address properties can arrange recessive address in the present embodiment, and under normal circumstances, unauthorized user cannot be checked in stealthy address.If the address properties that sub-network router finds this destination address is recessive address, then it is believed that this destination address is refused from the access of other subnets in Intranet.
This makes it possible to ensure that destination address is by the high security of other subnetwork access fully.Such as, two subnets, a subnet belongs to the Finance Department of company A;Another subnet belongs to the manpower portion of company A.In order to ensure that the financial information of Finance Department is in in-company leakage, storage in Finance Department's place subnet has the virtual machine of important financial information or the IP address of equipment all to may be configured as recessive address, even if so two subnets broadly fall into the subnet of company A, but the equipment in manpower portion is the equipment that cannot have access to Finance Department either directly through Intranet.
It should be noted that: refusal Intranet in the present embodiment accesses, it will be appreciated that for breaking off relations the access of other subnets of Intranet, what the different virtual machine in same subnet can pass through between subnet switch or subnet equipment in subnet direct-connected accesses mutually.
Embodiment four:
As it is shown in figure 1, the present embodiment provides a kind of information processing method, including:
Step S110: whether the destination address determining packet is specify internet protocol address;Wherein, described assigned I P address is the IP address of internal network of the equipment in the subnet that the first Designated Router connects;
Step S120: if described destination address is described assigned I P address, it is determined that the address properties of described destination address;
Step S130: determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;
According to the address properties of described destination address, step S140: when the IP address that described source address is not described second Designated Router, determines whether that described destination address sends described packet.
Described step S140 comprises the steps that
When described source address is not described second Designated Router IP address, and described address properties shows, when described destination address accesses for restriction Intranet, to inquire about the access rights of described source address;
When described source address has access rights, it is determined that send described packet to described receiving terminal;
When described source address does not have access rights, it is determined that do not send described packet to described receiving terminal.
Described destination address can allow the virtual machine of other subnets of part to access in the present embodiment, or allows other subnetwork access of part.This time, the restriction Intranet IP that shows of address properties of destination address accessed, and corresponding address properties is restriction access attribute.
In described subnet router, storage restriction accesses IP address of internal network list in the present embodiment, or subnet router can inquire this restriction from the management equipment of cloud platform and access IP address of internal network list.
In concrete being applied to, subnet router can described source address be that in inquiry local storage medium, the restriction of storage accesses IP address of internal network list, it becomes possible to determines that current source address is to have access rights or without access rights.Access in IP address of internal network list in described restriction, can according to having the IP address of internal network data of access rights and the number of the IP address of internal network without access rights, store relative small number of IP address of internal network, reduce storage data volume on the one hand, reduce the Data Matching amount in query script on the other hand.
Based on embodiment two, if company A also has CEO Office in the present embodiment, the subnet being additionally provided with CEO Office in cloud platform is higher due to job demand and authority, just has the demand of the virtual machine accessing Finance Department.In this time, the IP address of internal network of Finance Department's virtual machine cannot be set to recessive address.The IP address of internal network of the virtual machine in subnet corresponding to Finance Department in this time is accomplished by being set to restriction access attribute.And the IP address of internal network of at least one virtual machine in subnet corresponding for CEO Office is arranged in restriction access IP address of internal network list, represent that this IP address of internal network allows for being accessed for.
It is also worth noting that: restriction Intranet accesses in the present embodiment, refers to the access limiting other subnets, and can pass through the direct-connected mutual access between subnet switch or the equipment in subnet between the virtual machine in same subnet.
Embodiment five:
As it is shown in figure 1, the present embodiment provides a kind of information processing method, including:
Step S110: whether the destination address determining packet is specify internet protocol address;Wherein, described assigned I P address is the IP address of internal network of the equipment in the subnet that the first Designated Router connects;
Step S120: if described destination address is described assigned I P address, it is determined that the address properties of described destination address;
Step S130: determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;
According to the address properties of described destination address, step S140: when the IP address that described source address is not described second Designated Router, determines whether that described destination address sends described packet.
Described step S140 comprises the steps that
When described source address is not described second Designated Router IP address, and described address properties shows, when described destination address accesses for restriction Intranet, to inquire about the access rights of described source address;
