CN106878075B - A kind of message processing method and device - Google Patents

A kind of message processing method and device Download PDF

Info

Publication number
CN106878075B
CN106878075B CN201710087524.2A CN201710087524A CN106878075B CN 106878075 B CN106878075 B CN 106878075B CN 201710087524 A CN201710087524 A CN 201710087524A CN 106878075 B CN106878075 B CN 106878075B
Authority
CN
China
Prior art keywords
virtual machine
functional module
address
message
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710087524.2A
Other languages
Chinese (zh)
Other versions
CN106878075A (en
Inventor
王海
申志鹏
樊超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201710087524.2A priority Critical patent/CN106878075B/en
Publication of CN106878075A publication Critical patent/CN106878075A/en
Application granted granted Critical
Publication of CN106878075B publication Critical patent/CN106878075B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Abstract

The application provides a kind of message processing method and device, and this method is applied to this end node in cloud platform internal management network, this method are as follows: receives message;The first functional module to match with the purpose IP address of message carrying and VLAN ID is found in multiple functional modules that this end node includes;The message is handled using first functional module;Wherein, IP network section belonging to multiple functional modules that described end node includes and VLAN are different.

Description

A kind of message processing method and device
Technical field
This application involves field of communication technology more particularly to a kind of message processing methods and device.
Background technique
Cloud platform includes calculate node, control node and memory node, and control node externally provides login page, user It can be communicated by login page with calculate node.
Login page is the entrance that control node is the access calculate node that user provides, but currently, login page The entrance for becoming outside world cloud platform internal management network brings biggish risk to the safety of cloud platform.
Summary of the invention
In view of this, the application provides a kind of message processing method and device, to protect cloud platform internal management network.
Specifically, the application is achieved by the following technical solution:
For the application in a first aspect, providing a kind of message processing method, the method is applied to cloud platform internal control net This end node in network, which comprises
Receive message;
The purpose IP address carried with the message and VLAN ID are found in multiple functional modules that this end node includes The first functional module to match;
The message is handled using first functional module;
Wherein, IP network section belonging to multiple functional modules that described end node includes and VLAN are different.
The application second aspect, provides a kind of message process device, and described device is applied to cloud platform internal control net This end node in network has the function of realizing the above method.The function can also pass through hardware by hardware realization Execute corresponding software realization.The hardware or software include one or more modules corresponding with above-mentioned function or unit.
In a kind of possible implementation, described device includes:
Receiving unit, for receiving message;
Module searching unit, for finding the mesh carried with the message in multiple functional modules that this end node includes IP address and the first functional module for matching of VLAN ID;Wherein, belonging to multiple functional modules that described end node includes IP network section and VLAN it is different;
Message process unit, for handling the message using first functional module.
In alternatively possible implementation, described device includes communication interface, processor, memory and bus, described It is connected with each other between communication interface, the processor and the memory by bus;The processor described in reading by depositing The logical order stored in reservoir executes message processing method described in the application first aspect.
Technical solution provided by the present application is divided by the function to the management network inside cloud platform, according to node Performed management network function marks off multiple functional modules in intra-node, and to execute the function of different management network functions The IP address of energy module assignment difference IP network section and different VLAN ID, to be realized between the different function of management network Network Isolation, accordingly even when the extraneous attack initiated to page log-in module, which will not influence other of management network Network segment, to improve cloud platform reliability of operation and stability.
Detailed description of the invention
Fig. 1 is a kind of architecture diagram of cloud platform shown in one exemplary embodiment of the application;
Fig. 2 is a kind of flow chart of message processing method shown in one exemplary embodiment of the application;
Fig. 3 is a kind of networking schematic diagram of cloud platform internal management network shown in one exemplary embodiment of the application;
Fig. 4 is a kind of functional block diagram of message process device shown in one exemplary embodiment of the application;
Fig. 5 is a kind of hardware architecture diagram of message process device shown in one exemplary embodiment of the application.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application. It is also intended in the application and the "an" of singular used in the attached claims, " described " and "the" including majority Form, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wraps It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from In the case where the application range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determination ".
Technical scheme is illustrated with each embodiment with reference to the accompanying drawings of the specification.
The management network inside cloud platform only uses a network segment, which means that the external world can pass through control node at present The login page of offer, it is known that the network segment of the management network inside cloud platform.In this way, login page is undoubtedly at outside world cloud The entrance of platform, as long as extraneous launch a offensive to page log-in module, so that it may the communication of chaff cloud platform interior management network.
To solve the above-mentioned problems, present applicant proposes a kind of message processing method and devices, by cloud platform inside The function of management network divided, the management network function according to performed by node marks off multiple functions in intra-node Module, and for execute same class manage network function functional module distribute the same IP network section IP address and the same VLAN ID, for execute it is different management network functions functional modules distribute different IP network sections IP address and different VLANID, thus Network Isolation is realized between the different function of management network, accordingly even when the extraneous attack initiated to page log-in module, it should Attack will not influence to manage other network segments of network, to improve cloud platform reliability of operation and stability.
It is introduced below by framework of the Fig. 1 to cloud platform, control node, calculate node can be divided by role in Fig. 1 And memory node, pass through managing network communication between three.
In the application, the function of the management network of cloud platform is segmented, a kind of optional division mode is as follows, should The function of managing network is divided at following 4 points by mode:
First point: the page login function of cloud platform, control node can provide login page for user (dashboard), allow user to log in cloud platform progress relevant operation, such as saved by instruction instruction control node to calculating Point issues the trigger command of creation virtual machine.
Second point: the storage access function of cloud platform, control node and calculate node can be to the memory nodes of cloud platform It is written and read.
Thirdly: virtual machine (VM) operates control function, and control node can pass through VNC (Virtual Network Console, virtual network controls platform) and calculate node communication, so that the virtual machine created in calculate node is logged in, to virtual Machine carries out operation control.
4th point: the intercom feature of cloud platform is mainly used for completing other management in addition to above three function Network function, such as synchronous configuration, the internal process status for monitoring each calculate node, inside story processing create virtual network, Create virtual machine, creation firewall etc..
It should be noted that in view of the diversity of the management network function criteria for classifying and the following cloud platform manage network More new functions can be able to achieve, the application is not intended to limit the division mode of management network function, and the above is only one kind specifically to show Example.
It can in advance be one IP network section of each function distribution and a VLAN for the different function of management network (Virtual Local Area Network, virtual LAN).For example, can specify that for realizing above-mentioned first point --- cloud The communication network of the page login function of platform is 1.0.0.0/24, and VLAN ID is 100;For realizing above-mentioned second point --- The communication network of the storage access function of cloud platform is 2.0.0.0/24, and VLAN ID is 101;For realizing above-mentioned third Point --- the communication network of virtual machine operations control function is 3.0.0.0/24, and VLAN ID is 102;For realizing the above-mentioned 4th The communication network of the intercom feature of point --- cloud platform is 4.0.0.0/24, and VLAN ID is 104.
It is corresponding with the above-mentioned management network function marked off, it can be marked off inside control node and calculate node Multiple functional modules, the different function module on same node are respectively used to execute different management network functions;Then, it controls Node and calculate node are divided according to the IP network section and VLAN of the above-mentioned different function predistribution for management network for each functional module With corresponding IP address and VLAN ID, so that multiple functional modules on same node are in different IP network section and VLAN, no It is in the same IP network section and the same VLAN on node for executing the functional module of same class management network function.
For example, four function can be marked off inside control node according to four functions of enumerated management network Energy module, is respectively as follows: page log-in module, for providing login page;First storage access module, for cloud platform inside Memory node in management network is written and read;First Virtual machine control module, for having created in calculate node Virtual machine carries out operation control;First internal communication module, for completing other management network functions.
Three functional modules can be marked off inside calculate node, are respectively as follows: the second storage access module, for cloud Memory node in platform interior management network is written and read;Second Virtual machine control module, for cooperating control node (the first Virtual machine control module specifically in cooperation control node) is completed to carry out the virtual machine created on this end node Operation control;Second internal communication module, for cooperating control node, (the first inside specifically in cooperation control node is logical Letter module) complete other management network functions.
