CN110572439B - Cloud monitoring method based on metadata service and virtual forwarding network bridge - Google Patents

Cloud monitoring method based on metadata service and virtual forwarding network bridge Download PDF

Info

Publication number
CN110572439B
CN110572439B CN201910750063.1A CN201910750063A CN110572439B CN 110572439 B CN110572439 B CN 110572439B CN 201910750063 A CN201910750063 A CN 201910750063A CN 110572439 B CN110572439 B CN 110572439B
Authority
CN
China
Prior art keywords
monitoring
virtual
network
service
virtual machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910750063.1A
Other languages
Chinese (zh)
Other versions
CN110572439A (en
Inventor
何重阳
张金凤
朱仲马
刘晓浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Diankeyun Beijing Technology Co ltd
Original Assignee
China Electric Rice Information System Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Electric Rice Information System Co ltd filed Critical China Electric Rice Information System Co ltd
Priority to CN201910750063.1A priority Critical patent/CN110572439B/en
Publication of CN110572439A publication Critical patent/CN110572439A/en
Application granted granted Critical
Publication of CN110572439B publication Critical patent/CN110572439B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • H04L12/4625Single bridge functionality, e.g. connection of two networks over a single bridge
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a cloud monitoring method based on metadata service and a virtual forwarding bridge, which mainly aims at the problem of monitoring a virtual machine in a management network and a service network isolation scene under a cloud environment. The single-pass monitoring method can realize the monitoring of the private network virtual machine on the cloud on the premise of not changing the main body architecture of the OpenStack cloud platform, and has the advantages of less dependence on prior information, compatibility with different private network virtual machines with the same IP and the like.

Description

Cloud monitoring method based on metadata service and virtual forwarding network bridge
Technical Field
The invention relates to a cloud monitoring method based on metadata service and a virtual forwarding network bridge.
Background
The cloud computing technology changes the operation mode of the enterprise IT service, and a plurality of organizations have urgent experience, and no matter which cloud solution is used, an arrangement engine needs to be introduced into an infrastructure so as to better embrace elasticity and expansibility and obtain excellent user experience. The current popular orchestration solution in the private cloud domain of OpenStack has brought thousands of enterprises into the next data center era. Due to the support of most IT great heads and the concerted efforts of large developer communities all over the world, the use of OpenStack is becoming more widespread, and each newer version of OpenStack brings many outstanding new functions. For many enterprises, embrace OpenStack is undoubtedly the best choice, because OpenStack not only can better carry traffic load, but also brings flexible infrastructure for enterprises. However, in the monitoring aspect of cloud infrastructure, the OpenStack community has not yet formed a mature monitoring scheme, so that other third-party monitoring solutions are generally adopted in the industry.
The Zabbix monitoring solution is widely used because of its high maturity and scalability. The Zabbix system is an enterprise-level open-source distributed monitoring solution. The web component not only facilitates daily management and maintenance, but also can output nearly perfect data diagram, topological diagram and various reports, and the special network automatic discovery and low-level automatic discovery functions of the web component not only greatly improve the working efficiency, but also reduce the possibility of human errors. The Zabbix is written by C/C + + language except the web front-end component, so that the Zabbix system has very high operation efficiency, and the distributed architecture design not only can make the Zabbix system very huge network monitoring, but also can easily realize a cross-region and cross-platform distributed monitoring solution. The centralized storage of the Zabbix system data not only facilitates daily configuration and management, but also enables further monitoring and analysis of the monitoring data. Therefore, many of the existing cloud manufacturers use the Zabbix-based open-source cloud monitoring scheme.
However, the existing cloud monitoring scheme based on Zabbix has certain problems, wherein the most important and most core problem is that the existing cloud monitoring scheme requires the network of the virtual machine and the network of the Zabbix server to be intercommunicated, and user names and passwords of all the virtual machines need to be provided, which cannot be used in some scenes with higher security requirements.
Disclosure of Invention
Aiming at the problems in the prior art, in order to solve the monitoring problem of the virtual machine in the network isolation scene and simultaneously reduce the influence on the original flow of the OpenStack as much as possible, the invention skillfully utilizes the OpenStack metadata service, simultaneously designs a virtual forwarding bridge, configures a DHCP namespace forwarding rule and a reverse proxy based on a Zabbix monitoring scheme, and introduces the monitoring flow into the back-end monitoring service from the inside of the virtual machine, thereby realizing the monitoring of the cloud virtual machine in the network isolation scene.
The technical problem to be solved by the invention is to provide a design method for monitoring the virtual machine under the condition of meeting the isolation between the private network of the virtual machine and the Zabbix server network, and the user name password of the virtual machine does not need to be provided and the original cloud architecture does not need to be changed.
The technical solution for realizing the purpose of the invention is as follows: a cloud monitoring design method based on OpenStack metadata service and a virtual forwarding bridge comprises the following steps:
step 1: an OpenStack cloud environment is constructed, a cloud server is selected, a physical network is configured, and a control node and a computing node are respectively deployed;
step 2: creating a virtual forwarding network bridge for forwarding the monitoring flow at the control node, and configuring related information of the virtual forwarding network bridge;
and step 3: creating a virtual network and customizing a DHCP (Dynamic host configuration Protocol, English) virtual name space;
and 4, step 4: constructing a monitoring service for receiving virtual machine monitoring flow data;
and 5: setting a reverse proxy for introducing monitoring traffic from the virtual monitoring bridge to the monitoring service;
step 6: and configuring a virtual machine monitoring agent for acquiring the internal monitoring data of the virtual machine and sending the internal monitoring data to the monitoring service.
The step 1 comprises the following steps:
step 1-1, the cloud server performs initialization configuration of a management network and a service network: in the invention, each cloud server is provided with two network cards, one network card is used for managing the network, the other network card is used for a service network, the management network is a network plane for information interaction between a control node service and a computing node service, a cloud administrator accesses and controls a cloud platform through the management network, the service network is a network for communication of virtual machines on the cloud, network communication support is provided for service users, the cloud server control node is set to be positioned in a local area network during network configuration management, the computing node and the control node can be positioned in the local area network or can be configured with a cross-network segment, and during service network configuration, the cloud server is configured with a trunk (relay) corresponding to a switch port connected with the service network card, so that service network segments can be communicated through a physical switch;
step 1-2, deploying authentication, mirroring, computing, network and storage services at a control node, wherein the step is consistent with the existing open source OpenStack deployment step;
step 1-3, deploying computing service and network agent service on a computing node, wherein the step is consistent with the existing open source OpenStack deploying step;
and 1-4, after the service deployment of the control node and the computing node is finished, uploading the cloud virtual machine mirror image of the built-in Zabbix monitoring agent.
The step 2 comprises the following steps:
step 2-1, a virtual forwarding network bridge is established at a control node;
and 2-2, setting the IP address of the virtual forwarding network bridge as Zabbix _ br _ IP, wherein the configuration method is consistent with the IP configuration method of the common network card.
The step 3 comprises the following steps:
step 3-1, establishing a vxlan isolation network (VX L AN, Virtual Extensible L AN, which is a network virtualization technology) based on the OpenStack cloud environment;
as a further improvement, after step 3-1, the customized DHCP namespace is created by customization, introducing virtual machine monitoring traffic from inside the virtual machine to the virtual forwarding bridge, further comprising:
step 3-2, a pair of virtual equipment interfaces, namely, veth _ pair is created, and according to a DHCP namespace UUID (UUID is an abbreviation of universal Unique Identifier, Unique Identifier) of the vxlan isolation network, a mapping IP of the veth _ pair is calculated to be veth _ IP;
step 3-3, writing mapping information of the UUID and the IP address into a configuration file for recording a mapping relation;
step 3-4, adding one end of a virtual equipment interface veth pair into a vxlan DHCP name space, adding the other end of the virtual equipment interface veth pair into a Zabbix _ br virtual monitoring bridge, and configuring a veth virtual port IP address in the DHCP name space as veth _ IP;
and 3-5, establishing a DHCP name space flow forwarding rule based on the source address translation SNAT and the destination address translation DNAT.
As a further improvement, in step 3-5, the forwarding rule is used for forwarding the virtual machine monitoring traffic from the virtual machine network to the virtual machine monitoring forwarding bridge, and includes the following rules:
rule 1: intercepting monitoring traffic sent to a destination address 169.254.169.254 and a destination port of 10051 in the virtual machine, and modifying the destination address of a transmission message to be an address Zabbix _ br _ ip of a monitoring bridge, so as to introduce the traffic into a monitoring network;
rule 2: further changing the source address of the monitoring message sent to Zabbix _ br _ ip by the destination into veth _ ip, thereby ensuring that the return message flowing into the monitoring service through the rule 1 can return to the virtual machine monitoring agent in the original way to form a communication closed loop;
wherein Zabbix _ br _ IP is the IP address of the virtual monitoring bridge set in the step 2, and veth _ IP is the veth virtual port IP address set in the step 3.
The step 4 comprises the following steps:
step 4-1, selecting a server and installing monitoring service;
step 4-2, entering the built zabbix monitoring service management interface to create a virtual operating system monitoring template;
and 4-3, editing the monitoring template, configuring a virtual machine monitoring item, and checking main options including a CPU, a memory, a disk, a network and the like.
As a further improvement, in step 5, the TCP reverse proxy receives the virtual machine monitoring traffic of the virtual forwarding bridge and forwards the virtual machine monitoring traffic to the monitoring service, and specifically includes setting a reverse proxy monitoring port in a TCP mode, setting a backend service IP as an IP address according to the monitoring service, and setting a monitoring port as a port of the monitoring service.
The step 6 comprises the following steps:
step 6-1, creating a virtual machine based on a Zabbix agent cloud virtual machine image, and selecting a vxlan isolation network to enable the virtual machine to be isolated from a cloud server network and a Zabbix monitoring server network;
as a further improvement, the virtual machine monitoring agent obtains the virtual machine monitoring information and actively pushes the virtual machine monitoring information to the DHCP name space to which the virtual machine network belongs, and further includes:
step 6-2, configuring a monitoring agent configuration file, and setting a monitoring server IP address Serveractive configuration item in an active mode as an 169.254.169.254 address;
step 6-3, setting a specified reading frequency of a periodic RefreshActiveChecks configuration item of a monitored end to a server for acquiring a monitoring item, wherein the specified reading frequency can be generally set to 120 s;
and 6-4, starting the monitoring agent service.
Step 2 of the invention is mainly used for virtualizing a linux bridge in an operating system of a control node and setting an IP address L INUX bridge is used for realizing link layer relay and forwarding a frame, partitioning blocks according to MAC and isolating collision, is a device used as TCP/IP two-layer protocol exchange on L INUX and has similar function with a switch in the real world.
Step 3 is the key of the method of the present invention, because the monitoring information of the virtual machine must be circulated through the virtual network, it is difficult to solve the problem of the conversion of the monitoring flow from the virtual network to the monitoring network. Each virtual network can create a corresponding virtual DHCP name space, and the network flow of the virtual machine can reach the DHCP name space, so that the problem is how to transfer the virtual machine flow from the DHCP name space to the forwarding bridge created in the host operating system in the step two. However, considering that many virtual networks are created inside the cloud, how to manage the switching relationship between the networks and the forwarding bridge is critical, the scheme proposes to realize the allocation of UUIDs to IPs through the UUIDs of the DHCP name spaces of the virtual networks by mapping rules, and write the allocation information into files to prevent the collision of the allocation information.
In step 4 of the invention, the installation and deployment of the monitoring service of Zabbix are mainly divided into the installation of a server component and a proxy component, and the Zabbix background service can be created based on a cloud server virtual machine.
Step 5 of the present invention is the second key to realize traffic switching, which is to realize that the virtual machine intranet monitoring traffic is switched from the control node to the key node of the Zabbix monitoring background, and monitor the monitoring information flowing into the Zabbix _ br forwarding bridge in step 2 by realizing TCP three-layer reverse proxy, and forward the monitoring information to the Zabbix monitoring background.
In step 6 of the invention, a cloud virtual machine needs to deploy a Zabbix Agent client Agent for realizing monitoring, and the key of the step is that the first active working mode of the Agent is used, and the internal monitoring Agent of the virtual machine obtains the address of a monitoring background server to be connected through a configuration file, but the traditional method needs additional host modification due to the change of the IP of the monitoring background server and needs prior information such as a host user name, a password and the like. The invention has the advantages that the special IP address 169.254.169.254 of the OpenStack metadata service is utilized, the background server address of the monitoring agent is changed into the special IP address, the special IP address is positioned in the DHCP name space, and the monitoring flow is transferred to the monitoring background through the step 2 and the step 3, so that the configuration built in the monitoring agent does not need to be changed, and the monitoring agent can be configured in advance to form a cloud base mirror image, thereby being once and for all.
Compared with the prior art, the invention has the following remarkable advantages:
(1) the problem of network isolation of a virtual network and a monitoring background is broken through, and monitoring of a virtual machine under a network isolation scene can be realized;
(2) the problem that monitoring services cannot be distinguished due to the fact that the internal virtual IPs of different private networks are the same is solved, and monitoring can be conducted even if the internal virtual IPs of the different private networks are the same through reasonably managing the connection relation between the DHCP name space and the Zabbix _ br bridge;
(3) the original cloud architecture is not influenced, and flow forwarding is realized through a plug-in transfer bridge based on an OpenStack metadata service mechanism;
(4) the prior information is less dependent, the user name and the password of the virtual machine do not need to be known, and the agent configuration file does not need to be additionally modified.
Drawings
The foregoing and/or other advantages of the invention will become further apparent from the following detailed description of the invention when taken in conjunction with the accompanying drawings.
Fig. 1 is a schematic diagram of the design scheme of the invention.
FIG. 2 is a flow chart of the design steps of the present invention.
Fig. 3 is a diagram illustrating a DHCP virtual name space mapping management in the present invention.
Fig. 4 is a flow chart of monitoring traffic forwarding in the present invention.
FIG. 5 is an example scenario diagram in the present invention.
Detailed Description
With reference to fig. 1 and fig. 2, the cloud monitoring design method based on the OpenStack metadata service and the virtual forwarding bridge of the present invention includes the following steps:
step 1: an OpenStack cloud environment is constructed, a cloud server is selected, a physical network is configured, and a control node and a computing node are respectively deployed;
(1) the cloud server carries out initialization configuration of a management network and a service network;
(2) deploying authentication, mirroring, computing, network and storage services at a control node;
(3) deploying computing service and network Agent service at the computing node;
(4) and after the cloud service deployment is finished, uploading the cloud virtual machine mirror image with the built-in Zabbix Agent.
Step 2: as shown in fig. 3, a forwarding bridge for monitoring traffic is created at a control node, and relevant information is configured;
(1) creating a Zabbix monitoring bridge Zabbix _ br at the control node;
(2) setting an IP address of Zabbix;
and step 3: creating a virtual network and establishing a customized DHCP virtual name space
(1) Establishing a vxlan isolation network based on a cloud management platform;
(2) creating a veth path, calculating a mapping IP of the veth path according to a DHCP namespace UUID of the vxlan network, and configuring an IP address of a veth virtual port;
(3) writing the mapping information of the UUID and the IP into an allocation file;
(4) adding one end of a veth pair into a vxlan DHCP name space, and adding the other end into a Zabbix _ br monitoring bridge;
(5) establishing a DHCP name space flow forwarding rule based on the SNAT and the DNAT;
and 4, step 4: constructing a monitoring service based on Zabbix to ensure that a monitoring environment is communicated with a cloud environment;
(1) selecting a server and installing Zabbix background service;
(2) creating a virtual operating system monitoring template;
(3) setting a monitoring mode as active monitoring;
(4) configuring virtual machine monitoring items including a CPU, a memory, a disk, a network and the like;
and 5: setting a reverse proxy, and introducing monitoring flow from the virtual monitoring bridge to a monitoring background;
deploying a TCP reverse proxy, setting a reverse proxy monitoring port in a mode of TCP, setting a back-end service IP as an IP address according to the Zabbix background service, and setting the monitoring port as a Zabbix background service port;
step 6: and deploying a cloud virtual machine, and configuring a monitoring agent.
(1) Creating a virtual machine based on the Zabbix agent image, and selecting a vxlan network to isolate the virtual machine from a cloud server network and a monitoring server;
(2) entering a virtual machine configuration monitoring agent, and setting a ServerActive configuration item as an 169.254.169.254 address.
(3) Setting a RefreshActiveChecks configuration item to specify a reading frequency;
(4) the monitoring agent service is initiated.
As shown in fig. 4, the flow process of the monitoring information starts from the inside of the virtual machine, the monitoring agent sends 169.254.169.254 a special IP address, so as to enter the DHCP name space of the virtual network where the virtual machine is located, after entering the space, the monitoring information is forwarded through the SNAT and DNAT rules, and enters the Zabbix _ br bridge through the veth virtual network card at one side of the DHCP name space, because the TCP reverse agent monitors the address and the port through the Zabbix _ br bridge, once the monitoring information is received, the monitoring information is sent to the background monitoring service through the reverse agent, so that the task of monitoring information flow is completed at this time.
The present invention is described in further detail below with reference to examples:
example (b):
the invention is described in further detail below in connection with a real cloud environment. The cloud environment mainly comprises three servers and a client, and comprises software including a cloud management platform, a virtualization platform and a monitoring platform. Deployment as in fig. 5, server parameter settings are as in tables 1 and 2 below:
TABLE 1
Figure BDA0002166881800000081
TABLE 2
Figure BDA0002166881800000082
By constructing the real cloud environment and constructing the monitoring platform according to the design scheme of the invention, the internal monitoring agent of the virtual machine can report the monitoring data to the monitoring background under the condition that the virtual machine network and the Zabbix monitoring server network are not communicated. The specific verification method comprises the following steps:
firstly, whether the virtual machine is communicated with a monitoring service network or not is detected in the test virtual machine, a ping method can be adopted for testing, and the detection result indicates that the virtual machine is not communicated with the monitoring service network; secondly, logging in the monitoring service, retrieving the monitoring data of the virtual machine according to the IP of the test virtual machine, wherein the retrieval result is that the monitoring data of the virtual machine can be checked, and updating the monitoring data in real time according to the configured updating rate.
The test conclusion shows that the method can solve the problem of monitoring the virtual machine in a network isolation scene.
The present invention provides a cloud monitoring method based on metadata service and virtual forwarding bridge, and the method and the way for implementing the technical solution are many, and the above description is only a preferred embodiment of the present invention, it should be noted that, for those skilled in the art, without departing from the principle of the present invention, several improvements and embellishments may be made, and these improvements and embellishments should also be regarded as the protection scope of the present invention. All the components not specified in the present embodiment can be realized by the prior art.

Claims (1)

1. A cloud monitoring method based on metadata service and a virtual forwarding bridge is characterized by comprising the following steps:
step 1: an OpenStack cloud environment is constructed, a cloud server is selected, a physical network is configured, and a control node and a computing node are respectively deployed;
step 2: creating a virtual forwarding network bridge for forwarding the monitoring flow at the control node, and configuring related information of the virtual forwarding network bridge;
and step 3: creating a virtual network and customizing a DHCP virtual name space;
and 4, step 4: constructing a monitoring service for receiving virtual machine monitoring flow data;
and 5: setting a reverse proxy for introducing monitoring traffic from the virtual monitoring bridge to the monitoring service;
step 6: configuring a virtual machine monitoring agent for acquiring internal monitoring data of the virtual machine and sending the internal monitoring data to a monitoring service;
the step 1 comprises the following steps:
step 1-1, the cloud server carries out initialization configuration of a management network and a service network;
step 1-2, deploying authentication, mirroring, calculation, network and storage services at a control node;
step 1-3, deploying computing service and network agent service at a computing node;
step 1-4, uploading a cloud virtual machine mirror image of a built-in monitoring agent after the OpenStack cloud environment deployment is completed;
the step 2 comprises the following steps:
step 2-1, a virtual monitoring bridge Zabbix _ br is established at a control node;
step 2-2, setting the IP address of the virtual forwarding bridge as Zabbix _ br _ IP;
the step 3 comprises the following steps:
step 3-1, establishing a vxlan isolation network based on the OpenStack cloud environment;
step 3-2, a pair of virtual equipment interfaces veth _ pair is created, and a mapping IP of the veth _ pair is calculated to be veth _ IP according to a DHCP namespace UUID of the vxlan isolation network;
step 3-3, writing mapping information of the UUID and the IP address into a configuration file for recording a mapping relation;
step 3-4, adding one end of a virtual equipment interface veth pair into a vxlan DHCP name space, adding the other end of the virtual equipment interface veth pair into a Zabbix _ br virtual monitoring bridge, and configuring a veth virtual port IP address in the DHCP name space as veth _ IP;
step 3-5, establishing DHCP name space flow forwarding rules based on the source address translation SNAT and the destination address translation DNAT;
in steps 3-5, the forwarding rule is:
rule 1: intercepting monitoring traffic sent to a destination address 169.254.169.254 and a destination port of 10051 in the virtual machine, and modifying the destination address of a transmission message to be an address Zabbix _ br _ ip of a monitoring bridge, so as to introduce the traffic into a monitoring network;
rule 2: further changing the source address of the monitoring message sent to Zabbix _ br _ ip by the destination into veth _ ip, thereby ensuring that the return message flowing into the monitoring agent through the rule 1 can return to the virtual machine monitoring agent in the original way to form a communication closed loop;
wherein Zabbix _ br _ IP is the IP address of the monitoring bridge set in the step 2, and veth _ IP is the veth virtual port IP address set in the step 3;
the step 4 comprises the following steps:
step 4-1, selecting a server and installing monitoring service;
step 4-2, creating a virtual operating system monitoring template;
step 4-3, configuring virtual machine monitoring items including a CPU, a memory, a disk and a network;
the step 5 comprises the following steps: deploying a TCP reverse proxy, setting a reverse proxy monitoring port in a mode of TCP, setting a back-end service IP as an IP address according to the monitoring service, and setting the monitoring port as a port of the monitoring service;
the step 6 comprises the following steps:
step 6-1, creating a virtual machine based on a Zabbix agent cloud virtual machine image, and selecting a vxlan isolation network to isolate the virtual machine from a network where Zabbix monitoring service is located;
step 6-2, configuring a monitoring agent configuration file, and setting a monitoring server IP address Serveractive configuration item in an active mode as an 169.254.169.254 address;
step 6-3, setting a specified reading frequency of a periodic RefreshActiveChecks configuration item of a monitored item acquired from a monitored end to a server;
and 6-4, starting the monitoring agent service.
CN201910750063.1A 2019-08-14 2019-08-14 Cloud monitoring method based on metadata service and virtual forwarding network bridge Active CN110572439B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910750063.1A CN110572439B (en) 2019-08-14 2019-08-14 Cloud monitoring method based on metadata service and virtual forwarding network bridge

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910750063.1A CN110572439B (en) 2019-08-14 2019-08-14 Cloud monitoring method based on metadata service and virtual forwarding network bridge

Publications (2)

Publication Number Publication Date
CN110572439A CN110572439A (en) 2019-12-13
CN110572439B true CN110572439B (en) 2020-07-10

Family

ID=68775439

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910750063.1A Active CN110572439B (en) 2019-08-14 2019-08-14 Cloud monitoring method based on metadata service and virtual forwarding network bridge

Country Status (1)

Country Link
CN (1) CN110572439B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111917596B (en) * 2020-08-27 2023-07-25 中国平安财产保险股份有限公司 Network access method, device, equipment and storage medium
CN113162944B (en) * 2021-04-29 2022-08-02 杭州安恒信息安全技术有限公司 Network communication method, device and equipment for security operation platform and security component
CN113452830B (en) * 2021-06-15 2022-11-01 华云数据控股集团有限公司 Batch control method of android cloud mobile phone, computer readable medium and electronic device
TWI778771B (en) * 2021-08-30 2022-09-21 新加坡商鴻運科股份有限公司 Monitoring method, monitoring system and monitoring device of virtual machine operation
CN115729668A (en) 2021-08-30 2023-03-03 富联精密电子(天津)有限公司 Virtual machine operation monitoring method, monitoring system and monitoring equipment
CN114416278B (en) * 2021-12-14 2023-01-17 北京勤慕数据科技有限公司 Container network communication monitoring method and system
CN117278436A (en) * 2022-06-14 2023-12-22 中兴通讯股份有限公司 Monitoring method and device of virtual machine and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105049450A (en) * 2015-08-24 2015-11-11 北京汉柏科技有限公司 Cloud security system based on virtual network environment and deployment framework of cloud security system
CN109542630A (en) * 2019-01-29 2019-03-29 中国人民解放军火箭军工程大学 A kind of mobile communication net network function virtual platform based on container cloud

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103024028B (en) * 2012-12-07 2015-05-13 武汉邮电科学研究院 Virtual machine IP (Internet Protocol) address detection system and method in cloud computing
US9426069B2 (en) * 2013-09-27 2016-08-23 Verizon Patent And Licensing Inc. System and method of cross-connection traffic routing
CN105227344B (en) * 2015-08-21 2019-03-22 烽火通信科技股份有限公司 Software defined network simulation system and method based on OpenStack
CN106126318A (en) * 2016-07-05 2016-11-16 云南大学 The dynamic migration method of virtual machine in a kind of Openstack cloud platform
CN106612225B (en) * 2016-12-12 2020-01-14 武汉烽火信息集成技术有限公司 Openstack-based agent deployment system and method
CN107809365B (en) * 2017-09-19 2021-01-05 大唐网络有限公司 Implementation method for providing VPN service based on OpenStack architecture
CN107707393B (en) * 2017-09-26 2021-07-16 赛尔网络有限公司 Multi-active system based on Openstack O version characteristics
CN108632378B (en) * 2018-05-11 2021-04-27 国云科技股份有限公司 Monitoring method for cloud platform service

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105049450A (en) * 2015-08-24 2015-11-11 北京汉柏科技有限公司 Cloud security system based on virtual network environment and deployment framework of cloud security system
CN109542630A (en) * 2019-01-29 2019-03-29 中国人民解放军火箭军工程大学 A kind of mobile communication net network function virtual platform based on container cloud

Also Published As

Publication number Publication date
CN110572439A (en) 2019-12-13

Similar Documents

Publication Publication Date Title
CN110572439B (en) Cloud monitoring method based on metadata service and virtual forwarding network bridge
US9983951B2 (en) Instant data center recovery
CN109542611B (en) Database-as-a-service system, database scheduling method, device and storage medium
US10887276B1 (en) DNS-based endpoint discovery of resources in cloud edge locations embedded in telecommunications networks
US7574491B2 (en) Virtual data center for network resource management
WO2017036288A1 (en) Network element upgrading method and device
US11095534B1 (en) API-based endpoint discovery of resources in cloud edge locations embedded in telecommunications networks
US7971089B2 (en) Switching connection of a boot disk to a substitute server and moving the failed server to a server domain pool
CN103026660B (en) Network policy configuration method, management equipment and network management centre device
US8387013B2 (en) Method, apparatus, and computer product for managing operation
US11669360B2 (en) Seamless virtual standard switch to virtual distributed switch migration for hyper-converged infrastructure
JP6152148B2 (en) How to increase memory fault tolerance
CN112910685B (en) Method and device for realizing unified management of container network
US11494130B2 (en) Operation data accessing device and accessing method thereof
US11425054B1 (en) User-configured multi-location service deployment and scaling
JP5911448B2 (en) Migration support apparatus, migration support method, and program
US11743325B1 (en) Centralized load balancing of resources in cloud edge locations embedded in telecommunications networks
US7231503B2 (en) Reconfiguring logical settings in a storage system
US11765244B1 (en) Latency-based service discovery and routing for multi-location service-oriented applications
CN115426258B (en) Information configuration method, device, switch and readable storage medium
JP4485875B2 (en) Storage connection changing method, storage management system and program
CN110110004B (en) Data operation method, device and storage medium
CN113691389A (en) Configuration method of load balancer, server and storage medium
CN111884837A (en) Migration method and device of virtual encryption machine and computer storage medium
CN116743845B (en) Edge service discovery method, device, node equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200117

Address after: 210000 No. 1 East Garden Street, Qinhuai District, Jiangsu, Nanjing

Applicant after: China Electric Rice Information System Co., Ltd.

Address before: 210007 No. 1 East Street, alfalfa garden, Jiangsu, Nanjing

Applicant before: The 28th Research Institute of China Electronic Science and Technology Group Corporation

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder

Address after: No.1 Lingshan South Road, Qixia District, Nanjing, Jiangsu Province, 210000

Patentee after: China Electric Rice Information System Co.,Ltd.

Address before: 210000 No. 1 East Garden Street, Qinhuai District, Jiangsu, Nanjing

Patentee before: China Electric Rice Information System Co.,Ltd.

CP02 Change in the address of a patent holder
TR01 Transfer of patent right

Effective date of registration: 20220519

Address after: 1401, floor 14, building 4, yard 54, Shijingshan Road, Shijingshan District, Beijing 100041

Patentee after: Diankeyun (Beijing) Technology Co.,Ltd.

Address before: 210000 No.1, Lingshan South Road, Qixia District, Nanjing City, Jiangsu Province

Patentee before: China Electric Rice Information System Co.,Ltd.

TR01 Transfer of patent right