When described source address has access rights, it is determined that send described packet to described receiving terminal;
When described source address does not have access rights, it is determined that do not send described packet to described receiving terminal.
Described step S140 may also include that
When the IP address that described source address is not described second Designated Router, and when described address properties shows described destination address for allowing Intranet to access, then send described packet to described destination address.
If showing that destination address allows for Intranet and accesses at the described address properties of the present embodiment, then it represents that the equipment such as the virtual machine that this destination address is corresponding, it is allowed to other subnets access, this time, subnet router directly can send described packet to destination address.
If an IP address of internal network allows by other subnetwork access in the present embodiment, then can the address properties of this address be set to dominant, so in this subnet, all devices can get on management equipment or view this IP address of internal network on routing device, allow other subnetwork access on the one hand, on the one hand the address lookup before convenient access.
Embodiment six:
As it is shown in figure 5, the present embodiment provides a kind of information processing method, described method includes:
Step S210: the distribution request of the Intranet internet protocol address of sink virtual machine;
Step S220: respond described distribution request, obtain the Intranet access rights of virtual machine;
Step S230: according to described Intranet access rights, distributes IP address of internal network for described virtual machine and arranges address properties;
Step S240: described IP address of internal network and described address properties are sent to the subnet router at described virtual machine place.
The information processing method that the present embodiment provides can also be called IP address distribution method, and the information processing method described in the present embodiment can be the information processing method being applied in management equipment.This management equipment can by semi-static or dynamic distribution IP address.
After receiving the distribution request of virtual machine in the present embodiment, request is kept in response company, will obtain the Intranet access rights of this virtual machine.Here Intranet access rights, at least include the authority that this virtual machine is accessed by the equipment of other subnets;Certainly also include this virtual machine and access the authority of the equipment of other subnets in Intranet.
In the step S220 of the present embodiment, obtain the Intranet access rights of virtual machine, it may include query configuration information, obtain the Intranet access rights of this virtual machine, for instance, with the subnet address of this virtual machine for inquiry according to the inquiry carrying out configuration information.Here configuration information can be from Man Machine Interface receive user's input information generate, it is also possible to be management equipment according to security parameters such as the safe classes configured for this virtual machine, automatically generate.
Step S230 according to described Intranet access rights, will distribute IP address of internal network for virtual machine and arrange address properties.This step comprises the steps that and determines the need for distributing IP address of internal network into virtual machine according to Intranet access rights, for instance, this virtual machine is not allowed access to other subnets, also not by other subnetwork access, is then now not necessarily configured IP address of internal network;When virtual machine needs to access other subnets, or when needing by other subnetwork access, it is necessary to configure IP address of internal network for this virtual machine.
The concept of subnet in the present embodiment, Intranet and outer net, it is possible to referring to description corresponding in previous embodiment, be not just repeated in the present embodiment.
IP address of internal network and address properties can be sent to the subnet router that virtual machine connects by the step S240 of the present embodiment, facilitate subsequent child network router that the round packet of this virtual machine is filtered.Certainly, when implementing, described step S240 may also include and utilizes this subnet router at least to return the IP address of internal network of distribution to this virtual machine, also may also include address properties.
This completes the setting of the distribution of IP address of internal network and address properties, convenient control accesses between each subnet mutually.Address properties in the present embodiment can include allowing Intranet to access, and restriction Intranet accesses or refusal Intranet accesses.
Embodiment seven:
As it is shown in figure 5, the present embodiment provides a kind of information processing method, described method includes:
Step S210: the distribution request of the Intranet internet protocol address of sink virtual machine;
Step S220: respond described distribution request, obtain the Intranet access rights of virtual machine;
Step S230: according to described Intranet access rights, distributes IP address of internal network for described virtual machine and arranges address properties;
Step S240: described IP address of internal network and described address properties are sent to the subnet router at described virtual machine place.
Described method also includes:
Respond described distribution request, obtain the extranet access authority of virtual machine;
If virtual machine has extranet access authority, then it is described virtual machine distribution outer net IP address, and sets up the mapping relations of described outer net IP address and described IP address of internal network.
Virtual machine in a subnet there may also be the authority accessing outer net or the authority accessed by outer net equipment in the present embodiment, if getting extranet access authority in the present embodiment, outer net IP address or refusal will be distributed for this virtual machine distribution outer net IP address according to this extranet access authority for this virtual machine.If this virtual machine is assigned with outer net IP address, it usually needs set up the mapping relations of outer net IP address and IP address of internal network, to facilitate the mutual access of follow-up IP address of internal network and IP address of internal network.
It is supplied to a concrete example below in conjunction with above-described embodiment.
As shown in Figure 2, first the present embodiment provides a kind of network architecture that can run above-mentioned information processing method, including: outer net gateway, cloud system virtual router 7, outer net virtual interacting machine, tenant's A virtual router 5, tenant's B virtual router 6, subnet virtualization switch, virtual machine, many tenant network manager and the cloud management system being directly connected to outer net.Described cloud management system can be operate in the system on described many tenant network manager in this example.Intranet in this example is substantially probably a Ge Yun data center.Address near each equipment is the IP address that this equipment is corresponding in fig. 2.These IP addresses are probably subnet address, IP address of internal network and outer net IP address.IP address of internal network can be divided into again the IP address of internal network distributing to router and switch in the present embodiment, also includes the IP address of internal network distributing to virtual machine.The IP address of internal network distributing to virtual machine in this example is Intranet floating IP address.Outer net IP address can be divided into again the outer net IP address distributing to router and switch in the present embodiment, also includes the outer net IP address distributing to virtual machine.The outer net IP address distributing to virtual machine in this example is outer net floating IP address.
Utilize the method described in the present embodiment, when a packet enters Intranet from outer net, it is necessary to through outer net gateway, outer net virtual switch, then be transferred to the virtual router of tenant.Described tenant's A virtual router 5 and described tenant's B virtual router 6 are the subnet router of subnet corresponding for tenant A respectively in the present embodiment, the subnet router corresponding with tenant B.Cloud system virtual router 7 in the present embodiment is equivalent to the second Designated Router in previous embodiment.Tenant's A virtual router 5 and described tenant's B virtual router 6 are all equivalent to the first appointment reason device recorded in previous embodiment.
It should be noted that in the flow chart shown in Fig. 3 and Fig. 4, tenant's A virtual router 5 is abbreviated as virtual router 5, tenant's B virtual router 6 is abbreviated as virtual router 6.Cloud system virtual router 7 is abbreviated as cloud system router.
Shown in Fig. 3 for utilize the network architecture that this example provides carry out packet to outer net send packet process, including:
Step S1: virtual machine 1 sends packet that purpose IP address is external network server to outer net gateway;
Step S2: the mutual machine of subnet virtualization forwards the packet to virtual router 5;
Step S3: the subnet address of virtual machine 1 is replaced with Intranet floating IP address by virtual router 5;
Step S4: outer net virtual switch forwards the packet to virtual router 6;
Step S5: virtual router 6, extract the address properties of virtual machine 4, it is determined whether send packet to virtual machine 4, however, it is determined that send packet to virtual machine, then purpose IP address is converted to the subnet address of virtual machine 4, and forwards packet to subnet virtualization switch.Here, owing to the source address of packet is the cloud system virtual router 7 being not equivalent in previous embodiment, therefore need according to whether address attributive judgment sends packet to virtual machine 4.
Step S6: the mutual machine of subnet virtualization forwards packet to virtual machine 4.
Shown in Fig. 4 for utilize the network architecture that this example provides carry out packet to outer net send packet process, including:
Step S11: virtual machine 1 sends packet that purpose IP address is external network server to outer net gateway;
Step S12: subnet virtualization switch sends data packets to virtual router 5;
Step S13: the subnet address of virtual machine 1 is replaced with Intranet floating IP address by virtual router 5;
Step S14: outer net virtual switch sends data packets to cloud system router;
Step S15: the Intranet floating IP address of virtual machine 1 is converted to outer net floating IP address and forwards packet to outer net gateway by cloud system router;
Step S16: outer net gateway selects suitable route, forwards the packet to next and adjusts, until it reaches destination server.
In the many tenants manager shown in Fig. 2, the mapping relations between IP address of internal network, outer net IP address can be stored, also can store Intranet access rights and extranet access authority.Below for the network architecture shown in Fig. 2, it is provided that include table 1 to the table 3 of above-mentioned information.
Table 1
Table 2
Table 3
Here address filtering inventory can include the list being not allowed access to the IP address of internal network of corresponding virtual machine.
Embodiment eight:
As shown in Figure 6, the present embodiment provides a kind of electronic equipment, including:
First storage medium 110, is used for storing the first executable code;
First processor 120, it is connected with described first storage medium, it is possible to be used for reading and perform described first executable code, wherein, when described first processor performs described first executable code, it is possible to for determining that whether the destination address of packet is specify internet protocol address;Wherein, described first Designated Router is the subnet router in Intranet;If described destination address is described assigned I P address, it is determined that the address properties of described destination address;Determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;When the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address.