Here, the first storage access module in control node and the second storage access module in calculate node, control The first Virtual machine control module on node and the second Virtual machine control module in calculate node and in control node The second internal communication module in one internal communication module and calculate node executes same class on as different nodes and manages network The functional module of function.
Equally, the application can be according to the IP network section and VLAN of the above-mentioned different function predistribution for management network, to deposit It stores up node and distributes corresponding IP address and VLAN ID, so that in the first storage access module, calculate node in control node Second storage access module and memory node are in the same IP network section and the same VLAN.
Control node and calculate node can start an OVS (Open vSwitch, virtual friendship on this end node respectively Change planes), the outlet of OVS is the physical network card with the binding of cloud platform internal management network.Control node and calculate node can be with According to the functional module division result of itself, a unique port is distributed on the OVS of itself for each functional module, is guaranteed The corresponding port IP address of any one functional module port IP address punching not corresponding with other functional modules on same node It is prominent;Subsequent, the message that each functional module issues will carry the assigned VLAN ID of the functional module, enter management net by OVS Network, through management forwarded to peer node.
Specifically, the message processing method in cloud platform internal management network can be said by method flow shown in Fig. 2 It is bright.This method can be applied to this end node in cloud platform internal management network, this end node can be control node or Person's calculate node, this method can comprise the following steps that
Step 201: receiving message.
Step 202: the purpose IP address carried with the message is found in multiple functional modules that this end node includes The first functional module to match with VLAN ID;Wherein, IP network section belonging to multiple functional modules that described end node includes It is different with VLAN.
Step 203: handling the message using first functional module.
When described end node is control node, first functional module can be following one of function mould Block: page log-in module, for providing log-in interface;First storage access module, for in cloud platform internal management network Memory node be written and read;First Virtual machine control module, for being carried out to the virtual machine created in calculate node Operation control;First internal communication module, for completing other management network functions.
When described end node is calculate node, first functional module can be following one of function mould Block: the second storage access module, for being written and read to the memory node in cloud platform internal management network;Second is virtual Machine control module, for cooperating control node to complete to control the operation that the virtual machine created on this end node carries out;Second Internal communication module, for cooperating control node to complete other management network functions.
Particularly, the received message of this end node may come from pair in cloud platform internal management network in step 201 The second functional module on end node.First functional module and second functional module are on different nodes for executing Same class manages the functional module of network function, and the IP address of first functional module is with the IP of second functional module Location is in the same IP network section, and first functional module and second functional module belong to the same VLAN.
So-called of a sort management network function, for example, when the first functional module is logical for the first inside in control node Believe module, when the second functional module is the second internal communication module in calculate node, the second internal communication module can basis The parameter that the instruction for the creation virtual machine that first internal communication module issues and creation virtual machine need, on calculate node top Virtual machine is affixed one's name to, what is executed between the two functional modules is of a sort management network function.
Described end node can create an OVS on this node, and be first functional module point on the OVS With a unique port, the outlet of the OVS is the physical network card bound with cloud platform internal management network.
The message that first functional module issues can enter the OVS by its port on OVS, and by being somebody's turn to do The physical network card of OVS connection enters cloud platform internal management network.The message enters peer node after managing forwarded.
For example, as shown in Figure 3, it is assumed that the IP address of the first internal communication module in control node is 4.0.0.1, VLAN ID is 104, and the port on OVS 1 is a;The IP address of the second internal communication module in calculate node is 4.0.0.2, VLAN ID is 104, and the port on OVS 2 is b.Then the message of the first internal communication module sending is forwarded over Journey are as follows:
1, the first internal communication module generates message, and the source address of the message is the IP address 4.0.0.1 of this module, purpose Address is the IP address 4.0.0.2 of the second internal communication module in calculate node, and the message carries VLAN ID 104.
2, in control node, which enters OVS 1 from port a.Support that the OVS 1 of OpenFlow will be according to pre-saving Flow table the message is matched, find successful match, then send the message on the physical network card being connected with OVS 1, And then the message is forwarded in management network.
