CN115567398A - Data center network construction system and implementation method thereof - Google Patents
Data center network construction system and implementation method thereof Download PDFInfo
- Publication number
- CN115567398A CN115567398A CN202210639362.XA CN202210639362A CN115567398A CN 115567398 A CN115567398 A CN 115567398A CN 202210639362 A CN202210639362 A CN 202210639362A CN 115567398 A CN115567398 A CN 115567398A
- Authority
- CN
- China
- Prior art keywords
- network
- virtual machine
- virtualization
- server
- data center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/70—Virtual switches
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the specification discloses a data center network construction system, which comprises a server, a virtualization management program, a virtual machine, a software routing firewall and a virtualization two-layer network, wherein the virtualization management program, the virtual machine, the software routing firewall and the virtualization two-layer network run on the server; the virtualization management program is deployed on an operating system of the server, so that the physical storage of the server is mapped to the virtualization storage pool to provide storage service for the virtual machine; the virtual machine at least comprises a client and a network card and is used for actually executing a data center network construction task; the software routing firewall is used for providing a gateway for the flow of the virtual machine to access an external network; and the virtualization two-layer network is used for simultaneously accessing the virtual machine network card and the software routing firewall network card so that the flow of the virtual machine is sent to the software routing firewall through the virtualization two-layer network. According to the scheme of the invention, the network, the storage and the calculation are integrated into a single server, the deployment application can be used by accessing without customizing and configuring the production environment of a user, the deployment efficiency is improved, and the cost is effectively saved.
Description
Technical Field
The present disclosure relates to the field of computer software technologies, and in particular, to a data center network building system, an implementation method thereof, an electronic device, and a storage medium.
Background
Software deployment, delivery and subsequent operation and maintenance work in a user production environment are generally affected by changes in the user production environment. Due to the fact that the user production environment conditions are complex and changeable, possible deployment environments comprise public cloud, private deployment of the public cloud, non-cloud environments and the like. These environments have various slight differences, and therefore, the specific application software deployment needs to be adjusted according to the differences of the user production environments so as to enable the software to run normally. Generally, after obtaining application software, a user does not directly implement rapid deployment and operation, but needs to perform docking and cooperation processing of engineers of both parties, which makes deployment, operation and maintenance, and management very complicated and inefficient. If the software and the hardware can be delivered together, the software is operated on a hardware system in advance, and then the hardware system is directly delivered to a user, so that the adjustment of the application to the production environment of the user is not needed. When the user obtains the hardware system, the plug and play is carried out without configuration.
At present, some software and hardware integrated solutions exist. In these solutions, storage devices, network devices, and computing devices are typically included. Under the cooperation of the three large parts, a hardware environment for software running is constructed, and then a software system is deployed in the hardware environment. However, the existing software and hardware integration scheme has the following problems: (1) high equipment cost: the system comprises three major parts, namely storage equipment, network equipment and computing equipment, which are usually independent hardware entity equipment, and the purchase cost is higher; (2) professional installation is required: related technical knowledge is needed for deploying hardware equipment, namely, transfer personnel is needed to participate, and a user cannot plug and play after taking the hardware.
Disclosure of Invention
An object of the embodiments of the present specification is to provide a data center network construction system, an implementation method thereof, an electronic device, and a storage medium, in order to solve the above problems.
In order to solve the above technical problem, the embodiments of the present specification are implemented as follows:
in a first aspect, a data center network construction system is provided, which includes a server, and a virtualization management program, a virtual machine, a software routing firewall, and a virtualization two-layer network running on the server; wherein, the first and the second end of the pipe are connected with each other,
the virtualization management program is deployed on an operating system of the server so that the server physical storage is mapped to a virtualization storage pool to provide storage service for the virtual machine; the virtual machine at least comprises a client and a network card and is used for actually executing a data center network construction task; the software routing firewall is used for providing a gateway for the flow of the virtual machine to access an external network; and the virtualization two-layer network is used for simultaneously accessing the virtual machine network card and the software routing firewall network card so that the flow of the virtual machine is sent to the software routing firewall through the virtualization two-layer network.
The second aspect provides a method for implementing a data center network construction system, which runs a virtualization management program, a virtual machine and a software routing firewall on a server; the method comprises the following steps:
deploying the virtualization management program on an operating system of the server, so that the server physically stores and maps the virtualization storage pool to provide storage service for the virtual machine, and the virtual machine at least configures a client and a network card to actually execute a data center network construction task;
and constructing the virtualization two-layer network for accessing the virtual machine network card and the software routing firewall network card at the same time so that the virtual machine flow is sent to the software routing firewall through the virtualization two-layer network, wherein the software routing firewall is used for providing a gateway for the virtual machine flow to access an external network.
In a third aspect, an electronic device is provided, including: a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to perform the method of the second aspect.
In a fourth aspect, a computer-readable storage medium is presented, which stores one or more programs that, when executed by an electronic device comprising a plurality of application programs, cause the electronic device to perform the method of the second aspect.
The specification can achieve at least the following technical effects:
according to the scheme of the invention, the network, the storage and the calculation are integrated into a single server to form a software and hardware integrated machine, so that the cost is effectively saved; when the application is deployed, customized configuration is not needed for the production environment of a user, the application can be accessed for use, physical migration is more convenient, and deployment efficiency is improved.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
Fig. 1 is a schematic diagram of a data center network building system provided in an embodiment of the present disclosure.
Fig. 2 is a second schematic diagram of a data center network building system according to an embodiment of the present disclosure.
Fig. 3 is a schematic diagram of an implementation method of a data center network building system according to an embodiment of the present disclosure.
Fig. 4 is a schematic structural diagram of an electronic device provided in an embodiment of the present specification.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
The following describes a block chain consensus algorithm implementation based on streaming processing in detail by using specific examples.
Key terms
Public cloud: generally, the cloud which can be used is provided by a third party provider for a user, a public cloud can be generally used through the Internet and can be free or low in cost, and the core attribute of the public cloud is a shared resource service. There are many instances of such a cloud that can provide services throughout the open public network today. Public clouds are considered the primary modality of cloud computing. The computing model of the public cloud is divided into three parts: (1) Public cloud access, namely, a person or an enterprise can obtain cloud computing service through a common internet, a service access point in the public cloud is responsible for authenticating the accessed person or enterprise, judging authority, service conditions and the like, and the person or the enterprise can enter a public cloud platform and obtain corresponding service through examination; (2) The public cloud platform is responsible for organizing and coordinating computing resources and providing various computing services according to the needs of users; (3) Public cloud management, namely management and monitoring of 'public cloud access' and 'public cloud platform', is oriented to end-to-end configuration, management and monitoring, and guarantees that users can obtain better services. In addition, according to the classification of market participant types, four categories can be distinguished: (1) legacy telecommunication infrastructure operators; (2) government-dominated, local cloud computing platforms; (3) a public cloud platform manufactured by the internet huge head; (4) Some of the former IDC operators and domestic enterprises having foreign technical backgrounds or introducing foreign cloud computing technologies.
Privatized deployment of public clouds: the product is deployed on a server of a user, can be a physical machine or a cloud host of the user, has the advantage of good openness, can be matched with a platform of the user to carry out secondary development, and simultaneously all data are stored in the user. The enterprise is considered that although the public cloud is low in cost, important data cannot be stored on a public network in order to achieve network security and customer privacy, and therefore privatization deployment tends to be erected. The privatized deployment is constructed for the independent use of one client, so that the most effective control on data, safety and service quality is provided, an enterprise has an internal server, and the enterprise data can be deployed in a private safe place. Setting up privatized deployment is a major investment, enterprises need to manage data centers, networks and storage equipment by themselves, and have professional consultants; the enterprise management layer must take into account the necessity of using the private cloud and whether there are sufficient resources to ensure that the privatized deployment is functioning properly. The privatization investment and maintenance cost a little relatively, the investment period is too long, the enterprise can put partially insensitive data and business on the public cloud, and business related data is continuously maintained by the company privatization, so that the business growth of the enterprise can be promoted with the minimum cost and the minimum risk. As for whether the public cloud is safe enough, whether privacy safety can be guaranteed, and whether the public cloud is worth enterprises to use at ease, the public cloud more needs to guarantee user data safety better according to behavior specifications of the whole industry.
Private cloud: the private cloud is constructed for independent use of a user, so that the private cloud can be effectively controlled in data security and service quality, the private cloud is based on the mode that an infrastructure is required to be owned and an application program is deployed on the infrastructure can be controlled, the private cloud can be deployed in a firewall of an enterprise data center, and the core attribute is a proprietary resource. The private cloud can be built on a local area network of a company and communicated with related systems such as a monitoring system, an asset management system and the like of the company in the company, so that the integrated management of the system in the company is facilitated. Although the private cloud is higher in data security than the public cloud, the maintenance cost is relatively higher (for medium and small enterprises), so that generally only large enterprises can adopt the cloud platform, as for the enterprises, the service data life line cannot be acquired by any other market subject, meanwhile, after an enterprise, especially an internet enterprise develops to a certain extent, operation and maintenance personnel and infrastructure of the enterprise are fully improved, and the cost for building the private cloud is sometimes lower than that of the public cloud (so-called economy of scale).
Fusion environment: here, "environment" refers to a software execution environment. The common environment is composed of a plurality of parts, different environment parts complete different works, and the parts are mutually independent and mutually cooperated and are distributed in different systems. In contrast, a converged environment combines different environments to form a complete environment.
Example one
Fig. 1 is a schematic diagram of a data center network construction system according to an embodiment of the present invention. Because of the existing software and hardware integration solution, under the cooperation of three major parts of storage equipment, network equipment and computing equipment, a hardware environment for software operation is constructed, and then a software system is deployed in the hardware environment. However, the device cost is high, and particularly, the device comprises three major parts, namely a storage device, a network device and a computing device, which are usually independent hardware entity devices, and meanwhile, the device needs to be installed by professional personnel, and a user cannot plug and play after taking the hardware. In view of the above problems, embodiments of the present invention provide a low-cost plug-and-play hardware integration scheme. In the scheme, storage, calculation and network are integrated, and three major parts of a hardware environment are realized in one physical server. Through the converged environment, users do not need to purchase separate, large, expensive hardware devices, nor hire a transfer technician to install. Although all parts of storage, calculation and network are integrated, the whole system still follows the original IT system, the most critical part in the system is the network, the scheme still needs to communicate storage and calculation through routing and exchange, namely, the scheme has the problem of how to construct a data center network connecting the two parts of calculation and storage on a single physical server.
To this end, the embodiment of the present invention provides a data center network construction system, which includes a server 101, and a virtualization management program 103, a virtual machine 105, a software routing firewall 107, and a virtualization two-layer network 109 running on the server. The specific scheme is as follows.
The server 101, i.e. the physical hardware itself at the bottom layer, is also the basis for the integration of software and hardware, on which all environments will run.
The virtualization management program 103 is deployed on the operating system 102 of the server to map the physical storage of the server to a virtualization storage pool to provide storage service for the virtual machine;
alternatively, for implementation of the operating system 102 portion of the server 101, no special customized configuration is required, and current operating systems and virtualization technologies can be directly utilized. For the operating system, the mainstream modern operating system, such as Linux or Windows operating system, can be directly used, and the requirements can be met. For the virtualization hypervisor 103, the current mainstream virtualization technology, such as KVM VMWare virtualization, can be directly used, as long as it can support the modern operating system virtualization of the mainstream.
The virtual machine 105 at least includes a client and a network card, and is configured to actually perform a data center network construction task. Specifically, as a node actually performing the computing operation, a mainstream modern operating system is operated, all virtual machine network cards and software routing firewall network cards are located in the same virtualization two-layer network, and all virtual machine traffic is sent to a software routing firewall through the virtualization two-layer network and is sent to an external network by another network card of the software routing firewall.
Optionally, data sharing by the virtualized client: since many data, files and programs among multiple virtual machine instances need to be shared, the problem can be solved by running a storage service, and the virtual machine instance still serves as a virtualized client instance.
Optionally, remote access by the virtualization client: the operating system/virtualization has a graphical desktop or remote web access, and an administrator can manage the software and hardware integrated machine in a remote mode.
The software routing firewall 107 is used to provide a gateway for virtual machine traffic to access external networks. Specifically, as a gateway for the virtual-machine client to access the external network, all virtual-machine traffic will be routed through the software-routing firewall's bridging network to the external network. For a virtualized environment, routing can be performed by deploying the operating system of the router to the virtualized environment, and currently available software routing firewalls are OpenWrt, pfSense, and the like. Meanwhile, the network service is also realized in a software routing firewall, and the traffic management is realized simultaneously through the global traffic inspection.
The virtualized two-tier network 109 is configured to access the virtual machine network card and the software routing firewall network card at the same time, so that the virtual machine traffic is sent to the software routing firewall through the virtualized two-tier network. Specifically, as shown in fig. 2, a schematic structure of the virtualized layer-two network 109 is shown. It can be seen that the virtualized two-layer network 109 includes three networks, i.e., a cluster network 901, a management network 902, and an access network 903, where the three networks respectively assume different roles, are isolated from each other, and cannot be accessed to each other, and the roles of the three networks are as follows.
The cluster network 901 is used for building a computing cluster and a storage cluster, and the network is only used for supporting the mutual access of computing and storage, and any working node added into the network necessarily belongs to the network. Nodes within the network have access to each other and only to each other. In the cluster network, a computing node and a storage node are operated on the software basic environment after the software basic environment is deployed. In this network, network traffic is routed by the gateway device. The gateway device is an exit of the flow of the cluster network, and all nodes in the cluster network access an external network through the gateway device to realize centralized control of network access, taking a KVM virtual machine as an example.
Taking KVM/libvirt as an example, a reference configuration file for creating a cluster network is as follows:
in the configuration file, a virtual network is established, the virtual network is a two-layer switching network, and all nodes realize intercommunication through the two-layer switching network.
A management network 902 for managing the software and hardware combo using external management tools. The external management tool also runs on a virtual machine in the software and hardware integrated environment, and a user can directly access and manage the software and hardware integrated machine without an additional management system or a client through the external management tool. The external management tool is connected to the management network, and the management network is connected to the software and hardware all-in-one machine, so that the external management tool can directly manage the software and hardware all-in-one machine, taking the KVM virtual machine as an example.
Taking KVM/libvirt as an example, the reference configuration file for creating the management network is as follows:
in the configuration file, a virtual network is created, and addresses are allocated by further creating a DHCP server so as to realize network intercommunication between an external management tool and a physical server. The virtual network is a three-layer routing network, and all nodes realize intercommunication through a three-layer IP network.
And an access network 903 for accessing the network for the administrator and accessing the external management tool through the access network. The network is only used for management purposes and not used for cluster external network access, and the purpose of comparison is to isolate cluster external traffic and cluster internal traffic so as to improve network security. In addition, the network interface bridge of the access network, which can be directly provided by using the virtualization technology, is not required to be separately created.
Example two
Referring to fig. 3, in an embodiment of the present invention, a method for implementing a data center network construction system is provided, where a server runs a virtualization management program, a virtual machine, and a software routing firewall; the method comprises the following steps:
step 301: deploying the virtualization management program on an operating system of the server, so that the server physically stores and maps to a virtualization storage pool to provide storage service for the virtual machine, wherein the virtual machine is at least provided with a client and a network card so as to actually execute a data center network construction task;
step 302: and constructing the virtualization two-layer network for accessing the virtual machine network card and the software routing firewall network card simultaneously so that the virtual machine flow can be sent to the software routing firewall through the virtualization two-layer network, and the software routing firewall is used for providing a gateway for the virtual machine flow to access an external network.
Optionally, the virtualized two-layer network at least includes a cluster network, a management network, and an access network in a specific network isolation manner; the cluster network is used for establishing a computing cluster and a storage cluster so as to realize mutual access of computing and storage; the management network is used for realizing that an external management tool accesses the server to provide a network channel; the access network is used for realizing the access of an administrator to the external management tool.
Optionally, the virtual machine client runs a storage service, which is used to implement data, file, and data sharing between different virtual machines.
EXAMPLE III
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. Referring to fig. 4, at a hardware level, the electronic device includes a processor, and optionally further includes an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 4, but this does not indicate only one bus or one type of bus.
And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form the shared resource access control device on the logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:
running a server which comprises a virtualization management program, a virtual machine and a software routing firewall; the method comprises the following steps:
deploying the virtualization management program on an operating system of the server, so that the server physically stores and maps to a virtualization storage pool to provide storage service for the virtual machine, wherein the virtual machine is at least provided with a client and a network card so as to actually execute a data center network construction task;
and constructing the virtualization two-layer network for accessing the virtual machine network card and the software routing firewall network card simultaneously so that the virtual machine flow can be sent to the software routing firewall through the virtualization two-layer network, and the software routing firewall is used for providing a gateway for the virtual machine flow to access an external network.
The implementation method of the data center network building system disclosed in the embodiment shown in fig. 3 can be applied to a processor, or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of this specification may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present specification may be embodied directly in a hardware decoding processor, or in a combination of hardware and software modules in the decoding processor. The software modules may be located in ram, flash, rom, prom, or eprom, registers, etc. as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
Of course, besides the software implementation, the electronic device of the embodiment of the present disclosure does not exclude other implementations, such as a logic device or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or a logic device.
Example four
This specification embodiment also proposes a computer-readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a portable electronic device comprising a plurality of application programs, are capable of causing the portable electronic device to perform the method of the embodiment shown in fig. 3, and in particular for performing the method of:
the method comprises the steps that a virtualization management program, a virtual machine and a software routing firewall are operated on one server; the method comprises the following steps:
deploying the virtualization management program on an operating system of the server, so that the server physically stores and maps to a virtualization storage pool to provide storage service for the virtual machine, wherein the virtual machine is at least provided with a client and a network card so as to actually execute a data center network construction task;
and constructing the virtualization two-layer network for accessing the virtual machine network card and the software routing firewall network card at the same time so that the virtual machine flow is sent to the software routing firewall through the virtualization two-layer network, wherein the software routing firewall is used for providing a gateway for the virtual machine flow to access an external network.
In short, the above description is only a preferred embodiment of the present disclosure, and is not intended to limit the scope of the present disclosure. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present specification shall be included in the protection scope of the present specification.
The systems, apparatuses, modules or units described in the above embodiments may be specifically implemented by a computer chip or an entity, or implemented by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises that element.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the system embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
Claims (12)
1. A data center network construction system comprises a server and is characterized by further comprising a virtualization management program, a virtual machine, a software routing firewall and a virtualization two-layer network, wherein the virtualization management program, the virtual machine, the software routing firewall and the virtualization two-layer network run on the server; wherein the content of the first and second substances,
the virtualization management program is deployed on an operating system of the server, so that the server physical storage is mapped to a virtualization storage pool to provide storage service for the virtual machine; the virtual machine at least comprises a client and a network card and is used for actually executing a data center network construction task; the software routing firewall is used for providing a gateway for the flow of the virtual machine to access an external network; and the virtualization two-layer network is used for simultaneously accessing the virtual machine network card and the software routing firewall network card so that the flow of the virtual machine is sent to the software routing firewall through the virtualization two-layer network.
2. The data center network building system of claim 1, wherein the virtualization manager uses mainstream virtualization technology, including one of KVM or VMWare; the operating system uses a mainstream operating system, including one of Linux or Windows.
3. The data center network construction system according to claim 1, wherein the software routing firewall comprises at least a routing operating system, a dynamic routing protocol, and a VPN protocol to support operation in a non-hardware-specific environment.
4. The data center network building system according to claim 1, wherein the virtualized two-tier network comprises at least a cluster network, a management network, an access network; wherein the content of the first and second substances,
the cluster network is used for establishing a computing cluster and a storage cluster so as to realize mutual access of computing and storage; the management network is used for realizing that an external management tool accesses the server to provide a network channel; the access network is used for realizing the access of an administrator to the external management tool.
5. The system according to claim 1, wherein the virtual machine client runs a storage service for sharing data, files, and data between different virtual machines.
6. The data center network building system according to claim 1, wherein the virtual machine client further comprises a remote access function, so that a user can remotely implement corresponding operations for building the data center network.
7. A data center network construction system implementation method is characterized in that a virtualization management program, a virtual machine and a software routing firewall are operated on a server; the method comprises the following steps:
deploying the virtualization management program on an operating system of the server, so that the server physically stores and maps to a virtualization storage pool to provide storage service for the virtual machine, wherein the virtual machine is at least provided with a client and a network card so as to actually execute a data center network construction task;
and constructing the virtualization two-layer network for accessing the virtual machine network card and the software routing firewall network card at the same time so that the virtual machine flow is sent to the software routing firewall through the virtualization two-layer network, wherein the software routing firewall is used for providing a gateway for the virtual machine flow to access an external network.
8. The method of claim 7, wherein the virtualized two-tier network comprises at least a cluster network, a management network, and an access network; wherein the content of the first and second substances,
the cluster network is used for establishing a computing cluster and a storage cluster so as to realize mutual access of computing and storage; the management network is used for realizing that an external management tool accesses the server to provide a network channel; the access network is used for realizing the access of an administrator to the external management tool.
9. The implementation method of the data center network construction system according to claim 7, wherein the virtual machine client runs a storage service for implementing data, file, and inter-program data sharing between different virtual machines.
10. The method for implementing the data center network building system according to claim 7, wherein the virtual machine client further includes a remote access function, so that a user can remotely implement corresponding operations for building the data center network.
11. An electronic device, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to perform the method of any of claims 7 to 10.
12. A computer readable storage medium, storing one or more programs, which when executed by an electronic device that includes a plurality of application programs, cause the electronic device to perform the method of any of claims 7-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210639362.XA CN115567398A (en) | 2022-06-07 | 2022-06-07 | Data center network construction system and implementation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210639362.XA CN115567398A (en) | 2022-06-07 | 2022-06-07 | Data center network construction system and implementation method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115567398A true CN115567398A (en) | 2023-01-03 |
Family
ID=84737530
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210639362.XA Pending CN115567398A (en) | 2022-06-07 | 2022-06-07 | Data center network construction system and implementation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115567398A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116684301A (en) * | 2023-06-26 | 2023-09-01 | 北京永信至诚科技股份有限公司 | Method, system, equipment and storage medium for realizing cross-range task collaboration |
| CN117354798A (en) * | 2023-12-04 | 2024-01-05 | 深圳市开源网络安全服务有限公司 | Continuous deployment method, system and related equipment based on cellular network |
| CN117544422A (en) * | 2024-01-09 | 2024-02-09 | 深圳市科服信息技术有限公司 | Firewall virtualization deployment method and system |
-
2022
- 2022-06-07 CN CN202210639362.XA patent/CN115567398A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116684301A (en) * | 2023-06-26 | 2023-09-01 | 北京永信至诚科技股份有限公司 | Method, system, equipment and storage medium for realizing cross-range task collaboration |
| CN116684301B (en) * | 2023-06-26 | 2024-01-30 | 北京永信至诚科技股份有限公司 | Method, system, equipment and storage medium for realizing cross-range task collaboration |
| CN117354798A (en) * | 2023-12-04 | 2024-01-05 | 深圳市开源网络安全服务有限公司 | Continuous deployment method, system and related equipment based on cellular network |
| CN117354798B (en) * | 2023-12-04 | 2024-03-08 | 深圳市开源网络安全服务有限公司 | Continuous deployment method, system and related equipment based on cellular network |
| CN117544422A (en) * | 2024-01-09 | 2024-02-09 | 深圳市科服信息技术有限公司 | Firewall virtualization deployment method and system |
| CN117544422B (en) * | 2024-01-09 | 2024-03-29 | 深圳市科服信息技术有限公司 | Firewall virtualization deployment method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11853789B2 (en) | Resource manager integration in cloud computing environments | |
| US9755903B2 (en) | Replicating firewall policy across multiple data centers | |
| US11599380B2 (en) | Multi-tenant support on virtual machines in cloud computing networks | |
| CN115567398A (en) | Data center network construction system and implementation method thereof | |
| US10778645B2 (en) | Firewall configuration manager | |
| CN109067877B (en) | Control method for cloud computing platform deployment, server and storage medium | |
| US9660895B1 (en) | Geolocation routing and simulation of network conditions | |
| US20160198003A1 (en) | Architecture and method for sharing dedicated public cloud connectivity | |
| US20160197834A1 (en) | Architecture and method for traffic engineering between diverse cloud providers | |
| US20160197835A1 (en) | Architecture and method for virtualization of cloud networking components | |
| WO2017157156A1 (en) | Method and apparatus for processing user requests | |
| CN105684357A (en) | Management of addresses in virtual machines | |
| US20180152392A1 (en) | Hybrid cloud management | |
| JP2018206342A (en) | Server system which can operate when standby power source of psu does not function | |
| WO2023024629A1 (en) | Service access across kubernetes clusters | |
| CN103685608A (en) | Method and device for automatically configuring IP (Internet Protocol) address of security virtual machine | |
| CN104468791A (en) | Private cloud IaaS platform construction method | |
| US11916786B2 (en) | Distributed routing controllers for multi-region SDWAN | |
| CN115604103A (en) | Configuration method and device of cloud computing system, storage medium and electronic equipment | |
| CN116488836A (en) | Kubernetes cluster resource management method and system based on multiple tenants | |
| US11363113B1 (en) | Dynamic micro-region formation for service provider network independent edge locations | |
| US20240098089A1 (en) | Metadata customization for virtual private label clouds | |
| US12003368B1 (en) | Symbiotic network orchestrator for computing networks | |
| US11671353B2 (en) | Distributed health monitoring and rerouting in a computer network | |
| Nichat et al. | Review on Modeling and Implementation of Cloud Computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |