New! View global litigation for patent families

CN104168200A - Open vSwitch-based method and system for realizing ACL function - Google Patents

Open vSwitch-based method and system for realizing ACL function Download PDF

Info

Publication number
CN104168200A
CN104168200A CN 201410328769 CN201410328769A CN104168200A CN 104168200 A CN104168200 A CN 104168200A CN 201410328769 CN201410328769 CN 201410328769 CN 201410328769 A CN201410328769 A CN 201410328769A CN 104168200 A CN104168200 A CN 104168200A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
rule
flow
acl
vswitch
virtual
Prior art date
Application number
CN 201410328769
Other languages
Chinese (zh)
Other versions
CN104168200B (en )
Inventor
张群轼
Original Assignee
汉柏科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Abstract

The invention provides an open virtual switching (vSwitch)-based method for realizing an access control list (ACL) function. The method comprises: a host sends a new ACL rule related to a certain virtual machine to a network control server; after the network control server receives the ACL rule, the ACL rule is converted into a flow rule used by the Open vSwitch and the flow rule is sent to a network agent server of a host that the virtual machine is located at; and the network agent server converts the received flow rule into an OVS command, the OVS command is executed at the local host, and the flow rule is inserted into a flow table of the Open vSwitch. According to the method, the ACL function of the virtual machine flow is realized by using the Open vSwitch way, thereby achieving an objective of virtual machine data flow controlling.

Description

—种基于Open vSwitch实现ACL功能的方法及系统 - Ways and implement systems based on Open vSwitch ACL function

技术领域 FIELD

[0001] 本发明涉及计算机网络技术领域,具体涉及一种基于Open vSwitch实现ACL功能的方法及系统。 [0001] The present invention relates to computer network technology, and in particular relates to a method and system based on Open vSwitch achieve ACL function.

背景技术 Background technique

[0002] 由于一个虚拟机上可能存在多个虚拟后的系统,系统之间通讯就需要通过网络,但和普通的物理系统间通过实体网络设备互联不同,虚拟系统的网络接口也是虚拟的,因此不能直接通过实体网络设备互联,目前流行的一种解决方案是:虚拟交换(VirtualSwitching,简称vSwitch)技术。 [0002] Because the plurality of virtual system may exist on a virtual machine, between the communication system requires a network, but the system and between the common physical devices connected via a network entity different from the network interface is virtual virtual system, so not directly through the physical network devices connected, the popular solution is: virtual switching (VirtualSwitching, referred to as vSwitch) technology. 所谓的vSwitch,是指将虚拟网桥完全在服务器(终端)硬件上实现,不涉及外部交换机的协作。 The so-called vSwitch, refers to the virtual bridge is fully implemented on the server (terminal) hardware, it does not involve the collaboration of external switches.

[0003] 跟普通服务器设备一样,每个虚拟机有着自己的虚拟网卡(virtual NIC),每个virtual NIC有着自己的MAC地址和IP地址。 [0003] As with the ordinary server device, each virtual machine has its own virtual NIC (virtual NIC), each virtual NIC has its own MAC address and IP address. vSwitch相当于一个虚拟的二层交换机,该交换机连接虚拟网卡和物理网卡,将虚拟机上的数据报文从物理网口转发出去。 vSwitch corresponds to a virtual Layer 2 switch, which connect the virtual NIC and the physical NIC, the packets are forwarded on the virtual machine from the physical network port. 根据需要,vSwitch还可以支持二层转发、安全控制、端口镜像等功能。 If necessary, vSwitch can also Layer 2 forwarding, security control, port mirroring function.

[0004] 但现有技术中,利用传统的vSwitch实现访问控制列表(Access Control list,简称ACL)功能需要消耗CPU资源,对服务器的性能有影响。 [0004] However, the prior art, the use of traditional vSwitch implement access control lists (Access Control list, referred to as ACL) function need to consume CPU resources, affect the performance of the server.

发明内容 SUMMARY

[0005] 针对现有技术的缺陷,本发明提供的实现ACL功能的方法,采用Open vSwitch解决虚拟机流量的ACL功能,从而达到控制虚拟机数据流量的目的。 [0005] for the disadvantages of the prior art, ACL-implemented method of the present invention provides, using ACL functionality to resolve Open vSwitch virtual machine traffic, so as to achieve control virtual machine data traffic.

[0006] 第一方面,本发明提供了一种基于Open vSwitch实现ACL功能的方法,该方法包括: [0006] In a first aspect, the present invention provides a method implemented based ACL Open vSwitch function, the method comprising:

[0007] S1:第一主机将设置的关于某虚拟机的访问控制列表ACL规则发送到第一主机的网络控制服务端; [0007] S1: sending the first host the set on a virtual machine access control list ACL rules to control the first host network server;

[0008] S2:网络控制服务端接收到ACL规则后,将所述ACL规则转换成开放虚拟交换标准Open vSwitch所使用的流Flow规则,并将所述Flow规则发送到所述虚拟机所在第二主机的网络代理服务端; [0008] S2: network control service. After receiving the ACL, ACL rules to convert the rules of open flow Flow Open vSwitch virtual switch standards used, and the transmission rule Flow to the second virtual machine is located network proxy server host;

[0009] S3:网络代理服务端将接收到的Flow规则转换成OVS命令,并在第二主机上执行所述OVS命令,以将所述Flow规则插入Open vSwitch的流Flow表中。 [0009] S3: network proxy server converts the received command OVS Flow into rules, and executes the command on the second host OVS to insert the rule Open vSwitch Flow Flow flow table.

[0010] 优选地,该方法步骤S3后还包括: [0010] Preferably, the method further comprising after step S3:

[0011] 当虚拟机内有流量进入到Open vSwitch中,Open vSwitch会在Flow表中进行对t匕,并执行相应Flow规则所定义的动作。 [0011] When there is flow into the Open vSwitch within a virtual machine, will be of the Open vSwitch dagger Flow table t, and performs an action corresponding Flow defined rule.

[0012] 优选地,该方法步骤S2还包括: [0012] Preferably, the method further comprises the step S2:

[0013] 网络控制服务端将接收到的ACL规则保存到分布式数据库中。 [0013] The network control server stores the received ACL rules to the distributed database.

[0014] 优选地,所述ACL规则适用于网络Network或虚拟网卡。 [0014] Preferably, the ACL rules apply to a network or virtual NIC Network.

[0015] 优选地,所述ACL规则之间的优先级从高到低依次为:不可覆盖的网络Network级另|J、虚拟网卡级别以及可覆盖的Network级别。 [0015] Preferably, the highest to lowest priority between the ACL rule as follows: Network-level network not covered by another | J, virtual NIC level, and may cover the Network level.

[0016] 第二方面,本发明提供了一种基于Open vSwitch实现ACL功能的系统,该系统包括虚拟机、Open vSwitch、网络代理服务端及网络控制服务端; [0016] a second aspect, the present invention provides a method based ACL Open vSwitch realize functions of the system, the system includes a virtual machine, Open vSwitch, network proxy server and a network control server;

[0017] 网络控制服务端,用于将接收到的ACL规则转换成Open vSwitch所使用的Flow规则,将所述Flow规则发送到所述虚拟机所在主机的网络代理服务端; [0017] The network control server, for converting the received ACL rules into the rules Flow Open vSwitch used to transmit the virtual machine Flow rule to the host that the network proxy server;

[0018] 网络代理服务端,用于将将接收到的Flow规则转换成OVS命令,并在本地主机上执行所述OVS命令,并将所述Flow规则插入所述Open vSwitch中的Flow表中; [0018] The network proxy server, for converting the received command OVS Flow into rules, and executes the command on the local host OVS, the insertion rule and the Open vSwitch Flow in Flow table;

[0019] Open vSwitch,用于根据进入到Open vSwitch中虚拟机的流量,在其Flow表中进行对比,并执行相应Flow规则所定义的动作。 [0019] Open vSwitch, according to the action defined for the flow proceeds to Open vSwitch virtual machine, which in comparison Flow table, and executes the corresponding Flow rules.

[0020] 优选地,所述网络控制服务端的功能还包括:将接收到的ACL规则保存到分布式数据库中。 [0020] Preferably, the network control function server further comprising: saving the received ACL rules to the distributed database.

[0021] 优选地,所述虚拟机、所述Open vSwitch和所述网络代理服务位于同一主机,所述网络控制服务端位于另一主机。 [0021] Preferably, the virtual machine, and the network Open vSwitch the proxy service on the same host, the network control server on the other host.

[0022] 优选地,所述系统还包括物理交换机,用于通过物理网卡连接不同主机。 [0022] Preferably, the system further comprises a physical switch, for connecting different host through physical NIC.

[0023] 由上述技术方案可知,本发明提供的一种实现ACL功能的方法和系统,采用OpenvSwitch及分布式的结构解决了虚拟机流量的ACL功能,从而达到控制虚拟机数据流量的目的,由于整个系统分布于不同的主机,使得服务器性能明显提高。 [0023] From the above technical solutions, the present invention provides a method and system for realizing the function of the ACL using OpenvSwitch distributed architecture and functions of the virtual machine solves the ACL traffic, so as to achieve control virtual machine data traffic, since the system located in different hosts, so that the server performance improved significantly.

附图说明 BRIEF DESCRIPTION

[0024] 为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些图获得其他的附图。 [0024] In order to more clearly illustrate the technical solutions in the embodiments or the prior art embodiment of the present invention, briefly introduced hereinafter, embodiments are described below in the accompanying drawings or described in the prior art needed to be used in describing the embodiments the drawings are only some embodiments of the present invention, those of ordinary skill in the art is concerned, without creative efforts, can obtain other drawings according to these drawings.

[0025] 图1是本发明实施例提供的基于Open vSwitch实现ACL功能的方法的流程图; [0025] FIG. 1 is a flowchart illustrating a method implemented Open vSwitch ACL functionality provided by the embodiment of the present invention;

[0026] 图2是本发明实施例提供的基于Open vSwitch实现ACL功能的系统的结构示意图; [0026] FIG. 2 is a schematic view ACL system based on Open vSwitch implement functionality according to an embodiment of the present invention;

[0027] 图3是本发明另一实施例提供的Open vSwitch在Flow表中进行对比的流程示意图。 [0027] FIG. 3 is a flow diagram of the Open vSwitch provided in Flow table comparing another embodiment of the present invention.

具体实施方式 detailed description

[0028] 下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。 [0028] below in conjunction with the present invention in the accompanying drawings, technical solutions of embodiments of the present invention are clearly and completely described, obviously, the described embodiments are merely part of embodiments of the present invention, but not all embodiments example. 基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。 Based on the embodiments of the present invention, all other embodiments of ordinary skill in the art without any creative effort shall fall within the scope of the present invention.

[0029] Open vSwitch是一种软件,Open vSwitch即开放虚拟交换标准。 [0029] Open vSwitch is a piece of software, Open vSwitch virtual switch that is open standards. 如图1所示,图1示出了本发明提供的基于Open vSwitch实现ACL功能的方法的流程图,该方法包括: 1, FIG. 1 shows a flowchart of a method implemented Open vSwitch ACL functionality provided by the present invention, the method comprising:

[0030] S1:第一主机将设置的关于某虚拟机的访问控制列表ACL规则发送到第一主机的网络控制服务端; [0030] S1: sending the first host the set on a virtual machine access control list ACL rules to control the first host network server;

[0031 ] S2:网络控制服务端接收到ACL规则后,将所述ACL规则转换成开放虚拟交换标准Open vSwitch所使用的流Flow规则,并将所述Flow规则发送到所述虚拟机所在第二主机的网络代理服务端; [0031] S2: network control service. After receiving the ACL, ACL rules to convert the rules of open flow Flow Open vSwitch virtual switch standards used, and the transmission rule Flow to the second virtual machine is located network proxy server host;

[0032] S3:网络代理服务端将接收到的Flow规则转换成OVS命令,并在第二主机上执行所述OVS命令,以将所述Flow规则插入Open vSwitch的流Flow表中。 [0032] S3: network proxy server converts the received command OVS Flow into rules, and executes the command on the second host OVS to insert the rule Open vSwitch Flow Flow flow table.

[0033] 其中,该方法步骤S3后还包括: [0033] wherein the method further comprises after step S3:

[0034] 当虚拟机内有流量进入到Open vSwitch中,Open vSwitch会在Flow表中进行对t匕,并执行相应Flow规则所定义的动作。 [0034] When there is flow into the Open vSwitch within a virtual machine, will be of the Open vSwitch dagger Flow table t, and performs an action corresponding Flow defined rule.

[0035] 因此若新设定的ACL规则为不允许TCP协议的8080端口的流量通过,则当虚拟机流量是TCP协议,且端口是8080时,就会执行DROP动作。 [0035] Therefore, if the new ACL rule set for 8080 does not allow traffic through the TCP protocol, when the virtual machine traffic is TCP protocol, and the port is 8080, it will execute the DROP action.

[0036] 如图3所不,图3不出了Open vSwitch中Flow表,共包括3个Flow表TableO、Tablel和Table2,由图可知,当有流量进入Open vSwitch中时,Open vSwitch在Flow表中进行对比的过程为: [0036] FIG. 3 is not, not in FIG. 3 in the Open vSwitch Flow table, comprising a total of 3 Flow table TableO, Tablel and Table2, seen from Fig, when there is traffic to enter the Open vSwitch, in Flow table Open vSwitch in contrast to the process of:

[0037] (I)当有流量进入Open vSwitch时,TableO判断该流量是都为虚拟机网卡中出来的流量,若是,则加上VLAN Tag,并跳转到Tablel ; [0037] (I) When the traffic entering the Open vSwitch, TableO determines whether the flow is all in a virtual machine NIC flow out, if yes, plus VLAN Tag, and jump to the Tablel;

[0038] (2) Tablel根据优先级依次判断该流量是否与不可覆的Network级别的Flows、虚拟网卡级别的Flows及可覆盖的Network级别Flows中的Flow规则匹配,若与其中某个Flow规则匹配,则执行该Flow规则所定义的动作(act1n),而若需执行的动作为允许(normal)动作,跳转到Table2 ; [0038] (2) Tablel according to the priority order is determined whether the traffic with the rules Flow non overlying level Network Flows, Flows and level virtual NIC Network Flows level may be covered by the match, wherein if the rule matching a Flow this operation (act1n) Flow defined rule is executed, and the operation performed to allow Request (normal) operation jumps to Table2;

[0039] (3) Table2判断该流量是否为虚拟机网卡出来的流量,若是,则去掉VLAN Tag。 [0039] (3) Table2 determines whether the virtual machine NIC flow out of the flow, if yes, removing the VLAN Tag.

[0040] 上述方法中的步骤S2还包括: [0040] Step S2 in the above-described method further comprises:

[0041] 网络控制服务端将接收到的ACL规则保存到分布式数据库中。 [0041] The network control server stores the received ACL rules to the distributed database.

[0042] 可选地,所述ACL规则适用于网络Network或虚拟网卡。 [0042] Alternatively, the ACL rules apply to network or virtual LAN Network. 具体来说,它们分别针对的是某一个网络和某一个虚拟机上的虚拟网卡。 Specifically, they are for a virtual network adapter on one network and one virtual machine. 当用户给一个虚拟机的虚拟网卡设置ACL后,那么Flow只下发到虚拟机所在的主机上。 When the user to a virtual machine's virtual network adapter installed ACL, then the Flow only issued to the host virtual machine resides. 当用户给一个虚拟网络设置ACL后,那么首先会查找出所有属于这个虚拟网络的虚拟网卡,之后再找出这个虚拟网卡对应的虚拟机在那些主机上,最后把这个Flow下发到这些主机上。 When the user to a virtual network set up ACL, it will first find out all virtual NICs belong to this virtual network, after then find the corresponding virtual network adapter virtual machines on those hosts, and finally issued under this Flow to these hosts .

[0043] 优选地,所述ACL规则之间的优先级从高到低依次为:不可覆盖的网络Network级另I1、虚拟网卡级别以及可覆盖的Network级别。 [0043] Preferably, the highest to lowest priority between the ACL rule as follows: I1 not covered by another network Network level, level, and the virtual NIC may cover the Network level.

[0044] 如图2所示,图2示出了本发明提供的基于Open vSwitch实现ACL功能的系统的结构示意图,该系统包括虚拟机、Open vSwitch、网络代理服务端及网络控制服务端。 [0044] As shown, FIG. 2 shows a schematic structure of the system based on Open vSwitch achieve ACL functionality provided by the present invention 2, the system includes a virtual machine, Open vSwitch, network proxy server and a network control server.

[0045] 具体来说,网络控制服务端,用于将接收到的ACL规则转换成Open vSwitch所使用的Flow规则,并将所述Flow规则发送到所述虚拟机所在主机的网络代理服务端;网络代理服务端,用于将将接收到的Flow规则转换成OVS命令,并在本地主机上执行所述OVS命令,并将所述Flow规则插入所述Open vSwitch中的Flow表中;0pen vSwitch,用于根据进入到Open vSwitch中虚拟机的流量,在其Flow表中进行对比,并执行相应Flow规则所定义的动作。 [0045] Specifically, the network control server, for converting the received ACL rules into the rules Flow Open vSwitch used, Flow rule and sends the virtual machine to the host that the network proxy server; network proxy server, for converting the received command OVS Flow into rules, and executes the command on the local host OVS, the insertion rule and the Open vSwitch Flow in Flow table; 0pen vSwitch, for comparison in the table based on its flow into the virtual machine Open vSwitch traffic, and perform an action corresponding flow defined rule.

[0046] 而且,所述系统还包括物理交换机,用于通过物理网卡连接不同主机。 [0046] Further, the system further comprises a physical switch, for connecting different host through physical NIC.

[0047] 其中,所述虚拟机、所述Open vSwitch和所述网络代理服务位于同一主机B,所述网络控制服务端位于另一主机A。 [0047] wherein the virtual machine, and the Open vSwitch the proxy service on the same host network B, the network control server on the other host A.

[0048] 优选地,所述网络控制服务端的功能还包括:将接收到的ACL规则保存到分布式数据库中。 [0048] Preferably, the network control function server further comprising: saving the received ACL rules to the distributed database.

[0049] 由上述技术方案可知,本发明提供的一种实现ACL功能的方法和系统,采用OpenvSwitch及分布式的结构解决了虚拟机流量的ACL功能,从而达到控制虚拟机数据流量的目的,由于整个系统分布于不同的主机,使得服务器性能明显提高。 [0049] From the above technical solutions, the present invention provides a method and system for realizing the function of the ACL using OpenvSwitch distributed architecture and functions of the virtual machine solves the ACL traffic, so as to achieve control virtual machine data traffic, since the system located in different hosts, so that the server performance improved significantly.

[0050] 以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解;其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。 [0050] The above embodiments are intended to illustrate the present invention, rather than limiting;. Although the present invention has been described in detail embodiments, those of ordinary skill in the art should be understood; each of the foregoing which still the technical solutions described in the embodiments may be modified, or some technical features equivalents; as such modifications or replacements do not cause the essence of corresponding technical solutions to depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (9)

1.一种基于Open vSwitch实现ACL功能的方法,其特征在于,该方法包括: 51:第一主机将设置的关于某虚拟机的访问控制列表ACL规则发送到第一主机的网络控制服务端; 52:网络控制服务端接收到ACL规则后,将所述ACL规则转换成开放虚拟交换标准OpenvSwitch所使用的流Flow规则,并将所述Flow规则发送到所述虚拟机所在第二主机的网络代理服务端; 53:网络代理服务端将接收到的Flow规则转换成OVS命令,并在第二主机上执行所述OVS命令,以将所述Flow规则插入Open vSwitch的流Flow表中。 1. A method implemented Open vSwitch function based on ACL, characterized in that, the method comprising: 51: access to a virtual machine on the first host control list ACL rule set transmitted to the first server host the network control; 52: network control service. after receiving the ACL, ACL rules to convert the virtual switch in an open flow flow OpenvSwitch rule criteria used, and transmits to the network proxy flow rule where the second virtual machine host server; 53: network proxy server converts the received command OVS flow into rules, and executes the command on the second host OVS to insert the rule Open vSwitch flow flow flow table.
2.根据权利要求1所述的方法,其特征在于,该方法步骤S3后还包括: 当虚拟机内有流量进入到Open vSwitch中,Open vSwitch会在Flow表中进行对比,并执行相应Flow规则所定义的动作。 2. The method according to claim 1, wherein the method further comprises after step S3: When there is flow into the Open vSwitch within a virtual machine, Open vSwitch Flow will be compared in the table, and executes the corresponding Flow Rules defined action.
3.根据权利要求1所述的方法,其特征在于,该方法步骤S2还包括: 网络控制服务端将接收到的ACL规则保存到分布式数据库中。 3. The method according to claim 1, wherein the method further comprises the step S2: the network control server stores the received ACL rules to the distributed database.
4.根据权利要求1所述的方法,其特征在于,所述ACL规则适用于网络或虚拟网卡。 4. The method according to claim 1, wherein said ACL rules apply to the network or a virtual card.
5.根据权利要求4所述的方法,其特征在于,所述ACL规则之间的优先级从高到低依次为:不可覆盖的网络级别、虚拟网卡级别以及可覆盖的网络级别。 The method according to claim 4, characterized in that the priority between the descending order of the ACL rules: non-coverage network level, level and network-level virtual NIC can cover.
6.一种基于Open vSwitch实现ACL功能的系统,其特征在于,该系统包括虚拟机、OpenvSwitch、网络代理服务端及网络控制服务端; 网络控制服务端,用于将接收到的ACL规则转换成Open vSwitch所使用的Flow规则,将所述Flow规则发送到所述虚拟机所在主机的网络代理服务端; 网络代理服务端,用于将将接收到的Flow规则转换成OVS命令,并在本地主机上执行所述OVS命令,以并将所述Flow规则插入所述Open vSwitch中的Flow表中; Open vSwitch,用于根据进入到Open vSwitch中虚拟机的流量,在其Flow表中进行对t匕,并执行相应Flow规则所定义的动作。 A system for implementing Open vSwitch ACL function, characterized in that the system includes a virtual machine, OpenvSwitch, network proxy server and server-based network control; network control server, for converting the received ACL rules into Flow Open vSwitch rules used to transmit the rule to the Flow network proxy server hosts the virtual machine is located; network proxy server, for converting the received command OVS Flow into rules, and the local host OVS executing the command on to the insertion rule and the Open vSwitch flow in flow table; Open vSwitch, for t to be in its dagger flow into the flow table based on the virtual machines Open vSwitch , and performs a corresponding operation Flow defined rule.
7.根据权利要求6所述的系统,其特征在于,所述网络控制服务端的功能还包括:将接收到的ACL规则保存到分布式数据库中。 7. The system according to claim 6, characterized in that the network control function server further comprising: saving the received ACL rules to the distributed database.
8.根据权利要求6所述的系统,其特征在于,所述虚拟机、所述Open vSwitch和所述网络代理服务位于同一主机,所述网络控制服务端位于另一主机。 8. The system according to claim 6, wherein the virtual machine, and the Open vSwitch the proxy service network on the same host, the network control server on the other host.
9.根据权利要求6所述的系统,其特征在于,该系统还包括物理交换机,用于通过物理网卡连接不同主机。 9. The system according to claim 6, characterized in that the system further comprises a physical switch for connecting different host through physical NIC.
CN 201410328769 2014-07-10 2014-07-10 A method and system for Open vSwitch implement ACL-based features CN104168200B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201410328769 CN104168200B (en) 2014-07-10 2014-07-10 A method and system for Open vSwitch implement ACL-based features

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201410328769 CN104168200B (en) 2014-07-10 2014-07-10 A method and system for Open vSwitch implement ACL-based features

Publications (2)

Publication Number Publication Date
CN104168200A true true CN104168200A (en) 2014-11-26
CN104168200B CN104168200B (en) 2017-08-25

Family

ID=51911836

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201410328769 CN104168200B (en) 2014-07-10 2014-07-10 A method and system for Open vSwitch implement ACL-based features

Country Status (1)

Country Link
CN (1) CN104168200B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017063511A1 (en) * 2015-10-15 2017-04-20 成都电科致远网络科技有限公司 Sdn-based residential cell network control system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110299537A1 (en) * 2010-06-04 2011-12-08 Nakul Pratap Saraiya Method and system of scaling a cloud computing network
CN103701822A (en) * 2013-12-31 2014-04-02 曙光云计算技术有限公司 Access control method
CN103763309A (en) * 2013-12-31 2014-04-30 曙光云计算技术有限公司 Safety domain control method and system based on virtual network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110299537A1 (en) * 2010-06-04 2011-12-08 Nakul Pratap Saraiya Method and system of scaling a cloud computing network
CN103701822A (en) * 2013-12-31 2014-04-02 曙光云计算技术有限公司 Access control method
CN103763309A (en) * 2013-12-31 2014-04-30 曙光云计算技术有限公司 Safety domain control method and system based on virtual network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李锐等: "基于Open vSwitch的虚拟网络访问控制研究", 《计算机应用与软件》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017063511A1 (en) * 2015-10-15 2017-04-20 成都电科致远网络科技有限公司 Sdn-based residential cell network control system

Also Published As

Publication number Publication date Type
CN104168200B (en) 2017-08-25 grant

Similar Documents

Publication Publication Date Title
US20100287262A1 (en) Method and system for guaranteed end-to-end data flows in a local networking domain
US20120016970A1 (en) Method and System for Network Configuration and/or Provisioning Based on Open Virtualization Format (OVF) Metadata
US20110004877A1 (en) Maintaining Virtual Machines in a Network Device
US20110004876A1 (en) Network Traffic Processing Pipeline for Virtual Machines in a Network Device
US20110002346A1 (en) Extended Network Protocols for Communicating Metadata with Virtual Machines
US20100085981A1 (en) Port trunking at a fabric boundary
US20110004698A1 (en) Defining Network Traffic Processing Flows Between Virtual Machines
US20140181267A1 (en) Methods and systems to split equipment control between local and remote processing units
CN102594697A (en) Load balancing method and device
US8837322B2 (en) Method and apparatus for snoop-and-learn intelligence in data plane
CN101350781A (en) Method, equipment and system for monitoring flux
US20130223440A1 (en) Disjoint multi-pathing for a data center network
US20150009830A1 (en) Methods of operating load balancing switches and controllers using matching patterns with unrestricted characters
JP2011170718A (en) Computer system, controller, service provision server, and load distribution method
US20130315234A1 (en) Method for controlling large distributed fabric-based switch using virtual switches and virtual controllers
US20150124608A1 (en) Adaptive Scheduling of Data Flows in Data Center Networks for Efficient Resource Utilization
US20090219936A1 (en) Method and system for offloading network processing
CN101442513A (en) Method for implementing various service treatment function and multi-nuclear processor equipment
US20080034101A1 (en) Network interface controller with receive side scaling and quality of service
CN101980490A (en) Link establishment method for virtual switch and physical switch and device thereof
CN103200122A (en) Processing method and system for group table in software definition network, and controller
US20120185853A1 (en) Virtual Input-Output Connections for Machine Virtualization
US7944913B2 (en) Node, communication method, and program for node
CN103763367A (en) Method and system for designing distributed virtual network in cloud calculating data center
US20150046572A1 (en) Extending Virtual Station Interface Discovery Protocol (VDP) and VDP-Like Protocols for Dual-Homed Deployments in Data Center Environments

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
GR01