CN102025535A - Virtual machine management method and device and network equipment - Google Patents
Virtual machine management method and device and network equipment Download PDFInfo
- Publication number
- CN102025535A CN102025535A CN 201010549171 CN201010549171A CN102025535A CN 102025535 A CN102025535 A CN 102025535A CN 201010549171 CN201010549171 CN 201010549171 CN 201010549171 A CN201010549171 A CN 201010549171A CN 102025535 A CN102025535 A CN 102025535A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- network equipment
- port
- data message
- security strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides virtual machine management method and device and network equipment. The method comprises the following steps of: receiving and analyzing a data message by the network equipment to acquire an MAC (Media Access Control) address in the data message; and recognizing whether an object sending the data message is a virtual machine by the network equipment according to the MAC address and a prestored MAC address of the virtual machine. The technical scheme of the invention can be adopted to recognize the virtual machine, further manage the virtual machine, such as configuration of a security policy, and the like and overcome the defects of virtual machine recognition incapability by the network equipment in the prior art, and is beneficial to wholly improving the management efficiency of the network equipment to the virtual machine.
Description
Technical field
The present invention relates to the network communications technology, relate in particular to a kind of Virtual Machine Manager method, device and the network equipment.
Background technology
Server virtualization is that a kind of making can be moved a plurality of virtual servers technology of (industry is called virtual machine again) on the single one physical server, this physical server is that the provide support hardware resource of its operation of a plurality of virtual machines is abstract, for example virtual basic input output system (Basic Input Output System; Abbreviate as: BIOS), virtual processor, virtual memory and virtual unit and input and output (Input Output; Abbreviate as: IO) etc., also provide good isolation performance and fail safe simultaneously for each virtual machine.For example: before adopting the server virtualization technology, customer relation management (Customer Relationship Management; Abbreviate as: CRM) system, game on line and Enterprise Resources Plan (Enterprise Resource Planning; Abbreviate as: ERP) system need move on the physical server of three platform independent; And after adopting the server virtualization technology, above-mentioned three application may operate on three virtual machines, and three virtual machines are by a physical server trustship.This shows that the server virtual technology can make the physical server resource be utilized more fully.For example in the actual motion of data center environment, can adopt the server virtualization technology that a plurality of systems are installed on a physical server usually, a physical server be invented a plurality of virtual machines use, to improve the utilance of physical server.
The server real-time migration is a kind of in the virtual machine running, and is the running status of whole virtual machine is complete, move to technology on the new physical server (target physical server) from the physical server (being called the source physical server) at original place fast.The transition process of whole virtual machine is level and smooth, and is transparent to the user.Because virtual abstract actual physical resource, therefore, the server real-time migration can be supported the isomerism between source physical server and the target physical server.The server real-time migration need cooperatively interact by the virtual machine monitor (target virtual machine monitor) on virtual machine monitor on the physical server of source (being called the source virtual machine monitor) and the target physical server and finish the internal memory of VME operating system or the copy of other state informations.After the server real-time migration began, memory pages was constantly copied to the target virtual machine monitor from the source virtual machine monitor; After the last part memory pages is copied into the target virtual machine monitor, finish the handover operation of virtual machine by source virtual machine monitor and target virtual machine monitor, virtual machine on the target physical server brings into operation, virtual machine on the physical server of source is terminated, and the server real-time migration is finished.For example: in data center environment, maintenance and renewal to system hardware can adopt server real-time migration technology to finish, be about to virtual machine and move on another physical server, then, original physical server is carried out hardware maintenance from a physical server; After treating that maintenance is finished, virtual machine is moved back on the original physical server, whole process can be finished under the situation of the machine of not delaying, and further promotes the utilance of resource in the data center environment again.
Usually, physical server is by being articulated on the network equipment, carries out communication by the network equipment with extraneous.Wherein, the network equipment is being born the fail safe of the data flow of the external communication of virtual machine on the physical server and reliability transmission etc., therefore, and can some security strategies of configuration on the network equipment.After virtual machine moved, above-mentioned security strategy needed to be moved to accordingly on the new network equipment or the new port and comes into force on the new network equipment or new port.But, because the present network equipment can't perceive the migration of virtual machine, therefore, treat virtual machine (vm) migration after, the pairing security strategy of virtual machine can only manually or by webmastering software be moved on the new network equipment or the new port by the network manager.Aforesaid operations mode not only efficient is low, and it is also very inconvenient to operate, and therefore, the migration how network equipment can discern virtual machine becomes the primary problem that solves in the present server virtualization technology.
Summary of the invention
The invention provides a kind of Virtual Machine Manager method, device and the network equipment,, improve the efficient of managing virtual machines on the whole in order to the identification virtual machine.
The invention provides a kind of Virtual Machine Manager method, comprising:
Network equipment receiving data packets, and resolve described data message to obtain the Media Access Control address in the described data message;
The described network equipment is according to described Media Access Control address and stored virtual machines Media Access Control address in advance, and whether the object that identification sends described data message is virtual machine.
The invention provides a kind of Virtual Machine Manager device, comprising:
Receiver module is used for receiving data packets, and resolves described data message to obtain the Media Access Control address in the described data message;
Identification module is used for according to described Media Access Control address and stored virtual machines Media Access Control address in advance, and whether the object that identification sends described data message is virtual machine.
The invention provides a kind of network equipment, comprise arbitrary Virtual Machine Manager device provided by the invention.
Virtual Machine Manager method provided by the invention, device and the network equipment, storage virtual machine Media Access Control address in advance, obtain the Media Access Control address in the data message that receives by parsing, and Media Access Control address in the data message and virtual machine Media Access Control address compared, can identify with this whether the object that sends datagram is virtual machine.Pass through technical solution of the present invention, the network equipment can be discerned virtual machine, and then can do further management to virtual machine, for example security strategy configuration etc., overcome that the network equipment is beneficial to and improves the efficient that the network equipment manages virtual machine on the whole because of discerning the defective that virtual machine causes in the prior art.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply, apparently, accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
The flow chart of the Virtual Machine Manager method that Fig. 1 provides for the embodiment of the invention one;
The flow chart of the Virtual Machine Manager method that Fig. 2 provides for the embodiment of the invention two;
A kind of flow chart of the Virtual Machine Manager method that Fig. 3 A provides for the embodiment of the invention three;
The another kind of flow chart of the Virtual Machine Manager method that Fig. 3 B provides for the embodiment of the invention three;
The flow chart of the Virtual Machine Manager method that Fig. 4 A provides for the embodiment of the invention four;
The Virtual Machine Manager method that Fig. 4 B provides for the embodiment of the invention four based on the network topology structure schematic diagram;
The structural representation of the Virtual Machine Manager device that Fig. 5 provides for the embodiment of the invention five;
A kind of structural representation of the Virtual Machine Manager device that Fig. 6 A provides for the embodiment of the invention six;
The another kind of structural representation of the Virtual Machine Manager device that Fig. 6 B provides for the embodiment of the invention six.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Embodiment one
The flow chart of the Virtual Machine Manager method that Fig. 1 provides for the embodiment of the invention one.The executive agent of present embodiment is the network equipment, and as shown in Figure 1, the method for present embodiment comprises:
In the present embodiment, the network equipment is connected with server, and server communicates by the network equipment and the external world.
Wherein, all corresponding virtual machine MAC Address of each virtual machine, the MAC Address with the virtual machine correspondence in various embodiments of the present invention is called the virtual machine MAC Address.Concrete, in the network equipment, store the virtual machine MAC Address in the network of place in advance; When the network equipment receives data message, MAC Address in the data message of learning and local stored virtual machines MAC Address are compared; If comparative result confirms then that for finding the virtual machine MAC Address consistent with the MAC Address of learning the object that sends datagram is the virtual machine that runs on the physical server; Otherwise, confirm that then the object that sends datagram is non-virtual machine.
The Virtual Machine Manager method that present embodiment provides, by storage virtual machine MAC Address in advance, make the network equipment and compare two processes by MAC address learning, automatically identify whether the object that sends datagram is virtual machine, to reach the purpose of identification virtual machine, and then can carry out the follow-up management operation to virtual machine identifying when being virtual machine, convenience and efficient when for improving virtual machine being managed lay the foundation.
Wherein, the virtual machine MAC Address that the manufacturer of each virtual machine all has application alone to use, for example the virtual machine MAC Address field of VM ware company has 00-1C-14-XX-XX-XX.Therefore, in various embodiments of the present invention, can be the virtual machine MAC Address of each virtual machine of network equipments configuration manufacturer application in advance by the keeper, and upgrade these virtual machines manufacturer's virtual machine MAC Address field by the mode of software upgrading or online updating.
When the network equipment receives data message,,, just can think and the existence that perceives virtual machine promptly identify virtual machine in case obtain virtual machine manufacturer's virtual machine MAC Address by MAC address learning and comparison.
In addition, virtual machine MAC Address in the various embodiments of the present invention is not limited to the virtual machine MAC Address of each virtual machine manufacturer application, it can also be the virtual machine MAC Address of particular arrangement, for example LA Management Room in one network makes an appointment the virtual machine MAC Address special, and is that the network equipment adds by administrator hand.Wherein, having only the network equipment in this network can discern the MAC Address of being added is the virtual machine MAC Address.
Further, the virtual machine MAC Address in the various embodiments of the present invention can comprise the virtual machine MAC Address of virtual machine manufacturer application and the virtual machine MAC Address that special agreement is used simultaneously.Wherein, the virtual machine MAC Address of special agreement, the demand in the time of can satisfying the part virtual machine and have to use special MAC Address because of special requirement or reason.
Embodiment two
The flow chart of the Virtual Machine Manager method that Fig. 2 provides for the embodiment of the invention two.Present embodiment can realize that as shown in Figure 2, the Virtual Machine Manager method of present embodiment comprises based on embodiment one:
Step 201, network equipment receiving data packets, and the resolution data message is to obtain the MAC Address in the data message; Be the study that the network equipment carries out MAC Address.
In various embodiments of the present invention, secure virtual machine strategy correspondence table is obtained in advance by the network equipment.Wherein, secure virtual machine strategy correspondence table can also can be learnt by information interaction by each network equipment mutually by the keeper according to situation manual configuration such as network state, layouts.Wherein, because mutually the study mode of obtaining secure virtual machine strategy correspondence table has flexible and can change and advantage such as variation voluntarily with network condition, and become a kind of optimal way.
Wherein, store in the secure virtual machine strategy correspondence table each virtual machine MAC Address and with each virtual machine MAC Address corresponding security strategy.And the stored virtual machines MAC Address is consistent in advance with the network equipment for the virtual machine MAC Address in the secure virtual machine strategy correspondence table.Therefore, when the network equipment when operations such as study, coupling recognize the virtual machine MAC Address, can be by inquiry secure virtual machine strategy correspondence table to obtain the virtual machine corresponding security strategy that sends datagram, and this security strategy is configured on the port (promptly receiving the port of data message) of this virtual machine of connection of the network equipment, be about to security strategy and on this port, this virtual machine come into force; To carry out security control to the message of this virtual machine according to this security strategy follow-up.
The safety and the reliable transmission of the data flow when wherein, the network equipment mainly comes the charge server correspondence with foreign country by security strategy.The mode of realization security strategy commonly used mainly contains arranging access control list (Access Control List; Abbreviate as: ACL).Wherein, ACL controls the data message that the port of the network equipment receives by defining some rules: allow by or abandon.The network equipment can carry out categorical filtering to it during by the network equipment at data message by ACL, and to checking from the data message of designated port input or output, decision is to allow it still to abandon (Deny) by (Permit) according to matching condition (Conditions).ACL is made up of a series of list item, the behavior when the corresponding list item of each ACL comprises the matching condition that satisfies this list item and Satisfying Matching Conditions.And the rule of visit ACL can be at the source MAC or source Internet protocol (the Internet Protocol of data message; Abbreviate as: IP) address, Destination MAC or target ip address, upper-layer protocol, information such as time zone.For example: when only allowing the IP address accesses virtual machine of this network segment of 192.168.1.0/24, then the network equipment should dispose ACL on the outbound course of the port that this virtual machine connects, and acl rule is: PERMIT (permission) source IP=192.168.1.0/24, and this acl rule come into force on this port.Wherein, pass through for forbidding other data messages, so the data message that source IP address does not satisfy above-mentioned requirements will be filtered by the default that ACL is set.
In addition, the network equipment can also pass through service quality (Quality of Service; Abbreviate as: QOS) carry out security control, for example: can carry out security control according to the restriction of the network bandwidth.For example: when only allowing virtual machine to send the data message of 10M, the network equipment need be on the port that virtual machine connects configuration QOS bandwidth constraints rule, QOS bandwidth constraints rule is: rate limit 10M, and this QOS bandwidth constraints rule is configured in this port.
Need explanation at this, in the present embodiment technical scheme, when virtual machine is connected with a certain port of the network equipment always, only need according to initial learn to MAC Address the port of the data message that receives virtual machine and send carried out the once safety policy configurations get final product, need not when learning MAC Address, all to carry out security strategy at every turn and dispose.
The Virtual Machine Manager method of present embodiment, by storage virtual machine MAC Address in advance, carry out operations such as MAC address learning, coupling and judgement, can make network equipment identification virtual machine, and after identifying virtual machine, carry out the security strategy configuration voluntarily, the safety and the reliable transmission of the data message when communicating by letter with the external world with the assurance virtual machine according to the secure virtual machine strategy correspondence table of obtaining in advance; Simultaneously, present embodiment can carry out the security strategy configuration to virtual machine by the network equipment based on the identification to virtual machine, need not administrator hand operate, and has improved the efficient of configuration security strategy, can manage virtual machine more easily.
Embodiment three
A kind of flow chart of the Virtual Machine Manager method that Fig. 3 A provides for the embodiment of the invention three.Present embodiment can realize that as shown in Figure 3A, the management method of present embodiment comprises based on embodiment one and embodiment two:
Step 301, network equipment receiving data packets, and the resolution data message is to obtain the MAC Address in the data message; Be the study that the network equipment carries out MAC Address.
Wherein, the data message of this MAC Address correspondence that the network equipment receives may be by sent when newly starting by the virtual machine of a station server trustship always, also may be to be sent by the virtual machine of moving on another station server from a station server (physical server).Whether can discern above-mentioned virtual machine by the decision operation of step 303 moves.
Wherein, store the state information of the virtual machine that moves on the server that each network equipment connects in the network in the virtual machine state table, for example comprise on the server, server of port, the connection of the network equipment virtual machine tabulation that should the port operation, and the information such as MAC Address of virtual machine.
Wherein,, need the original network equipment of announcement, the security strategy on the port that connects virtual machine is deleted the operation of promptly losing efficacy so that inform the network equipment that connects before the migration when finding that virtual machine is to move to another station server by a station server.After the network equipment that connects before the migration receives the failure notification message, can resolve and obtain the virtual machine MAC Address of carrying in the notification packet, according to this virtual machine MAC Address the security strategy on the corresponding port is carried out crash handling then.Can guarantee the integrality of security strategy migration like this.
The Virtual Machine Manager method of present embodiment, by storage virtual machine MAC Address in advance, carry out operations such as MAC address learning, coupling and judgement, can make network equipment identification virtual machine, and can identify the migration of virtual machine, make it to the operation of losing efficacy of the security strategy before moving, to finish the complete migration of security strategy by the network equipment that connects before the announcement migration of failure notification message simultaneously; Present embodiment can be discerned virtual machine and virtual machine (vm) migration, has solved the migration problem that can't discern virtual machine and virtual machine, is convenient to follow-up migration or configuration to security strategy
Technique scheme, when the network equipment identifies virtual machine, no matter this virtual machine is to be moved to another service or hosted by a station server always by a station server, and the network equipment need carry out the security strategy configuration on the port that connects virtual machine.Fig. 3 B is depicted as the another kind of structural representation of the Virtual Machine Manager method that the embodiment of the invention three provides; The difference of flow process shown in Fig. 3 B and Fig. 3 A is also to comprise step 303a after step 302: the network equipment carries out the security strategy configuration according to MAC Address of learning and the secure virtual machine strategy correspondence table obtained in advance to the port that receives data message.
In this explanation, no matter be always by the virtual machine of a physical server trustship, the virtual machine of migration still takes place, in present embodiment step 303a, the network equipment only need according to initial learn to the port of MAC Address data message that sink virtual machine is sent carry out the once safety policy configurations and get final product.
Need explanation at this, both do not have sequencing step 303a and step 303, promptly can be to carry out the security strategy configuration earlier, carry out the judgement of whether moving then; Also can be to judge whether earlier to move, and then carry out the security strategy configuration that can be called the security strategy configuration security strategy migration this moment.
Further, local network device is after the security strategy configuration of finishing virtual machine, can also send to other network equipments with the security strategy that disposes on its each port and with security strategy corresponding virtual machine information, so that other network equipments records or upgrade institute's canned data.
The Virtual Machine Manager method of present embodiment, the network equipment can be discerned the migration of virtual machine and virtual machine, and after identifying virtual machine, carry out the security strategy configuration voluntarily according to the secure virtual machine strategy correspondence table of obtaining in advance, guaranteed the safety and the reliable transmission of the data message when virtual machine is communicated by letter with the external world; And based on the identification to virtual machine (vm) migration, the network equipment can carry out the security strategy configuration to virtual machine voluntarily, need not administrator hand operate, and has improved the efficient of configuration security strategy, can manage virtual machine more easily.
Wherein, the execution mode that present embodiment provides a kind of network equipment to obtain secure virtual machine strategy correspondence table and virtual machine state table in advance, but be not limited to this.The execution mode that present embodiment provides comprises:
Step 3031, when each network equipment starts, all send first administrative message, comprise the MAC Address of the network equipment and the port information of transmission first administrative message in first administrative message, wherein port information comprises the type information such as (for example being device port or Service-Port) of port numbers and port.
Step 3033 receives first administrative message that other network equipments send as the network equipment of the executive agent of present embodiment, identifies the device port and the Service-Port of the network equipment according to first administrative message; Wherein, the network equipment not only is connected with server, also can be connected with other network equipments simultaneously, and the port that is connected with server is called Service-Port, and the port that is connected with the network equipment is called device port; Wherein, first administrative message of making an appointment can only send by the port (being device port) that is connected with the network equipment, and can only receive by device port.Therefore, the network equipment can be a device port with the port identification that receives first administrative message, and other ports are then as Service-Port.Then, the method that each network equipment all can provide according to the foregoing description perhaps also can be carried out the security strategy configuration by the virtual machine MAC Address that the keeper uses according to network convention carrying out operations such as virtual machine identification, secure virtual machine policy configurations or migration on the Service-Port separately on corresponding network equipment.After the intact security strategy of each network equipments configuration, can send information such as its security strategy that disposes and security strategy corresponding virtual machine information to other network equipments except that own by device port separately.
Step 3035, the network equipment as the executive agent of present embodiment receives second administrative message that other network equipments send by device port, comprises the information of the virtual machine on each Service-Port that runs on other network equipments in second administrative message and is the security strategy of each virtual machine configuration of being in running status;
Step 3037 according to second administrative message, generates secure virtual machine strategy correspondence table and virtual machine state table as the network equipment of present embodiment executive agent.
Particularly, the information of the network equipment by the virtual machine in second administrative message that obtains each other network equipments and send, the security strategy that disposes for each virtual machine, and mutual corresponding relation, carry out integrated treatment to generate secure virtual machine strategy correspondence table, comprise information, security strategy and the security strategy of virtual machine and the corresponding relation between the virtual machine in this secure virtual machine strategy correspondence table; And generating the virtual machine state table according to the Service-Port information in second administrative message (for example port numbers) and corresponding virtual machine information (for example virtual machine MAC Address), this virtual machine state table comprises the corresponding relation of information such as the port of virtual machine, the network equipment that residing server and the server of virtual machine connected and above-mentioned information.Therefore, when the network equipment as executive agent recognizes the virtual machine MAC Address, can whether move according to the virtual machine state table identification virtual machine of previous moment, if the virtual machine MAC Address appears on other Service-Ports simultaneously, illustrate that migration has taken place this virtual machine, and the security strategy of this virtual machine is carried out corresponding migration.
Wherein, if need not whether virtual machine migration is taken place when discerning (for example embodiment two described scenes), can only generate secure virtual machine strategy correspondence table, and need not to generate the virtual machine state table according to the present embodiment technical scheme.
By the way, each network equipment all can obtain secure virtual machine strategy correspondence table and/or virtual machine state table in advance.Wherein in order to guarantee migration that secure virtual machine strategy correspondence table on each network equipment and virtual machine state table can be followed network state or virtual machine and respective change, stipulate also in the present embodiment that each network equipment regularly sends second administrative message to other network equipments, the pairing security strategy of virtual machine of obtaining the information of the virtual machine that moves on other network equipments in real time and being in running status for each network equipment is to upgrade secure virtual machine strategy correspondence table and/or virtual machine state table in view of the above.
Further, in the above-described embodiments, after 3033, also comprise step 3034, promptly the network equipment as the executive agent of present embodiment carries out the security strategy configuration to the virtual machine on its Service-Port, and regularly send information that runs on the virtual machine on its each Service-Port and the security strategy (i.e. second administrative message) that disposes for each virtual machine to other network equipments by device port, be used for generating secure virtual machine strategy correspondence table and virtual machine state table in advance, and upgrade secure virtual machine strategy correspondence table and virtual machine state table for other network equipments.
The above-mentioned a kind of execution mode that obtains secure virtual machine strategy correspondence table and virtual machine state table for the present invention, this execution mode mainly is by sending first administrative message for each network equipment identification equipment port and Service-Port according to the rule of making an appointment, then, carry out the security strategy configuration, and send second administrative message by device port, with the unified operation of the whole network of carrying out virtual machine and virtual machine corresponding security strategy, promptly on each network equipment, all generate content essentially identical secure virtual machine strategy correspondence table and virtual machine state table, and then lay the first stone for the enforcement of various embodiments of the present invention.
Below will describe the flow process of technical solution of the present invention in detail in conjunction with network topology structure by specific embodiment.
Embodiment four
The flow chart of the Virtual Machine Manager method that Fig. 4 A provides for the embodiment of the invention four; The Virtual Machine Manager method that Fig. 4 B provides for the embodiment of the invention four based on the network topology structure schematic diagram.Shown in Fig. 4 B, present embodiment comprises the network equipment 41, the network equipment 42, the network equipment 43, the network equipment 44 and server 45 and server 46.The network equipment 41 is connected with the network equipment 42, the network equipment 43 and the network equipment 44 respectively, and server 45 is connected with the network equipment 41, and server 46 is connected with the network equipment 42.Wherein the network equipment 41, the network equipment 42, the network equipment 43 and the network equipment 44 are followed the virtual machine unified management mechanism of making an appointment respectively, and have all disposed the employed virtual machine MAC Address of network on each network equipment.Then the method for present embodiment comprises:
Step 401 is all regularly outwards broadcasted first administrative message after 44 starts of the network equipment 41-network equipment, state own virtual support machine administrative mechanism, and allow other network equipments know.Wherein, the network equipment 41-network equipment 44 will be received the port of first administrative message, be designated as device port (Net-Port), the rule of making an appointment according to Virtual Machine Manager mechanism is as can be known: each network equipment has only by device port and sends first administrative message to other network equipments, and the port that connects virtual machine can not received first administrative message, and the port that therefore other can not received first administrative message is designated as Service-Port (Server-Port).Based on this, in network topology shown in Fig. 4 B, there is device port 51,52 and 53; Service-Port 54 and 55.Wherein, the form of first administrative message includes, but are not limited to following information field: network equipment MAC Address; Send the numbering of port of the current network equipment of first administrative message; Send the port type (for example being Server-Port or Net-Port) of the current network equipment of first administrative message.
Based on above-mentioned, all preserved secure virtual machine strategy correspondence table on the network equipment 41-network equipment 44, come into force real-time and get ready for carrying out security strategy.
Step 405 after the new security strategy on the network equipment 42 comes into force success, notify legacy network equipment 41 that former security strategy is deleted, so that the process of complete reaching " security strategy migration ".
Can solve conventional network equipment by the way and can't independently carry out the problem of Autonomic Migration Framework, reach the purpose of the whole network intellectuality in the data center network environment, automatic management security strategy the virtual machine using security strategy.
Embodiment five
The structural representation of the Virtual Machine Manager device that Fig. 5 provides for the embodiment of the invention five.As shown in Figure 5, the Virtual Machine Manager device of present embodiment comprises: receiver module 61 and identification module 62.
Wherein, receiver module 61 is used for receiving data packets, and the resolution data message is to obtain the MAC Address in the data message; Identification module 62 is connected with receiver module 61, is used for the MAC Address obtained according to receiver module 61 and stored virtual machines MAC Address in advance, and whether the object that identification sends datagram is virtual machine.
The Virtual Machine Manager device that present embodiment provides, can be used for carrying out the flow process of the Virtual Machine Manager method that the embodiment of the invention provides, by storage virtual machine MAC Address in advance, make the network equipment and compare two processes by MAC address learning, automatically identify whether the object that sends datagram is virtual machine, to reach the purpose of identification virtual machine, and then can carry out the follow-up management operation to virtual machine identifying when being virtual machine, convenience and efficient when for improving virtual machine being managed lay the foundation.
Embodiment six
A kind of structural representation of the Virtual Machine Manager device that Fig. 6 A provides for the embodiment of the invention six.Present embodiment can realize that as shown in Figure 6A, the Virtual Machine Manager device of present embodiment also comprises: first configuration module 63 based on embodiment five.
Wherein, first configuration module 63 is connected with identification module 62, is used for when the object that identification module 62 identifications send datagram is virtual machine, according to MAC Address and the secure virtual machine strategy correspondence table obtained in advance, the port of the data message that receives is carried out the security strategy configuration.
The Virtual Machine Manager device of present embodiment, can be used for carrying out the flow process of the Virtual Machine Manager method that the embodiment of the invention provides equally, by storage virtual machine MAC Address in advance, carry out operations such as MAC address learning, coupling and judgement, can discern virtual machine, and after identifying virtual machine, carry out the security strategy configuration voluntarily, the safety and the reliable transmission of the data message when communicating by letter with the external world with the assurance virtual machine according to the secure virtual machine strategy correspondence table of obtaining in advance; Simultaneously, present embodiment can carry out the security strategy configuration to virtual machine voluntarily based on the identification to virtual machine, need not administrator hand operate, and has improved the efficient of configuration security strategy, can manage virtual machine more easily.
The another kind of structural representation of the Virtual Machine Manager device that Fig. 6 B provides for the embodiment of the invention six.Shown in Fig. 6 B, the Virtual Machine Manager device of present embodiment also comprises: judge module 64 and sending module 65.
When identifying the object that sends datagram and be virtual machine, can also discern this virtual machine and whether move.Judge module 64 is connected with identification module 62 with receiver module 61 respectively, is used for judging according to MAC Address and the virtual machine state table that obtains in advance whether virtual machine moves; Sending module 65, be connected with judge module 64, be used for when judge module 64 is judged virtual machine generation migration, the Virtual Machine Manager device that connects before virtual machine (vm) migration according to the virtual machine state table sends the failure notification message, to inform the Virtual Machine Manager device that connects before the migration security strategy of virtual machine is carried out crash handling.
Virtual Machine Manager device shown in present embodiment Fig. 6 B, can be used for carrying out the flow process of the Virtual Machine Manager method that the embodiment of the invention provides equally, after identifying virtual machine, further judge whether virtual machine moves, when finding virtual machine (vm) migration, send the failure notification message by the Virtual Machine Manager device that before virtual machine (vm) migration, connects, so that the Virtual Machine Manager device that connects before the migration carries out crash handling to the security strategy on the corresponding port, guaranteed security strategy migration fully with the migration of virtual machine.
Whether wherein, when identifying virtual machine, no matter the migration of virtual machine is discerned, the Virtual Machine Manager device all need carry out the security strategy configuration on the corresponding port.Based on this, shown in Fig. 6 B, the Virtual Machine Manager device of present embodiment also comprises: second configuration module 67, be connected with identification module 62, be used for when identification module 62 identifies virtual machine, according to MAC Address and the secure virtual machine strategy correspondence table obtained in advance, the port of the data message that receives is carried out the security strategy configuration.
Wherein, first configuration module 63 among Fig. 6 A is used for need not identifying virtual machine discerning under the situation whether virtual machine move and carries out the security strategy configuration; And second configuration module 67 is used for carrying out the security strategy configuration under the situation that identifies virtual machine and needs identification virtual machine generation migration.But in specific implementation process, first configuration module 63 and second configuration module 67 can be realized respectively by disparate modules; Can be realized by same module yet, and be used for carrying out security strategy configuration (is example at Fig. 6 B with a configuration module, i.e. second configuration module 67) under different situations, present embodiment does not limit this.
Based on technique scheme, shown in Fig. 6 B, the Virtual Machine Manager device of present embodiment also comprises acquisition module 66, is connected with judge module 64 with second configuration module 67 respectively, is used for obtaining in advance secure virtual machine strategy correspondence table and virtual machine state table.Concrete, this acquisition module 66 comprises: first receiving element, second receiving element and generation unit.Wherein, first receiving element, be used to receive first administrative message that other Virtual Machine Manager devices send, and identify the device port and the Service-Port of local virtual machine management devices according to first administrative message, described first administrative message comprise other network equipments MAC Address, send the port information of first administrative message; Second receiving element is used for receiving second administrative message that other Virtual Machine Manager devices send by device port, the security strategy that described second administrative message comprises the virtual machine information that operates on other Virtual Machine Manager devices and disposes for this virtual machine; Generation unit is used for according to second administrative message, generates the described secure virtual machine strategy correspondence table that comprises virtual machine and security strategy corresponding relation, and the described virtual machine state table that comprises the virtual machine information that is in running status.Need explanation at this, whether when not needing to discern virtual machine and move, this generation unit can only generate secure virtual machine strategy correspondence table, and need not to generate the virtual machine state table.
Further, this acquisition module 66 also comprises: transmitting element, be used for the virtual machine on the Service-Port that runs on local virtual machine management devices is carried out the security strategy configuration, and regularly send virtual machine information and the security strategy (i.e. second administrative message) that disposes for each virtual machine on each Service-Port that runs on local virtual machine management devices to other Virtual Machine Manager devices by device port, generate secure virtual machine strategy correspondence table and virtual machine state table in advance for other Virtual Machine Manager devices.In like manner, for other Virtual Machine Manager devices, when only needing that virtual machine is discerned and when need not to discern virtual machine and whether moving, can only generate secure virtual machine strategy correspondence table and do not generate the virtual machine state table, do not do qualification but specifically whether generate virtual machine state table present embodiment.
Pass through technique scheme, the Virtual Machine Manager device of present embodiment can obtain the information of the virtual machine that moves on other Virtual Machine Manager devices in advance and be the security strategy of each virtual machine configuration in the mode of information interaction, and the corresponding relation of above-mentioned information, and then generate secure virtual machine strategy correspondence table and virtual machine state table in advance, for the enforcement of various embodiments of the present invention provides the basis.The corresponding relation of virtual machine information, security strategy and above-mentioned information on other Virtual Machine Manager devices that obtain by technique scheme more accurately and in time, and can upgrade in time to secure virtual machine strategy correspondence table and virtual machine state table, improve the accuracy and the real-time of carrying out Virtual Machine Manager based on the above-mentioned information of obtaining.
Embodiment seven
The embodiment of the invention seven provides a kind of network equipment, comprises the Virtual Machine Manager device.Wherein, the Virtual Machine Manager device that the Virtual Machine Manager device can provide for the embodiment of the invention, its operation principle and structure see also the description of the above embodiment of the present invention, do not repeat them here.The network equipment of present embodiment can be the various network device that has the physical server of virtual machine to be connected with operation, and for example router, switch can be various gateway devices also, can be used for virtual machine is managed.
The network equipment of present embodiment has the Virtual Machine Manager device that the embodiment of the invention provides, and can be used for carrying out the flow process of the Virtual Machine Manager method that the embodiment of the invention provides, therefore, adopt the network equipment of present embodiment that virtual machine is managed, can discern the migration of virtual machine voluntarily, and virtual machine is carried out the security strategy configuration, need not administrator hand dispose, improve the efficient of configuration security strategy, greatly improved the convenience that virtual machine is managed.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (13)
1. a Virtual Machine Manager method is characterized in that, comprising:
Network equipment receiving data packets, and resolve described data message to obtain the Media Access Control address in the described data message;
The described network equipment is according to described Media Access Control address and stored virtual machines Media Access Control address in advance, and whether the object that identification sends described data message is virtual machine.
2. Virtual Machine Manager method according to claim 1, it is characterized in that, when the described network equipment identifies the object that sends described data message and is virtual machine, according to described Media Access Control address and the secure virtual machine strategy correspondence table obtained in advance, the port that receives described data message is carried out the security strategy configuration.
3. Virtual Machine Manager method according to claim 1, it is characterized in that, when the described network equipment identifies the object that sends described data message and is virtual machine,, judge whether described virtual machine moves according to described Media Access Control address and the virtual machine state table that obtains in advance;
When judged result is that described virtual machine is when migration takes place, the described network equipment sends the failure notification message according to the network equipment that described virtual machine state table connects before described virtual machine (vm) migration, also the preceding network equipment that connects of migration carries out crash handling to the security strategy of described virtual machine to inform.
4. Virtual Machine Manager method according to claim 3 is characterized in that, also comprises when the object that sends described data message is virtual machine when the described network equipment identifies:
The described network equipment carries out the security strategy configuration according to described Media Access Control address and the secure virtual machine strategy correspondence table obtained in advance to the port that receives described data message.
5. Virtual Machine Manager method according to claim 4 is characterized in that, the described network equipment obtains described secure virtual machine strategy correspondence table in advance and described virtual machine state table comprises:
The described network equipment receives first administrative message that other network equipments send, and identifying the device port and the Service-Port of the described network equipment according to described first administrative message, described first administrative message comprises the Media Access Control address of other network equipments and sends the port information of described first administrative message;
The described network equipment receives second administrative message that described other network equipments send by described device port, and described second administrative message comprises the information that operates in the virtual machine on described other network equipments and is the security strategy that is in the virtual machine configuration of running status;
The described network equipment generates the described secure virtual machine strategy correspondence table that comprises virtual machine and security strategy corresponding relation according to described second administrative message, and the described virtual machine state table that comprises the information of the virtual machine that is in running status.
6. Virtual Machine Manager method according to claim 5 is characterized in that, also comprises:
The described network equipment carries out the security strategy configuration to the virtual machine that runs on the described Service-Port, and regularly send the information that runs on the virtual machine on the described Service-Port and security strategy for the virtual machine configuration that is in running status to described other network equipments by described device port, generate secure virtual machine strategy correspondence table and virtual machine state table in advance for described other network equipments.
7. a Virtual Machine Manager device is characterized in that, comprising:
Receiver module is used for receiving data packets, and resolves described data message to obtain the Media Access Control address in the described data message;
Identification module is used for according to described Media Access Control address and stored virtual machines Media Access Control address in advance, and whether the object that identification sends described data message is virtual machine.
8. Virtual Machine Manager device according to claim 7 is characterized in that, also comprises:
First configuration module, be used for when the object that described identification module identification sends described data message is virtual machine, according to described Media Access Control address and the secure virtual machine strategy correspondence table obtained in advance, the port of the described data message that receives is carried out the security strategy configuration.
9. Virtual Machine Manager device according to claim 7 is characterized in that, also comprises:
Judge module is used for when the object that the identification of described identification module sends described data message is virtual machine, according to described Media Access Control address and the virtual machine state table that obtains in advance, judges whether described virtual machine moves;
Sending module, be used for when described judge module is judged described virtual machine migration is taken place, the Virtual Machine Manager device that connects before described virtual machine (vm) migration according to described virtual machine state table sends the failure notification message, to inform the Virtual Machine Manager device that connects before the described migration security strategy of described virtual machine is carried out crash handling.
10. Virtual Machine Manager device according to claim 9 is characterized in that, also comprises:
Second configuration module, be used for when the object that described identification module identification sends described data message is virtual machine, according to described Media Access Control address and the secure virtual machine strategy correspondence table obtained in advance, the port that receives described data message is carried out the security strategy configuration.
11. Virtual Machine Manager device according to claim 10 is characterized in that, also comprises: acquisition module; Described acquisition module comprises:
First receiving element, be used to receive first administrative message that other Virtual Machine Manager devices send, and identifying the device port and the Service-Port of local virtual machine management devices according to described first administrative message, described first administrative message comprises the Media Access Control address of other network equipments and sends the port information of described first administrative message;
Second receiving element, be used for receiving second administrative message that described other Virtual Machine Manager devices send by described device port, described second administrative message comprises the information that operates in the virtual machine on described other Virtual Machine Manager devices and is the security strategy that is in the virtual machine configuration of running status;
Generation unit is used for according to described second administrative message, generates the described secure virtual machine strategy correspondence table that comprises virtual machine and security strategy corresponding relation, and the described virtual machine state table that comprises the information of the virtual machine that is in running status.
12. Virtual Machine Manager device according to claim 11 is characterized in that, described acquisition module also comprises:
Transmitting element, be used for the virtual machine on the Service-Port that runs on local virtual machine management devices is carried out the security strategy configuration, and regularly send the information that runs on the virtual machine on the described Service-Port and security strategy for the virtual machine configuration that is in running status to described other Virtual Machine Manager devices by described device port, generate secure virtual machine strategy correspondence table and virtual machine state table in advance for described other Virtual Machine Manager devices.
13. a network equipment is characterized in that, comprises each described Virtual Machine Manager device of claim 7-12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010549171A CN102025535B (en) | 2010-11-17 | 2010-11-17 | Virtual machine management method and device and network equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010549171A CN102025535B (en) | 2010-11-17 | 2010-11-17 | Virtual machine management method and device and network equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102025535A true CN102025535A (en) | 2011-04-20 |
| CN102025535B CN102025535B (en) | 2012-09-12 |
Family
ID=43866427
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010549171A Active CN102025535B (en) | 2010-11-17 | 2010-11-17 | Virtual machine management method and device and network equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102025535B (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102148715A (en) * | 2011-05-17 | 2011-08-10 | 杭州华三通信技术有限公司 | Method and device for virtual network configuration migration |
| CN102413041A (en) * | 2011-11-08 | 2012-04-11 | 华为技术有限公司 | Method, device and system for moving security policy |
| CN102739645A (en) * | 2012-04-23 | 2012-10-17 | 杭州华三通信技术有限公司 | Method and device for migrating virtual machine safety policy |
| CN103024090A (en) * | 2011-09-20 | 2013-04-03 | 阿里巴巴集团控股有限公司 | Method and system for identifying user terminal |
| CN103139167A (en) * | 2011-11-30 | 2013-06-05 | 中兴通讯股份有限公司 | Virtual site associating method and device during virtual site migration |
| CN103179192A (en) * | 2013-02-07 | 2013-06-26 | 杭州华三通信技术有限公司 | Method, system and NAT (network address translation) for forwarding message about virtual server migration |
| CN103220298A (en) * | 2013-04-27 | 2013-07-24 | 西北工业大学 | Windows Virtual machine remote detecting method |
| CN103236963A (en) * | 2013-04-25 | 2013-08-07 | 西北工业大学 | VMWare virtual machine remote detection method |
| CN103428106A (en) * | 2012-05-16 | 2013-12-04 | 华为技术有限公司 | Message processing method and device after virtual machine (VM) transfers |
| CN103856480A (en) * | 2012-11-30 | 2014-06-11 | 国际商业机器公司 | User datagram protocol (UDP) packet migration in a virtual machine (VM) migration |
| CN103891206A (en) * | 2012-10-12 | 2014-06-25 | 华为技术有限公司 | Method and device for synchronizing network data flow detection status |
| CN103905383A (en) * | 2012-12-26 | 2014-07-02 | 华为技术有限公司 | Data message forwarding method, device and system |
| CN104348671A (en) * | 2013-07-26 | 2015-02-11 | 中国电信股份有限公司 | Method for identifying virtual host in IPv6 network and DPI equipment |
| CN104780071A (en) * | 2015-04-21 | 2015-07-15 | 杭州华三通信技术有限公司 | Method and device for upgrading virtual switch |
| CN104901923A (en) * | 2014-03-04 | 2015-09-09 | 杭州华三通信技术有限公司 | Virtual machine access device and method |
| CN105450532A (en) * | 2014-09-28 | 2016-03-30 | 杭州华三通信技术有限公司 | Three-layer forwarding method and three-layer forwarding device in software defined network |
| CN105763440A (en) * | 2016-01-29 | 2016-07-13 | 杭州华三通信技术有限公司 | Message forwarding method and device |
| CN106375281A (en) * | 2016-08-25 | 2017-02-01 | 杭州数梦工场科技有限公司 | Message control method and device |
| WO2017028513A1 (en) * | 2015-08-19 | 2017-02-23 | 华为技术有限公司 | Method and apparatus for deploying security access control strategy |
| WO2017113344A1 (en) * | 2015-12-31 | 2017-07-06 | 华为技术有限公司 | Software defined data center and method for deploying service cluster therein |
| CN107707551A (en) * | 2017-10-09 | 2018-02-16 | 山东中创软件商用中间件股份有限公司 | A kind of method and system of IP access controls |
| CN108259545A (en) * | 2017-01-13 | 2018-07-06 | 新华三技术有限公司 | Port security strategy method of diffusion and device |
| CN108363611A (en) * | 2017-11-02 | 2018-08-03 | 北京紫光恒越网络科技有限公司 | Method for managing security, device and the omnidirectional system of virtual machine |
| CN109413082A (en) * | 2018-11-12 | 2019-03-01 | 郑州云海信息技术有限公司 | Message processing method and device in cloud computing system |
| CN110703899A (en) * | 2019-09-09 | 2020-01-17 | 创新奇智(南京)科技有限公司 | Data center energy efficiency optimization method based on transfer learning |
| US10601728B2 (en) | 2015-12-31 | 2020-03-24 | Huawei Technologies Co., Ltd. | Software-defined data center and service cluster scheduling and traffic monitoring method therefor |
| CN110943880A (en) * | 2019-11-07 | 2020-03-31 | 中国联合网络通信集团有限公司 | Equipment management method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459618A (en) * | 2009-01-06 | 2009-06-17 | 北京航空航天大学 | Data packet forwarding method and device for virtual machine network |
| US7561531B2 (en) * | 2005-04-19 | 2009-07-14 | Intel Corporation | Apparatus and method having a virtual bridge to route data frames |
| CN101605084A (en) * | 2009-06-29 | 2009-12-16 | 北京航空航天大学 | Virtual network message processing method and system based on virtual machine |
| CN101809943A (en) * | 2007-09-24 | 2010-08-18 | 英特尔公司 | Method and system for virtual port communications |
-
2010
- 2010-11-17 CN CN201010549171A patent/CN102025535B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7561531B2 (en) * | 2005-04-19 | 2009-07-14 | Intel Corporation | Apparatus and method having a virtual bridge to route data frames |
| CN101809943A (en) * | 2007-09-24 | 2010-08-18 | 英特尔公司 | Method and system for virtual port communications |
| CN101459618A (en) * | 2009-01-06 | 2009-06-17 | 北京航空航天大学 | Data packet forwarding method and device for virtual machine network |
| CN101605084A (en) * | 2009-06-29 | 2009-12-16 | 北京航空航天大学 | Virtual network message processing method and system based on virtual machine |
Cited By (48)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102148715A (en) * | 2011-05-17 | 2011-08-10 | 杭州华三通信技术有限公司 | Method and device for virtual network configuration migration |
| CN103024090B (en) * | 2011-09-20 | 2015-07-01 | 阿里巴巴集团控股有限公司 | Method and system for identifying user terminal |
| CN103024090A (en) * | 2011-09-20 | 2013-04-03 | 阿里巴巴集团控股有限公司 | Method and system for identifying user terminal |
| CN102413041A (en) * | 2011-11-08 | 2012-04-11 | 华为技术有限公司 | Method, device and system for moving security policy |
| CN102413041B (en) * | 2011-11-08 | 2015-04-15 | 华为技术有限公司 | Method, device and system for moving security policy |
| CN103139167A (en) * | 2011-11-30 | 2013-06-05 | 中兴通讯股份有限公司 | Virtual site associating method and device during virtual site migration |
| CN103139167B (en) * | 2011-11-30 | 2017-12-12 | 温州大学 | A kind of method and apparatus for associating virtual site during virtual site migration |
| WO2013159518A1 (en) * | 2012-04-23 | 2013-10-31 | Hangzhou H3C Technologies Co., Ltd. | Migration of a security policy of a virtual machine |
| CN102739645B (en) * | 2012-04-23 | 2016-03-16 | 杭州华三通信技术有限公司 | The moving method of secure virtual machine strategy and device |
| CN102739645A (en) * | 2012-04-23 | 2012-10-17 | 杭州华三通信技术有限公司 | Method and device for migrating virtual machine safety policy |
| CN103428106A (en) * | 2012-05-16 | 2013-12-04 | 华为技术有限公司 | Message processing method and device after virtual machine (VM) transfers |
| CN103428106B (en) * | 2012-05-16 | 2016-11-23 | 华为技术有限公司 | The method of the Message processing after virtual machine VM migration and equipment thereof |
| US9729560B2 (en) | 2012-10-12 | 2017-08-08 | Huawei Technologies Co., Ltd. | Method and device for synchronizing network data flow detection status |
| CN103891206B (en) * | 2012-10-12 | 2017-02-15 | 华为技术有限公司 | Method and device for synchronizing network data flow detection status |
| CN103891206A (en) * | 2012-10-12 | 2014-06-25 | 华为技术有限公司 | Method and device for synchronizing network data flow detection status |
| CN103856480A (en) * | 2012-11-30 | 2014-06-11 | 国际商业机器公司 | User datagram protocol (UDP) packet migration in a virtual machine (VM) migration |
| CN103905383A (en) * | 2012-12-26 | 2014-07-02 | 华为技术有限公司 | Data message forwarding method, device and system |
| CN103179192B (en) * | 2013-02-07 | 2015-11-25 | 杭州华三通信技术有限公司 | The message forwarding method that virtual server moves, system and NAT service equipment |
| CN103179192A (en) * | 2013-02-07 | 2013-06-26 | 杭州华三通信技术有限公司 | Method, system and NAT (network address translation) for forwarding message about virtual server migration |
| CN103236963A (en) * | 2013-04-25 | 2013-08-07 | 西北工业大学 | VMWare virtual machine remote detection method |
| CN103220298A (en) * | 2013-04-27 | 2013-07-24 | 西北工业大学 | Windows Virtual machine remote detecting method |
| CN104348671A (en) * | 2013-07-26 | 2015-02-11 | 中国电信股份有限公司 | Method for identifying virtual host in IPv6 network and DPI equipment |
| CN104901923B (en) * | 2014-03-04 | 2018-12-25 | 新华三技术有限公司 | A kind of virtual machine access mechanism and method |
| US10270782B2 (en) | 2014-03-04 | 2019-04-23 | Hewlett Packard Enterprise Development Lp | Virtual desktopaccess control |
| CN104901923A (en) * | 2014-03-04 | 2015-09-09 | 杭州华三通信技术有限公司 | Virtual machine access device and method |
| CN105450532A (en) * | 2014-09-28 | 2016-03-30 | 杭州华三通信技术有限公司 | Three-layer forwarding method and three-layer forwarding device in software defined network |
| CN105450532B (en) * | 2014-09-28 | 2018-10-09 | 新华三技术有限公司 | Three-layer forwarding method in software defined network and device |
| CN104780071A (en) * | 2015-04-21 | 2015-07-15 | 杭州华三通信技术有限公司 | Method and device for upgrading virtual switch |
| CN104780071B (en) * | 2015-04-21 | 2018-12-25 | 新华三技术有限公司 | The upgrade method and device of virtual switch |
| US11570148B2 (en) | 2015-08-19 | 2023-01-31 | Huawei Cloud Computing Technologies Co., Ltd. | Method and apparatus for deploying security access control policy |
| WO2017028513A1 (en) * | 2015-08-19 | 2017-02-23 | 华为技术有限公司 | Method and apparatus for deploying security access control strategy |
| CN108293001A (en) * | 2015-12-31 | 2018-07-17 | 华为技术有限公司 | A kind of dispositions method of software definition data center and service cluster therein |
| CN108293001B (en) * | 2015-12-31 | 2020-10-23 | 华为技术有限公司 | Software defined data center and deployment method of service cluster in software defined data center |
| US11237858B2 (en) | 2015-12-31 | 2022-02-01 | Huawei Technologies Co., Ltd. | Software-defined data center, and deployment method for service cluster therein |
| US10601728B2 (en) | 2015-12-31 | 2020-03-24 | Huawei Technologies Co., Ltd. | Software-defined data center and service cluster scheduling and traffic monitoring method therefor |
| WO2017113344A1 (en) * | 2015-12-31 | 2017-07-06 | 华为技术有限公司 | Software defined data center and method for deploying service cluster therein |
| CN105763440B (en) * | 2016-01-29 | 2019-04-09 | 新华三技术有限公司 | A kind of method and apparatus of message forwarding |
| CN105763440A (en) * | 2016-01-29 | 2016-07-13 | 杭州华三通信技术有限公司 | Message forwarding method and device |
| CN106375281B (en) * | 2016-08-25 | 2018-12-25 | 杭州数梦工场科技有限公司 | A kind of message control method and device |
| CN106375281A (en) * | 2016-08-25 | 2017-02-01 | 杭州数梦工场科技有限公司 | Message control method and device |
| CN108259545B (en) * | 2017-01-13 | 2021-04-27 | 新华三技术有限公司 | Port security policy diffusion method and device |
| CN108259545A (en) * | 2017-01-13 | 2018-07-06 | 新华三技术有限公司 | Port security strategy method of diffusion and device |
| CN107707551A (en) * | 2017-10-09 | 2018-02-16 | 山东中创软件商用中间件股份有限公司 | A kind of method and system of IP access controls |
| CN108363611A (en) * | 2017-11-02 | 2018-08-03 | 北京紫光恒越网络科技有限公司 | Method for managing security, device and the omnidirectional system of virtual machine |
| CN109413082A (en) * | 2018-11-12 | 2019-03-01 | 郑州云海信息技术有限公司 | Message processing method and device in cloud computing system |
| CN110703899A (en) * | 2019-09-09 | 2020-01-17 | 创新奇智(南京)科技有限公司 | Data center energy efficiency optimization method based on transfer learning |
| CN110703899B (en) * | 2019-09-09 | 2020-09-25 | 创新奇智(南京)科技有限公司 | Data center energy efficiency optimization method based on transfer learning |
| CN110943880A (en) * | 2019-11-07 | 2020-03-31 | 中国联合网络通信集团有限公司 | Equipment management method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102025535B (en) | 2012-09-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102025535B (en) | Virtual machine management method and device and network equipment | |
| CN112737690B (en) | Optical line terminal OLT equipment virtualization method and related equipment | |
| EP2776925B1 (en) | Dynamic policy based interface configuration for virtualized environments | |
| CN101860534B (en) | Method and system for switching network, access equipment and authentication server | |
| CN104753697B (en) | A kind of method, equipment and system controlling the automatic beginning of the network equipment | |
| TWI702817B (en) | Automatic multi-chassis link aggregation configuration with link layer discovery | |
| US20070101422A1 (en) | Automated network blocking method and system | |
| CN103229478A (en) | Method and device for virtual-machine drift determination | |
| US20210058432A1 (en) | Method for managing data traffic within a network | |
| CN102143138A (en) | Method and device for configuring virtual local area network (VLAN) in live migration process of virtual machine | |
| CN102916826A (en) | Method and device for controlling network access | |
| CN105704042A (en) | Message processing method, BNG and BNG cluster system | |
| WO2015079284A1 (en) | Methods and systems for processing internet protocol packets | |
| CN105487517A (en) | Self-network method of home WIFI network system | |
| CN107332814B (en) | Request message transmission method and device | |
| US11283804B2 (en) | Group zoning and access control over a network | |
| US9166947B1 (en) | Maintaining private connections during network interface reconfiguration | |
| CN101459532A (en) | Method and apparatus for automatic networking by multi-port equipment | |
| CN104270317A (en) | Control method and system for operating application program on router and router | |
| CN108366087B (en) | ISCSI service realization method and device based on distributed file system | |
| CN101917414B (en) | BGP (Border Gateway Protocol) classification gateway device and method for realizing gateway function by using same | |
| CN111614476A (en) | Equipment configuration method, system and device | |
| US20160344689A1 (en) | Network Management of Devices Residing Behind a Network Device | |
| CN101924700A (en) | Method, device and network equipment for processing messages | |
| CN102263679A (en) | Source role information processing method and forwarding chip |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: Cangshan District of Fuzhou City, Fujian province 350002 Jinshan Road No. 618 Garden State Industrial Park 19 floor Patentee after: RUIJIE NETWORKS Co.,Ltd. Address before: Cangshan District of Fuzhou City, Fujian province 350002 Jinshan Road No. 618 Garden State Industrial Park 19 floor Patentee before: Beijing Star-Net Ruijie Networks Co.,Ltd. |