CN109889621B - Configuration method and device of virtual private cloud service - Google Patents

Configuration method and device of virtual private cloud service Download PDF

Info

Publication number
CN109889621B
CN109889621B CN201910108408.3A CN201910108408A CN109889621B CN 109889621 B CN109889621 B CN 109889621B CN 201910108408 A CN201910108408 A CN 201910108408A CN 109889621 B CN109889621 B CN 109889621B
Authority
CN
China
Prior art keywords
service
public service
network card
virtual
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910108408.3A
Other languages
Chinese (zh)
Other versions
CN109889621A (en
Inventor
姜琳
雷思源
周磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN201910108408.3A priority Critical patent/CN109889621B/en
Publication of CN109889621A publication Critical patent/CN109889621A/en
Application granted granted Critical
Publication of CN109889621B publication Critical patent/CN109889621B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application discloses a configuration method and device of a virtual private cloud service, electronic equipment and a computer readable medium. One embodiment of the method comprises: in response to receiving a request for creating a corresponding virtual network card for a public service in a virtual private cloud service, an intranet virtual IP address of the public service is obtained as an IP address of the virtual network card, a public service mounted service node list is obtained, a routing strategy between the virtual network card and a public service node is configured based on the IP address of the virtual network card, and a mapping relation between the IP address of the virtual network card and the public service mounted service node list is created, so that the public service is provided for a user of the virtual private cloud service based on the routing strategy and the mapping relation. The embodiment realizes mapping of the public service to the virtual network card in the VPC, provides a service node for directly accessing the public service mount through the virtual network card in the VPC, and does not need a public service access mode through a public network segment.

Description

Configuration method and device of virtual private cloud service
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to the field of cloud services, and particularly relates to a configuration method and device of a virtual private cloud service.
Background
The cloud service is a service mode in which software, hardware, and data required by an enterprise or an individual are all put on a network, and different IT (Internet Technology) devices are connected with each other at any time and place to achieve the purposes of data access, operation, and the like. Currently, common Cloud services are Public Cloud (Public Cloud) and Private Cloud (Private Cloud).
In a public cloud, unused businesses or individual customers may share resources provided by one service provider. The private cloud is a cloud service system which is constructed for single customer independent use and provides effective control on the safety of data and resources inside the customer. Virtual machines within the private cloud have a need to access public services in the public cloud, such as access to object storage services and the like. Access to these public services in vpc (virtual Private cloud) currently requires the translation of the requested IP via a gateway to the public service network segment of the public network, and access to the services via the segment of the public service.
Disclosure of Invention
The embodiment of the application provides a configuration method and device of a virtual private cloud service, electronic equipment and a computer readable medium.
In a first aspect, an embodiment of the present application provides a method for configuring a virtual private cloud service, including: responding to a received request for creating a corresponding virtual network card for public service in the virtual private cloud service, and acquiring an intranet virtual IP address of the public service as an IP address of the virtual network card; acquiring a service node list of public service mounting, and configuring a routing strategy between a virtual network card and a service node of the public service based on an IP address of the virtual network card; and creating a mapping relation between the IP address of the virtual network card and the service node list of the public service mount so as to provide the public service for the user of the virtual private cloud service based on the routing strategy and the mapping relation.
In some embodiments, the obtaining the intranet virtual IP address of the public service includes: acquiring intranet virtual IP addresses corresponding to different users of the public service; the obtaining of the service node list of the public service mount includes: acquiring a list of service nodes mounted by a public service and respectively providing services for different users; and the creating of the mapping relationship between the IP address of the virtual network card and the service node list of the public service mount includes: and establishing a corresponding relation between the IP address of the virtual network card corresponding to the same user and the service node mounted by the public service.
In some embodiments, the above method further comprises: in response to receiving a public service access request sent to a virtual network card corresponding to a public service in the virtual private cloud service, searching a service node of the corresponding public service based on an intranet IP address of a request end sending the public service access request and a mapping relation, and accessing the searched service node according to a routing strategy.
In some embodiments, the configuring a routing policy between the virtual network card and a service node of the public service based on the IP address of the virtual network card includes: and creating a load balancing port of the public service in the virtual private cloud service, taking the IP address of the virtual network card as a source address, and configuring a routing strategy for distributing an access request to the service node of the public service by the virtual network card through the load balancing port.
In some embodiments, the above method further comprises: synchronizing the mapping relationship to a database of the virtual private cloud to obtain the mapping relationship from the database of the virtual private cloud through a gateway device within the virtual private cloud service upon receiving a public service access request within the virtual private cloud service.
In a second aspect, an embodiment of the present application provides a configuration apparatus for a virtual private cloud service, including: a first obtaining unit configured to obtain an intranet virtual IP address of a public service as an IP address of a virtual network card in response to receiving a request for creating a corresponding virtual network card for the public service in a virtual private cloud service; the second acquisition unit is configured to acquire a service node list mounted by the public service and configure a routing strategy between the virtual network card and a service node of the public service based on the IP address of the virtual network card; the creating unit is configured to create a mapping relation between the IP address of the virtual network card and the service node list of the public service mount so as to provide the public service to the user of the virtual private cloud service based on the routing policy and the mapping relation.
In some embodiments, the first obtaining unit is further configured to: acquiring intranet virtual IP addresses corresponding to different users of the public service; the second acquiring unit is further configured to: acquiring a list of service nodes mounted by a public service and respectively providing services for different users; and the creating unit is further configured to: and establishing a corresponding relation between the IP address of the virtual network card corresponding to the same user and the service node mounted by the public service.
In some embodiments, the above apparatus further comprises: and the access unit is configured to respond to a received public service access request sent to a virtual network card corresponding to the public service in the virtual private cloud service, find out a service node of the corresponding public service based on the intranet IP address of a request terminal sending the public service access request and the mapping relation, and access the found service node according to a routing strategy.
In some embodiments, the second obtaining unit is further configured to: and creating a load balancing port of the public service in the virtual private cloud service, taking the IP address of the virtual network card as a source address, and configuring a routing strategy for distributing an access request to the service node of the public service by the virtual network card through the load balancing port.
In some embodiments, the above apparatus further comprises: a synchronization unit configured to synchronize the mapping relationship to a database of the virtual private cloud to obtain the mapping relationship from the database of the virtual private cloud through a gateway device within the virtual private cloud service upon receiving a public service access request within the virtual private cloud service.
In a third aspect, an embodiment of the present application provides an electronic device, including: one or more processors; a storage device for storing one or more programs, which when executed by one or more processors, cause the one or more processors to implement the configuration method of the virtual private cloud service as provided by the first aspect.
In a fourth aspect, the present application provides a computer readable medium, on which a computer program is stored, where the program, when executed by a processor, implements the configuration method of the virtual private cloud service provided in the first aspect.
The method and apparatus for configuring a virtual private cloud service according to the above embodiments of the present application, by responding to a request for creating a corresponding virtual network card for a public service in the virtual private cloud service, acquiring an intranet virtual IP address of the public service as an IP address of the virtual network card, acquiring a service node list of a public service mount, configuring a routing policy between the virtual network card and a service node of the public service based on the IP address of the virtual network card, creating a mapping relationship between the IP address of the virtual network card and the service node list of the public service mount, providing the public service to a user of the private virtual cloud service based on the routing policy and the mapping relationship, mapping the public service to the virtual network card in the VPC, associating the service node of the public service with a virtual gateway of the virtual private cloud, providing a service node directly accessing the public service mount through the virtual network card in the VPC, without the need for public service access via public network segments.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 is an exemplary system architecture diagram to which embodiments of the present application may be applied;
fig. 2 is a flow diagram of one embodiment of a method of configuration of a virtual private cloud service according to the present application;
FIG. 3 is a diagram of an application scenario of the embodiment shown in FIG. 2;
fig. 4 is a flowchart of another embodiment of a method of configuring a virtual private cloud service according to the present application;
fig. 5 is a schematic structural diagram of an embodiment of a configuration apparatus of a virtual private cloud service according to the present application;
FIG. 6 is a schematic block diagram of a computer system suitable for use in implementing an electronic device according to embodiments of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 shows an exemplary system architecture to which the configuration method of the virtual private cloud service or the configuration apparatus of the virtual private cloud service of the present application may be applied.
As shown in fig. 1, system architecture 100 may include a Virtual Private Cloud (VPC)101 and a public cloud 102. The system architecture 100 may also include a load balancing device 103. The virtual private cloud VPC may be a cloud service system providing a dedicated service for a single customer, and may include multiple cloud hosts 1011, where modules such as a data center and a virtual gateway may be deployed on the cloud hosts 1011. Public cloud 102 can be a cloud service system in which public services (such as object storage services, application interface services, and the like) reside. The public cloud 102 may also include a plurality of cloud hosts 1021 for providing resource services.
The virtual private cloud 101 and the public cloud 102 may be connected via a network, and the cloud host 1011 in the virtual private cloud 101 may issue an access request to the public cloud 102, for example, a host in the VPC may request an object storage service in the public cloud, and the cloud host 1021 in the public cloud 102 may receive the request and provide a corresponding resource service.
The load balancing apparatus 103 is used to perform distribution of requests and data between the virtual private cloud 101 and the public cloud 102. An access request issued by a cloud host 1011 within the virtual private cloud 101 to the public cloud 102 is forwarded by the load balancing apparatus 103 to a cloud host 1021 in the public cloud 102.
It should be noted that the configuration method of the vpn cloud service provided in the embodiment of the present application may be executed by the cloud host 1011 disposed in the vpn cloud or the cloud host 1021 of the public cloud, and accordingly, the configuration apparatus of the vpn cloud service may be disposed in the cloud host 1011 disposed in the vpn cloud or the cloud host 1021 of the public cloud.
It should be understood that the number of cloud hosts, virtual private clouds, public clouds, load balancing devices in fig. 1 is merely illustrative. According to implementation needs, any number of cloud hosts, virtual private clouds, public clouds and load balancing devices can be provided.
With continued reference to fig. 2, a flow 200 of one embodiment of a method of configuration of a virtual private cloud service according to the present application is shown. The configuration method of the virtual private cloud service comprises the following steps:
step 201, in response to receiving a request for creating a corresponding virtual network card for a public service in a virtual private cloud service, acquiring an intranet virtual IP address of the public service as an IP address of the virtual network card.
In this embodiment, an execution subject of the configuration method of the virtual private cloud service may receive a request for creating a corresponding virtual network card for the public service in the virtual private cloud service. The virtual network card is used for providing an interface for accessing public services of the public cloud to the virtual private cloud, the virtual network card may have an IP (Internet Protocol) address of the virtual network card in the virtual private cloud, and a Domain Name System (DNS) may be used to configure a Domain name of the public services for the virtual network card. A host within the virtual private cloud may access a service node mounted under the public service by accessing a domain name corresponding to the public service within the virtual private cloud.
A user of the virtual private cloud may initiate an operation within the virtual private cloud to create a virtual network card for a public service in the public cloud, for example, the user may select "create virtual network card" to initiate a request at a console of the cloud service. The subnet where the user is located may be determined according to the identity of the user, and the request for creating the corresponding virtual network card for the public service in the virtual private cloud service may be generated according to the public service (e.g., an object storage service in a certain area) that the user selects and desires to access. The generated request may be transmitted to the execution subject through a virtual host connected to a console of the cloud service. After receiving the request, the execution main body may acquire an intranet virtual IP address allocated to the public service as an IP address of the virtual network card.
The public service may be a public service built in an area, such as an object storage service in North China. When the public service is built, an intranet virtual IP address can be applied in advance. The virtual IP address may be automatically assigned randomly or manually. In this embodiment, the intranet virtual IP address of the public service may be obtained, and the domain name configured for the public service may be obtained.
Step 202, obtaining a service node list of public service mount, and configuring a routing policy between the virtual network card and a service node of the public service based on the IP address of the virtual network card.
When a public service is built, a host providing storage resources and computing resources for the public service is used as a service node to be mounted under the public service. These service nodes mounted under the common service can provide the common service in a distributed manner. The service node mounted by the public service can provide public service for different service request terminals. In this embodiment, the list of service nodes of the common service mount may be obtained by querying the database.
The execution subject may configure a routing policy from a virtual network card corresponding to the public service created in the virtual private cloud to a service node of the public service. Here, the routing policy is a mechanism for routing and forwarding data through the network node, and may be composed of a series of data forwarding rules. The configuration of the routing policy may specifically include configuration of parameters such as a source address, a destination network segment, a next hop location, a protocol type, and a mask.
In this embodiment, the IP address of the virtual network card obtained in step 201 may be used as a source address, the IP address of the service node list mounted in the public service may be used as a destination address, and a routing policy that the source address is forwarded to the destination address by a route may be configured. Specifically, the routing policy configuration information between the virtual network card and the service node of the public service, which is submitted by the user, may be obtained to configure the routing policy. For example, a routing policy configuration interface may be provided, and a user of the virtual private cloud specifies, through the routing policy configuration interface, a routing policy for configuring the created virtual network card to a service node of the corresponding public service according to parameters such as a node to be routed and forwarded, a protocol type, and the like. The routing policy may also be automatically configured based on the source and destination addresses.
Step 203, creating a mapping relation between the IP address of the virtual network card and the service node list of the public service mount, so as to provide the public service for the user of the virtual private cloud service based on the routing policy and the mapping relation.
In this embodiment, the IP address of the virtual network card (that is, the intranet virtual IP address of the public service) may be corresponding to the service node list mounted by the public service, specifically, a mapping relationship between the intranet virtual IP address of the public service and one or more service nodes in the service node list mounted by the public service may be generated, and the mapping relationship and the routing policy configured in step 202 may be stored in the gateway device of the virtual private cloud. Therefore, when a user in the virtual private cloud sends a request for accessing the public service, the target service node corresponding to the IP address of the virtual network card in the public cloud can be found by accessing the IP address of the virtual network card corresponding to the public service, and the request of the user is routed to the corresponding target service node according to the routing strategy.
In this embodiment, a mapping relationship between the IP address of the virtual network card and a service node of a public service may be created for a gateway server of a virtual private cloud, and a configured routing policy may be stored. The gateway server may issue the mapping relationship and the routing policy to the gateway device. When the user in the virtual private cloud accesses the public service, the gateway device may forward the request according to the configured mapping relationship and the routing policy. Thus, the creation of the virtual network card is completed.
In the configuration method of the virtual private cloud service according to the above embodiment of the present application, by responding to a request for creating a corresponding virtual network card for a public service in the virtual private cloud service, acquiring an intranet virtual IP address of the public service as an IP address of the virtual network card, acquiring a service node list mounted on the public service, configuring a routing policy between the virtual network card and a service node of the public service based on the IP address of the virtual network card, creating a mapping relationship between the IP address of the virtual network card and the service node list mounted on the public service, providing the public service to a user of the virtual private cloud service based on the routing policy and the mapping relationship, mapping the public service to the virtual network card in the VPC, associating the service node of the public service with a virtual gateway of the virtual private cloud, providing a service node directly accessing the public service mounted through the virtual network card in the VPC, without the need for public service access via public network segments.
With continued reference to fig. 3, a schematic diagram of an application scenario of the configuration method of the virtual private cloud service shown in fig. 2 is shown. As shown in fig. 3, a user of the virtual private cloud may select to create a service network card at the console to create a virtual network card for the public service within the virtual private cloud. The IP address of the virtual network card may be automatically allocated or may be designated by the user. The mount service may be a public service that the user desires to access within the virtual private cloud, such as a BOS (boudouard Object Storage) service in beijing, region, with a domain name of: and bj, bce, bos, com, where the domain name is a domain name corresponding to the IP address of the virtual network card, and the IP address connected to the virtual network card can be resolved through DNS.
When the virtual network card is created, the virtual machine in the virtual private cloud may obtain the IP address of the virtual network card and the domain name of the corresponding public service, which are configured by the user through the interface of the scenario shown in fig. 3, obtain the service node list of the public service selected by the user from the database, configure the routing policy, and create the mapping relationship between the IP address of the virtual network card and the service node list of the public service.
Referring to fig. 4, shown is a flow diagram of another embodiment of a method for configuring a virtual private cloud service in accordance with the present application. As shown in fig. 4, a flow 400 of the configuration method of the virtual private cloud service according to this embodiment may include the following steps:
step 401, in response to receiving a request for creating a corresponding virtual network card for a public service in a virtual private cloud service, acquiring an intranet virtual IP address of the public service as an IP address of the virtual network card.
In this embodiment, the execution main body of the configuration method of the virtual private cloud service may receive a request for creating a corresponding virtual network card for the public service in the virtual private cloud service, and acquire an intranet virtual IP address allocated to the public service as an IP address of the virtual network card. A domain name configured for the public service may also be obtained.
Step 402, obtaining a service node list of public service mount, and configuring a routing policy between the virtual network card and a service node of the public service based on the IP address of the virtual network card.
When a public service is built, a host which provides storage resources and computing resources for the public service is used as a service node to be mounted under the public service, and a list of the service nodes mounted by the public service can be obtained by inquiring a database.
The execution subject may configure a routing policy from a virtual network card corresponding to the public service created in the virtual private cloud to a service node of the public service. Specifically, the IP address of the virtual network card obtained in step 401 may be used as a source address, the IP address of the service node list mounted in the public service may be used as a destination address, and a routing policy that the source address is forwarded to the destination address by a route is configured.
And step 403, creating a mapping relation between the IP address of the virtual network card and the service node list of the public service mount so as to provide the public service for the user of the virtual private cloud service based on the routing policy and the mapping relation.
In this embodiment, the IP address of the virtual network card (that is, the intranet virtual IP address of the public service) may be corresponding to the service node list mounted by the public service, specifically, a mapping relationship between the intranet virtual IP address of the public service and one or more service nodes in the service node list mounted by the public service may be generated, and the mapping relationship and the routing policy configured in step 202 may be stored in the gateway device of the virtual private cloud. In this embodiment, a mapping relationship between the IP address of the virtual network card and a service node of a public service may be created for a gateway server of a virtual private cloud, and a configured routing policy may be stored. The gateway server may issue the mapping relationship and the routing policy to the gateway device. When the user in the virtual private cloud accesses the public service, the gateway device may forward the request according to the configured mapping relationship and the routing policy.
Steps 401, 402, and 403 in this embodiment are respectively the same as steps 201, 202, and 203 in the foregoing embodiment, and specific implementation manners of steps 401, 402, and 403 may refer to specific implementation manners of steps 201, 202, and 203 in the foregoing embodiment, which are not described herein again.
Step 404, in response to receiving a public service access request sent to a virtual network card corresponding to a public service in the virtual private cloud service, finding a service node of the corresponding public service based on an intranet IP address of a request end sending the public service access request and a mapping relation, and accessing the found service node according to a routing policy.
A user within the virtual private cloud may issue a request to access the public service by accessing the domain name of the virtual network card that has been created. When a user in the virtual private cloud sends a request for accessing public service, the intranet IP address of the request end sending the request, that is, the IP address corresponding to the domain name of the virtual network card, can be obtained, then the target service node of the public service corresponding to the IP address of the virtual network card is found in the mapping relation, and the routing forwarding rule from the IP address of the virtual network card to the target service node is found according to the configured routing strategy, so that the request for accessing the public service sent by the user in the virtual private cloud is forwarded to the target service node of the public service.
The target service node may return a data packet to a host within the virtual private cloud based on the configured routing policy in response to the received request. Thus, through the routing policy configured in step 402 and the mapping relationship created in step 403, access to public services in the virtual private cloud that do not pass through the public network segment is achieved, the cost and jitter generated by public network access are avoided, the access cost is reduced, and the stability is improved.
In some optional implementation manners of the embodiments described above with reference to fig. 2 and fig. 4, the acquiring an intranet virtual IP address of a public service includes: and acquiring intranet virtual IP addresses corresponding to different users of the public service. When a public service is created, a set of virtual IP addresses may be assigned, each intranet IP address corresponding to a virtual private cloud user, and then different users may have different intranet virtual IP addresses.
The obtaining of the service node list of the public service mount includes: and acquiring a list of service nodes mounted by the public service and respectively providing services for different users. The service nodes in the service node list of public service mount may be corresponding to different vpn cloud users, for example, the service nodes S1 through Sn are nodes for providing services to the vpn cloud user a, and the service nodes Sn +1 through Sm are nodes for providing services to the vpn cloud user B. A node list of the public service corresponding to each user may be obtained.
In this case, the step of creating a mapping relationship between the IP address of the virtual network card and the service node list of the public service mount may include: and establishing a corresponding relation between the IP address of the virtual network card corresponding to the same user and the service node mounted by the public service. That is, the IP of the virtual network card corresponding to a user corresponds to the service node mounted by the public service corresponding to the user. Therefore, when the user of the virtual private cloud accesses the public service, the corresponding service node of the public service can be found in the mapping relation according to the identity of the user, that is, a list of service nodes providing the requested public service for the user of the virtual private cloud is found.
By creating a mapping relation between the virtual network interface card IP and the service node mounted by the corresponding public service for different users, the reasonable configuration of accessing the public service by the virtual private cloud based on the user identity is realized.
In some optional implementation manners of the embodiments described above in conjunction with fig. 2 and fig. 4, the configuring, based on the IP address of the virtual network card, a routing policy between the virtual network card and a service node of the public service includes: and creating a load balancing port of the public service in the virtual private cloud service, taking the IP address of the virtual network card as a source address, and configuring a routing strategy for distributing an access request to the service node of the public service by the virtual network card through the load balancing port.
Specifically, when a routing policy between the virtual network card and the service node of the public service is created, a balancing port corresponding to the load virtual network card may be created at a host of the virtual private cloud or the public cloud, the load balancing port may be used to distribute a request for accessing the public service through the virtual network card, and the load balancing policy of the load balancing port may be configured when the routing policy is configured. Specifically, a routing forwarding rule that an IP address of the virtual network card passes through one or more network node channel load balancing ports and then passes through one or more network node channel public service nodes can be configured.
Through the configured load balancing port, the load balancing of the flow accessing the public service through the virtual network card can be realized, the reasonable scheduling of the virtual private cloud and the public cloud service resources is favorably ensured, and the stability of the cloud service is ensured.
In some optional implementations of the embodiments described above in connection with fig. 2 and 4, the flow of the configuration method of the virtual private cloud service may further include: synchronizing the mapping relationship to a database of the virtual private cloud to obtain the mapping relationship from the database of the virtual private cloud through a gateway server within the virtual private cloud service upon receiving a public service access request within the virtual private cloud service.
Specifically, the mapping relationship between the virtual network card of the virtual private cloud and the service node list of the public service can be synchronized to the database for storage and backup. The mapping relationship may be created by a gateway server of the virtual private cloud, and the gateway server may backup the mapping relationship to the database. Upon receiving a public service access request within a virtual private cloud service, the gateway server may read a mapping relationship of the virtual private cloud and the requested public service from a database of the virtual private cloud. And the gateway server forwards the request data according to the mapping relation and the configured routing strategy. By synchronizing the mapping relation to the database, the running stability of the virtual network card can be ensured.
With further reference to fig. 5, as an implementation of the method shown in the above-mentioned figures, the present application provides an embodiment of a configuration apparatus of a virtual private cloud service, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2 and fig. 4, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 5, the configuration apparatus 500 of the virtual private cloud service of the present embodiment includes: a first acquisition unit 501, a second acquisition unit 502, and a creation unit 503. The first obtaining unit 501 is configured to, in response to receiving a request for creating a corresponding virtual network card for a public service in a virtual private cloud service, obtain an intranet virtual IP address of the public service as an IP address of the virtual network card; the second obtaining unit 502 is configured to obtain a service node list of public service mount, and configure a routing policy between the virtual network card and a service node of the public service based on an IP address of the virtual network card; the creating unit 503 is configured to create a mapping relationship between the IP address of the virtual network card and the service node list of the public service mount to provide the public service to the user of the virtual private cloud service based on the routing policy and the mapping relationship.
In some embodiments, the first obtaining unit 501 is further configured to: acquiring intranet virtual IP addresses corresponding to different users of the public service; the second obtaining unit 502 is further configured to: acquiring a list of service nodes mounted by a public service and respectively providing services for different users; and the creating unit 503 is further configured to: and establishing a corresponding relation between the IP address of the virtual network card corresponding to the same user and the service node mounted by the public service.
In some embodiments, the apparatus 500 may further include: and the access unit is configured to respond to a received public service access request sent to a virtual network card corresponding to the public service in the virtual private cloud service, find out a service node of the corresponding public service based on the intranet IP address of a request terminal sending the public service access request and the mapping relation, and access the found service node according to a routing strategy.
In some embodiments, the second obtaining unit 502 may be further configured to: and creating a load balancing port of the public service in the virtual private cloud service, taking the IP address of the virtual network card as a source address, and configuring a routing strategy for distributing an access request to the service node of the public service by the virtual network card through the load balancing port.
In some embodiments, the apparatus 500 may further include: a synchronization unit configured to synchronize the mapping relationship to a database of the virtual private cloud to obtain the mapping relationship from the database of the virtual private cloud through a gateway device within the virtual private cloud service upon receiving a public service access request within the virtual private cloud service.
It should be understood that the elements recited in apparatus 500 correspond to various steps in the methods described with reference to fig. 2 and 4. Thus, the operations and features described above for the method are equally applicable to the apparatus 500 and the units included therein, and are not described in detail here.
The configuration apparatus of the virtual private cloud service according to the above embodiment of the present application, by responding to a request for creating a corresponding virtual network card for a public service in the virtual private cloud service, acquiring an intranet virtual IP address of the public service as an IP address of the virtual network card, acquiring a service node list of public service mount, configuring a routing policy between the virtual network card and a service node of the public service based on the IP address of the virtual network card, creating a mapping relationship between the IP address of the virtual network card and the service node list of the public service mount, providing the public service to a user of the virtual private cloud service based on the routing policy and the mapping relationship, implementing mapping the public service to the virtual network card in the VPC, associating the service node of the public service with a virtual gateway of the virtual private cloud, providing a service node directly accessing the public service mount through the virtual network card in the VPC, without the need for public service access via public network segments.
Referring now to fig. 6, shown is a schematic diagram of an electronic device (e.g., a cloud host in the virtual private cloud service of fig. 1) 600 suitable for use in implementing embodiments of the present disclosure. The server shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 6, electronic device 600 may include a processing means (e.g., central processing unit, graphics processor, etc.) 601 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage means 608 into a Random Access Memory (RAM) 603. In the RAM603, various programs and data necessary for the operation of the electronic apparatus 600 are also stored. The processing device 601, the ROM 602, and the RAM603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; a storage device 608 including, for example, a hard disk; and a communication device 609. The communication means 609 may allow the electronic device 600 to communicate with other devices wirelessly or by wire to exchange data. While fig. 6 illustrates an electronic device 600 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided. Each block shown in fig. 6 may represent one device or may represent multiple devices as desired.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 609, or may be installed from the storage means 608, or may be installed from the ROM 602. The computer program, when executed by the processing device 601, performs the above-described functions defined in the methods of embodiments of the present disclosure. It should be noted that the computer readable medium described in the embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In embodiments of the disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In embodiments of the present disclosure, however, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: responding to a received request for creating a corresponding virtual network card for public service in the virtual private cloud service, and acquiring an intranet virtual IP address of the public service as an IP address of the virtual network card; acquiring a service node list of public service mounting, and configuring a routing strategy between a virtual network card and a service node of the public service based on an IP address of the virtual network card; and creating a mapping relation between the IP address of the virtual network card and the service node list of the public service mount so as to provide the public service for the user of the virtual private cloud service based on the routing strategy and the mapping relation.
Computer program code for carrying out operations for embodiments of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software or hardware. The described units may also be provided in a processor, and may be described as: a processor includes a first acquisition unit, a second acquisition unit, and a creation unit. The names of these units do not constitute a limitation on the units themselves in some cases, for example, the first obtaining unit may also be described as a "unit that obtains an intranet virtual IP address of a public service as an IP address of a virtual network card in response to receiving a request to create a corresponding virtual network card for the public service in the virtual private cloud service".
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.

Claims (12)

1. A configuration method of a virtual private cloud service includes:
responding to a received request for creating a corresponding virtual network card for public service in a virtual private cloud service, and acquiring an intranet virtual IP address of the public service as an IP address of the virtual network card;
acquiring a service node list of the public service mount, and configuring a routing strategy between the virtual network card and a service node of the public service based on the IP address of the virtual network card;
and creating a mapping relation between the IP address of the virtual network card and the service node list of the public service mount so as to provide public service for the user of the virtual private cloud service based on the routing strategy and the mapping relation.
2. The method of claim 1, wherein the obtaining an intranet virtual IP address of the public service comprises:
acquiring intranet virtual IP addresses of the public service, which correspond to different users;
the obtaining of the service node list of the public service mount includes:
acquiring a list of service nodes mounted by the public service and respectively providing services for different users; and
the creating of the mapping relationship between the IP address of the virtual network card and the public service mounted service node list includes:
and establishing a corresponding relation between the IP address of the virtual network card corresponding to the same user and the service node mounted by the public service.
3. The method of claim 1, wherein the method further comprises:
in response to receiving a public service access request sent to a virtual network card corresponding to public service in the virtual private cloud service, searching a service node of the corresponding public service based on an intranet IP address of a request end sending the public service access request and the mapping relation, and accessing the searched service node according to the routing strategy.
4. The method of claim 1, wherein the configuring routing policies between the virtual network card and service nodes of the public service based on the IP address of the virtual network card comprises:
and creating a load balancing port of the public service in the virtual private cloud service, taking the IP address of the virtual network card as a source address, and configuring a routing strategy for distributing an access request to a service node of the public service by the virtual network card through the load balancing port.
5. The method of any of claims 1-4, wherein the method further comprises:
synchronizing the mapping relationship to a database of the virtual private cloud so as to obtain the mapping relationship from the database of the virtual private cloud through a gateway device in the virtual private cloud service when a public service access request in the virtual private cloud service is received.
6. A configuration apparatus of a virtual private cloud service, comprising:
a first obtaining unit configured to obtain an intranet virtual IP address of a public service as an IP address of a virtual network card in response to receiving a request for creating a corresponding virtual network card for the public service in a virtual private cloud service;
a second obtaining unit, configured to obtain a service node list of the public service mount, and configure a routing policy between the virtual network card and a service node of the public service based on an IP address of the virtual network card;
a creating unit configured to create a mapping relationship between the IP address of the virtual network card and the service node list of the public service mount, so as to provide a public service to a user of the virtual private cloud service based on the routing policy and the mapping relationship.
7. The apparatus of claim 6, wherein the first obtaining unit is further configured to: acquiring intranet virtual IP addresses of the public service, which correspond to different users;
the second acquisition unit is further configured to: acquiring a list of service nodes mounted by the public service and respectively providing services for different users; and
the creating unit is further configured to: and establishing a corresponding relation between the IP address of the virtual network card corresponding to the same user and the service node mounted by the public service.
8. The apparatus of claim 6, wherein the apparatus further comprises:
and the access unit is configured to respond to a received public service access request sent to a virtual network card corresponding to a public service in the virtual private cloud service, find a service node of the corresponding public service based on the intranet IP address of a request terminal sending the public service access request and the mapping relation, and access the found service node according to the routing strategy.
9. The apparatus of claim 6, wherein the second obtaining unit is further configured to:
and creating a load balancing port of the public service in the virtual private cloud service, taking the IP address of the virtual network card as a source address, and configuring a routing strategy for distributing an access request to a service node of the public service by the virtual network card through the load balancing port.
10. The apparatus of any of claims 6-9, wherein the apparatus further comprises:
a synchronization unit configured to synchronize the mapping relationship to a database of the virtual private cloud to obtain the mapping relationship from the database of the virtual private cloud through a gateway device within the virtual private cloud service when a public service access request within the virtual private cloud service is received.
11. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-5.
12. A computer-readable medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the method of any one of claims 1-5.
CN201910108408.3A 2019-01-18 2019-01-18 Configuration method and device of virtual private cloud service Active CN109889621B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910108408.3A CN109889621B (en) 2019-01-18 2019-01-18 Configuration method and device of virtual private cloud service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910108408.3A CN109889621B (en) 2019-01-18 2019-01-18 Configuration method and device of virtual private cloud service

Publications (2)

Publication Number Publication Date
CN109889621A CN109889621A (en) 2019-06-14
CN109889621B true CN109889621B (en) 2021-07-16

Family

ID=66927775

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910108408.3A Active CN109889621B (en) 2019-01-18 2019-01-18 Configuration method and device of virtual private cloud service

Country Status (1)

Country Link
CN (1) CN109889621B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110636115B (en) * 2019-08-29 2022-07-29 深圳平安医疗健康科技服务有限公司 Cross-cloud service calling processing method, gateway server and requester server
CN112583945B (en) * 2019-09-30 2023-04-07 北京国双科技有限公司 Multi-network access method and device
CN110704167B (en) * 2019-10-09 2023-09-19 腾讯科技(深圳)有限公司 Method, device, equipment and storage medium for creating virtual machine
CN112929322B (en) * 2019-12-06 2023-04-18 北京百度网讯科技有限公司 Method, device and system for issuing and accessing service on cloud
CN112953884B (en) * 2019-12-10 2023-03-24 阿里巴巴集团控股有限公司 Method and device for establishing access channel
CN111314461B (en) * 2020-02-14 2022-05-17 北京百度网讯科技有限公司 IP mounting and data processing method and device
CN111371685B (en) * 2020-02-28 2022-06-17 北京百度网讯科技有限公司 Data processing and IPv6 mounting method and device
CN111800340B (en) * 2020-06-05 2022-08-12 北京京东尚科信息技术有限公司 Data packet forwarding method and device
CN111935267B (en) * 2020-08-03 2023-04-07 深圳市今天国际物流技术股份有限公司 Industrial 5G rapid networking method and system
CN113301005B (en) * 2020-09-29 2022-08-16 阿里云计算有限公司 Data acquisition method and device
CN112565357B (en) * 2020-11-25 2023-03-24 中国银联股份有限公司 Method, device and storage medium for connecting service virtual machine and object storage system
CN113300985B (en) * 2021-03-30 2023-04-07 阿里巴巴(中国)有限公司 Data processing method, device, equipment and storage medium
CN113746676B (en) * 2021-09-01 2023-09-01 京东科技信息技术有限公司 Network card management method, device, equipment, medium and product based on container cluster
CN114095556B (en) * 2022-01-20 2022-04-22 武汉锂钠氪锶科技有限公司 Home private cloud construction method and private cloud system
CN114760246B (en) * 2022-03-29 2024-05-03 浪潮云信息技术股份公司 Service drainage method, device and medium
CN115834168A (en) * 2022-11-14 2023-03-21 浪潮云信息技术股份公司 Method and system for realizing public service network based on private network connection

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102845123A (en) * 2011-04-19 2012-12-26 华为技术有限公司 Virtual private cloud connection method and tunnel proxy server
EP2704372A1 (en) * 2011-07-12 2014-03-05 Huawei Technologies Co., Ltd Method for virtual private cloud to access network, network side device and data centre device
CN103634314A (en) * 2013-11-28 2014-03-12 杭州华三通信技术有限公司 Service access control method and device based on VSR (virtual service router)
CN106559511A (en) * 2016-10-18 2017-04-05 上海优刻得信息科技有限公司 Cloud system, high in the clouds public service system and the exchanging visit method for cloud system
CN107959654A (en) * 2016-10-14 2018-04-24 北京金山云网络技术有限公司 A kind of data transmission method, device and mixing cloud system
CN108259642A (en) * 2018-01-02 2018-07-06 上海陆家嘴国际金融资产交易市场股份有限公司 Public service virtual machine access method and device based on private clound
CN108833251A (en) * 2018-08-01 2018-11-16 北京百度网讯科技有限公司 Method and apparatus for controlling the network interconnection

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102845123A (en) * 2011-04-19 2012-12-26 华为技术有限公司 Virtual private cloud connection method and tunnel proxy server
EP2704372A1 (en) * 2011-07-12 2014-03-05 Huawei Technologies Co., Ltd Method for virtual private cloud to access network, network side device and data centre device
CN103634314A (en) * 2013-11-28 2014-03-12 杭州华三通信技术有限公司 Service access control method and device based on VSR (virtual service router)
CN107959654A (en) * 2016-10-14 2018-04-24 北京金山云网络技术有限公司 A kind of data transmission method, device and mixing cloud system
CN106559511A (en) * 2016-10-18 2017-04-05 上海优刻得信息科技有限公司 Cloud system, high in the clouds public service system and the exchanging visit method for cloud system
CN108259642A (en) * 2018-01-02 2018-07-06 上海陆家嘴国际金融资产交易市场股份有限公司 Public service virtual machine access method and device based on private clound
CN108833251A (en) * 2018-08-01 2018-11-16 北京百度网讯科技有限公司 Method and apparatus for controlling the network interconnection

Also Published As

Publication number Publication date
CN109889621A (en) 2019-06-14

Similar Documents

Publication Publication Date Title
CN109889621B (en) Configuration method and device of virtual private cloud service
US10469314B2 (en) API gateway for network policy and configuration management with public cloud
US10666609B2 (en) Management of domain name systems in a large-scale processing environment
CN109561171B (en) Configuration method and device of virtual private cloud service
US10623505B2 (en) Integrating service appliances without source network address translation in networks with logical overlays
US10476942B2 (en) DNS resolution of overlapping domains in a multi-tenant computing environment
CN110881007B (en) Container cluster network access method and device
JP2019528005A (en) Method, apparatus, and system for a virtual machine to access a physical server in a cloud computing system
US10541924B2 (en) Load balancing in data hosting systems
US10333901B1 (en) Policy based data aggregation
US11177974B2 (en) Consistent provision of member node group information on virtual overlay network
US10608942B1 (en) Reducing routes based on network traffic utilization
CN110996372B (en) Message routing method, device and system and electronic equipment
CN111371685B (en) Data processing and IPv6 mounting method and device
US20240097973A1 (en) Secure bi-directional network connectivity system between private networks
CN111314461B (en) IP mounting and data processing method and device
CN110636149B (en) Remote access method, device, router and storage medium
US11032389B1 (en) Applying application-based policy rules using a programmable application cache
CN107124411B (en) Virtual private cloud implementation method, device and system under classic network environment
CN112565158B (en) Data access method, device, system, electronic equipment and computer readable medium
US11736558B2 (en) Transparent mounting of external endpoints between private networks
US20240095055A1 (en) Endpoints for virtual private label clouds
CN116886701A (en) Container service access method, device, equipment and storage medium
CN112882820A (en) Method and device for configuring resources
CN115914389A (en) Cloud service control system, method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20190614

Assignee: Beijing Intellectual Property Management Co.,Ltd.

Assignor: BEIJING BAIDU NETCOM SCIENCE AND TECHNOLOGY Co.,Ltd.

Contract record no.: X2023110000099

Denomination of invention: Configuration methods and devices for virtual private cloud services

Granted publication date: 20210716

License type: Common License

Record date: 20230822

EE01 Entry into force of recordation of patent licensing contract