CN111026525B - Scheduling method and device for cloud platform virtual diversion technology - Google Patents

Scheduling method and device for cloud platform virtual diversion technology Download PDF

Info

Publication number
CN111026525B
CN111026525B CN201911043505.5A CN201911043505A CN111026525B CN 111026525 B CN111026525 B CN 111026525B CN 201911043505 A CN201911043505 A CN 201911043505A CN 111026525 B CN111026525 B CN 111026525B
Authority
CN
China
Prior art keywords
interface
network
virtual
cloud platform
diversion
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911043505.5A
Other languages
Chinese (zh)
Other versions
CN111026525A (en
Inventor
肖仕光
卢鹏
肖新光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Antiy Technology Group Co Ltd
Original Assignee
Antiy Technology Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Antiy Technology Group Co Ltd filed Critical Antiy Technology Group Co Ltd
Priority to CN201911043505.5A priority Critical patent/CN111026525B/en
Publication of CN111026525A publication Critical patent/CN111026525A/en
Application granted granted Critical
Publication of CN111026525B publication Critical patent/CN111026525B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/4881Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5072Grid computing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5077Logical partitioning of resources; Management or configuration of virtualized resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a scheduling method, a scheduling device, electronic equipment and a storage medium of a cloud platform virtual diversion technology, wherein the scheduling method comprises the following steps: the cloud platform is subjected to interface docking adaptation, so that the existing environment of the cloud platform meets the pre-stored standard diversion technical requirements; capturing network traffic, acquiring a traffic distribution trend graph, analyzing the network traffic in a network layer, and monitoring the whole network traffic; defining a flow scheduling strategy according to the flow guiding requirement of the cloud platform and the flow distribution trend graph by combining the whole network flow monitoring state, and packaging the flow scheduling strategy into a safety service chain data packet; and analyzing the safety service chain data packet to obtain safety service chain information, and executing network traffic redirection operation according to the safety service chain information to pull the network traffic to sequentially pass through the safety equipment ordered sequence corresponding to the service chain. According to the method, the flow is directionally pulled to the appointed safety equipment according to the service requirement, so that the operation and maintenance efficiency is improved, and the operation and maintenance difficulty is reduced.

Description

Scheduling method and device for cloud platform virtual diversion technology
Technical Field
The present invention relates to the field of virtual diversion technologies, and in particular, to a scheduling method and apparatus for a cloud platform virtual diversion technology, an electronic device, and a storage medium.
Background
With the development of security protection technology on clouds such as SDS (software defined security), the main trend of service security protection on clouds is to draw user virtual machines and application system traffic to resource pool security devices for protection by constructing a security resource pool. The flow traction mode based on virtual diversion can be well compatible with the characteristics of dynamic scheduling, elastic expansion and the like of a cloud computing platform, and is the core of a cloud security protection system, however, the traditional diversion adaptation and traction mode still has a plurality of difficulties in facing the problems of complex cloud computing environment, various technologies, different requirements and the like:
1. cloud platform bottom virtualization technology and traffic scheduling mechanism are different
Due to factors such as environment, application, technical capability and funds, the virtualization technologies adopted by the bottom layer of the cloud platform are different, and the flow management and scheduling mechanisms on the cloud are quite different, so that manufacturers with a single virtual diversion solution on the cloud cannot adapt to the network environment of all the cloud platforms well.
2. Aiming at different virtual diversion specifications, the cloud platform has difficult interface adaptation
Aiming at the influence of the virtual diversion specification of the cloud platform, the cloud platform mainly comprises compliance laws, technical limits, business requirements, authority division and the like, and cloud security manufacturers need to comprehensively consider factors in all aspects to give an adaptive scheme, so that on one hand, the existing scheme is difficult to adapt to customer specifications; on the other hand, the suitability change aiming at the current scheme causes partial performance sacrifice and operation and maintenance difficulty, and the suitability is poor.
3. Cloud platform open interfaces are complex and various, and automatic adaptation cannot be realized in the prior art
The cloud platform has various scheduling modes aiming at traffic, including modes of agents, micro-agents, policy routing, APIs, SDNs and the like, and meanwhile, the management mode of a single virtual diversion technology is inconsistent with the opening condition of an interface, so that a single product cannot well butt-joint traffic scheduling engines on each cloud, and automatic identification and automatic adaptation of the interface cannot be realized.
Disclosure of Invention
In view of the above, the present invention provides a scheduling method, apparatus, electronic device and storage medium for cloud platform virtual diversion technology, so as to solve or partially solve the above technical problems.
According to one aspect of the present invention, there is provided a scheduling method of a cloud platform virtual diversion technique, the method including:
performing interface docking adaptation on the cloud platform to enable the existing environment of the cloud platform to meet the pre-stored standard diversion technical requirements;
capturing network traffic, acquiring a traffic distribution trend graph, analyzing the network traffic by a network layer, and monitoring the whole network traffic;
defining a flow scheduling strategy according to the flow guiding requirement of the cloud platform and the flow distribution trend graph by combining the whole network flow monitoring state, and packaging the flow scheduling strategy into a safety service chain data packet;
and analyzing the safety service chain data packet to obtain safety service chain information, and executing network traffic redirection operation according to the safety service chain information to pull network traffic to sequentially pass through the safety equipment ordered sequence corresponding to the service chain.
Optionally, the adapting the interface docking of the cloud platform to enable the existing environment of the cloud platform to meet the pre-stored standard diversion technical requirement includes:
acquiring service information adopted by the existing environment of the cloud platform, and determining a virtual diversion specification of the cloud platform according to the service information;
according to the cloud platform virtual diversion specification, identifying an open interface in a network environment, and combining a pre-stored interface characteristic knowledge base to obtain an interface availability evaluation report;
performing coverage analysis and processing on the existing virtual diversion scheme according to the interface availability evaluation report, outputting an adaptive cloud platform virtual diversion scheme, and outputting interface docking specifications according to the cloud platform virtual diversion scheme and a pre-stored interface characteristic knowledge base;
and according to the interface docking specification, performing automatic adaption of interface docking.
Optionally, the service information includes service requirements, platform virtualization technology, network control and scheduling mechanisms,
wherein, the business requirement mainly comprises compliance specification, confidentiality requirement and responsibility division, the platform virtualization technology comprises mainstream cloud platform virtual technology characteristics, the network virtualization technology comprises virtual, vhost-Net, PCI Path-Through, SR-IOV (Intel VT-x/VT-D, QEMU/KAM, IGB/IXGBE), the network control and scheduling mechanism comprises cloud virtual network technology and control technology,
and/or the number of the groups of groups,
the open interfaces in the network environment comprise a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface and a firewall configuration interface.
Optionally, the automation adaptation of interface docking adopts any one or more of a cloud network device configuration management interface, a virtual machine configuration management interface, an NFV management interface, an SDN network management interface and a cloud management platform interface.
Optionally, the traffic scheduling policy includes network topology, resource distribution analysis, network equipment, security equipment management, service chain policy knowledge base, network flow scheduling decision, traffic scheduling instruction generation.
According to another aspect of the present invention, there is provided a scheduling apparatus for a cloud platform virtual diversion technique, the apparatus including:
the interface adaptation module is used for adapting interface butt joint of the cloud platform so that the existing environment of the cloud platform meets the requirements of a pre-stored standard diversion technology;
the flow monitoring module is used for capturing network flow, acquiring a flow distribution trend graph, analyzing the network flow in a network layer and monitoring the whole network flow;
the flow scheduling module is used for defining a flow scheduling strategy according to the flow guiding requirement of the cloud platform and the flow distribution trend graph by combining the whole network flow monitoring state, and packaging the flow scheduling strategy into a security service chain data packet;
the flow guiding engine module is used for analyzing the data packet of the safety service chain to obtain safety service chain information, and executing network traffic redirection operation according to the safety service chain information, and pulling the network traffic to sequentially pass through the safety equipment ordered sequence corresponding to the service chain.
Optionally, the interface adaptation module is specifically configured to:
acquiring service information adopted by the existing environment of the cloud platform, and determining a virtual diversion specification of the cloud platform according to the service information;
according to the cloud platform virtual diversion specification, identifying an open interface in a network environment, and combining a pre-stored interface characteristic knowledge base to obtain an interface availability evaluation report;
performing coverage analysis and processing on the existing virtual diversion scheme according to the interface availability evaluation report, outputting an adaptive cloud platform virtual diversion scheme, and outputting interface docking specifications according to the cloud platform virtual diversion scheme and a pre-stored interface characteristic knowledge base;
and according to the interface docking specification, performing automatic adaption of interface docking.
Optionally, the service information includes service requirements, platform virtualization technology, network control and scheduling mechanisms,
wherein, the business requirement mainly comprises compliance specification, confidentiality requirement and responsibility division, the platform virtualization technology comprises mainstream cloud platform virtual technology characteristics, the network virtualization technology comprises virtual, vhost-Net, PCI Path-Through, SR-IOV (Intel VT-x/VT-D, QEMU/KAM, IGB/IXGBE), the network control and scheduling mechanism comprises cloud virtual network technology and control technology,
and/or the number of the groups of groups,
the open interfaces in the network environment comprise a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface and a firewall configuration interface.
Optionally, the automation adaptation of interface docking adopts any one or more of a cloud network device configuration management interface, a virtual machine configuration management interface, an NFV management interface, an SDN network management interface and a cloud management platform interface.
Optionally, the traffic scheduling policy includes network topology, resource distribution analysis, network equipment, security equipment management, service chain policy knowledge base, network flow scheduling decision, traffic scheduling instruction generation.
According to still another aspect of the present invention, there is provided an electronic device including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing the scheduling method of the cloud platform virtual diversion technology.
According to yet another aspect of the present invention, there is provided a computer readable storage medium storing one or more programs executable by one or more processors to implement the foregoing scheduling method of a cloud platform virtual diversion technique.
Drawings
Fig. 1 is a flowchart of a scheduling method of a cloud platform virtual diversion technique according to an embodiment of the present invention;
fig. 2 is a flowchart of a scheduling method of another virtual diversion technique of a cloud platform according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of collected business information;
fig. 4 is a diagram of a scheduling device of a cloud platform virtual diversion technique according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an embodiment of the electronic device of the present invention.
Detailed Description
The following describes specific implementation manners of a scheduling method, a device, an electronic device and a storage medium of a cloud platform virtual diversion technology according to embodiments of the present invention with reference to the accompanying drawings.
Fig. 1 is a flowchart of a scheduling method of a cloud platform virtual diversion technique according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
step S11: performing interface docking adaptation on the cloud platform to enable the existing environment of the cloud platform to meet the pre-stored standard diversion technical requirements;
the pre-stored standard diversion technical requirements are standards specified by the existing diversion technical requirements.
Step S12: capturing network traffic, acquiring a traffic distribution trend graph, analyzing the network traffic in a network layer, and monitoring the whole network traffic;
step S13: defining a flow scheduling strategy according to the flow guiding requirement of the cloud platform and a flow distribution trend graph by combining the flow monitoring state of the whole network, and packaging the flow scheduling strategy into a safety service chain data packet;
wherein, the diversion requirement is related to the business requirement of the user, and the user can customize.
Step S14: and analyzing the safety service chain data packet to obtain safety service chain information, and executing network traffic redirection operation according to the safety service chain information to pull the network traffic to sequentially pass through the safety equipment ordered sequence corresponding to the service chain.
The method is based on various virtual diversion techniques, can realize manual strategy issuing and hosting self-adaption by uniformly monitoring and managing platform flow, is compatible with the characteristics of dynamic scheduling and elastic expansion of a cloud platform, realizes directional traction of the flow to appointed safety equipment according to service requirements, improves operation and maintenance efficiency, and reduces operation and maintenance difficulty.
In some embodiments of the present invention, the adapting the interface docking of the cloud platform to enable the existing environment of the cloud platform to meet the pre-stored standard diversion technical requirements includes:
acquiring service information adopted by the existing environment of the cloud platform, and determining virtual diversion specifications of the cloud platform according to the service information;
according to the virtual diversion specification of the cloud platform, identifying an open interface in a network environment, and combining a pre-stored interface characteristic knowledge base to obtain an interface availability evaluation report;
performing coverage analysis and processing on the existing virtual diversion scheme according to the interface availability evaluation report, outputting an adaptive cloud platform virtual diversion scheme, and outputting interface butt joint specifications according to the cloud platform virtual diversion scheme and a pre-stored interface characteristic knowledge base;
and according to the interface docking specification, performing automatic adaption of interface docking.
In some embodiments of the present invention, the traffic information includes traffic demands, platform virtualization technology, network control and scheduling mechanisms,
wherein, the business requirement mainly comprises compliance specification, confidentiality requirement and responsibility division, the platform virtualization technology comprises mainstream cloud platform virtual technology characteristics, the network virtualization technology comprises virtual, vhost-Net, PCI Path-Through, SR-IOV (Intel VT-x/VT-D, QEMU/KAM, IGB/IXGBE), the network control and scheduling mechanism comprises cloud virtual network technology and control technology,
in some embodiments of the present invention, the interfaces that are open in the network environment include a virtual machine management interface, NFV interface, libVirt virtual software management interface, network controller interface, firewall configuration interface.
In some embodiments of the present invention, the automation adaptation for performing interface docking uses any one or more of a cloud network device configuration management interface, a virtual machine configuration management interface, an NFV management interface, an SDN network management interface, and a cloud management platform interface.
In some embodiments of the present invention, the traffic scheduling policy includes network topology, resource distribution analysis, network devices, security device management, service chain policy knowledge base, network flow scheduling decisions, traffic scheduling instruction generation.
Fig. 2 is a flowchart of a scheduling method of another cloud platform virtual diversion technique according to an embodiment of the present invention, as shown in fig. 2, the method includes the following steps:
s21: and acquiring service information adopted by the existing environment of the cloud platform.
The virtual diversion system needs to combine with a specific service environment of a customer to collect service information, and mainly comprises contents such as service requirements, platform virtualization technology, network control and scheduling mechanism, and the like, as shown in fig. 3, fig. 3 is a schematic diagram of the collected service information, wherein the service requirements mainly comprise contents such as compliance specifications, confidentiality requirements, authority division, and the like; the platform virtualization technology comprises main stream cloud platform virtualization technical characteristics including Openstack, azure, vmware and the like; the network virtualization technology mainly describes a cloud virtual machine network card simulation technology, and comprises technical characteristics such as Virtio, vhost-Net, PCI Path-Through, SR-IOV (Intel VT-x/VT-D, QEMU/KAM, IGB/IXGBE) and the like; the network control and scheduling mechanism comprises a cloud virtual network technology and a control technology, and has network management schemes such as SDN, strategy routing, built-in API and the like. The collected data standard follows a standard system of characteristic parameters of service information. The data acquisition mode comprises the forms of options, numbers, labels and the like, the user can customize the characteristic items, and format and range verification can be performed on the acquired data.
S22: and determining a cloud platform virtual diversion specification.
By collecting cloud platform virtualization technology, network control and scheduling mechanism and cloud platform flow traction specification required by a user, which are adopted by the existing cloud computing environment, and determining virtual diversion specification of the user cloud platform through analysis, the virtual diversion specification defines a diversion scheme adapting to the user environment, for example, the user adopts a heterogeneous cloud computing architecture, so that an API diversion mode is partially supported, a policy routing mode is partially supported, the diversion scheme needs to be dynamically adjusted, and an API+policy routing combination mode is adopted; for example, the user adopts an API drainage mode, but part of virtual machines do not obtain API authorization, and a proxy drainage mode is required.
Specifically, the reported service information is collected and corresponds according to a service information characteristic parameter system, the technology adopted at present is marked, a pre-stored standard specification knowledge base is combined, the knowledge base records a standard technology list which is adopted by a certain cloud architecture (such as Openstack) and comprises standard technical specifications and virtual diversion specifications, the association analysis of service characteristic indexes and the standard specifications is realized, the association result is subjected to an adaptability rating function, the function calculates the index coverage ratio, the ratio of the actual characteristic index number to the standard characteristic index number is valued, the performance rating of the applicable specification Fan Shiying is carried out, and the virtual diversion specifications with preferential adaptability are produced, such as TOP N is taken according to the ranking of the adaptive values.
S23: an interface availability assessment report is obtained.
Aiming at the virtual diversion specification produced in the step S22, the process combines an interface characteristic knowledge base to find an open standard interface in a network environment in an active identification mode, wherein the open standard interface in the network environment comprises the following components: the method comprises the steps of performing interface availability evaluation on identification results and generating an interface availability evaluation report by a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface, a firewall configuration interface and the like.
The interface feature knowledge base comprises an open API corresponding list; the active identification refers to actively interfacing with an API (application program interface) of the cloud platform, which is open to the outside, and evaluating the effectiveness of the API; the interface availability evaluation is to evaluate whether the interface is effective or not through interface call; the interface availability assessment report includes a flag of whether the interface is available.
S24: and outputting interface docking specifications.
The process analyzes the coverage of the existing virtual diversion scheme according to the interface availability evaluation report produced in the step S23. The virtual diversion scheme is an ideal diversion scheme, and is produced according to the requirements of users and environmental conditions. The actual interface open state of the user affects the actual landing of the scheme, so that feasibility assessment needs to be performed for each diversion scheme according to an interface availability report, mainly including key interface availability and overall interface coverage, and meanwhile, technical expansion and replacement are performed for the conditions of unavailable interfaces and the like, for example, when a policy route cannot cover the traffic of things, a policy route+API and the like is adopted, expansion is performed on the basis of a standard scheme, wherein the standard scheme comprises a policy route, API diversion, micro-proxy, proxy and SDN, a virtual diversion scheme adapting to the existing network environment and the interface open condition is output, and meanwhile, a pre-stored interface feature knowledge base is aimed at, wherein the pre-stored interface feature knowledge base comprises all cloud open interface information including interface attributes, parameter lists and the like, and meanwhile, a standard interface docking specification is output, wherein the interface docking specification marks which interfaces should be called for the determined diversion specification, information of parameters and the like, and the like is transmitted.
S25: automated adaptation of interface interfacing
According to interface docking specifications, the adaptation of the diversion interface and the installation configuration of the traction agent engine are carried out in an automatic docking deployment and manual auxiliary maintenance mode.
The process mainly aims at interface docking specifications produced in the step S24, and automatic docking adaptation with a cloud management platform is achieved. The butt joint mode mainly comprises the following steps:
the cloud network equipment configures a management interface, the adaptation of the management interface mainly supports a virtual diversion mode based on strategy routing, the configuration of network equipment such as a firewall, a switch and a router is realized through the network equipment management interface, and the network flow is redirected through a network node;
the virtual machine configures a management interface, the adaptation of the management interface mainly supports a virtual diversion mode based on a micro-proxy, and virtual diversion proxy software installation packages are issued to the virtual machine by calling a LibVirt control interface to complete automatic installation configuration, and meanwhile, a dispatching control center strategy is accepted to realize flow traction;
the NFV management interface is mainly adapted to support a virtual diversion mode based on an agent, and the virtual diversion mirror image is managed and maintained by realizing the butt joint with the NFV system, so that the virtual elastic deployment and dynamic scheduling of diversion are realized according to requirements.
The adaptive of the SDN network management interface mainly supports a drainage control mode based on the SDN, the SDN realizes separation of a control layer and a data layer, and meanwhile, the SDN has the capability of arranging a safety service chain, and the flow arrangement and traction are realized by carrying out network control on the northbound interface.
The cloud platform bottom technology module is provided with a flow collection and scheduling module, supports programmable protocol/rule customization, and realizes flow transverse traction through butt joint management API.
The system can perform self-defining capability combination for the interface API, and maintain the synchronization of the change and the stability of the system by combining automatic and manual identification for the conditions of unstable interface, changed interface and the like.
S26: performing diversion scheduling
The flow guiding schedule mainly comprises two parts of flow monitoring and flow scheduling. The network traffic is captured by adopting a core switch bypass deployment mode, and the network traffic is visualized by combining NetFlow session information acquisition and network layer protocol analysis to present traffic direction, relationship, load, content and other information. The flow scheduling module combines the whole network flow monitoring state, defines a flow scheduling strategy according to the flow guiding requirement and a flow distribution trend chart, and comprises the contents of network topology and resource distribution analysis, network equipment/safety equipment management, service chain strategy knowledge base, network flow scheduling decision, flow scheduling instruction generation, strategy conflict decision and the like, and finally packages the contents into a safety service chain data packet through an XML format and transmits the safety service chain data packet to a designated flow guiding engine.
The network topology and resource distribution analysis needs to master the distribution, load condition, node distribution, relation and support scheduling decision of the whole network flow; network devices/security devices manage forwarding and destination nodes that are traffic, network devices and security devices in the network should be managed and controlled; the service chain strategy knowledge base is the sequence of network nodes which need to pass through in the flow scheduling process; the network flow scheduling decision analyzes the service quantity strategy; the flow scheduling instruction generation is to generate a flow forwarding instruction issued to the network device.
The flow traction strategy is issued by the flow monitoring and dispatching center, so that unified configuration and management of the drainage interface are realized, and analysis and execution of the dynamic dispatching strategy are realized by combining the safety service requirements.
S27: diversion engine
And according to the scheduling policy, redirecting the user traffic and scheduling the client traffic to the designated security equipment.
The method comprises the following steps: the process mainly aims at the flow scheduling strategy issued by the S26, the strategy analyzer analyzes and identifies the strategy content, which is the safety service chain information arranged by the XML expression user, and comprises information such as a strategy executor, data flow meeting specific attributes, strategy execution authority, strategy priority and the like, the flow guiding engine executes network flow redirection operation in a mode of scheduling self modules or external equipment configuration according to the safety service chain information, and pulls network flow to sequentially pass through the safety equipment ordered sequence corresponding to the service chain.
The application example of the scheduling method of the cloud platform virtual diversion technology provided by the invention is as follows:
in the process of carrying out virtual diversion adaptation on a user cloud platform, a user inputs service requirements, a platform virtualization technology, a network virtualization technology and a network control and scheduling mechanism through an interface. The system analyzes data reported by a user and generates a virtual diversion specification, actively scans and identifies a cloud platform management interface and a network control interface through a characteristic knowledge base, and outputs an adaptive diversion scheme (based on policy routing, micro-proxy, agent, API diversion and SDN technology extension) and an interface docking specification. The system carries out adaptation of the diversion interface and automatic installation and deployment of the traction agent in the modes of automatic deployment, control authority docking and the like according to the diversion scheme and the interface docking specification. The user can send the virtual diversion strategy through the flow monitoring and dispatching center to realize the unified configuration and management of the flow, or can select the self-adaptive mode, the flow dispatching engine analyzes the strategy and realizes the redirection of the flow, and the flow is forwarded to the appointed network equipment.
The invention solves the following technical problems:
1. aiming at the fact that the virtualization technology at the bottom layer of the cloud platform is different from a flow scheduling mechanism, the method is suitable for various cloud security technical environments.
2. Aiming at the problem that the cloud platform has different flow traction specifications and difficult interface adaptation, the invention determines a virtual diversion scheme by collecting the existing cloud virtualization technology, network control and scheduling mechanism and user service demand filling, and analyzes and produces standard specification definition.
3. Aiming at the complex and various open interfaces of the cloud platform, the automatic adaptation cannot be realized in the prior art, the related management control interfaces and network control interfaces of the cloud platform are automatically identified and acquired through a knowledge base according to the virtual diversion specification, and the adaptive butt joint specification is produced in combination with a specific environment, so that the automatic adaptation is realized.
The invention provides a solution to the problem that the diversion scheme is difficult to land due to the diversity of the cloud platform virtual technology, the network complexity and the like, and based on various virtual diversion technologies, the adaptive diversion scheme can be automatically generated according to the different cloud platform technologies and mechanisms, meanwhile, a cloud management interface and a network control interface can be automatically identified by combining a characteristic knowledge base, and the virtual diversion platform and the cloud management platform are organically combined through the interface automatic identification and adaptation technology, so that automatic butt joint is realized. The traffic of the platform can be uniformly monitored and managed, so that manual strategy issuing and hosting self-adaption are realized, the characteristics of dynamic scheduling and elastic expansion of the cloud platform are compatible, traffic is directionally pulled to the appointed safety equipment according to service requirements, the operation and maintenance efficiency is improved, and the operation and maintenance difficulty is reduced.
Fig. 4 is a diagram of a scheduling apparatus for virtual diversion technology of a cloud platform according to an embodiment of the present invention, as shown in fig. 4, where the apparatus includes:
the interface adapting module 401 is configured to adapt interface docking to the cloud platform, so that the existing environment of the cloud platform meets the requirements of a pre-stored standard diversion technology;
the flow monitoring module 402 is configured to capture network flow, acquire a flow distribution trend graph, perform network layer analysis on the network flow, and perform whole network flow monitoring;
the flow scheduling module 403 is configured to define a flow scheduling policy according to the flow guiding requirement of the cloud platform and the flow distribution trend graph in combination with the traffic monitoring state of the whole network, and encapsulate the flow scheduling policy into a security service chain data packet;
the diversion engine module 404 is configured to parse the security service chain data packet to obtain security service chain information, perform a network traffic redirection operation according to the security service chain information, and pull the network traffic to sequentially pass through the security device ordered sequence corresponding to the service chain.
In some embodiments of the present invention, the interface adaptation module 401 is specifically configured to:
acquiring service information adopted by the existing environment of the cloud platform, and determining virtual diversion specifications of the cloud platform according to the service information;
according to the virtual diversion specification of the cloud platform, identifying an open interface in a network environment, and combining a pre-stored interface characteristic knowledge base to obtain an interface availability evaluation report;
performing coverage analysis and processing on the existing virtual diversion scheme according to the interface availability evaluation report, outputting an adaptive cloud platform virtual diversion scheme, and outputting interface butt joint specifications according to the cloud platform virtual diversion scheme and a pre-stored interface characteristic knowledge base;
and according to the interface docking specification, performing automatic adaption of interface docking.
In some embodiments of the present invention, the traffic information includes traffic demands, platform virtualization technology, network control and scheduling mechanisms,
wherein, the business requirement mainly comprises compliance specification, confidentiality requirement and responsibility division, the platform virtualization technology comprises mainstream cloud platform virtual technology characteristics, the network virtualization technology comprises virtual, vhost-Net, PCI Path-Through, SR-IOV (Intel VT-x/VT-D, QEMU/KAM, IGB/IXGBE), the network control and scheduling mechanism comprises cloud virtual network technology and control technology,
in some embodiments of the present invention, the interfaces that are open in the network environment include a virtual machine management interface, NFV interface, libVirt virtual software management interface, network controller interface, firewall configuration interface.
In some embodiments of the present invention, the automation adaptation for performing interface docking uses any one or more of a cloud network device configuration management interface, a virtual machine configuration management interface, an NFV management interface, an SDN network management interface, and a cloud management platform interface.
In some embodiments of the present invention, the traffic scheduling policy includes network topology, resource distribution analysis, network devices, security device management, service chain policy knowledge base, network flow scheduling decisions, traffic scheduling instruction generation.
An embodiment of the present invention further provides an electronic device, fig. 5 is a schematic structural diagram of an embodiment of the electronic device, where the process of the embodiment shown in fig. 1-2 of the present invention may be implemented, and as shown in fig. 5, the electronic device may include: the processor 52 and the memory 55 are arranged on the circuit board 54, wherein the circuit board 54 is arranged in a space surrounded by the shell 51; a power supply circuit 55 for supplying power to the respective circuits or devices of the above-described electronic apparatus; memory 55 is used to store executable program code; the processor 52 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 55 for executing the program starting method described in any of the foregoing embodiments.
The specific implementation of the above steps by the processor 52 and the further implementation of the steps by the processor 52 by running executable program codes may be referred to in the description of the embodiment of fig. 1-2 of the present invention, and will not be described herein.
The electronic device exists in a variety of forms including, but not limited to:
(1) A mobile communication device: such devices are characterized by mobile communication capabilities and are primarily aimed at providing voice, data communications. Such terminals include: smart phones (e.g., iPhone), multimedia phones, functional phones, and low-end phones, etc.
(2) Ultra mobile personal computer device: such devices are in the category of personal computers, having computing and processing functions, and generally also having mobile internet access characteristics. Such terminals include: PDA, MID, and UMPC devices, etc., such as iPad.
(3) Portable entertainment device: such devices may display and play multimedia content. The device comprises: audio, video players (e.g., iPod), palm game consoles, electronic books, and smart toys and portable car navigation devices.
(4) And (3) a server: the configuration of the server includes a processor, a hard disk, a memory, a system bus, and the like, and the server is similar to a general computer architecture, but is required to provide highly reliable services, and thus has high requirements in terms of processing capacity, stability, reliability, security, scalability, manageability, and the like.
(5) Other electronic devices with data interaction functions.
Embodiments of the present invention also provide a computer-readable storage medium storing one or more programs executable by one or more processors to implement the foregoing program launch method.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments.
In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.
For convenience of description, the above apparatus is described as being functionally divided into various units/modules, respectively. Of course, the functions of the various elements/modules may be implemented in the same piece or pieces of software and/or hardware when implementing the present invention.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), or the like.
The invention has the following technical effects:
in summary, the invention provides a solution to the problem that the diversion scheme is difficult to land due to diversity of cloud platform virtual technology, network complexity and the like, and based on various virtual diversion technologies, an adaptive diversion scheme can be automatically generated according to different cloud platform technologies and mechanisms, meanwhile, a cloud management interface and a network control interface can be automatically identified by combining a feature knowledge base, and the virtual diversion platform and the cloud management platform are organically combined through the interface automatic identification and adaptation technology, so that automatic docking is realized. The traffic of the platform can be uniformly monitored and managed, so that manual strategy issuing and hosting self-adaption are realized, the characteristics of dynamic scheduling and elastic expansion of the cloud platform are compatible, traffic is directionally pulled to the appointed safety equipment according to service requirements, the operation and maintenance efficiency is improved, and the operation and maintenance difficulty is reduced.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the scope of the present invention should be included in the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims (10)

1. The scheduling method of the cloud platform virtual diversion technology is characterized by comprising the following steps of:
performing interface docking adaptation on the cloud platform to enable the existing environment of the cloud platform to meet the pre-stored standard diversion technical requirements;
capturing network traffic, acquiring a traffic distribution trend graph, analyzing the network traffic by a network layer, and monitoring the whole network traffic;
defining a flow scheduling strategy according to the flow guiding requirement of the cloud platform and the flow distribution trend graph by combining the whole network flow monitoring state, and packaging the flow scheduling strategy into a safety service chain data packet;
analyzing the safety service chain data packet to obtain safety service chain information, and executing network traffic redirection operation according to the safety service chain information to pull network traffic to sequentially pass through the safety equipment ordered sequence corresponding to the service chain;
the adapting the interface docking of the cloud platform to enable the existing environment of the cloud platform to meet the pre-stored standard diversion technical requirements comprises the following steps:
acquiring service information adopted by the existing environment of the cloud platform, and determining a virtual diversion specification of the cloud platform according to the service information;
according to the cloud platform virtual diversion specification, identifying an open interface in a network environment, and combining a pre-stored interface characteristic knowledge base to obtain an interface availability evaluation report;
performing coverage analysis and processing on the existing virtual diversion scheme according to the interface availability evaluation report, outputting an adaptive cloud platform virtual diversion scheme, and outputting interface docking specifications according to the cloud platform virtual diversion scheme and a pre-stored interface characteristic knowledge base;
according to the interface docking specification, automatic adaption of interface docking is carried out;
wherein, the virtual diversion specification defines a diversion scheme adapting to the user environment; the pre-stored interface feature knowledge base contains all cloud open interface information, including interface attribute and parameter list, and simultaneously outputs standard interface docking specification; the interface docking specification marks the specific diversion specification.
2. The method of claim 1, wherein the traffic information comprises traffic requirements, platform virtualization technology, network control and scheduling mechanisms,
wherein, the service requirement mainly comprises compliance specification, confidentiality requirement and responsibility division, the platform virtualization technology comprises mainstream cloud platform virtual technology characteristics, the network virtualization technology comprises virtual, vhost-Net, PCI Path-Through and SR-IOV, the network control and scheduling mechanism comprises cloud virtual network technology and control technology,
and/or the number of the groups of groups,
the open interfaces in the network environment comprise a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface and a firewall configuration interface.
3. The method of claim 1, wherein the automated adaptation of interface interfacing employs any one or more of a cloud network device configuration management interface, a virtual machine configuration management interface, an NFV management interface, an SDN network management interface, and a cloud management platform interface.
4. The method of claim 1, wherein the traffic scheduling policy comprises network topology, resource distribution analysis, network devices, security device management, service chain policy knowledge base, network flow scheduling decisions, traffic scheduling instruction generation.
5. A scheduling device for cloud platform virtual diversion technology, the device comprising:
the interface adaptation module is used for adapting interface butt joint of the cloud platform so that the existing environment of the cloud platform meets the requirements of a pre-stored standard diversion technology;
the flow monitoring module is used for capturing network flow, acquiring a flow distribution trend graph, analyzing the network flow in a network layer and monitoring the whole network flow;
the flow scheduling module is used for defining a flow scheduling strategy according to the flow guiding requirement of the cloud platform and the flow distribution trend graph by combining the whole network flow monitoring state, and packaging the flow scheduling strategy into a security service chain data packet;
the flow guiding engine module is used for analyzing the safety service chain data packet to obtain safety service chain information, executing network traffic redirection operation according to the safety service chain information, and pulling network traffic to sequentially pass through the safety equipment ordered sequence corresponding to the service chain;
the interface adaptation module is specifically configured to:
acquiring service information adopted by the existing environment of the cloud platform, and determining a virtual diversion specification of the cloud platform according to the service information;
according to the cloud platform virtual diversion specification, identifying an open interface in a network environment, and combining a pre-stored interface characteristic knowledge base to obtain an interface availability evaluation report;
performing coverage analysis and processing on the existing virtual diversion scheme according to the interface availability evaluation report, outputting an adaptive cloud platform virtual diversion scheme, and outputting interface docking specifications according to the cloud platform virtual diversion scheme and a pre-stored interface characteristic knowledge base;
according to the interface docking specification, automatic adaption of interface docking is carried out;
wherein, the virtual diversion specification defines a diversion scheme adapting to the user environment; the pre-stored interface feature knowledge base contains all cloud open interface information, including interface attribute and parameter list, and simultaneously outputs standard interface docking specification; the interface docking specification marks the specific diversion specification.
6. The apparatus of claim 5, wherein the traffic information comprises traffic requirements, platform virtualization technology, network control and scheduling mechanisms,
wherein, the service requirement mainly comprises compliance specification, confidentiality requirement and responsibility division, the platform virtualization technology comprises mainstream cloud platform virtual technology characteristics, the network virtualization technology comprises virtual, vhost-Net, PCI Path-Through and SR-IOV, the network control and scheduling mechanism comprises cloud virtual network technology and control technology,
and/or the number of the groups of groups,
the open interfaces in the network environment comprise a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface and a firewall configuration interface.
7. The apparatus of claim 5, wherein the automated adaptation of interface interfacing employs any one or more of a cloud network device configuration management interface, a virtual machine configuration management interface, an NFV management interface, an SDN network management interface, and a cloud management platform interface.
8. The apparatus of claim 5, wherein the traffic scheduling policy comprises a network topology, a resource distribution analysis, a network device, a security device management, a service chain policy knowledge base, a network flow scheduling decision, a traffic scheduling instruction generation.
9. An electronic device, the electronic device comprising: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing the scheduling method of the cloud platform virtual streaming technique according to any one of the preceding claims 1 to 4.
10. A computer readable storage medium storing one or more programs executable by one or more processors to implement the method of scheduling cloud platform virtual streaming technology of any of claims 1-4.
CN201911043505.5A 2019-10-30 2019-10-30 Scheduling method and device for cloud platform virtual diversion technology Active CN111026525B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911043505.5A CN111026525B (en) 2019-10-30 2019-10-30 Scheduling method and device for cloud platform virtual diversion technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911043505.5A CN111026525B (en) 2019-10-30 2019-10-30 Scheduling method and device for cloud platform virtual diversion technology

Publications (2)

Publication Number Publication Date
CN111026525A CN111026525A (en) 2020-04-17
CN111026525B true CN111026525B (en) 2024-02-13

Family

ID=70204743

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911043505.5A Active CN111026525B (en) 2019-10-30 2019-10-30 Scheduling method and device for cloud platform virtual diversion technology

Country Status (1)

Country Link
CN (1) CN111026525B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114039764A (en) * 2021-11-04 2022-02-11 全球能源互联网研究院有限公司 Safety service function chain design method and system based on software definition safety
CN114024747A (en) * 2021-11-04 2022-02-08 全球能源互联网研究院有限公司 Security service chain arranging and deploying method and system based on software defined network virtualization (NFV)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102347876A (en) * 2011-09-30 2012-02-08 鞠洪尧 Multilink aggregation control device for cloud computing network
CN103973676A (en) * 2014-04-21 2014-08-06 蓝盾信息安全技术股份有限公司 Cloud computing safety protection system and method based on SDN
CN105827629A (en) * 2016-05-04 2016-08-03 王燕清 Software definition safety guiding device under cloud computing environment and implementation method thereof
WO2016169472A1 (en) * 2015-04-21 2016-10-27 Hangzhou H3C Technologies Co., Ltd. Providing security service
CN106301929A (en) * 2016-08-23 2017-01-04 成都卡莱博尔信息技术股份有限公司 A kind of cloud management platform based on lightweight Intel Virtualization Technology
CN106375384A (en) * 2016-08-28 2017-02-01 北京瑞和云图科技有限公司 Management system of mirror network flow in virtual network environment and control method
CN106572120A (en) * 2016-11-11 2017-04-19 中国南方电网有限责任公司 Access control method and system based on mixed cloud
CN106789981A (en) * 2016-12-07 2017-05-31 北京奇虎科技有限公司 Flow control methods, apparatus and system based on WAF
CN108713191A (en) * 2016-02-04 2018-10-26 思杰系统有限公司 System and method for cloud aware application transfer control
CN108833335A (en) * 2018-04-16 2018-11-16 中山大学 A kind of network security function service catenary system based on cloud computing management platform Openstack
CN108924085A (en) * 2018-05-24 2018-11-30 中国科学院计算机网络信息中心 network dispatching method, device and storage medium
CN109922021A (en) * 2017-12-12 2019-06-21 中国电信股份有限公司 Security protection system and safety protecting method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9742690B2 (en) * 2014-08-20 2017-08-22 At&T Intellectual Property I, L.P. Load adaptation architecture framework for orchestrating and managing services in a cloud computing system
US10142188B2 (en) * 2015-06-04 2018-11-27 Oracle International Corporation System and method for providing guiding messages in creating an integration flow in a cloud-based integration platform

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102347876A (en) * 2011-09-30 2012-02-08 鞠洪尧 Multilink aggregation control device for cloud computing network
CN103973676A (en) * 2014-04-21 2014-08-06 蓝盾信息安全技术股份有限公司 Cloud computing safety protection system and method based on SDN
WO2016169472A1 (en) * 2015-04-21 2016-10-27 Hangzhou H3C Technologies Co., Ltd. Providing security service
CN108713191A (en) * 2016-02-04 2018-10-26 思杰系统有限公司 System and method for cloud aware application transfer control
CN105827629A (en) * 2016-05-04 2016-08-03 王燕清 Software definition safety guiding device under cloud computing environment and implementation method thereof
CN106301929A (en) * 2016-08-23 2017-01-04 成都卡莱博尔信息技术股份有限公司 A kind of cloud management platform based on lightweight Intel Virtualization Technology
CN106375384A (en) * 2016-08-28 2017-02-01 北京瑞和云图科技有限公司 Management system of mirror network flow in virtual network environment and control method
CN106572120A (en) * 2016-11-11 2017-04-19 中国南方电网有限责任公司 Access control method and system based on mixed cloud
CN106789981A (en) * 2016-12-07 2017-05-31 北京奇虎科技有限公司 Flow control methods, apparatus and system based on WAF
CN109922021A (en) * 2017-12-12 2019-06-21 中国电信股份有限公司 Security protection system and safety protecting method
CN108833335A (en) * 2018-04-16 2018-11-16 中山大学 A kind of network security function service catenary system based on cloud computing management platform Openstack
CN108924085A (en) * 2018-05-24 2018-11-30 中国科学院计算机网络信息中心 network dispatching method, device and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
One Quantifiable Security Evaluation Model for Cloud Computing Platform;Aobing Sun等;2018 Sixth International Conference on Advanced Cloud and Big Data (CBD);全文 *
一种面向SDN网络的云安全技术方案研究和实现;罗原;;电信工程技术与标准化(07);全文 *
通过虚拟导流突破云环境安全部署问题;李陟;李小爽;;邮电设计技术(01);全文 *

Also Published As

Publication number Publication date
CN111026525A (en) 2020-04-17

Similar Documents

Publication Publication Date Title
Pujolle Software Networks: Virtualization, SDN, 5G, and Security
US10356007B2 (en) Dynamic service orchestration within PAAS platforms
Yu et al. Network function virtualization in the multi-tenant cloud
EP2974174B1 (en) Supporting arbitrary routing criteria in software defined networks
Muhizi et al. Analysis and performance evaluation of SDN queue model
Wang et al. Towards network-aware service composition in the cloud
Bernardos et al. Network virtualization research challenges
CN107624230A (en) The method and entity of service availability management
CN111026525B (en) Scheduling method and device for cloud platform virtual diversion technology
Ja’afreh et al. Toward integrating software defined networks with the Internet of Things: a review
Cerrato et al. Toward dynamic virtualized network services in telecom operator networks
CN111654541B (en) Service function chain arrangement method, system and orchestrator for edge computing service
CN106293765A (en) A kind of layout updates method and device
Siasi et al. Delay-aware SFC provisioning in hybrid fog-cloud computing architectures
Dräxler et al. Specification, composition, and placement of network services with flexible structures
Singh et al. Evolving requirements and application of SDN and IoT in the context of industry 4.0, blockchain and artificial intelligence
Tuncer et al. A northbound interface for software-based networks
US20220278944A1 (en) Method for allocating resources of a network infrastructure
WO2021105800A1 (en) Method for providing a low-latency, distributed, multi-user application through an edge cloud platform
Kazzaz et al. Restful-based mobile Web service migration framework
CN111031091B (en) Automatic adaptation method and device for cloud platform virtual diversion technology
Bellavista et al. Qos-enabled semantic routing for industry 4.0 based on sdn and mom integration
CN113395334B (en) Service function chain online updating method, system and equipment
Bujari et al. Service Function Chaining: a lightweight container-based management and orchestration plane
Kaur et al. Towards an open-source NFV management and orchestration framework

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road)

Applicant after: Antan Technology Group Co.,Ltd.

Address before: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Harbin, Heilongjiang Province (No. 838, Shikun Road)

Applicant before: Harbin Antian Science and Technology Group Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant