CN106953788A - A kind of Virtual Network Controller and control method - Google Patents

A kind of Virtual Network Controller and control method Download PDF

Info

Publication number
CN106953788A
CN106953788A CN201710082464.5A CN201710082464A CN106953788A CN 106953788 A CN106953788 A CN 106953788A CN 201710082464 A CN201710082464 A CN 201710082464A CN 106953788 A CN106953788 A CN 106953788A
Authority
CN
China
Prior art keywords
flow
bridges
ovs
forwarded
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710082464.5A
Other languages
Chinese (zh)
Other versions
CN106953788B (en
Inventor
柯俊阳
黄应军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xipu Sunshine Technology Co ltd
Original Assignee
北京西普阳光教育科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京西普阳光教育科技股份有限公司 filed Critical 北京西普阳光教育科技股份有限公司
Priority to CN201710082464.5A priority Critical patent/CN106953788B/en
Publication of CN106953788A publication Critical patent/CN106953788A/en
Application granted granted Critical
Publication of CN106953788B publication Critical patent/CN106953788B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • H04L12/4625Single bridge functionality, e.g. connection of two networks over a single bridge
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/58Association of routers
    • H04L45/586Association of routers of virtual routers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention discloses a kind of Virtual Network Controller and control method.The controller includes:The first OVS bridges and the 2nd OVS bridges being connected with each other, the router and Dynamic Host Configuration Protocol server being connected with the 2nd OVS bridges, also including at least one linux bridge, a linux bridge connects a virtual machine, and is connected by Microsoft Loopback Adapter pair with the 2nd OVS bridges;First OVS bridges are connected with main frame network interface, are external flow entrance, virtual machine traffic outlet;Dynamic Host Configuration Protocol server is used to provide IP address distribution service;Router is used to provide route firewall services.The present invention has merged OVS and NameSpace, because the resource in each NameSpace to other NameSpaces is transparent, realizes virtual network, any combination of physical network and intercommunication, isolation;And the characteristics such as the source IP of network traffics, purpose IP, source port, destination interface, connection status can be filtered, play safety protection function.

Description

A kind of Virtual Network Controller and control method
Technical field
The present invention relates to virtual networking field, and in particular to a kind of Virtual Network Controller and control method.
Background technology
Cloud computing is the tradition meter such as Distributed Calculation, parallel computation, effectiveness calculating, the network storage, virtualization, load balancing Calculation machine and the product of network technical development fusion.Cloud computing is delivery and the use pattern of a kind of IT resources, is referred to by network The resource such as hardware, platform, software and service needed for obtaining on demand, in the way of elasticity is referred to as there is provided the network of resource " cloud ".Resource in " cloud " can be with infinite expanding in user, and can at any time obtain, use on demand, extend, press at any time Amount is paid.The main contents of cloud computing are service IAAS (Infrastructure as a Service) including infrastructure, put down Platform is that service and software are serviced etc..
At present, product increasingly enriches under cloud computing era line, and the change of demand and function frequently can lead to IAAS layers of void The big variation of planization network.Traditional virtual network framework is as shown in figure 1, (operating personnel need not slap with simple, easy to operate Hold the virtualization network technology of complexity) the advantages of.Its usage scenario is single, and function is simple, is particularly suitable for use in medium-sized and small enterprises Internal and personal test is used.But this framework there is problems for product under the line in field of cloud calculation:It is multiple to use Family produces virtual machine in same main frame, and in order to ensure the isolation of network between user, main frame needs to distribute main frame for each user Network interface and virtual bridge.Therefore, each change (variation of such as number of users) of network is required for underlying virtual network rack Structure is adjusted, and versatility is not strong.If the later stage needs new network demand, the traditional virtual network architecture is also unfavorable for extension. Inter-net communication relies on the virtual machine communication between outside network device, the uncontrollable heterogeneous networks of user, also uncontrollable same net Inter-virtual machine communication in network, causes security function to lack.
The content of the invention
In order to solve the above-mentioned problems in the prior art, the present invention proposes a kind of Virtual Network Controller and controlling party Method.
To achieve the above object, the present invention is adopted the following technical scheme that:
The first OVS (openvsitch) bridges and the 2nd OVS bridges being connected with each other, the road being connected with the 2nd OVS bridges By device and DHCP (Dynamic Host Configuration Protocol, DHCP) server, also include At least one linux bridge, a linux bridge connects a virtual machine, and by virtual by the first Microsoft Loopback Adapter and second The Microsoft Loopback Adapter pair of network interface card composition is connected with the 2nd OVS bridges;First OVS bridges are connected with main frame network interface, are that external flow enters Mouthful, the outlet of virtual machine traffic;Dynamic Host Configuration Protocol server is the Dynamic Host Configuration Protocol server based on NameSpace, for providing IP address distribution clothes Business;Router is the virtual router based on NameSpace (namespace), for providing route, firewall services.
Further, OVS bridges include flow table and passage, and flow table includes header field, counter and operating list, and header field includes Input port, mac source address, MAC destination addresses, ethernet type, VLAN ID, IP source address, IP destination addresses, IP Port, TCP source port, TCP destination interfaces, matching check is carried out for the flow to input;Counter is used for statistical match The quantity of packet and byte;Operating list is used to deposit the action policy after matching.
The present invention also provides a kind of virtual network controls method, including:
Virtual machine input flow rate step:
First OVS bridges obtain external flow, and the flow is checked, if the data message of the flow The header field fields match of a certain field or multiple fields and User Defined flow table, then after the flow is changed by flow table strategy It is forwarded to the 2nd OVS bridges;If the header field fields match in the data message of the flow not with User Defined flow table Field, then the flow is forwarded directly to the 2nd OVS bridges;
2nd OVS bridges to by the first OVS bridges forward Lai flow check, if the data message of the flow A certain field or multiple fields and User Defined flow table header field fields match, then by the flow by the conversion of flow table strategy Forward the flow again afterwards;If in the data message of the flow not with the header field fields match of User Defined flow table Field, then directly forward the flow:If DHCP request, Dynamic Host Configuration Protocol server is forwarded to, if across a network is accessed, forwarding To router, if same network access, by Microsoft Loopback Adapter to being forwarded to linux bridges;
Router to by the 2nd OVS bridges forward come flow carry out firewall rule inspection, if fire wall clearance, The flow is forwarded to the linux bridges of clearance network;If fire wall is refused, the flow is abandoned;
Linux bridges to by the 2nd OVS bridges forward come flow carry out host firewall rule check, if main frame prevent Wall with flues is let pass, then the flow is forwarded into virtual machine;If host firewall is refused, the flow is abandoned;
Virtual machine output flow step:
Linux bridges obtain flow from virtual machine, and check host firewall rule, if host firewall is let pass, By the flow by Microsoft Loopback Adapter to being forwarded to the 2nd OVS bridges;If host firewall is refused, the flow is abandoned;
2nd OVS bridges are checked the flow obtained from linux bridges, if certain of the data message of the flow The header field fields match of one field or multiple fields and User Defined flow table, then by the flow by after the conversion of flow table strategy turns Send out flow described;If the field in the data message of the flow not with the header field fields match of User Defined flow table, Then directly forward the flow:If DHCP request, Dynamic Host Configuration Protocol server is forwarded to, if across a network is accessed, road is forwarded to By device, if same network access, through Microsoft Loopback Adapter to being forwarded to the linux bridges of purpose virtual machine, if the flow Destination address not in same main frame, is then forwarded to the first OVS bridges with source address;
Router to by the 2nd OVS bridges forward come flow carry out firewall rule inspection, if fire wall clearance and The flow is then forwarded directly to the linux bridges of clearance network by destination address in same main frame;If not in same main frame Then it is forwarded to the first OVS bridges;If fire wall is refused, the flow is abandoned;
First OVS bridges to by the 2nd OVS bridges forward Lai flow check, if the data message of the flow A certain field or multiple fields and User Defined flow table header field fields match, then by the flow by the conversion of flow table strategy The flow is forwarded to main frame network interface afterwards;If the header field in the data message of the flow not with User Defined flow table The field of fields match, then be forwarded directly to main frame network interface by the flow.
Compared with prior art, the invention has the advantages that:
Virtual Network Controller of the present invention includes OVS bridges, the router based on NameSpace, Dynamic Host Configuration Protocol server, And the linux bridges (a linux bridge connects a virtual machine) for one-to-one connecting virtual machine, make system resource not It is of overall importance again, but belongs to specific NameSpace.Because the resource in each NameSpace is to other Namespace It is transparent, realizes virtual network, any combination of physical network and intercommunication, isolation;And can be to network traffics source IP, mesh The filtering of the characteristic such as IP, source port, destination interface, connection status, play safety protection function.
Brief description of the drawings
Fig. 1 is traditional virtual network configuration diagram;
Fig. 2 is a kind of configuration diagram of an embodiment of Virtual Network Controller of the invention;
Fig. 3 is a kind of configuration diagram of another embodiment of Virtual Network Controller of the invention;
Fig. 4 is a kind of flow chart of virtual network controls method of the embodiment of the present invention.
In figure:The OVS bridges of 1- the first, the OVS bridges of 2- the 2nd, 3- Microsoft Loopback Adapters pair, the Microsoft Loopback Adapters of 31- first, 32- second Microsoft Loopback Adapter, 4-linux bridges, 5- routers, 6-DHCP servers.
Embodiment
The present invention is described in further detail below in conjunction with the accompanying drawings.
A kind of configuration diagram of Virtual Network Controller of the embodiment of the present invention as shown in Fig. 2 including:Connected first The OVS bridges 2 of OVS bridges 1 and the 2nd, the router 5 and Dynamic Host Configuration Protocol server 6 being connected with the 2nd OVS bridges 2, also including at least one Individual linux bridges 4, a linux bridge 4 connects a virtual machine, and by by the Microsoft Loopback Adapter of the first Microsoft Loopback Adapter 31 second 3 pairs of the Microsoft Loopback Adapter of 32 compositions is connected with the 2nd OVS bridges 2;Dynamic Host Configuration Protocol server 6 is the Dynamic Host Configuration Protocol server based on NameSpace, For providing IP address distribution service;Router 5 is the virtual router based on NameSpace, for providing route, fire wall Service.
In the present embodiment, Microsoft Loopback Adapter is a pair of Microsoft Loopback Adapter under linux to 3 (veth pair), for difference The mode communicated between network namespace.The packet sent from a veth network interface card can directly reach its Peer veth, have virtual link between the two.As shown in Fig. 2 first Microsoft Loopback Adapter 31 connection the of the Microsoft Loopback Adapter to 3 Two OVS bridges 2, the second Microsoft Loopback Adapter 32 connection linux bridges 4, for transmitting between the 2nd OVS bridges 2 and linux bridges 4 Flow.
In the present embodiment, the first OVS bridges 1 and the 2nd OVS bridges 2 are all openvsitch bridges.Openvsitch is The virtual switch machine controller developed by Nicira Networks, openvsitch bridges are the virtual of openvsitch establishments Interchanger.Openvsitch supports openflow agreements, supports the flow control policy of the flow per virtual machine network interface card, supports base Bound in the multiport of source MAC load-sharing modes, active-standby mode, L4 Hash patterns, support IPV6, support a variety of tunnel associations View.
In the present embodiment, router 5 is the virtual router based on NameSpace, can support the route between heterogeneous networks Strategy, also supports iptables firewall rules, can realize the safe intercommunication of three-layer network.Iptables is a configuration The command-line tool of linux kernel fire wall, for controlling linux kernel netfilters modules.If linux system is connected To internet or LAN, server or connection LAN and the proxy server of internet, then the system is conducive on linux system Better control over IP packet filtrations and firewall configuration.Fire wall has a set of follow and group when making packet filtration decision Into rule, these rules are stored in special packet filtration table, and these tables are integrated in linux kernel.In information In packet filtering table, rule, which is grouped, to be placed in so-called chain (chain).
In the present embodiment, linux bridges 4 are used for connecting virtual machine, and by Microsoft Loopback Adapter to 3 and the 2nd OVS bridge 2 It is connected.Linux bridges 4 are the bridges based on linux, the equipment for connecting the exchange of TCP/IP two-layer protocols, with real friendship Function of changing planes is similar.Linux bridges can be connected with other network equipments on Linux, both add a slave unit, equivalent to A netting twine is really connected between interchanger and a user terminal.Linux bridges are operated in data link layer, when there is data During arrival, the MAC information that linux bridges can be in message is broadcasted, forwarded, discard processing.In the present embodiment, one Main frame can correspond to multiple virtual machines, and different virtual machines may belong to identical network, can also belong to different networks, one Individual linux bridges 4 connect a virtual machine.Therefore, the quantity of linux bridges 4 is at least 1.By setting varying number Virtual machine, can make the Virtual Controller of the present invention be applied to different scenes.Fig. 2 be virtual machine quantity be 1 when most Simple application scenarios;Fig. 3 is the quantity of virtual machine for 2 and belongs to the application scenarios of identical network.
As a kind of alternative embodiment, OVS bridges (1,2) include flow table and passage, and (OVS supports to be used to manage OVS bridges The agreement OpenFlow of flow table), flow table include header field, counter and operating list, header field include input port, mac source address, MAC destination addresses, ethernet type, VLAN ID, IP source address, IP destination addresses, IP ports, TCP source port, TCP Destination interface, matching check is carried out for the flow to input;Counter is used for the packet of statistical match and the quantity of byte; Operating list is used to deposit forwarding after the action policy after matching, including conversion header field field, normal forwarding, discarding etc..
The present invention a kind of virtual network controls embodiment of the method, flow chart are also provided as shown in figure 4, including:
Step 100, virtual machine input flow rate:
Step 101, the first OVS bridges 1 obtain external flow, and the flow is checked, if the flow The a certain field or multiple fields of data message and the header field fields match of User Defined flow table, then press flow table by the flow Strategy conversion is (such as, if a user-defined flow table strategy is:It is 192.168.1.1 and virtual office to match source IP address VLAN ID is changed to 11 by domain net ID for 10 flow.If source IP address is in the data message of the flow 192.168.1.1 and VLAN id field be 10, then need by the VLAN ID of the data message of the flow turn The 2nd OVS bridges 2 are forwarded to after being changed to 11);If the head in the data message of the flow not with User Defined flow table The field of domain fields match, then be forwarded directly to the 2nd OVS bridges 2 by the flow;
Step 102,2 pairs of the 2nd OVS bridges by the first OVS bridges 1 forward Lai flow check, if the flow Data message a certain field or the header field fields match of multiple fields and User Defined flow table, then by the flow by stream The flow is forwarded again after the conversion of table strategy;If the header field in the data message of the flow not with User Defined flow table The field of fields match, then directly forward the flow:If DHCP request, Dynamic Host Configuration Protocol server 6 is forwarded to, if inter-network Network is accessed, and is forwarded to router 5, if same network access, 3 pairs are forwarded to linux bridges 4 by Microsoft Loopback Adapter;
Step 103,5 pairs of router by the 2nd OVS bridges 2 forward Lai flow carry out firewall rule inspection, if anti- Wall with flues is let pass, then the flow is forwarded to the linux bridges of clearance network;If fire wall is refused, the flow is abandoned;
Step 104,4 pairs of linux bridges by the 2nd OVS bridges 2 forward Lai flow carry out host firewall rule and check, If host firewall is let pass, the flow is forwarded to virtual machine;If host firewall is refused, the stream is abandoned Amount;
Step 200, virtual machine output flow:
Step 201, linux bridges 4 obtain flow from virtual machine, and check host firewall rule, if main frame is prevented fires Wall is let pass, then the flow is forwarded into the 2nd OVS bridges 2 to 3 by Microsoft Loopback Adapter;If host firewall is refused, lose Abandon the flow;
Step 202,2 pairs of flows obtained from linux bridges 4 of the 2nd OVS bridges are checked, if the number of the flow According to the header field fields match of a certain field or multiple fields and User Defined flow table of message, then the flow is pressed into flow table plan The flow is forwarded after slightly changing;If the header field field in the data message of the flow not with User Defined flow table The field matched somebody with somebody, then directly forward the flow:If DHCP request, Dynamic Host Configuration Protocol server 6 is forwarded to, if across a network is visited Ask, be forwarded to router 5, if same network access, purpose virtual machine is forwarded to 3 through Microsoft Loopback Adapter and (is different from step 201 In virtual machine) linux bridges 4, if the destination address of the flow and source address be not at same main frame (physical host), Then it is forwarded to the first OVS bridges 1;
Step 203,5 pairs of router by the 2nd OVS bridges 2 forward Lai flow carry out firewall rule inspection, if anti- Wall with flues is let pass and destination address is in same main frame, then the flow is forwarded directly to the linux bridges 4 of clearance network;If The first OVS bridges 1 are not forwarded to then in same main frame;If fire wall is refused, the flow is abandoned;
Step 204, the first OVS bridges to by the 2nd OVS bridges forward Lai flow check, if the flow The a certain field or multiple fields of data message and the header field fields match of User Defined flow table, then press flow table by the flow The flow is forwarded to main frame network interface after strategy conversion;If in the data message of the flow not with User Defined stream The field of the header field fields match of table, then be forwarded directly to main frame network interface by the flow.
It is above-mentioned that only several specific embodiments in the present invention are illustrated, but protection model of the invention can not be used as Enclose, the equivalent change or modification or equal proportion that every design spirit according in the present invention is made are zoomed in or out, all should Think to fall into protection scope of the present invention.

Claims (3)

1. a kind of Virtual Network Controller, it is characterised in that including:The first OVS bridges and the 2nd OVS bridges being connected with each other, The router and Dynamic Host Configuration Protocol server being connected with the 2nd OVS bridges, also including at least one linux bridge, a linux bridge connects Connect a virtual machine, and Microsoft Loopback Adapter pair and the 2nd OVS bridges by being made up of the first Microsoft Loopback Adapter and the second Microsoft Loopback Adapter It is connected;First OVS bridges are connected with main frame network interface, are external flow entrance, the outlet of virtual machine traffic;Dynamic Host Configuration Protocol server is base In the Dynamic Host Configuration Protocol server of NameSpace, for providing IP address distribution service;Router is the virtual flow-line based on NameSpace Device, for providing route, firewall services.
2. Virtual Network Controller according to claim 1, it is characterised in that OVS bridges include flow table and passage, flow table Including header field, counter and operating list, header field include input port, mac source address, MAC destination addresses, ethernet type, VLAN ID, IP source address, IP destination addresses, IP ports, TCP source port, TCP destination interfaces, for the stream to input Amount carries out matching check;Counter is used for the packet of statistical match and the quantity of byte;Operating list is used to deposit after matching Action policy.
3. a kind of virtual network controls method, it is characterised in that including:
Virtual machine input flow rate step:
First OVS bridges obtain external flow, and the flow is checked, if the data message of the flow is a certain The header field fields match of field or multiple fields and User Defined flow table, then by the flow by forwarding after the conversion of flow table strategy To the 2nd OVS bridges;If the word in the data message of the flow not with the header field fields match of User Defined flow table Section, then be forwarded directly to the 2nd OVS bridges by the flow;
2nd OVS bridges to by the first OVS bridges forward Lai flow check, if certain of the data message of the flow The header field fields match of one field or multiple fields and User Defined flow table, then after the flow is changed by flow table strategy again Forward the flow;If the word in the data message of the flow not with the header field fields match of User Defined flow table Section, then directly forward the flow:If DHCP request, Dynamic Host Configuration Protocol server is forwarded to, if across a network is accessed, is forwarded to Router, if same network access, by Microsoft Loopback Adapter to being forwarded to linux bridges;
Router to by the 2nd OVS bridges forward come flow carry out firewall rule inspection, if fire wall clearance, by institute State the linux bridges that flow is forwarded to clearance network;If fire wall is refused, the flow is abandoned;
Linux bridges to by the 2nd OVS bridges forward come flow carry out host firewall rule inspection, if host firewall Let pass, then the flow is forwarded to virtual machine;If host firewall is refused, the flow is abandoned;
Virtual machine output flow step:
Linux bridges obtain flow from virtual machine, and check host firewall rule, if host firewall is let pass, by institute Flow is stated by Microsoft Loopback Adapter to being forwarded to the 2nd OVS bridges;If host firewall is refused, the flow is abandoned;
2nd OVS bridges are checked the flow obtained from linux bridges, if a certain word of the data message of the flow The header field fields match of section or multiple fields and User Defined flow table, then forward institute after the flow is changed by flow table strategy State flow;If the field in the data message of the flow not with the header field fields match of User Defined flow table, directly Switch through and send out flow described:If DHCP request, Dynamic Host Configuration Protocol server is forwarded to, if across a network is accessed, router is forwarded to, If same network access, through Microsoft Loopback Adapter to being forwarded to the linux bridges of purpose virtual machine, if the destination of the flow Location not in same main frame, is then forwarded to the first OVS bridges with source address;
Router to by the 2nd OVS bridges forward come flow carry out firewall rule inspection, if fire wall clearance and purpose The flow is then forwarded directly to the linux bridges of clearance network by address in same main frame;Turn if not in same main frame It is dealt into the first OVS bridges;If fire wall is refused, the flow is abandoned;
First OVS bridges to by the 2nd OVS bridges forward Lai flow check, if certain of the data message of the flow The header field fields match of one field or multiple fields and User Defined flow table, then will after the flow is changed by flow table strategy The flow is forwarded to main frame network interface;If the header field field in the data message of the flow not with User Defined flow table The field of matching, then be forwarded directly to main frame network interface by the flow.
CN201710082464.5A 2017-02-16 2017-02-16 virtual network controller and control method Active CN106953788B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710082464.5A CN106953788B (en) 2017-02-16 2017-02-16 virtual network controller and control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710082464.5A CN106953788B (en) 2017-02-16 2017-02-16 virtual network controller and control method

Publications (2)

Publication Number Publication Date
CN106953788A true CN106953788A (en) 2017-07-14
CN106953788B CN106953788B (en) 2019-12-13

Family

ID=59466550

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710082464.5A Active CN106953788B (en) 2017-02-16 2017-02-16 virtual network controller and control method

Country Status (1)

Country Link
CN (1) CN106953788B (en)

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547404A (en) * 2017-07-31 2018-01-05 新华三技术有限公司 Flow table generation method and device and message forwarding method and device
CN108471383A (en) * 2018-02-08 2018-08-31 华为技术有限公司 Message forwarding method, device and system
CN108833305A (en) * 2018-07-17 2018-11-16 北京西普阳光教育科技股份有限公司 The virtual network framework of host
CN109639554A (en) * 2018-12-26 2019-04-16 山东有人信息技术有限公司 A kind of long-range VLAN implementation method
CN109768901A (en) * 2019-01-23 2019-05-17 郑州云海信息技术有限公司 It is a kind of based on virtual machine to the method and system of BMC IPV6 functional test
CN109889533A (en) * 2019-03-11 2019-06-14 北京网御星云信息技术有限公司 Security defend method and system, computer readable storage medium under cloud environment
CN109889529A (en) * 2019-03-01 2019-06-14 国电南瑞科技股份有限公司 A kind of method of realizing fireproof wall of the communication controler based on IPTABLE
CN110086824A (en) * 2019-05-08 2019-08-02 苏州浪潮智能科技有限公司 A kind of adaptive configuring method, device and the equipment of virtual machine firewall policy
CN110636036A (en) * 2018-06-22 2019-12-31 复旦大学 OpenStack cloud host network access control method based on SDN
CN111030980A (en) * 2019-08-09 2020-04-17 哈尔滨安天科技集团股份有限公司 Linux transparent network equipment platform implementation method, device and storage medium
CN112165460A (en) * 2020-09-10 2021-01-01 杭州安恒信息技术股份有限公司 Flow detection method and device, computer equipment and storage medium
WO2021000713A1 (en) * 2019-07-04 2021-01-07 中兴通讯股份有限公司 Network element management apparatus and message processing method
CN112291252A (en) * 2020-11-02 2021-01-29 浪潮云信息技术股份公司 Architecture and method for realizing symmetric flow guiding of north-south flow
CN112671578A (en) * 2020-12-23 2021-04-16 北京浪潮数据技术有限公司 SRIOV virtual network configuration method and related device
CN113839933A (en) * 2021-09-13 2021-12-24 紫光云(南京)数字技术有限公司 Method for solving multi-network card flow by utilizing security group
CN114301868A (en) * 2021-12-30 2022-04-08 上海观安信息技术股份有限公司 Method for quickly generating floating IP of virtual container and method and device for network direct connection
CN115834291A (en) * 2022-11-16 2023-03-21 中国联合网络通信集团有限公司 Distributed intranet service data acquisition method, device, equipment and storage medium
GB2609258B (en) * 2021-07-27 2024-01-31 Cubic Telecom Ltd Vehicle data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140226661A1 (en) * 2013-02-11 2014-08-14 Cisco Technology, Inc. Binary compatible extension architecture in an openflow compliant network environment
CN104394130A (en) * 2014-11-12 2015-03-04 国云科技股份有限公司 A multi-tenant virtual network isolating method
CN106034052A (en) * 2015-03-13 2016-10-19 北京网御星云信息技术有限公司 System and method for monitoring two-layer traffic among virtual machines

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140226661A1 (en) * 2013-02-11 2014-08-14 Cisco Technology, Inc. Binary compatible extension architecture in an openflow compliant network environment
CN104394130A (en) * 2014-11-12 2015-03-04 国云科技股份有限公司 A multi-tenant virtual network isolating method
CN106034052A (en) * 2015-03-13 2016-10-19 北京网御星云信息技术有限公司 System and method for monitoring two-layer traffic among virtual machines

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547404A (en) * 2017-07-31 2018-01-05 新华三技术有限公司 Flow table generation method and device and message forwarding method and device
CN107547404B (en) * 2017-07-31 2019-11-05 新华三技术有限公司 Flow table generation method and device and message forwarding method and device
CN108471383A (en) * 2018-02-08 2018-08-31 华为技术有限公司 Message forwarding method, device and system
CN108471383B (en) * 2018-02-08 2021-02-12 华为技术有限公司 Message forwarding method, device and system
CN110636036A (en) * 2018-06-22 2019-12-31 复旦大学 OpenStack cloud host network access control method based on SDN
CN108833305A (en) * 2018-07-17 2018-11-16 北京西普阳光教育科技股份有限公司 The virtual network framework of host
CN108833305B (en) * 2018-07-17 2024-04-05 北京西普阳光科技股份有限公司 Virtual network device of host
CN109639554A (en) * 2018-12-26 2019-04-16 山东有人信息技术有限公司 A kind of long-range VLAN implementation method
CN109639554B (en) * 2018-12-26 2022-01-21 山东有人物联网股份有限公司 Remote VLAN implementation method
CN109768901A (en) * 2019-01-23 2019-05-17 郑州云海信息技术有限公司 It is a kind of based on virtual machine to the method and system of BMC IPV6 functional test
CN109768901B (en) * 2019-01-23 2022-03-04 郑州云海信息技术有限公司 Method and system for testing functions of BMC IPV6 based on virtual machine
CN109889529A (en) * 2019-03-01 2019-06-14 国电南瑞科技股份有限公司 A kind of method of realizing fireproof wall of the communication controler based on IPTABLE
CN109889533A (en) * 2019-03-11 2019-06-14 北京网御星云信息技术有限公司 Security defend method and system, computer readable storage medium under cloud environment
CN109889533B (en) * 2019-03-11 2021-07-20 北京网御星云信息技术有限公司 Security defense method and system under cloud environment and computer readable storage medium
CN110086824A (en) * 2019-05-08 2019-08-02 苏州浪潮智能科技有限公司 A kind of adaptive configuring method, device and the equipment of virtual machine firewall policy
CN110086824B (en) * 2019-05-08 2021-10-15 苏州浪潮智能科技有限公司 Self-adaptive configuration method, device and equipment for firewall policy of virtual machine
WO2021000713A1 (en) * 2019-07-04 2021-01-07 中兴通讯股份有限公司 Network element management apparatus and message processing method
CN111030980A (en) * 2019-08-09 2020-04-17 哈尔滨安天科技集团股份有限公司 Linux transparent network equipment platform implementation method, device and storage medium
CN112165460A (en) * 2020-09-10 2021-01-01 杭州安恒信息技术股份有限公司 Flow detection method and device, computer equipment and storage medium
CN112291252A (en) * 2020-11-02 2021-01-29 浪潮云信息技术股份公司 Architecture and method for realizing symmetric flow guiding of north-south flow
CN112291252B (en) * 2020-11-02 2022-06-24 浪潮云信息技术股份公司 Architecture and method for realizing symmetric flow guidance of north-south flow
CN112671578A (en) * 2020-12-23 2021-04-16 北京浪潮数据技术有限公司 SRIOV virtual network configuration method and related device
GB2609258B (en) * 2021-07-27 2024-01-31 Cubic Telecom Ltd Vehicle data
CN113839933B (en) * 2021-09-13 2023-09-26 紫光云(南京)数字技术有限公司 Method for solving multi-network card flow by utilizing security group
CN113839933A (en) * 2021-09-13 2021-12-24 紫光云(南京)数字技术有限公司 Method for solving multi-network card flow by utilizing security group
CN114301868A (en) * 2021-12-30 2022-04-08 上海观安信息技术股份有限公司 Method for quickly generating floating IP of virtual container and method and device for network direct connection
CN114301868B (en) * 2021-12-30 2023-07-11 上海观安信息技术股份有限公司 Method for quickly generating virtual container floating IP and method and device for network direct connection
CN115834291A (en) * 2022-11-16 2023-03-21 中国联合网络通信集团有限公司 Distributed intranet service data acquisition method, device, equipment and storage medium
CN115834291B (en) * 2022-11-16 2024-04-09 中国联合网络通信集团有限公司 Distributed intranet service data acquisition method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN106953788B (en) 2019-12-13

Similar Documents

Publication Publication Date Title
CN106953788A (en) A kind of Virtual Network Controller and control method
CN109120494B (en) The method of physical machine is accessed in cloud computing system
CN106375384B (en) The management system and control method of image network flow in a kind of virtual network environment
CN104639372B (en) The correlating method and system of overlay network and physical network based on SDN
CN103997414B (en) Generate method and the network control unit of configuration information
CN104283756B (en) A kind of method and apparatus for realizing distributed multi-tenant virtual network
CN105554065B (en) Handle method, converting unit and the applying unit of message
US9917729B2 (en) Methods, systems, and computer readable media for multi-layer orchestration in software defined networks (SDNs)
CN101841451B (en) Virtual local area network-based speed limiting method and system for cloud hosts
TWI548239B (en) Openflow switch and method for packet exchanging thereof, sdn controller and data flow control method thereof
CN106161335A (en) A kind for the treatment of method and apparatus of network packet
CN105282191B (en) SiteServer LBS, controller and method
CN105262667A (en) Method and device for controlling multicast transmission in Overlay network
CN104780088A (en) Service message transmission method and equipment
CN106603550B (en) A kind of Network Isolation method and device
CN104994065A (en) Access control list operation system and method based on software-defined network
CN103763310A (en) Firewall service system and method based on virtual network
CN108833305B (en) Virtual network device of host
CN104660479A (en) Networking method and network system
CN112272145B (en) Message processing method, device, equipment and machine readable storage medium
CN103428061B (en) Access chassis node and the method utilizing access chassis node to carry out data forwarding
CN108123818A (en) A kind of emulation mode of the expansible fusion of actual situation network agile
CN103581325B (en) A kind of cloud computing resources cell system and its implementation method
CN105208053A (en) Method for realizing load balance, device and load balance service system
CN107566196A (en) Network-building method and network device, customer edge and readable storage medium storing program for executing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: Room 0001, 1f, block B, No. 18, Zhongguancun Street, Haidian District, Beijing 100080

Patentee after: Beijing Xipu Sunshine Technology Co.,Ltd.

Address before: Room 0001, 1f, block B, No. 18, Zhongguancun Street, Haidian District, Beijing 100086

Patentee before: BEIJING SIMPLEWARE EDUCATION TECHNOLOGY CO.,LTD.

CP03 Change of name, title or address
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A virtual network controller and its control method

Effective date of registration: 20220518

Granted publication date: 20191213

Pledgee: Xiamen International Bank Co.,Ltd. Beijing Branch

Pledgor: Beijing Xipu Sunshine Technology Co.,Ltd.

Registration number: Y2022990000280

PE01 Entry into force of the registration of the contract for pledge of patent right
PC01 Cancellation of the registration of the contract for pledge of patent right

Date of cancellation: 20231208

Granted publication date: 20191213

Pledgee: Xiamen International Bank Co.,Ltd. Beijing Branch

Pledgor: Beijing Xipu Sunshine Technology Co.,Ltd.

Registration number: Y2022990000280

PC01 Cancellation of the registration of the contract for pledge of patent right