Electronic equipment described in the present embodiment can be subnet router, it should be noted that the subnet router of the present invention can correspond to an entity router, it is also possible to arrange virtual reason device on an electronic device.
Described first storage medium 110 can be the various storage mediums that can store information in the present embodiment, for instance, the storage medium such as CD, disk or flash memory disk.Specifically as, described first storage medium 110 can include internal memory etc..Described in the present embodiment, the first storage medium 110 is preferably non-moment storage medium, it is possible to described first executable code of non-volatile storage.
Described first processor may correspond to the various processors that integration packaging is good in the present embodiment, it is also possible to corresponds to the process circuit with information processing capability.First processor described in the present embodiment may correspond to one or more processor.Or, one or more process circuit.
Described processor can include the processors such as central processor CPU, Micro-processor MCV, digital signal processor DSP, programmable array PLC or application processor AP.Described process circuit may also include special IC.
First processor described in the present embodiment is connected by internal communications interface with described first storage medium, so described first processor can read the first executable code of storage in described first storage medium, by running described first executable code, it is possible to realize aforesaid operations.This makes it possible to the mutual access between different sub-network in restriction Intranet, promote the access security of each subnet in Intranet.
The associated description such as described IP address of internal network, address properties all referring to previous embodiment, just can not be repeated at this in the present embodiment.
Embodiment nine:
As shown in Figure 6, the present embodiment provides a kind of electronic equipment, including:
First storage medium 110, is used for storing the first executable code;
First processor 120, it is connected with described first storage medium, it is possible to be used for reading and perform described first executable code, wherein, when described first processor performs described first executable code, it is possible to for determining that whether the destination address of packet is specify internet protocol address;Wherein, described first Designated Router is the subnet router in Intranet;If described destination address is described assigned I P address, it is determined that the address properties of described destination address;Determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;When the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address.
Described first processor 120, additionally it is possible to by performing described first executable code, for when the IP address that described source address is described second Designated Router, it is determined that send described packet to described destination address.
Described first processor 120 in the present embodiment, also by be taken with when when the IP address that described source address is the second Designated Router, it is determined that to destination address send described packet.When the IP address that described source address is the second Designated Router, it was shown that this packet is the packet from the incoming Intranet of outer net, it is possible to have already been through safety filtering and process, therefore may determine that and send described packet to destination address.
Embodiment ten:
As it can be seen, the present embodiment provides a kind of electronic equipment, including:
First storage medium 110, is used for storing the first executable code;
First processor 120, it is connected with described first storage medium, it is possible to be used for reading and perform described first executable code, wherein, when described first processor performs described first executable code, it is possible to for determining that whether the destination address of packet is specify internet protocol address;Wherein, described first Designated Router is the subnet router in Intranet;If described destination address is described assigned I P address, it is determined that the address properties of described destination address;Determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;When the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address.
Described first processor 120, can also pass through to perform described first executable code, for not being described second Designated Router IP address when described source address, and described address properties shows when described destination address accesses for refusal Intranet, it is determined that do not send described packet to described destination address.
Described first processor 120 is not when source address is the second Designated Router IP address in the present embodiment, then show that this packet should be the packet that in Intranet, other subnets send, will determine whether that destination address sends packet according to the address properties of destination address in the present embodiment.The attribute of described destination address can include refusal Intranet access in the present embodiment, if the address properties of destination address shows that its refusal Intranet accesses, then determine and do not send packet to destination address, the safety problems such as the information leakage caused, or virtual machine paralysis are arbitrarily accessed reducing the exigent virtual machine of security performance in some subnet by other subnets.
Embodiment 11:
As shown in Figure 6, the present embodiment provides a kind of electronic equipment, including:
First storage medium 110, is used for storing the first executable code;
First processor 120, it is connected with described first storage medium, it is possible to be used for reading and perform described first executable code, wherein, when described first processor performs described first executable code, it is possible to for determining that whether the destination address of packet is specify internet protocol address;Wherein, described first Designated Router is the subnet router in Intranet;If described destination address is described assigned I P address, it is determined that the address properties of described destination address;Determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;When the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address.
Described first processor 120, can pass through to perform described first executable code, specifically for not being described second Designated Router IP address when described source address, and described address properties shows, when described destination address accesses for restriction Intranet, to inquire about the access rights of described source address;When described source address has access rights, it is determined that send described packet to described receiving terminal;When described source address does not have access rights, it is determined that do not send described packet to described receiving terminal.
Described electronic equipment may also include storage medium in the present embodiment, and described storage medium can be used for the information of the storage access rights for inquiring about, for instance, restriction accesses the information such as inside and outside IP address list.Certain described electronic equipment can also include communication interface, and described first processor controls communication interface by mutual with the information of inside and outside management equipment or last layer equipment, inquires about described access rights.
The attribute of destination address accesses for restriction Intranet in the present embodiment, represents that the part subnet in Intranet has access rights, and the equipment in other subnets of part does not have access rights.Therefore determining whether that destination address sends described packet in the present embodiment, by with specific reference to whether corresponding source address has access rights to determine whether that destination address sends data.If there being access rights, it is determined that send packet to destination address, if there is no access rights, it is determined that do not send packet to destination address.
Utilizing the electronic equipment described in the present embodiment, the equipment allowing for access rights on the one hand conducts interviews, and can refuse the equipment not having access rights on the other hand, it is ensured that the safety of destination address.
Embodiment 12:
As shown in Figure 6, the present embodiment provides a kind of electronic equipment, including:
First storage medium 110, is used for storing the first executable code;
First processor 120, it is connected with described first storage medium, it is possible to be used for reading and perform described first executable code, wherein, when described first processor performs described first executable code, it is possible to for determining that whether the destination address of packet is specify internet protocol address;Wherein, described first Designated Router is the subnet router in Intranet;If described destination address is described assigned I P address, it is determined that the address properties of described destination address;Determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;When the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address.
Described first processor 120, can pass through to perform described first executable code, during specifically for not being the IP address of described second Designated Router when described source address, and when described address properties shows described destination address for allowing Intranet to access, then send described packet to described destination address.
Described address properties also includes allowing Intranet to access in the present embodiment, namely represents the virtual machine allowing the equipment of other subnets to access this destination address.Described first processor in the present embodiment, also by the execution by the first executable code, it is determined that sends described packet to this destination address.
If so allowing other subnetwork access during a virtual machine, then the subnet router of this virtual machine machine, when receiving its packet of other subnetwork access, virtual machine can be sent the packet to.
Embodiment 13:
As it is shown in fig. 7, the present embodiment provides a kind of electronic equipment, including:
Second storage medium 210, is used for storing the second executable code;
Second processor 220, is connected with described second storage medium 210, it is possible to be used for reading and perform described second executable code,
Communication interface 230, is connected with described second storage medium 210 and described second processing unit 220 respectively;
Wherein, when described second processor 220 performs described second executable code, it is possible to for controlling the distribution request of the Intranet internet protocol address of communication interface sink virtual machine;Respond described distribution request, obtain the Intranet access rights of virtual machine;According to described Intranet access rights, distribute IP address of internal network for described virtual machine and address properties is set;And control described communication unit described IP address of internal network and described address properties are sent to the subnet router at described virtual machine place.
Second storage medium 210 may correspond to various types of storage medium equally in the present embodiment, it is preferred to non-moment storage medium, or non-volatile memory medium;Specifically can be as, various types of storage mediums such as CD, disk, flash memory disk.
Described second processor 220 can be various types of processor equally or process circuit, and processor or process circuit here can referring to the descriptions of corresponding position in previous embodiment.Here the second processor can refer to one or more processor, or, one or more process circuit.
The interface that described communication interface 230 can be able to be received and sent messages for all kinds, for instance wireline interface, or wave point.Described wireline interface can include fiber optic cable interface or cable interface.Described wave point can include WiFi interface or blue tooth interface etc..
Electronic equipment described in the present embodiment can be the management equipment in network, even can receive distribution request from virtual machine, by inquiring about the local storage mediums such as described second storage medium or receiving from Man Machine Interface, or receive described Intranet access rights from other equipment, distribute IP address of internal network according to Intranet access rights and address properties is set, and can control communication interface by address properties and and distribution IP address of internal network be sent to virtual machine and the subnet router at virtual machine place, facilitate subnet router to access this destination address equipment carry out security control.
Embodiment 14:
As it is shown in fig. 7, the present embodiment provides a kind of electronic equipment, including:
Second storage medium 210, is used for storing the second executable code;
Second processor 220, is connected with described second storage medium 210, it is possible to be used for reading and perform described second executable code,
Communication interface 230, is connected with described second storage medium 210 and described second processing unit 220 respectively;
Wherein, when described second processor 220 performs described second executable code, it is possible to for controlling the distribution request of the Intranet internet protocol address of communication interface sink virtual machine;Respond described distribution request, obtain the Intranet access rights of virtual machine;According to described Intranet access rights, distribute IP address of internal network for described virtual machine and address properties is set;And control described communication unit described IP address of internal network and described address properties are sent to the subnet router at described virtual machine place.
Described second processor 220, by performing described second executable code, is additionally operable to respond described distribution request, obtains the extranet access authority of virtual machine;If virtual machine has extranet access authority, then it is described virtual machine distribution outer net IP address, and sets up the mapping relations of described outer net IP address and described IP address of internal network.
Electronic equipment described in the present embodiment can be additionally used in the distribution carrying out outer net IP address, when a virtual machine had both been assigned IP address of internal network, when being assigned outer net IP address, it is likely to the mapping relations needing to set up IP address of internal network and outer net IP address, so better make use of the software and hardware resources of electronic equipment, improve the safety mutually accessed between the intelligent of electronic equipment and subnet.
Below in conjunction with any one apparatus embodiments above-mentioned, provide a concrete example as shown in Figure 8, including:
Processor 302, storage medium 304 and at least one external communication interface 301;Described processor 302, storage medium 304 and external communication interface 301 connect each through bus 303.Described processor 302 can be that microprocessor, central processing unit, digital signal processor or programmable logic array etc. have the electronic devices and components processing function.On described storage medium 304, storage has computer executable instructions;Described processor 302 performs any one technical scheme that in described storage medium 304, the described computer executable instructions of storage can realize in above-mentioned information processing method.
In several embodiments provided herein, it should be understood that disclosed equipment and method, it is possible to realize by another way.Apparatus embodiments described above is merely schematic, such as, the division of described unit, it is only a kind of logic function to divide, actual can have other dividing mode when realizing, and as: multiple unit or assembly can be in conjunction with, or is desirably integrated into another system, or some features can ignore, or do not perform.It addition, the coupling each other of shown or discussed each ingredient or direct-coupling or communication connection can be through INDIRECT COUPLING or the communication connection of some interfaces, equipment or unit, it is possible to be electrical, machinery or other form.
The above-mentioned unit illustrated as separating component can be or may not be physically separate, and the parts shown as unit can be or may not be physical location, namely may be located at a place, it is also possible to be distributed on multiple NE;Part or all of unit therein can be selected according to the actual needs to realize the purpose of the present embodiment scheme.
It addition, each functional unit in various embodiments of the present invention can be fully integrated in a processing module, it is also possible to be that each unit is individually as a unit, it is also possible to two or more unit are integrated in a unit;Above-mentioned integrated unit both can adopt the form of hardware to realize, it would however also be possible to employ hardware adds the form of SFU software functional unit and realizes.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can be completed by the hardware that programmed instruction is relevant, aforesaid program can be stored in a computer read/write memory medium, this program upon execution, performs to include the step of said method embodiment;And aforesaid storage medium includes: movable storage device, read only memory (ROM, Read-OnlyMemory), the various media that can store program code such as random access memory (RAM, RandomAccessMemory), magnetic disc or CD.
The above; being only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, any those familiar with the art is in the technical scope that the invention discloses; change can be readily occurred in or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with described scope of the claims.

Claims (14)

1. an information processing method, it is characterised in that including:
Whether the destination address determining packet is specify internet protocol address;Wherein, described assigned I P address is the IP address of internal network of the equipment in the subnet that the first Designated Router connects;
If described destination address is described assigned I P address, it is determined that the address properties of described destination address;
Determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;
When the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address.
2. method according to claim 1, it is characterised in that
Described method also includes:
When the IP address that described source address is described second Designated Router, it is determined that send described packet to described destination address.
3. method according to claim 1, it is characterised in that
Described when the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address, including:
When described source address is not described second Designated Router IP address, and described address properties shows when described destination address accesses for refusal Intranet, it is determined that do not send described packet to described destination address.
4. method according to claim 1, it is characterised in that
Described when the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address, including:
When described source address is not described second Designated Router IP address, and described address properties shows, when described destination address accesses for restriction Intranet, to inquire about the access rights of described source address;
When described source address has access rights, it is determined that send described packet to described receiving terminal;
When described source address does not have access rights, it is determined that do not send described packet to described receiving terminal.
5. method according to claim 4, it is characterised in that
Described when the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address, including:
When the IP address that described source address is not described second Designated Router, and when described address properties shows described destination address for allowing Intranet to access, it is determined that send described packet to described destination address.
6. an information processing method, it is characterised in that described method includes:
The distribution request of the Intranet internet protocol address of sink virtual machine;
Respond described distribution request, obtain the Intranet access rights of virtual machine;
According to described Intranet access rights, distribute IP address of internal network for described virtual machine and address properties is set;
Described IP address of internal network and described address properties are sent to the subnet router at described virtual machine place.
7. method according to claim 6, it is characterised in that described method also includes:
Respond described distribution request, obtain the extranet access authority of virtual machine;
If virtual machine has extranet access authority, then it is described virtual machine distribution outer net IP address, and sets up the mapping relations of described outer net IP address and described IP address of internal network.
8. an electronic equipment, it is characterised in that including:
First storage medium, is used for storing the first executable code;
First processor, it is connected with described first storage medium, it is possible to be used for reading and perform described first executable code, wherein, when described first processor performs described first executable code, it is possible to for determining that whether the destination address of packet is specify internet protocol address;Wherein, described assigned I P address is the IP address of internal network of the equipment in the subnet that the first Designated Router connects;If described destination address is described assigned I P address, it is determined that the address properties of described destination address;Determine that whether the source address of described packet is the internet protocol address of the second Designated Router;Wherein, described second Designated Router is the router connecting Intranet with outer net;When the IP address that described source address is not described second Designated Router, determine whether that described destination address sends described packet according to the address properties of described destination address.
9. method according to claim 8, it is characterised in that
Described first processor, additionally it is possible to by performing described first executable code, for when the IP address that described source address is described second Designated Router, it is determined that send described packet to described destination address.
10. electronic equipment according to claim 8, it is characterised in that
Described first processor, can also pass through to perform described first executable code, for not being described second Designated Router IP address when described source address, and described address properties shows when described destination address accesses for refusal Intranet, it is determined that do not send described packet to described destination address.
11. electronic equipment according to claim 8, it is characterised in that
Described first processor, can pass through to perform described first executable code, specifically for not being described second Designated Router IP address when described source address, and described address properties shows, when described destination address accesses for restriction Intranet, to inquire about the access rights of described source address;When described source address has access rights, it is determined that send described packet to described receiving terminal;When described source address does not have access rights, it is determined that do not send described packet to described receiving terminal.
12. electronic equipment according to claim 8, it is characterised in that
Described first processor, can pass through to perform described first executable code, during specifically for not being the IP address of described second Designated Router when described source address, and described address properties is when showing described destination address for allowing Intranet to access, it is determined that send described packet to described destination address.
13. an electronic equipment, it is characterised in that including:
Second storage medium, is used for storing the second executable code;
Second processor, is connected with described second storage medium, it is possible to be used for reading and perform described second executable code,
Communication interface, is connected with described second storage medium and described second processing unit respectively;
Wherein, when described second processor performs described second executable code, it is possible to for controlling the distribution request of the Intranet internet protocol address of communication interface sink virtual machine;Respond described distribution request, obtain the Intranet access rights of virtual machine;According to described Intranet access rights, distribute IP address of internal network for described virtual machine and address properties is set;And control described communication unit described IP address of internal network and described address properties are sent to the subnet router at described virtual machine place.
14. electronic equipment according to claim 13, it is characterised in that
Described second processor, by performing described second executable code, is additionally operable to respond described distribution request, obtains the extranet access authority of virtual machine;If virtual machine has extranet access authority, then it is described virtual machine distribution outer net IP address, and sets up the mapping relations of described outer net IP address and described IP address of internal network.
CN201610128726.2A 2016-03-07 2016-03-07 Information processing method and electronic equipment Active CN105721487B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610128726.2A CN105721487B (en) 2016-03-07 2016-03-07 Information processing method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610128726.2A CN105721487B (en) 2016-03-07 2016-03-07 Information processing method and electronic equipment

Publications (2)

Publication Number Publication Date
CN105721487A true CN105721487A (en) 2016-06-29
CN105721487B CN105721487B (en) 2019-07-26

Family

ID=56157431

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610128726.2A Active CN105721487B (en) 2016-03-07 2016-03-07 Information processing method and electronic equipment

Country Status (1)

Country Link
CN (1) CN105721487B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965094A (en) * 2018-08-23 2018-12-07 郑州云海信息技术有限公司 A kind of virtual machine network connection method and device
CN109104425A (en) * 2017-08-14 2018-12-28 成都牵牛草信息技术有限公司 The setting method of permission is checked in operation note based on the period
CN110336836A (en) * 2019-08-06 2019-10-15 郑州信大捷安信息技术股份有限公司 A kind of Web filtering service system and method
CN110572394A (en) * 2019-09-09 2019-12-13 北京风信科技有限公司 access control method and device
CN112260880A (en) * 2020-12-17 2021-01-22 金锐同创(北京)科技股份有限公司 Network access relation display method and related equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101605097A (en) * 2009-07-22 2009-12-16 赛尔网络有限公司 IPv6/IPv4 address hierarchical access right control method and access control gateway
CN102075537A (en) * 2011-01-19 2011-05-25 华为技术有限公司 Method and system for realizing data transmission between virtual machines
US20130132577A1 (en) * 2008-03-31 2013-05-23 Amazon Technologies, Inc. Authorizing communications between computing nodes
CN103812704A (en) * 2014-02-25 2014-05-21 国云科技股份有限公司 Public network IP (Internet Protocol) dynamic management method for virtual machine
CN104852840A (en) * 2015-05-28 2015-08-19 杭州华三通信技术有限公司 Method and device for controlling mutual access between virtual machines
CN104901923A (en) * 2014-03-04 2015-09-09 杭州华三通信技术有限公司 Virtual machine access device and method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130132577A1 (en) * 2008-03-31 2013-05-23 Amazon Technologies, Inc. Authorizing communications between computing nodes
CN101605097A (en) * 2009-07-22 2009-12-16 赛尔网络有限公司 IPv6/IPv4 address hierarchical access right control method and access control gateway
CN102075537A (en) * 2011-01-19 2011-05-25 华为技术有限公司 Method and system for realizing data transmission between virtual machines
CN103812704A (en) * 2014-02-25 2014-05-21 国云科技股份有限公司 Public network IP (Internet Protocol) dynamic management method for virtual machine
CN104901923A (en) * 2014-03-04 2015-09-09 杭州华三通信技术有限公司 Virtual machine access device and method
CN104852840A (en) * 2015-05-28 2015-08-19 杭州华三通信技术有限公司 Method and device for controlling mutual access between virtual machines

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109104425A (en) * 2017-08-14 2018-12-28 成都牵牛草信息技术有限公司 The setting method of permission is checked in operation note based on the period
CN109104425B (en) * 2017-08-14 2022-02-01 成都牵牛草信息技术有限公司 Method for setting operation record viewing authority based on time period
US11586747B2 (en) 2017-08-14 2023-02-21 Chengdu Qianniucao Information Technology Co., Ltd. Method for setting operating record viewing right based on time period
CN108965094A (en) * 2018-08-23 2018-12-07 郑州云海信息技术有限公司 A kind of virtual machine network connection method and device
CN110336836A (en) * 2019-08-06 2019-10-15 郑州信大捷安信息技术股份有限公司 A kind of Web filtering service system and method
CN110572394A (en) * 2019-09-09 2019-12-13 北京风信科技有限公司 access control method and device
CN112260880A (en) * 2020-12-17 2021-01-22 金锐同创(北京)科技股份有限公司 Network access relation display method and related equipment
CN112260880B (en) * 2020-12-17 2021-03-23 金锐同创(北京)科技股份有限公司 Network access relation display method and related equipment

Also Published As

Publication number Publication date
CN105721487B (en) 2019-07-26

Similar Documents

Publication Publication Date Title
CN111066301B (en) Method, system and storage medium for enforcing a unified global policy
US11218420B2 (en) Virtual network interface objects
CN112673596B (en) Service insertion method, device and system at logic gateway
CN111885075B (en) Container communication method, device, network equipment and storage medium
US11470001B2 (en) Multi-account gateway
US11089021B2 (en) Private network layering in provider network environments
US20170353394A1 (en) Resource placement templates for virtual networks
US7925737B2 (en) System and method for dynamic configuration of network resources
CN105721487A (en) Information processing method and electronic equipment
CN116032836A (en) Intelligently using peers in public clouds
US20120331142A1 (en) Private virtual local area network isolation
CN111917649A (en) Virtual private cloud communication and configuration method and related device
CN110855488B (en) Virtual machine access method and device
CN105704042A (en) Message processing method, BNG and BNG cluster system
CN105939267B (en) Outband management method and device
CN105656916A (en) Cloud data center service subnet security management method and system
EP4221103A1 (en) Public cloud network configuration method, and related device
CN113472799B (en) Interconnection management method, device and equipment based on cloud platform
CN111988446B (en) Message processing method and device, electronic equipment and storage medium
Cisco Configuring IBM Channel Attach
Cisco Configuring IBM Channel Attach
Cisco Configuring IBM Channel Attach
US20160248596A1 (en) Reflecting mdns packets
CN112688913B (en) OpenStack security group optimization method
WO2024037619A1 (en) Cloud computing technology-based virtual instance creation method and cloud management platform

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant