CN103607308B - Virtual machine multi-network management system under cloud computing environment and method - Google Patents
Virtual machine multi-network management system under cloud computing environment and method Download PDFInfo
- Publication number
- CN103607308B CN103607308B CN201310618609.0A CN201310618609A CN103607308B CN 103607308 B CN103607308 B CN 103607308B CN 201310618609 A CN201310618609 A CN 201310618609A CN 103607308 B CN103607308 B CN 103607308B
- Authority
- CN
- China
- Prior art keywords
- network
- vlan
- virtual machine
- switch
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Virtual machine multi-network management system under cloud computing environment and method, its method includes: step one, partition the network into into several security domains, each security domain continues to be divided into several network areas again, then configures actual access switch for each network area and build corresponding VLAN pond and IP pond;Step 2, multiple physical nodes are respectively divided in different security domains, and on the physical node of each security domain, create virtual switch, described physical node is 1 physical host or the computer cluster being made up of multiple physical hosts, and described virtual switch includes distribution switch and standard switchboard;Step 3, the access switch that the virtual switch in each security domain and each network area configure is connected one by one, and the connection between virtual switch and access switch is configured to trunk pattern.The invention belongs to network communication technology field, virtual machine can be linked in multiple network.
Description
Technical field
The present invention relates to the virtual machine multi-network management system under a kind of cloud computing environment and method, belong to network communication technology field.
Background technology
In cloud computing environment, the rapid deployment of server is that business is reached the standard grade and provided conveniently, but the Cloud Server of single network is difficult to meet operation system multiple demand, and can be linked into by virtual machine in multiple network be the test to cloud computing system service supporting capacity.
The technical scheme of more existing virtual machines is all only limitted to single network.Such as patent application CN 201210130269.2(patent name: the virtual network management system and method in cloud computation data center, the applying date: 2012-04-27, applicant: Beijing PiceameyeriRehd. Et Wils. century network technology company limited) disclose the virtual network management system and method in a kind of cloud computation data center, relate to network architecture and network communication protocol technical field.This system includes: physical server, is connected with data center core switching network, and it possesses at least one switch supporting OpenFlow related protocol, and physical server is connected with controller;Controller, builds virtual network, safeguards the configuration of virtual network, and the mapping relations between virtual network and virtual broadcast domain and local broadcast domain, configure the switch on one or more physical server and control.In this technical scheme, virtual machine only supports single network, is not related to the support to Multi net voting.
Therefore, how virtual machine is linked in multiple network, is still a technical problem being worth further investigation.
Summary of the invention
In view of this, it is an object of the invention to provide the virtual machine multi-network management system under a kind of cloud computing environment and method, virtual machine can be linked in multiple network.
In order to achieve the above object, the invention provides the virtual machine multi-network management system under a kind of cloud computing environment, include calculating Resource Server and Virtual Machine Management Service device, wherein, calculate Resource Server and farther included:
Network area construction device, for partitioning the network into into several security domains, continue to be divided into several network areas by each security domain again, then configure actual access switch for each network area and build corresponding VLAN pond and IP pond, described VLAN pond includes all available VLAN numbering sections in described network area, and IP pond includes all available IP address fields in described network area;
Virtual switch creates device, for multiple physical nodes are respectively divided in different security domains, and on the physical node of each security domain, create virtual switch, described physical node is 1 physical host or the computer cluster being made up of multiple physical hosts, described virtual switch includes distribution switch and standard switchboard, then the access switch that the virtual switch in each security domain and each network area configure is connected one by one, and the connection between virtual switch and access switch is configured to trunk pattern.
In order to achieve the above object, present invention also offers the virtual machine multi-network management method under a kind of cloud computing environment, include:
Step one, partition the network into into several security domains, continue to be divided into several network areas by each security domain again, then configure actual access switch for each network area and build corresponding VLAN pond and IP pond, described VLAN pond includes all available VLAN numbering sections in described network area, and IP pond includes all available IP address fields in described network area;
Step 2, multiple physical nodes are respectively divided in different security domains, and on the physical node of each security domain, create virtual switch, described physical node is 1 physical host or the computer cluster being made up of multiple physical hosts, and described virtual switch includes distribution switch and standard switchboard;
Step 3, the access switch that the virtual switch in each security domain and each network area configure is connected one by one, and the connection between virtual switch and access switch is configured to trunk pattern.
Compared with prior art, the invention has the beneficial effects as follows: due to virtual network and the diversity of physical network, want to be shunted away the network traffics of virtual machine by the network interface card of physical host, the intercommunication between virtual network and physical network have to be realized, the present invention sets up the tie between virtual network and real network by the interconnection between virtual switch and actual access switch, and in virtual network, set up the network model corresponding with real network, including security domain, VLAN numbers, IP address etc., the virtual machine being so created can be concurrently accessed under one or more network type the network area of different security domain, thus meet the multiple demand of operation system;The VLAN that each network interface card application of the virtual machine for being created is different numbers, and stamp corresponding network type label for each network interface card, so can find the uplink virtual switch having beaten identical network type label according to the network type label of network interface card when configuring the switch of virtual machine, then in virtual switch, select the port set that a numbering is the same with network interface card VLAN, owing to being configured to trunk pattern between virtual switch and up actual access switch, therefore the port set of virtual machine configuration is equivalent to directly be configured on the access switch in real network model, it is achieved thereby that virtual network and the intercommunication of real network, technical scheme facilitates feasible.
Accompanying drawing explanation
Fig. 1 is the composition structural representation of the virtual machine multi-network management system under a kind of cloud computing environment of the present invention.
Fig. 2 is the composition structural representation that virtual switch creates device.
Fig. 3 is the inside annexation schematic diagram that the present invention creates an embodiment after virtual machine on physical host.
Fig. 4 is the flow chart of the virtual machine multi-network management method under a kind of cloud computing environment of the present invention.
Fig. 5 is the concrete operations flow chart of Fig. 4 step 2.
Fig. 6 is the concrete operations flow chart when user creates a new virtual machine.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with the accompanying drawings.
As it is shown in figure 1, the virtual machine multi-network management system under a kind of cloud computing environment of the present invention, include calculating Resource Server and Virtual Machine Management Service device, wherein, calculate Resource Server and farther included:
Network area construction device, for partitioning the network into into several security domains, continue to be divided into several network areas by each security domain again, then configure actual access switch for each network area and build corresponding VLAN pond and IP pond, described VLAN pond includes all i.e. VLANs of available VLAN(in described network area) numbering section, IP pond includes all available IP address fields in described network area;
Virtual switch creates device, for multiple physical nodes are respectively divided in different security domains, and on the physical node of each security domain, create virtual switch, described physical node can be 1 physical host or the computer cluster being made up of multiple physical hosts, described virtual switch includes distribution switch and standard switchboard, then the access switch that the virtual switch in each security domain and each network area configure is connected one by one, and the connection between virtual switch and access switch is configured to trunk pattern;Now, the port set of virtual switch configuration is equivalent to directly be configured on access switch, it is achieved thereby that virtual network and the intercommunication of real network;
nullVirtual machine creating request processing means,Message is asked for receiving the establishment virtual machine of user,Described establishment virtual machine request message includes the security domain belonging to the virtual machine being created、The information such as the network type label of virtual machine network interface card,Virtual machine for being created distributes a new virtual machine numbering,And in being set to create by the virtual machine state being created,Then the virtual machine numbering being created、The information such as the VLAN numbered list in user-specified network region and corresponding IP address return to user,The most also send virtual machine creating notification message to Virtual Machine Management Service device,Described virtual machine creating notification message includes the virtual machine numbering being created、The VLAN numbered list in user-specified network region、The information such as security domain belonging to virtual machine and the network type label of virtual machine network interface card,Finally when receiving the establishment successful result that Virtual Machine Management Service device returns,Virtual machine state is updated to ready,And notify that user can access, by the IP address in virtual machine creating response message, the virtual machine being created;
Virtual machine network selects device, for reading each network area one by one and judge whether each network area there are a vlan network created from the application VLAN of user request message, if it is, the VLAN of the vlan network created is numbered in the VLAN numbered list adding user-specified network region to;If it is not, then create VLAN numbering and the IP address of a new vlan network selected described new vlan network in described network area, then the VLAN of newly created vlan network is numbered in the VLAN numbered list adding user-specified network region to.
The configuration mode of the network equipment has generally included trunk and access two kinds, wherein:
1, trunk pattern is used as main line, transmits each vlan information, and the connection between the network equipment of the usual trunk mouth, such as the connection between switch and switch or switch and router, the port of trunk pattern can pass through multiple VLAN;
2, access pattern is that network equipment port is divided into certain VLAN, is typically used as main frame and accesses, and the port of accsee pattern can only pass through a VLAN, i.e. port place VLAN.
Network can be divided into different security domains and network area according to purposes, safe class, access strategy etc. by the configuration on the network equipment (such as switch, fire wall) by network area construction device, described network can include one or more different types of network, when including a network type, all security domains belong to same network type (business network is such as divided into the security domains such as DMZ district, TEST district, core production district);When including multiple network type (the such as network type such as business, storage or heart beating), all security domains are belonging respectively to different network types.
Considering from Safety Redundancy, the network of server at least wants double netting twine trend, is connected in the access switch of 2 equal functional roles, and described network area construction device can also include:
2 access switch for configuring 2 access switch for each network area, and are used Intel Virtualization Technology to virtualize, thus 2 access switch invent 1 access switch equipment of logic by access switch virtualization unit respectively.
Can further include as in figure 2 it is shown, virtual switch creates device:
Virtual switch construction unit, for the network type according to network area each in security domain, the physical node of each security domain creates several distribution switch and shares network (such as business network distribution switch or storage network distribution type switch) for the cluster dividing different purposes, and 1 standard switchboard of establishment monopolizes network (such as heart beating network standard switch) for the physical host dividing different purposes on every physical host;
Virtual switch tag unit, for stamping different network type label (such as business, store, manage) to the virtual switch of each security domain (including distribution switch and standard switchboard), and be that each security domain builds 1 computing pool, described computing pool is preserved the information such as the virtual switch in security domain and network type label thereof.
Virtual machine can be concurrently accessed in multiple network area according to multi-business diversification demand, and described virtual machine network selects device can further include:
Vlan network creating unit, for creating a new vlan network in network area: selected available VLAN numbering from the VLAN pond of described network area, then according to network size to be created, an IP subnet section is marked off in the IP pond of described network area, the information such as the gateway and the mask that configure VLAN again on fire wall, thus it is created that a vlan network having not less than required IP address space, a last selected idle IP address from the IP subnet section marked off, preserve the network area of described newly created vlan network, and the information such as selected VLAN numbering and IP address.
Described Virtual Machine Management Service device has farther included:
nullVirtual machine creating device,The virtual machine creating notification message that Resource Server is sent is calculated for receiving,Described virtual machine creating notification message includes the virtual machine numbering being created、The VLAN numbered list in user-specified network region、Security domain belonging to virtual machine and the network type label of virtual machine network interface card,1 physical host is selected from the security domain belonging to virtual machine,And find virtual switch consistent with the network type label of virtual machine network interface card in security domain,Then from the VLAN numbered list in user-specified network region, extract each VLAN numbering one by one、And judge on virtual switch, whether to there are the most consistent port set numbering,If not,A then newly-built port set consistent with VLAN numbering on described virtual switch,And each port in described port set is configured to access pattern,After having extracted all VLAN numbering from the VLAN numbered list in user-specified network region,Gateway is configured again on virtual machine network interface card、The information such as mask and IP address,And successively virtual machine network interface card is linked in the virtual switch port set consistent with a VLAN numbering in the VLAN numbered list in user-specified network region,Finally start and create virtual machine process,Start to create virtual machine on selected physical host,After creating virtual machine success,Described virtual machine information is increased in the computing pool of the security domain belonging to virtual machine,Simultaneously to calculating Resource Server return establishment successful result.
Fig. 3 shows that the present invention creates the inside annexation schematic diagram of an embodiment after virtual machine on physical host.As shown in Figure 3, physical host creates 2 distribution switch (i.e. service distribution formula switch and distributed storage switch) for different purposes, 1 standard switchboard and 2 virtual machines (i.e. VM-1 and VM-2), virtual machine respectively with service distribution formula switch, distributed storage switch, standard switchboard is connected, A, B, C, D, E, F is the network interface card of physical host, A`, B`, C`, D`, E`, F` is the network interface card of fictitious host computer (i.e. gathering the physical host after Intel Virtualization Technology virtualizes), A``, B``, C``, D`` is the uplink port of two distribution type switches.
From figure 3, it can be seen that the uplink port group of distribution switch is connected with the port of access switch, wherein the pattern configurations of vlan trunking is pressed in distribution switch side, and access switch side is configured to trunk pattern.Downlink port group (the i.e. business network port set 1 of virtual switch, ..., business network port set n, storage network port group 1, ..., storage network port group m, management network port group 1, ..., each port set in management network port group p) acquiescence when creating has 256 ports, assigned vlan numbering simultaneously, a port under port set and network interface card (the such as eth0 of virtual machine being created, eth1, eth2) it is connected, be equivalent to one group of switch ports themselves of physical switches, and each port is configured to access pattern, the network traffics i.e. only allowing particular vlan numbering are passed through.The uplink port group of distribution switch (allow network traffics that all VLAN number by) is responsible for the data flow outlet of all downlink port groups (network traffics only allowing particular vlan numbering are passed through), so uplink port group and downlink port group are the relations of one-to-many, the port in the uplink port group of distribution switch is configurable to active and standby or load-sharing mode.Standard switchboard is mainly used in fictitious host computer aspect and carries out the network needed for Virtual Machine Manager.
As shown in Figure 4, the virtual machine multi-network management method under a kind of cloud computing environment of the present invention, include:
Step one, partition the network into into several security domains, continue to be divided into several network areas by each security domain again, then configure actual access switch for each network area and build corresponding VLAN pond and IP pond, described VLAN pond includes all available VLAN numbering sections in described network area, and IP pond includes all available IP address fields in described network area;
Step 2, multiple physical nodes are respectively divided in different security domains, and on the physical node of each security domain, create virtual switch, described physical node can be 1 physical host or the computer cluster being made up of multiple physical hosts, and described virtual switch includes distribution switch and standard switchboard;
Step 3, the access switch that the virtual switch in each security domain and each network area configure is connected one by one, and the connection between virtual switch and access switch is configured to trunk pattern;Now, the port set of virtual switch configuration is equivalent to directly be configured on access switch, it is achieved thereby that virtual network and the intercommunication of real network.
In described step one, by the configuration on the network equipment (such as switch, fire wall), network can be divided into different security domains and network area according to purposes, safe class, access strategy etc..
It is worth mentioning that, network in step one can include one or more different types of network, when including a network type, all security domains belong to same network type (business network is such as divided into the security domains such as DMZ district, TEST district, core production district);When including multiple network type (the such as network type such as business, storage or heart beating), all security domains are belonging respectively to different network types.
Considering from Safety Redundancy, the network of server at least wants double netting twine trend, is connected in the access switch of 2 equal functional roles, and Fig. 4 step one also includes:
Configure 2 access switch for each network area, and use Intel Virtualization Technology to virtualize 2 access switch respectively, thus 2 access switch are invented 1 access switch equipment of logic.
As it is shown in figure 5, Fig. 1 step 2 has farther included:
Step 21, network type according to network area each in security domain, the physical node of each security domain creates several distribution switch and shares network (such as business network distribution switch or storage network distribution type switch) for the cluster dividing different purposes, and 1 standard switchboard of establishment monopolizes network (such as heart beating network standard switch) for the physical host dividing different purposes on every physical host of security domain;
Step 22, stamp different network type label (such as business, store, manage) to the virtual switch (including distribution switch and standard switchboard) of each security domain;
Step 23, for each security domain build 1 computing pool, described computing pool is preserved the information such as the virtual switch in security domain and network type label thereof.
As shown in Figure 6, when user creates a new virtual machine, also include:
Step A1, user send establishment virtual machine request message to calculating Resource Server, include the information such as network type label of the security domain belonging to the virtual machine being created, virtual machine network interface card in described establishment virtual machine request message;
Step A2, calculating Resource Server are that the virtual machine being created distributes a new virtual machine numbering, and are set to by the virtual machine state being created in establishment;
Step A3, user select one or more network area in the security domain belonging to virtual machine, and send application VLAN request message to calculating Resource Server;The virtual machine being created can support one or more network area, thus meets the multiple demand of operation system;
Step A4, calculating Resource Server read each network area one by one and judge whether there are a vlan network created in each network area from application VLAN request message, if it is, the VLAN of the vlan network created is numbered in the VLAN numbered list adding user-specified network region to;If it is not, then create VLAN numbering and the IP address of a new vlan network selected described new vlan network in described network area, then the VLAN of newly created vlan network is numbered in the VLAN numbered list adding user-specified network region to;
Step A5, calculating Resource Server and return virtual machine creating response message to user, described virtual machine creating response message includes the information such as the virtual machine numbering, the VLAN numbered list in user-specified network region and the corresponding IP address that are created;
Step A6, calculate Resource Server and send virtual machine creating notification message to Virtual Machine Management Service device, described virtual machine creating notification message includes the information such as network type label of the virtual machine numbering, security domain belonging to the VLAN numbered list in user-specified network region, virtual machine and the virtual machine network interface card that are created;
Step A7, Virtual Machine Management Service device select 1 physical host from the security domain belonging to virtual machine, and find virtual switch consistent with the network type label of virtual machine network interface card in security domain, then from the VLAN numbered list in user-specified network region, extract each VLAN one by one number and judge on virtual switch, whether to there are the most consistent port set numbering, if it is, continue to extract next VLAN numbering;If it is not, then on described virtual switch newly-built one with the VLAN consistent port set of numbering, and each port in port set is configured to access pattern, then proceedes to extract next VLAN numbering;
Step A8, Virtual Machine Management Service device configure the information such as gateway, mask and IP address on virtual machine network interface card, and successively virtual machine network interface card is linked in the virtual switch port set consistent with a VLAN numbering in the VLAN numbered list in user-specified network region, then start and create virtual machine process, start to create virtual machine on selected physical host, after creating virtual machine success, described virtual machine information is increased, simultaneously to calculating Resource Server return establishment successful result in the computing pool of the security domain belonging to virtual machine;
Virtual machine state is updated to ready by step A9, calculating Resource Server, and notifies that user can access, by the IP address in virtual machine creating response message, the virtual machine being created.
In Fig. 6 step A4, described network area creates VLAN numbering and the IP address of a new vlan network selected described new vlan network, has farther included:
Selected available VLAN numbering from the VLAN pond of described network area, then according to network size to be created, an IP subnet section is marked off in the IP pond of described network area, gateway and the mask of VLAN is configured again on fire wall, thus it is created that a vlan network having not less than required IP address space, a last selected idle IP address from the IP subnet section marked off, the network area and the selected VLAN that preserve described newly created vlan network number and IP address.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all within the spirit and principles in the present invention, any modification, equivalent substitution and improvement etc. done, within should be included in the scope of protection of the invention.
Claims (16)
1. the virtual machine multi-network management system under a cloud computing environment, it is characterised in that include calculating Resource Server and Virtual Machine Management Service device, wherein, calculate Resource Server and farther included:
Network area construction device, for partitioning the network into into several security domains, continue to be divided into several network areas by each security domain again, then configure actual access switch for each network area and build corresponding VLAN pond and IP pond, described VLAN pond includes all available VLAN numbering sections in described network area, and IP pond includes all available IP address fields in described network area;
Virtual switch creates device, for multiple physical nodes are respectively divided in different security domains, and on the physical node of each security domain, create virtual switch, described physical node is 1 physical host or the computer cluster being made up of multiple physical hosts, described virtual switch includes distribution switch and standard switchboard, then the access switch that the virtual switch in each security domain and each network area configure is connected one by one, and the connection between virtual switch and access switch is configured to trunk pattern.
System the most according to claim 1, it is characterised in that calculate Resource Server and also include:
Virtual machine network selects device, for reading each network area one by one and judge whether each network area there are a vlan network created from the application VLAN of user request message, if it is, the VLAN of the vlan network created is numbered in the VLAN numbered list adding user-specified network region to;If it is not, then create VLAN numbering and the IP address of a new vlan network selected described new vlan network in described network area, then the VLAN of newly created vlan network is numbered in the VLAN numbered list adding user-specified network region to.
System the most according to claim 2, it is characterised in that virtual machine network selects device to farther include:
Vlan network creating unit, for creating a new vlan network in network area: selected available VLAN numbering from the VLAN pond of described network area, then according to network size to be created, an IP subnet section is marked off in the IP pond of described network area, gateway and the mask of VLAN is configured again on fire wall, thus it is created that a vlan network having not less than required IP address space, a last selected idle IP address from the IP subnet section marked off, preserve the network area of described newly created vlan network, and selected VLAN numbers and IP address.
System the most according to claim 1, it is characterized in that, described network area construction device partitions the network into into different security domains and network area by configuration on network devices, described network includes one or more different types of network, and described network area construction device also includes:
2 access switch for configuring 2 access switch for each network area, and are used Intel Virtualization Technology to virtualize, thus 2 access switch invent 1 access switch equipment of logic by access switch virtualization unit respectively.
System the most according to claim 1, it is characterised in that virtual switch creates device and farther included:
Virtual switch tag unit, for stamping different network type labels to the virtual switch of each security domain, and is that each security domain builds 1 computing pool, preserves the virtual switch in security domain and network type label thereof in described computing pool.
System the most according to claim 5, it is characterised in that virtual switch creates device and also includes:
Virtual switch construction unit, for the network type according to network area each in security domain, creates several distribution switch on the physical node of each security domain, and creates 1 standard switchboard on every physical host of security domain.
System the most according to claim 5, it is characterised in that Virtual Machine Management Service device has farther included:
nullVirtual machine creating device,The virtual machine creating notification message that Resource Server is sent is calculated for receiving,Described virtual machine creating notification message includes the virtual machine numbering being created、The VLAN numbered list in user-specified network region、Security domain belonging to virtual machine and the network type label of virtual machine network interface card,1 physical host is selected from the security domain belonging to virtual machine,And find virtual switch consistent with the network type label of virtual machine network interface card in security domain,Then from the VLAN numbered list in user-specified network region, extract each VLAN numbering one by one、And judge on virtual switch, whether to there are the most consistent port set numbering,If not,A then newly-built port set consistent with VLAN numbering on described virtual switch,And each port in described port set is configured to access pattern,After having extracted all VLAN numbering from the VLAN numbered list in user-specified network region,Gateway is configured again on virtual machine network interface card、Mask and IP address,And successively virtual machine network interface card is linked in the virtual switch port set consistent with a VLAN numbering in the VLAN numbered list in user-specified network region,Finally start and create virtual machine process,Start to create virtual machine on selected physical host,After creating virtual machine success,Described virtual machine information is increased in the computing pool of the security domain belonging to virtual machine,Simultaneously to calculating Resource Server return establishment successful result.
System the most according to claim 1, it is characterised in that the uplink port group of distribution switch is connected with the port of access switch, wherein the pattern configurations of vlan trunking is pressed in distribution switch side, and access switch side is configured to trunk pattern;A port under the downlink port group of virtual switch is connected with a network interface card of the virtual machine being created, and the port in downlink port group is configured to access pattern.
9. the virtual machine multi-network management method under a cloud computing environment, it is characterised in that include:
Step one, partition the network into into several security domains, continue to be divided into several network areas by each security domain again, then configure actual access switch for each network area and build corresponding VLAN pond and IP pond, described VLAN pond includes all available VLAN numbering sections in described network area, and IP pond includes all available IP address fields in described network area;
Step 2, multiple physical nodes are respectively divided in different security domains, and on the physical node of each security domain, create virtual switch, described physical node is 1 physical host or the computer cluster being made up of multiple physical hosts, and described virtual switch includes distribution switch and standard switchboard;
Step 3, the access switch that the virtual switch in each security domain and each network area configure is connected one by one, and the connection between virtual switch and access switch is configured to trunk pattern.
Method the most according to claim 9, it is characterised in that in step one, partitions the network into into different security domains and network area by configuration on network devices, and described network includes one or more different types of network,
Step one also includes:
Configure 2 access switch for each network area, and use Intel Virtualization Technology to virtualize 2 access switch respectively, thus 2 access switch are invented 1 access switch equipment of logic.
11. methods according to claim 9, it is characterised in that step 2 has farther included:
Step 21, virtual switch to each security domain stamp different network type labels;
Step 22, for each security domain build 1 computing pool, described computing pool is preserved the virtual switch in security domain and network type label thereof.
12. methods according to claim 11, it is characterised in that also include before step 21:
According to the network type of network area each in security domain, the physical node of each security domain creates several distribution switch, and on every physical host of security domain, creates 1 standard switchboard.
13. methods according to claim 11, it is characterised in that when user creates a new virtual machine, also include:
Step 1, calculate Resource Server and send virtual machine creating notification message to Virtual Machine Management Service device, described virtual machine creating notification message includes virtual machine numbering, security domain belonging to the VLAN numbered list in user-specified network region, virtual machine and the network type label of virtual machine network interface card being created;
Step 2, Virtual Machine Management Service device select 1 physical host from the security domain belonging to virtual machine, and find virtual switch consistent with the network type label of virtual machine network interface card in security domain, then from the VLAN numbered list in user-specified network region, extract each VLAN one by one number and judge on virtual switch, whether to there are the most consistent port set numbering, if it is, continue to extract next VLAN numbering;If it is not, then on described virtual switch newly-built one with the VLAN consistent port set of numbering, and each port in port set is configured to access pattern, then proceedes to extract next VLAN numbering;
Step 3, Virtual Machine Management Service device configure gateway, mask and IP address on virtual machine network interface card, and successively virtual machine network interface card is linked in the virtual switch port set consistent with a VLAN numbering in the VLAN numbered list in user-specified network region, then start and create virtual machine process, start to create virtual machine on selected physical host, after creating virtual machine success, described virtual machine information is increased, simultaneously to calculating Resource Server return establishment successful result in the computing pool of the security domain belonging to virtual machine.
14. methods according to claim 13, it is characterised in that also include before step 1:
Step A1, user select one or more network area in the security domain belonging to virtual machine, and send application VLAN request message to calculating Resource Server;
Step A2, calculating Resource Server read each network area one by one and judge whether there are a vlan network created in each network area from application VLAN request message, if it is, the VLAN of the vlan network created is numbered in the VLAN numbered list adding user-specified network region to;If it is not, then create VLAN numbering and the IP address of a new vlan network selected described new vlan network in described network area, then the VLAN of newly created vlan network is numbered in the VLAN numbered list adding user-specified network region to.
15. methods according to claim 14, it is characterised in that also include before step A1:
User sends establishment virtual machine request message to calculating Resource Server, includes the network type label of the security domain belonging to the virtual machine being created, virtual machine network interface card in described establishment virtual machine request message;
Calculating Resource Server is that the virtual machine being created distributes a new virtual machine numbering.
16. methods according to claim 14, it is characterised in that in step A2, create VLAN numbering and the IP address of a new vlan network selected described new vlan network in described network area, have farther included:
Selected available VLAN numbering from the VLAN pond of described network area, then according to network size to be created, an IP subnet section is marked off in the IP pond of described network area, gateway and the mask of VLAN is configured again on fire wall, thus it is created that a vlan network having not less than required IP address space, a last selected idle IP address from the IP subnet section marked off, the network area and the selected VLAN that preserve described newly created vlan network number and IP address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310618609.0A CN103607308B (en) | 2013-11-29 | 2013-11-29 | Virtual machine multi-network management system under cloud computing environment and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310618609.0A CN103607308B (en) | 2013-11-29 | 2013-11-29 | Virtual machine multi-network management system under cloud computing environment and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103607308A CN103607308A (en) | 2014-02-26 |
| CN103607308B true CN103607308B (en) | 2016-09-21 |
Family
ID=50125509
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310618609.0A Active CN103607308B (en) | 2013-11-29 | 2013-11-29 | Virtual machine multi-network management system under cloud computing environment and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103607308B (en) |
Families Citing this family (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104010028B (en) * | 2014-05-04 | 2017-11-07 | 华南理工大学 | A kind of dynamic management strategy method of virtual resource that performance is weighted under cloud platform |
| WO2016019492A1 (en) | 2014-08-04 | 2016-02-11 | 华为技术有限公司 | Virtual-operation administration and maintenance deployment method, device and virtual network system |
| CN104243608B (en) * | 2014-09-29 | 2018-02-06 | 华为技术有限公司 | A kind of communication means, cloud management server and virtual switch |
| US9628334B2 (en) * | 2014-12-19 | 2017-04-18 | Cisco Technology, Inc. | VLAN tagging in a virtual environment |
| CN105589749B (en) * | 2014-12-30 | 2018-11-27 | 中国银联股份有限公司 | Network IP resources distribution method and device under cloud computing environment |
| CN104486363B (en) * | 2015-01-05 | 2017-08-25 | 福建爱特点信息科技有限公司 | A kind of cloud security safeguards system |
| CN105991734B (en) * | 2015-02-16 | 2019-05-17 | 广东亿迅科技有限公司 | A kind of cloud platform management method and system |
| WO2017070963A1 (en) * | 2015-10-31 | 2017-05-04 | 华为技术有限公司 | Method, apparatus, and system for deploying virtual resources |
| CN107153565B (en) | 2016-03-03 | 2020-06-16 | 华为技术有限公司 | Method for configuring resource and network equipment thereof |
| CN105912892B (en) * | 2016-04-08 | 2018-09-04 | 浪潮电子信息产业股份有限公司 | A kind of Process Protection system and method based on cloud computing |
| CN107666493B (en) * | 2016-07-27 | 2020-08-14 | 腾讯科技(深圳)有限公司 | Database configuration method and equipment thereof |
| CN106612225B (en) * | 2016-12-12 | 2020-01-14 | 武汉烽火信息集成技术有限公司 | Openstack-based agent deployment system and method |
| CN106878204B (en) * | 2016-12-21 | 2020-09-08 | 新华三技术有限公司 | Virtual machine creating method and device |
| CN106899518B (en) * | 2017-02-27 | 2022-08-19 | 腾讯科技(深圳)有限公司 | Resource processing method and device based on Internet data center |
| CN107256163B (en) * | 2017-06-20 | 2021-04-30 | 郑州云海信息技术有限公司 | Method and device for realizing node management |
| CN107453959B (en) * | 2017-09-22 | 2021-04-30 | 郑州云海信息技术有限公司 | Network card management method and device |
| CN109756431B (en) * | 2017-11-06 | 2021-07-16 | 阿里巴巴集团控股有限公司 | Hybrid network configuration method and device, network structure and electronic equipment |
| CN107743152B (en) * | 2017-12-07 | 2020-09-22 | 南京易捷思达软件科技有限公司 | High-availability implementation method for load balancer in OpenStack cloud platform |
| CN108173767B (en) * | 2017-12-25 | 2021-02-26 | 杭州迪普科技股份有限公司 | Message forwarding method and device based on VLAN-IF interface multiplexing |
| CN108156079B (en) * | 2017-12-29 | 2021-08-13 | 深信服科技股份有限公司 | Data packet forwarding system and method based on cloud service platform |
| CN109995816B (en) * | 2017-12-29 | 2022-04-08 | 中移(苏州)软件技术有限公司 | Information importing method and device based on cloud computing platform and communication equipment |
| CN108768807B (en) * | 2018-06-01 | 2021-08-17 | 中国电子信息产业集团有限公司第六研究所 | Virtual-real interconnection method and device for cloud platform |
| CN108683607B (en) * | 2018-06-14 | 2020-02-21 | 新华三云计算技术有限公司 | Virtual machine flow control method and device and server |
| CN109254831B (en) * | 2018-09-06 | 2020-05-29 | 山东师范大学 | Virtual machine network security management method based on cloud management platform |
| CN109445910B (en) * | 2018-11-02 | 2022-03-04 | 郑州云海信息技术有限公司 | Virtual machine VLAN management method, device, terminal and storage medium |
| CN111262771B (en) * | 2018-11-30 | 2021-06-22 | 北京金山云网络技术有限公司 | Virtual private cloud communication system, system configuration method and controller |
| CN109587243B (en) * | 2018-12-05 | 2021-10-29 | 郑州云海信息技术有限公司 | Cloud platform comprising distributed storage and deployment method |
| CN109617720B (en) * | 2018-12-11 | 2022-02-25 | 郑州云海信息技术有限公司 | Method and device for distributing network resources |
| CN110011836A (en) * | 2019-03-15 | 2019-07-12 | 启迪云计算有限公司 | A kind of the distributed virtual switch and configuration method |
| CN110474913A (en) * | 2019-08-20 | 2019-11-19 | 福建伊时代信息科技股份有限公司 | Virtualization means of defence and terminal under a kind of cloud environment |
| CN111464511A (en) * | 2020-03-18 | 2020-07-28 | 紫光云技术有限公司 | Method for supporting multi-VPC isolation in cloud computing network |
| CN113783910B (en) * | 2020-06-09 | 2024-02-13 | 阿里巴巴集团控股有限公司 | Data forwarding method, device and system |
| CN111934971B (en) * | 2020-08-12 | 2022-04-05 | 杭州默安科技有限公司 | Method and device for local network access from mapping service spanning three-layer network to multiple VLANs and multiple IPs |
| CN112099913B (en) * | 2020-09-01 | 2023-12-01 | 北京思特奇信息技术股份有限公司 | Method for realizing virtual machine security isolation based on OpenStack |
| CN112433678B (en) * | 2020-11-26 | 2022-08-19 | 湖南国科微电子股份有限公司 | Network adjusting method, device, equipment and medium for distributed storage system |
| CN112804131B (en) * | 2021-01-08 | 2021-12-07 | 上海自恒信息科技有限公司 | Access control method based on VLAN structure |
| CN113259164B (en) * | 2021-05-18 | 2022-03-22 | 广州锦行网络科技有限公司 | Method for realizing virtual-real networking based on virtual routing system construction |
| CN114422296B (en) * | 2022-01-05 | 2024-02-20 | 北京天一恩华科技股份有限公司 | Multi-scene virtual network construction system, method, terminal and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102223308A (en) * | 2011-07-06 | 2011-10-19 | 北京航空航天大学 | Network area traffic compressing and distributing system based on virtual link exchange |
| CN102523166A (en) * | 2011-12-23 | 2012-06-27 | 中山大学 | Structured network system applicable to future internet |
| CN102739798A (en) * | 2012-07-05 | 2012-10-17 | 成都国腾实业集团有限公司 | Cloud platform resource scheduling method with network sensing function |
| CN102970204A (en) * | 2012-10-24 | 2013-03-13 | 曙光信息产业(北京)有限公司 | Distributed switch system based on xen virtualization platform and achieving method thereof |
-
2013
- 2013-11-29 CN CN201310618609.0A patent/CN103607308B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102223308A (en) * | 2011-07-06 | 2011-10-19 | 北京航空航天大学 | Network area traffic compressing and distributing system based on virtual link exchange |
| CN102523166A (en) * | 2011-12-23 | 2012-06-27 | 中山大学 | Structured network system applicable to future internet |
| CN102739798A (en) * | 2012-07-05 | 2012-10-17 | 成都国腾实业集团有限公司 | Cloud platform resource scheduling method with network sensing function |
| CN102970204A (en) * | 2012-10-24 | 2013-03-13 | 曙光信息产业(北京)有限公司 | Distributed switch system based on xen virtualization platform and achieving method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103607308A (en) | 2014-02-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103607308B (en) | Virtual machine multi-network management system under cloud computing environment and method | |
| US11444841B2 (en) | Method, apparatus, and system for implementing software-defined network SDN | |
| CN104022960B (en) | Method and apparatus based on OpenFlow protocol realizations PVLAN | |
| CN103141059B (en) | The method and apparatus isolated for private virtual local area network | |
| CN102549983B (en) | Distributed data center access switch | |
| CN103997513B (en) | A kind of programmable virtual network service system | |
| EP2525532A1 (en) | Method and apparatus of connectivity discovery between network switch and server based on vlan identifiers | |
| CN104581419B (en) | Double net implementation methods based on android Intelligent set top boxes | |
| Matias et al. | An OpenFlow based network virtualization framework for the cloud | |
| CN104426680B (en) | Data transmission method, device and system | |
| CN107113219A (en) | VLAN marks in virtual environment | |
| CN104468574B (en) | A kind of method, system and device of virtual machine dynamic access IP address | |
| CN103607432B (en) | A kind of method and system of network creation and the network control center | |
| CN109698757A (en) | Switch master/slave device, the method for restoring user data, server and the network equipment | |
| CN107370642A (en) | One kind is based on cloud platform multi-tenant network smoothness monitoring system and method | |
| CN107896195A (en) | Service chaining method of combination, device and service chaining topological structure | |
| CN105284080A (en) | Data center system and virtual network management method of data center | |
| CN107111513A (en) | The InfiniBand system and method for SR IOV vSWITCH architectural frameworks are provided for high-performance cloud computing environment | |
| CN107018058A (en) | The method and system of VLAN and VXLAN communications are shared under a kind of cloud environment | |
| CN103138990A (en) | Virtual machine management method under cloud computing network and cloud computing network management device | |
| CN109660442A (en) | The method and device of multicast replication in Overlay network | |
| CN106878480A (en) | A kind of DHCP service process sharing method and device | |
| CN106034052A (en) | System and method for monitoring two-layer traffic among virtual machines | |
| WO2013189056A1 (en) | Exchange board of blade server and port configuration method therefor | |
| CN108282462A (en) | A kind of device of isolation service network and management net |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 310013, Zhejiang, Xihu District, Wensanlu Road, No. 398, 4 floor, Hangzhou Patentee after: EB Information Technology Ltd. Address before: 100191 Beijing, Zhichun Road, No. 9, hearing the building on the floor of the 7 floor, Patentee before: EB Information Technology Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 310013 4th floor, No.398 Wensan Road, Xihu District, Hangzhou City, Zhejiang Province Patentee after: Xinxun Digital Technology (Hangzhou) Co.,Ltd. Address before: 310013 4th floor, No.398 Wensan Road, Xihu District, Hangzhou City, Zhejiang Province Patentee before: EB Information Technology Ltd. |