3, the forwarding device in network is managed according to the purpose IP address and VLAN ID of the message, sends the message to Calculate node, the message enter the OVS 2 being connected with the physical network card by the physical network card of calculate node.
4, in calculate node, OVS 2 matches the message according to the flow table that itself is saved, according to the purpose of the message IP address and VLAN ID can be matched to port b, then in send the message to by port b that calculate node includes second Portion's communication module is handled.
So far, the description to Fig. 3 is completed.
In the application, since the message of dealing between node all carries specific VLAN ID, ensure that network every From, though management network some network segment in flow it is big again, will not influence manage network other network segments communication;Together When, when the external world initiates to attack page log-in module, which also cannot be introduced into other network segments of management network, guarantee significantly The stability of cloud platform operation.
For this problem, the application also proposed a kind of resolution policy, specifically be presented below:
Described end node can start the first virtual machine on this node;The IP address of first virtual machine with it is described The IP address of first functional module is in the same IP network section, and first virtual machine and first functional module belong to together One VLAN.
For the message for the IP address that source address is first functional module, by first virtual machine by the message Source address modification is the IP address of first virtual machine, then the destination address that modified message is transmitted to the message is corresponding Node;For the message for the IP address that destination address is first virtual machine, the message is turned by first virtual machine First functional module is issued to be handled.
Due to external " concealment " IP address of first functional module of first virtual machine, therefore described end node Not direct the first functional module with described end node of outer other nodes communicates.
When the utilization rate of the CPU (Central Processing Unit, central processing unit) of first virtual machine is more than When given threshold, described end node can start the second new virtual machine on this node, and be connect by second virtual machine For the function of executing first virtual machine;The IP address of second virtual machine is with being different from the IP of first virtual machine Location, and the IP address of the IP address of second virtual machine and first functional module is in the same IP network section, and described Second virtual machine and first functional module belong to the same VLAN.How to solve what login page was subject to by virtual machine For access attack, control node can start the first virtual machine on this end node;The IP address of first virtual machine with The IP address of page log-in module in control node is in the same IP network section, and first virtual machine is stepped on the page Land module belongs to the same VLAN.
The IP address for the page log-in module that control node is externally noticed is the IP address of first virtual machine, then user is logical The purpose IP address for crossing the access message for logging in cloud platform of user equipment transmission is the IP address of the first virtual machine.The One virtual machine forwards the packet to page log-in module after receiving the access message.When page log-in module need to When the user equipment sends response message, then the response message is first sent to the first virtual machine, at this time the mesh of the response message Address be the user equipment address, source address be page log-in module address.First virtual machine is receiving the response It is the IP address of the first virtual machine by the source address modification of the response message, then again by the response behind modified address after message Message is sent to user equipment.
After starting first virtual machine, control node is monitored first virtual machine, when described first When the cpu busy percentage of virtual machine is more than given threshold, show that first virtual machine is excessively busy, page log-in module has very much can Access attack can be received, control node can issue alarm notification staff and check failure at this time, and on this end node The second new virtual machine of starting, the IP address of second virtual machine are different from the IP address of first virtual machine, and described The IP address of the IP address of second virtual machine and the page log-in module is in the same IP network section, and second virtual machine Belong to the same VLAN with the page log-in module.It is just taken over later by second virtual machine and executes first virtual machine Function, log in demand for normal user to provide a new external IP address and use, and original access is attacked then The first virtual machine can be reached by the connection established before with the first virtual machine, it will not be to the second virtual machine and page log-in module It impacts.
In conclusion technical solution provided by the present application is drawn by the function to the management network inside cloud platform Point, the management network function according to performed by node marks off multiple functional modules in intra-node, and to execute different management The functional module of network function distribute different IP network sections IP address and different VLAN ID, thus management network difference Network Isolation is realized between function, accordingly even when the extraneous attack initiated to page log-in module, the attack will not influence to manage Other network segments for managing network, to improve cloud platform reliability of operation and stability.And the application is by by cloud platform The management network function for being easy to be attacked provides protection with virtual machine, it is ensured that the controller node of cloud platform not will receive Attack influences, and also improves the reliability of cloud platform.
