CN104270464A - Cloud computing virtualized network architecture and optimization method - Google Patents
Cloud computing virtualized network architecture and optimization method Download PDFInfo
- Publication number
- CN104270464A CN104270464A CN201410567564.3A CN201410567564A CN104270464A CN 104270464 A CN104270464 A CN 104270464A CN 201410567564 A CN201410567564 A CN 201410567564A CN 104270464 A CN104270464 A CN 104270464A
- Authority
- CN
- China
- Prior art keywords
- virtual
- cloud computing
- rule
- virtual network
- network architecture
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
- G06F9/5077—Logical partitioning of resources; Management or configuration of virtualized resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/561—Adding application-functional data or data for application control, e.g. adding metadata
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
Abstract
The invention discloses cloud computing virtualized network architecture. The code name of the cloud computing virtualized network architecture is NNetServer, the NNetServer is mainly composed of a network service interface and a network service agent, a daemon process of the public virtualized network service API is achieved through the NNetServer, and a virtualized network agent is dynamically configured according to the requirements of a user. The invention further discloses an optimization method for the cloud computing virtualized network architecture. Information of a virtual machine is collected on computing nodes, after a floating IP is bound to the virtual machine, a DNAT rule corresponding to the floating IP is found in rules executed by a virtual router, in a packaging link of the virtual machine, a corresponding SNAT rule is modified, the SNAT rule of the bound floating IP is added, and whether data outflow and inflow are allowed by a TCP rule and an ICMP rule in the link or not is checked. The cloud computing virtualized network architecture and the optimization method solve the problem that in the prior art, tenants cannot control a virtual network in cloud computing in a management control console.
Description
Technical field
The invention belongs to networking technology area, relate to the virtual network architecture of a kind of cloud computing, also relate to the optimization method of the virtual network architecture of a kind of cloud computing.
Background technology
Along with the development of cloud computing technology, network virtualization in cloud computing and tenant can not satisfy the demands for the control of network topology, in network virtual framework in the past, network management component is present on each computing node, be not also one independently to serve, tenant cannot go to control the virtual network in cloud computing in supervisor console, when tenant wants to carry out the various operation of network for the virtual machine of oneself, cannot realize in the control desk of traditional network virtual framework.
Summary of the invention
The object of this invention is to provide the virtual network architecture of a kind of cloud computing, solve the problem that the tenant existed in prior art cannot go the virtual network controlled in cloud computing in supervisor console.
Another object of the present invention is to provide the optimization method of the virtual network architecture of a kind of cloud computing.
The technical solution adopted in the present invention is, the virtual network architecture of a kind of cloud computing, and the virtual network architecture code name of cloud computing is that NNetServer, NNetServer form primarily of network service interface and network service agent.
Feature of the present invention is also,
Network service interface refers to: network service interface provides the standard method of component call, and main method comprises establishment virtual network, deletes a virtual network, creates a virtual port, deletes a virtual port.
Network service agent refers to vSwitch agency, DHCP proxy, L3 agency, metadata broker.
VSwitch agency refers to and operates in each virtual machine management program to perform local vswitch configuration.
DHCP proxy refers to, for virtual network provides Dynamic Host Configuration Protocol server.
L3 agency refers to that the virtual machine in virtual network provides L3/NAT to be forwarded to external networks access.
Metadata broker refers to: realize service metadata standardization.
Another technical scheme of the present invention is, the optimization method of the virtual network architecture of a kind of cloud computing is specifically implemented according to following steps:
Step 1, keeper collect the information of virtual machine on the physical node at virtual machine place, comprise No. id of virtual network, No. id of virtual flow-line, No. id of virtual machine, No. id of Microsoft Loopback Adapter corresponding to virtual machine, the iptables rule that virtual flow-line performed, the information of all chain of packages of iptables in computing node;
Virtual machine and floating ip, by virtual machine in Floating IP address accessing step 1, are bound by step 2, external network;
Find the destination address transformation rule corresponding with the Floating IP address of step 2 in step 3, the rule that performed at virtual flow-line: DNAT rule, in the chain of packages of this virtual machine, revise corresponding source address transformation rule: SNAT rule;
Step 4, add the SNAT of step 3 rule to bound in described step 2 Floating IP address, and check whether the rule of TCP and the ICMP in step 3 in chain of packages allows outflow and the inflow of data.
In step 5, claim 1, network service agent controls the rule in step 4, enables the virtual network that user controls in cloud computing in supervisor console, and according to the virtual network agent of demand dynamic-configuration of user.
The invention has the beneficial effects as follows, the optimization method of the virtual network architecture of a kind of cloud computing, can make user can virtual networks, create the network port, be tied to virtual machine, really realize network and be separated with virtual machine.
Accompanying drawing explanation
Fig. 1 is the structure chart of the virtual network architecture of a kind of cloud computing of the present invention;
Fig. 2 is the optimization method flow chart of the virtual network architecture of a kind of cloud computing of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in detail.
The virtual network architecture of a kind of cloud computing of the present invention, as shown in Figure 1, the virtual network architecture code name of cloud computing is NNetServer, it is the service of Liunx mono-process, NNetServer forms primarily of network service interface and network service agent, network service interface refers to: network service interface provides the standard method of component call, main method comprises establishment virtual network, delete a virtual network, create a virtual port, delete a virtual port, network service agent refers to that vSwitch acts on behalf of, DHCP proxy, L3 acts on behalf of, metadata broker, vSwitch agency operates in each virtual machine management program to perform local vswitch configuration, DHCP proxy provides Dynamic Host Configuration Protocol server for virtual network, L3 agency refers to that the virtual machine in virtual network provides L3/NAT to be forwarded to external networks access, metadata broker refers to: realize service metadata standardization.The virtual network architecture of cloud computing, be independently a service processes, code name: NNetServer, the virtual network architecture of this patent is made up of all kinds of agency service (AgentServer), AgentServer does not bind with computing node, but binds with virtual flow-line and virtual network.This virtual network architecture can filter the flow between flow and virtual machine entering into virtual machine on computing node, simultaneously, can also filter network traffics out from virtual machine, simultaneously, the virtual network architecture of this patent has multitiered network, for database, the Internet and application program provide the network segment of isolation respectively.
The optimization method of the virtual network architecture of a kind of cloud computing of the present invention, by the public virtual network service API of NNetServer finger daemon, and according to the virtual network agent of demand dynamic-configuration of user.In order to Guarantee Status persistence, under normal circumstances, this agency needs accessing database to do persistent storage.The network of this virtual network architecture and virtual cloud platform is completely independently, can be deployed in an independently isolated operation on server.As shown in Figure 2, specifically implement according to following steps:
Step 1, keeper collect the information of virtual machine on the physical node at virtual machine place, comprise No. id of virtual network, No. id of virtual flow-line, No. id of virtual machine, No. id of Microsoft Loopback Adapter corresponding to virtual machine, the iptables rule that virtual flow-line performed, the information of all chain of packages of iptables in computing node;
Virtual machine and floating ip, by virtual machine in Floating IP address accessing step 1, are bound by step 2, external network;
Find the destination address transformation rule corresponding with the Floating IP address of step 2 in step 3, the rule that performed at virtual flow-line: DNAT rule, in the chain of packages of this virtual machine, revise corresponding source address transformation rule: SNAT rule;
Step 4, add the SNAT of step 3 rule to bound in described step 2 Floating IP address, and check whether the rule of TCP and the ICMP in step 3 in chain of packages allows outflow and the inflow of data.
In step 5, claim 1, network service agent controls the rule in step 4, enables the virtual network that user controls in cloud computing in supervisor console, and according to the virtual network agent of demand dynamic-configuration of user.
Specifically, the IPv4 IP filter rule list in linux kernel has some built-in chains: PREROUTING, INPUT, FORWARD, OUTPUT and POSTROUTING.Generally, the bag arriving at Linux main frame can turn to PREROUTING chain.After transmission, kernel will be made a route and determine.If the target of bag is this Linux main frame, it will turn to INPUT chain, if be accepted, then can turn to target process.If bag not for this Linux main frame, then can turn to FORWARD chain, then turn to POSTROUTING chain again, then leave main frame.First the bag generated by local process can turn to OUTPUT chain, if be accepted, will turn to POSTROUTING chain.
Except these built-in chains, virtual cloud platform can create some other chain being hooked into catenary system.The chain of virtual cloud platform comprises two types: unpackaged chain and chain of packages.
Neutron-filter-top and neutron-postrouting-bottom is two kinds of unpackaged chains.Neutron-filter-top is added to FORWARD and OUTPUT chain top.Owing to being unpackaged chain, so it can share between the various Neutron progress of work.It for be FORWARD and OUTPUT chain top exist rule, in table IPv4 and IPv6 set all there is neutron-filter-top.
The example of chain of packages then comprises the chain of the both sides' frame in figure.The title of these chains has process name as suffix.Such as, neutron can create neutron-PREROUTING chain.
For IPv4 and IPv6, built-in INPUT, OUTPUT and FORWARD filter chain is packed all, this means that the INPUT chain of this " really " has a rule, can skip to the INPUT chain etc. packed.In addition, also have a kind of chain of packages, local by name, it is redirect from neutron-filter-top.For IPv4, built-in PREROUTING, OUTPUT are the same with built-in filter chain with the manner of packing of POSTROUTING NAT chain.In addition, after POSTROUTING chain, a Snat chain and a Float-Snat chain can also be applied.
It should be noted that, above-mentioned each technical characteristic continues combination mutually, is formed not in above-named various embodiment, is all considered as the scope that specification of the present invention is recorded; Further, for those of ordinary skills, can be improved according to the above description or convert, and all these improve and convert the protection range that all should belong to claims of the present invention.
The optimization method of the virtual network architecture of cloud computing, can make user can virtual networks, create the network port, be tied to virtual machine, really realize network and be separated with virtual machine.
Claims (8)
1. the virtual network architecture of cloud computing, is characterized in that, the virtual network architecture code name of cloud computing is NNetServer, and described NNetServer forms primarily of network service interface and network service agent.
2. the virtual network architecture of a kind of cloud computing according to claim 1, it is characterized in that, described network service interface refers to: network service interface provides the standard method of component call, and main method comprises establishment virtual network, deletes a virtual network, creates a virtual port, deletes a virtual port.
3. the virtual network architecture of a kind of cloud computing according to claim 1, is characterized in that, described network service agent refers to vSwitch agency, DHCP proxy, L3 agency, metadata broker.
4. the virtual network architecture of a kind of cloud computing according to claim 3, is characterized in that, described vSwitch agency refers to, vSwitch agency operates in each virtual machine management program to perform local vswitch configuration.
5. the virtual network architecture of a kind of cloud computing according to claim 3, it is characterized in that, described DHCP proxy refers to, for virtual network provides Dynamic Host Configuration Protocol server.
6. the virtual network architecture of a kind of cloud computing according to claim 3, is characterized in that, described L3 agency refers to, the virtual machine of L3 agency in virtual network provides L3/NAT to be forwarded to external networks access.
7. the virtual network architecture of a kind of cloud computing according to claim 3, it is characterized in that, described metadata broker refers to: realize service metadata standardization.
8. an optimization method for the virtual network architecture of cloud computing, is characterized in that, specifically implements according to following steps:
Step 1, keeper collect the information of virtual machine on the physical node at virtual machine place, comprise No. id of virtual network, No. id of virtual flow-line, No. id of virtual machine, No. id of Microsoft Loopback Adapter corresponding to virtual machine, the iptables rule that virtual flow-line performed, the information of all chain of packages of iptables in computing node;
Step 2, external network access virtual machine in described step 1 by Floating IP address, virtual machine and floating ip are bound;
Find the destination address transformation rule corresponding with the Floating IP address of described step 2 in step 3, the rule that performed at virtual flow-line: DNAT rule, in the chain of packages of this virtual machine, revise corresponding source address transformation rule: SNAT rule;
Step 4, add the SNAT of described step 3 rule to bound in described step 2 Floating IP address, and check whether the rule of TCP and the ICMP in described step 3 in chain of packages allows outflow and the inflow of data.
In step 5, described claim 1, network service agent controls the rule in step 4, enables the virtual network that user controls in cloud computing in supervisor console, and according to the virtual network agent of demand dynamic-configuration of user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410567564.3A CN104270464A (en) | 2014-10-22 | 2014-10-22 | Cloud computing virtualized network architecture and optimization method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410567564.3A CN104270464A (en) | 2014-10-22 | 2014-10-22 | Cloud computing virtualized network architecture and optimization method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104270464A true CN104270464A (en) | 2015-01-07 |
Family
ID=52161953
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410567564.3A Pending CN104270464A (en) | 2014-10-22 | 2014-10-22 | Cloud computing virtualized network architecture and optimization method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104270464A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105446797A (en) * | 2015-11-30 | 2016-03-30 | 国云科技股份有限公司 | Virtual machine access service method |
| CN105872120A (en) * | 2015-12-14 | 2016-08-17 | 乐视云计算有限公司 | Public network IP processing method and device |
| CN105872129A (en) * | 2016-06-07 | 2016-08-17 | 国云科技股份有限公司 | Method for realizing multi-NC (Network Card) extranet communication of Linux virtual machine |
| CN105915470A (en) * | 2016-01-27 | 2016-08-31 | 无锡华云数据技术服务有限公司 | Flexible bandwidth configuration method based on Linux flow control |
| CN106878482A (en) * | 2017-01-03 | 2017-06-20 | 新华三技术有限公司 | Method for network address translation and device |
| CN107147533A (en) * | 2017-05-31 | 2017-09-08 | 郑州云海信息技术有限公司 | A kind of flow table configuration distributing method and system based on SDN frameworks |
| CN107241460A (en) * | 2017-06-30 | 2017-10-10 | 联想(北京)有限公司 | The processing method and electronic equipment of a kind of floating address |
| CN107968851A (en) * | 2017-12-06 | 2018-04-27 | 深信服科技股份有限公司 | A kind of Floating IP address binding method and device based on k8s platforms |
| WO2019178855A1 (en) * | 2018-03-23 | 2019-09-26 | 华为技术有限公司 | Method for virtual machine to access remote acceleration device, and system |
| CN111447146A (en) * | 2020-03-20 | 2020-07-24 | 上海中通吉网络技术有限公司 | Method, device, equipment and storage medium for dynamically updating physical routing information |
| CN111614790A (en) * | 2019-02-26 | 2020-09-01 | 杭州海康威视系统技术有限公司 | Virtual machine address configuration system, method and device |
| CN111770211A (en) * | 2020-06-17 | 2020-10-13 | 北京百度网讯科技有限公司 | SNAT method, SNAT device, electronic equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103516782A (en) * | 2012-06-26 | 2014-01-15 | 丛林网络公司 | Distributed processing of network device tasks |
| CN103763367A (en) * | 2014-01-17 | 2014-04-30 | 浪潮(北京)电子信息产业有限公司 | Method and system for designing distributed virtual network in cloud calculating data center |
| CN103825954A (en) * | 2014-03-10 | 2014-05-28 | 中国联合网络通信集团有限公司 | OpenFlow control method and corresponding insert, platform and network thereof |
-
2014
- 2014-10-22 CN CN201410567564.3A patent/CN104270464A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103516782A (en) * | 2012-06-26 | 2014-01-15 | 丛林网络公司 | Distributed processing of network device tasks |
| CN103763367A (en) * | 2014-01-17 | 2014-04-30 | 浪潮(北京)电子信息产业有限公司 | Method and system for designing distributed virtual network in cloud calculating data center |
| CN103825954A (en) * | 2014-03-10 | 2014-05-28 | 中国联合网络通信集团有限公司 | OpenFlow control method and corresponding insert, platform and network thereof |
Non-Patent Citations (2)
| Title |
|---|
| JOHN RHOTON: "探索OpenStack:网络组件Neutron", 《HTTPS://WWW.IBM.COM/DEVELOPERWORKS/CN/CLOUD/LIBRARY/CL-OPENSTACK-NEUTRON/CL-OPENSTACK-NEUTRON-PDF.PDF》 * |
| YONG SHENG GONG: "The OpenStack network,Get started with iptables,tables,rules,and chains", 《HTTPS://WWW.IBM.COM/DEVELOPERWORKS/CLOUD/LIBRARY/CL-OPENSTACK-NETWORK/CL-OPENSTACK-NETWORK-PDF.PDF》 * |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105446797A (en) * | 2015-11-30 | 2016-03-30 | 国云科技股份有限公司 | Virtual machine access service method |
| CN105872120A (en) * | 2015-12-14 | 2016-08-17 | 乐视云计算有限公司 | Public network IP processing method and device |
| CN105915470A (en) * | 2016-01-27 | 2016-08-31 | 无锡华云数据技术服务有限公司 | Flexible bandwidth configuration method based on Linux flow control |
| CN105915470B (en) * | 2016-01-27 | 2019-05-21 | 无锡华云数据技术服务有限公司 | A kind of elastic bandwidth configuration method based on Linux flow control |
| CN105872129B (en) * | 2016-06-07 | 2019-04-26 | 国云科技股份有限公司 | A kind of more network interface card outbound communication implementation methods of Linux virtual machine |
| CN105872129A (en) * | 2016-06-07 | 2016-08-17 | 国云科技股份有限公司 | Method for realizing multi-NC (Network Card) extranet communication of Linux virtual machine |
| CN106878482A (en) * | 2017-01-03 | 2017-06-20 | 新华三技术有限公司 | Method for network address translation and device |
| CN106878482B (en) * | 2017-01-03 | 2020-01-03 | 新华三技术有限公司 | Network address translation method and device |
| CN107147533A (en) * | 2017-05-31 | 2017-09-08 | 郑州云海信息技术有限公司 | A kind of flow table configuration distributing method and system based on SDN frameworks |
| CN107241460A (en) * | 2017-06-30 | 2017-10-10 | 联想(北京)有限公司 | The processing method and electronic equipment of a kind of floating address |
| CN107241460B (en) * | 2017-06-30 | 2020-06-23 | 联想(北京)有限公司 | Floating address processing method and electronic equipment |
| CN107968851A (en) * | 2017-12-06 | 2018-04-27 | 深信服科技股份有限公司 | A kind of Floating IP address binding method and device based on k8s platforms |
| CN107968851B (en) * | 2017-12-06 | 2021-04-09 | 深信服科技股份有限公司 | Floating IP binding method and device based on k8s platform |
| WO2019178855A1 (en) * | 2018-03-23 | 2019-09-26 | 华为技术有限公司 | Method for virtual machine to access remote acceleration device, and system |
| CN111614790A (en) * | 2019-02-26 | 2020-09-01 | 杭州海康威视系统技术有限公司 | Virtual machine address configuration system, method and device |
| CN111614790B (en) * | 2019-02-26 | 2022-08-05 | 杭州海康威视系统技术有限公司 | Virtual machine address configuration system, method and device |
| CN111447146A (en) * | 2020-03-20 | 2020-07-24 | 上海中通吉网络技术有限公司 | Method, device, equipment and storage medium for dynamically updating physical routing information |
| CN111770211A (en) * | 2020-06-17 | 2020-10-13 | 北京百度网讯科技有限公司 | SNAT method, SNAT device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104270464A (en) | Cloud computing virtualized network architecture and optimization method | |
| US11695731B2 (en) | Distributed identity-based firewalls | |
| CN110392999B (en) | Virtual filtering platform in distributed computing system | |
| KR101969194B1 (en) | Offloading packet processing for networking device virtualization | |
| US9876756B2 (en) | Network access method and device for equipment | |
| JP6053071B2 (en) | Virtualization application acceleration infrastructure | |
| US8725898B1 (en) | Scalable port address translations | |
| JP6087922B2 (en) | Communication control method and gateway | |
| US11269673B2 (en) | Client-defined rules in provider network environments | |
| CN109937400A (en) | The stream mode of real-time migration for virtual machine transmits | |
| CN106209553A (en) | Message processing method, equipment and system | |
| JP2020526122A (en) | Data processing method, network interface card, and server | |
| US10904148B2 (en) | Flow-based local egress in a multisite datacenter | |
| US11777897B2 (en) | Cloud infrastructure resources for connecting a service provider private network to a customer private network | |
| CN104023011B (en) | Network firewall realization method suitable for virtual machine | |
| AU2015313050B2 (en) | Control device, control system, control method, and control program | |
| CN105657078A (en) | Data transmission method, data transmission device and multi-layer network manager | |
| CN110401726A (en) | Processing method, device and the equipment of address analysis protocol message, storage medium | |
| JP2007180963A (en) | Cluster node control program, cluster node, and cluster system control method | |
| US11637770B2 (en) | Invalidating cached flow information in a cloud infrastructure | |
| US11743233B2 (en) | Scaling IP addresses in overlay networks | |
| CN111010457A (en) | EIP classification method and system based on service types | |
| US20230396579A1 (en) | Cloud infrastructure resources for connecting a service provider private network to a customer private network | |
| US20230140555A1 (en) | Transparent network service chaining | |
| WO2023244357A1 (en) | Implementing communications within a container environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150107 |
|
| RJ01 | Rejection of invention patent application after publication |