Method provided by the present application is described above.Device provided by the present application is described below.
It referring to fig. 4, is a kind of functional block diagram of message process device provided by the embodiments of the present application, which can be with Applied to this end node in cloud platform internal management network.Described device includes:
Receiving unit 401, for receiving message.
Module searching unit 402 is carried for finding in multiple functional modules that this end node includes with the message Purpose IP address and the first functional module for matching of VLAN ID;Wherein, multiple functional modules that described end node includes Affiliated IP network section and VLAN is different.
Message process unit 403, for handling the message using first functional module.
Optionally, second function mould of the message on the peer node in the cloud platform internal management network Block;First functional module and second functional module are to manage network function for executing same class on different nodes The IP address of functional module, the IP address of first functional module and second functional module is in the same IP network section, First functional module and second functional module belong to the same VLAN.
Optionally, when described end node be control node when, first functional module can for it is following one of them Functional module: page log-in module, for providing log-in interface;First storage access module, for cloud platform internal control Memory node in network is written and read;First Virtual machine control module, for virtual to what is created in calculate node Machine carries out operation control;First internal communication module, for completing other management network functions.
Optionally, when described end node be calculate node when, first functional module can for it is following one of them Functional module: the second storage access module, for being written and read to the memory node in cloud platform internal management network;The Two Virtual machine control modules, the operation control for cooperating control node to complete to carry out the virtual machine created on this end node System;Second internal communication module, for cooperating control node to complete other management network functions.
Optionally, described device can also include:
Virtual machine start unit, for starting the first virtual machine on this end node;The IP address of first virtual machine The same IP network section, and first virtual machine and first functional module are in the IP address of first functional module Belong to the same VLAN;It, will by first virtual machine for the message for the IP address that source address is first functional module The source address modification of the message is the IP address of first virtual machine, then modified message is transmitted to the purpose of the message The corresponding node in address;It, will by first virtual machine for the message for the IP address that destination address is first virtual machine The message is transmitted to first functional module and is handled.
Optionally, the virtual machine start unit, the utilization rate that can be also used for working as the CPU of first virtual machine are more than When given threshold, start the second new virtual machine on this end node, and execution described first is taken over by second virtual machine The function of virtual machine;The IP address of second virtual machine is different from the IP address of first virtual machine, and described second is empty The IP address of quasi- machine and the IP address of first functional module are in the same IP network section, and second virtual machine with it is described First functional module belongs to the same VLAN.
Optionally, described device can also include:
Virtual switch creating unit, for creating virtual switch on this end node, and in the virtual switch Upper to distribute unique port for first functional module, the outlet of the virtual switch is and cloud platform internal management network The physical network card of binding;The message that first functional module issues enters the virtual switch by the port, and leads to The physical network card for crossing the virtual switch connection enters cloud platform internal management network.
It should be noted that being schematical, only a kind of logic function to the division of unit in the embodiment of the present invention It divides, there may be another division manner in actual implementation.Each functional unit in embodiments herein can integrate In one processing unit, it is also possible to each unit and physically exists alone, one can also be integrated in two or more units In a unit.Above-mentioned integrated unit both can take the form of hardware realization, can also be in the form of software functional units It realizes.
As shown in figure 5, the embodiment of the present application also provides a kind of message process device, described device include communication interface 501, Processor 502, memory 503 and bus 504;Wherein, communication interface 501, processor 502, memory 503 pass through bus 504 Complete mutual communication.
Wherein, communication interface 501, for being communicated with other nodes in cloud platform internal management network.Processor 502 can To be a CPU, memory 503 be can be nonvolatile memory (non-volatile memory), and memory 503 In be stored with Message processing logical order, processor 502 can execute the Message processing logical order stored in memory 503, To realize message processing method shown in Fig. 2, for details, reference can be made to processes shown in Fig. 2.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.

Claims (14)

1. a kind of message processing method, which is characterized in that the method is applied to this end segment in cloud platform internal management network Point, which comprises
Receive message;
The purpose Internet protocol IP address and void carried with the message is found in multiple functional modules that this end node includes The first functional module that quasi- LAN ID VLAN ID matches;
The message is handled using first functional module;
Wherein, IP network section belonging to multiple functional modules that described end node includes and VLAN are different.
2. the method as described in claim 1, which is characterized in that the message is in the cloud platform internal management network The second functional module on peer node;
First functional module and second functional module are to manage network function for executing same class on different nodes Functional module, the IP address of the IP address of first functional module and second functional module is in the same IP network Section, first functional module and second functional module belong to the same VLAN.
3. the method as described in claim 1, which is characterized in that when described end node is control node, first function Energy module is following one of functional module:
Page log-in module, for providing log-in interface;
First storage access module, for being written and read to the memory node in cloud platform internal management network;
First Virtual machine control module, for carrying out operation control to the virtual machine created in calculate node;
First internal communication module, for completing other management network functions.
4. the method as described in claim 1, which is characterized in that when described end node is calculate node, first function Energy module is following one of functional module:
Second storage access module, for being written and read to the memory node in cloud platform internal management network;
Second Virtual machine control module, the behaviour for cooperating control node to complete to carry out the virtual machine created on this end node It controls;
Second internal communication module, for cooperating control node to complete other management network functions.
5. the method as described in claim 1, which is characterized in that the method also includes:
Start the first virtual machine on this end node;The IP of the IP address of first virtual machine and first functional module Location is in the same IP network section, and first virtual machine and first functional module belong to the same VLAN;
For the message for the IP address that source address is first functional module, by the source of the message by first virtual machine The IP address of first virtual machine is revised as in location, then the corresponding section of destination address that modified message is transmitted to the message Point;
For the message for the IP address that destination address is first virtual machine, forwarded the packet to by first virtual machine First functional module is handled.
6. method as claimed in claim 5, which is characterized in that the method also includes:
When the utilization rate of the central processor CPU of first virtual machine is more than given threshold, start on this end node new The second virtual machine, and the function of executing first virtual machine is taken over by second virtual machine;
The IP address of second virtual machine is different from the IP address of first virtual machine, and the IP of second virtual machine The IP address of location and first functional module is in the same IP network section, and second virtual machine and the first function mould Block belongs to the same VLAN.
7. the method as described in claim 1, which is characterized in that the method also includes:
Virtual switch is created on this end node, and is that the first functional module distribution is unique on the virtual switch Port, the outlet of the virtual switch is the physical network card bound with cloud platform internal management network;
The message that first functional module issues enters the virtual switch by the port, and passes through the virtual friendship The physical network card of connection of changing planes enters cloud platform internal management network.
8. a kind of message process device, which is characterized in that described device is applied to this end segment in cloud platform internal management network Point, described device include:
Receiving unit, for receiving message;
Module searching unit, for finding the purpose net carried with the message in multiple functional modules that this end node includes The first functional module that border Protocol IP address and VLAN ID VLAN ID match;Wherein, described end node includes Multiple functional modules belonging to IP network section and VLAN it is different;
Message process unit, for handling the message using first functional module.
9. device as claimed in claim 8, which is characterized in that the message is in the cloud platform internal management network The second functional module on peer node;
First functional module and second functional module are to manage network function for executing same class on different nodes Functional module, the IP address of the IP address of first functional module and second functional module is in the same IP network Section, first functional module and second functional module belong to the same VLAN.
10. device as claimed in claim 8, which is characterized in that when described end node is control node, first function Energy module is following one of functional module:
Page log-in module, for providing log-in interface;
First storage access module, for being written and read to the memory node in cloud platform internal management network;
First Virtual machine control module, for carrying out operation control to the virtual machine created in calculate node;
First internal communication module, for completing other management network functions.
11. device as claimed in claim 8, which is characterized in that when described end node is calculate node, first function Energy module is following one of functional module:
Second storage access module, for being written and read to the memory node in cloud platform internal management network;
Second Virtual machine control module, the behaviour for cooperating control node to complete to carry out the virtual machine created on this end node It controls;
Second internal communication module, for cooperating control node to complete other management network functions.
12. device as claimed in claim 8, which is characterized in that described device further include:
Virtual machine start unit, for starting the first virtual machine on this end node;The IP address of first virtual machine and institute The IP address for stating the first functional module is in the same IP network section, and first virtual machine belongs to first functional module The same VLAN;
For the message for the IP address that source address is first functional module, by the source of the message by first virtual machine The IP address of first virtual machine is revised as in location, then the corresponding section of destination address that modified message is transmitted to the message Point;
For the message for the IP address that destination address is first virtual machine, forwarded the packet to by first virtual machine First functional module is handled.
13. device as claimed in claim 12, which is characterized in that
The virtual machine start unit is also used to when the utilization rate of the central processor CPU of first virtual machine be more than setting When threshold value, start the second new virtual machine on this end node, and taken over by second virtual machine and execute described first virtually The function of machine;
The IP address of second virtual machine is different from the IP address of first virtual machine, and the IP of second virtual machine The IP address of location and first functional module is in the same IP network section, and second virtual machine and the first function mould Block belongs to the same VLAN.
14. device as claimed in claim 8, which is characterized in that described device further include:
Virtual switch creating unit is for creating virtual switch on this end node, and on the virtual switch First functional module distributes unique port, and the outlet of the virtual switch is to bind with cloud platform internal management network Physical network card;
The message that first functional module issues enters the virtual switch by the port, and passes through the virtual friendship The physical network card of connection of changing planes enters cloud platform internal management network.
CN201710087524.2A 2017-02-17 2017-02-17 A kind of message processing method and device Active CN106878075B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710087524.2A CN106878075B (en) 2017-02-17 2017-02-17 A kind of message processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710087524.2A CN106878075B (en) 2017-02-17 2017-02-17 A kind of message processing method and device

Publications (2)

Publication Number Publication Date
CN106878075A CN106878075A (en) 2017-06-20
CN106878075B true CN106878075B (en) 2019-08-06

Family

ID=59166511

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710087524.2A Active CN106878075B (en) 2017-02-17 2017-02-17 A kind of message processing method and device

Country Status (1)

Country Link
CN (1) CN106878075B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109428863B (en) * 2017-08-30 2022-08-02 阿里巴巴集团控股有限公司 Safety protection method, data processing method, device and equipment for container service
CN111669310B (en) * 2019-03-08 2022-05-10 厦门网宿有限公司 Batch processing method for network isolation space in pptp vpn and pptp vpn server
CN115150557A (en) * 2022-08-30 2022-10-04 杭州萤石软件有限公司 Internet of things camera, message processing method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841451A (en) * 2009-12-30 2010-09-22 北京世纪互联宽带数据中心有限公司 Virtual local area network-based speed limiting method and system for cloud hosts
CN101924707A (en) * 2010-09-27 2010-12-22 杭州华三通信技术有限公司 Method and equipment for processing message of address resolution protocol (ARP)
CN103746997A (en) * 2014-01-10 2014-04-23 浪潮电子信息产业股份有限公司 Network security solution for cloud computing center
CN104660479A (en) * 2015-02-13 2015-05-27 南京华讯方舟通信设备有限公司 Networking method and network system
CN106027491A (en) * 2016-04-29 2016-10-12 天津赞普科技股份有限公司 Independent link type communication processing method and system based on isolated IP (Internet Protocol) address

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8619771B2 (en) * 2009-09-30 2013-12-31 Vmware, Inc. Private allocated networks over shared communications infrastructure

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841451A (en) * 2009-12-30 2010-09-22 北京世纪互联宽带数据中心有限公司 Virtual local area network-based speed limiting method and system for cloud hosts
CN101924707A (en) * 2010-09-27 2010-12-22 杭州华三通信技术有限公司 Method and equipment for processing message of address resolution protocol (ARP)
CN103746997A (en) * 2014-01-10 2014-04-23 浪潮电子信息产业股份有限公司 Network security solution for cloud computing center
CN104660479A (en) * 2015-02-13 2015-05-27 南京华讯方舟通信设备有限公司 Networking method and network system
CN106027491A (en) * 2016-04-29 2016-10-12 天津赞普科技股份有限公司 Independent link type communication processing method and system based on isolated IP (Internet Protocol) address

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
云计算的虚拟网络管理系统的研究与实现;夏之斌;《中国优秀硕士论文全文数据库信息科技辑》;20150430;第I139-135页

Also Published As

Publication number Publication date
CN106878075A (en) 2017-06-20

Similar Documents

Publication Publication Date Title
CN104685507B (en) Virtual secure device architecture is provided to virtual cloud foundation structure
CN103346981B (en) Virtual switch method, relevant apparatus and computer system
CN106612225B (en) Openstack-based agent deployment system and method
US9122507B2 (en) VM migration based on matching the root bridge of the virtual network of the origination host and the destination host
CN103930882B (en) The network architecture with middleboxes
CN105409172B (en) Logical switch
CN105656841B (en) The method and apparatus of virtual firewall are realized in a kind of software defined network
CN102770852B (en) Information communications processing system, method and network node
CN105262685B (en) A kind of message processing method and device
CN103997513B (en) A kind of programmable virtual network service system
CN105791175B (en) The method and apparatus of transfer resource is controlled in software defined network
CN106712988B (en) A kind of virtual network management method and device
TWI477110B (en) Method and system for nic-centric hyper-channel distributed network management
CN106878075B (en) A kind of message processing method and device
CN105429811B (en) network management system and method
US10050859B2 (en) Apparatus for processing network packet using service function chaining and method for controlling the same
WO2016180181A1 (en) Service function deployment method and apparatus
CN111064649B (en) Method and device for realizing binding of layered ports, control equipment and storage medium
CN105635190B (en) Service executing apparatus in data center network and device
CN105224385A (en) A kind of virtualization system based on cloud computing and method
CN107181691B (en) Method, equipment and system for realizing message routing in network
CN109240796A (en) Virtual machine information acquisition methods and device
CN106850459A (en) A kind of method and device for realizing virtual network load balancing
WO2018214817A1 (en) Packet forwarding method, device and apparatus, and storage medium
CN108377199A (en) Shared strategy related with configuration item and configuration information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant