CN104468775B - A kind of distribution router implementation method suitable for cloud computing - Google Patents

A kind of distribution router implementation method suitable for cloud computing Download PDF

Info

Publication number
CN104468775B
CN104468775B CN201410737360.XA CN201410737360A CN104468775B CN 104468775 B CN104468775 B CN 104468775B CN 201410737360 A CN201410737360 A CN 201410737360A CN 104468775 B CN104468775 B CN 104468775B
Authority
CN
China
Prior art keywords
network
bridge
calculate node
virtual machine
gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410737360.XA
Other languages
Chinese (zh)
Other versions
CN104468775A (en
Inventor
张瑜科
杨松
莫展鹏
季统凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
G Cloud Technology Co Ltd
Original Assignee
G Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by G Cloud Technology Co Ltd filed Critical G Cloud Technology Co Ltd
Priority to CN201410737360.XA priority Critical patent/CN104468775B/en
Publication of CN104468775A publication Critical patent/CN104468775A/en
Application granted granted Critical
Publication of CN104468775B publication Critical patent/CN104468775B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to field of cloud computer technology, a kind of distribution router implementation method suitable for cloud computing is particularly related to.The step of the present invention is as follows:1st, each calculate node creates three bridges;2nd, the virtual network that calculate node is isolated for each network creation one, and one network interface of addition is connected to internal bridge, dhcp services are started in virtual network.3rd, each calculate node is named as route network space to need one new cyberspace of multiple network creations of the same tenant of communication, and adds a network port to route network space for each network, is used as gateway;Gateway with a network is arranged to identical mac and ip.It is corresponding to update the arp tables in route network space when the 4th, creating virtual machine, and be connected on internal bridge.5th, internally bridge and interior network bridge set flow rules.The present invention solves the problems, such as virtual machine network Single Point of Faliure and heavy load;Distribution router available for cloud computing is realized.

Description

A kind of distribution router implementation method suitable for cloud computing
Technical field
The present invention relates to field of cloud computer technology, a kind of distribution router realization side suitable for cloud computing is particularly related to Method.
Background technology
Under cloud platform, each user wishes oneself can arbitrarily create network, and user wishes that difference can be controlled The communication of network.
The common solution of industry is, a high performance computer installation into network control node.Then network Control node has following function:1) network control node sets the ip of virtual machine by dhcp;2) gateway of each network is set In network control node;3) each network does NAT mappings in network control node.
But the common solution of industry is the presence of following drawback:
1st, Single Point of Faliure can influence the communication of all virtual machines, and how hardware fault occurs for network node, then virtual machine Ip, whole virtual machine network paralysis can be lost.
2nd, heterogeneous networks virtual machine communication bandwidth is typically very big, and a high performance computer is unable to cope with a large scale Application scenarios, heterogeneous networks communication service quality can not ensure.
The content of the invention
Present invention solves the technical problem that being to provide a kind of distribution router implementation method suitable for cloud computing, solution The certainly Single Point of Faliure of the virtual computer network of cloud platform and the problem of heavy load.
The present invention solve above-mentioned technical problem technical scheme be:
Described method comprises the following steps:
Step one:Each calculate node creates three bridges, is respectively internal bridge, interior network bridge and outer network bridge;
Step 2:Calculate node is the virtual network of each one isolation of network creation, is named as dhcp networks empty Between, dhcp cyberspaces add a network interface and are connected to internal bridge, and start dhcp services in virtual network;
Step 3:The network that the multiple network creations one for the same tenant that each calculate node communicates for needs are new is empty Between, it is named as route network space;And a network port is added to route network space for each network, it is used as each network Gateway;The gateway that there is same network of each calculate node is arranged to identical mac and ip;
Step 4:When creating virtual machine, the arp tables in each calculate node route network space are accordingly updated, and virtual machine It is connected on internal bridge;
Step 5:Internally bridge and interior network bridge set flow rules.
Described flow rules are:
1) VLAN created on network is converted into the VLAN of inside;2) virtual machine in calculate node is for gateway Arp request data packages are all abandoned, and are not sent to beyond node;3) destination address sent in calculate node is gateway MAC The packet of address is all abandoned, and is not sent to beyond node;4) virtual machine is sent out packet, source address in calculate node It is the gateway MAC MAC Address for being revised as distributing to node;5) what is received sends from other Node-unique MAC address The source MAC of data is revised as the MAC Address of gateway.
Virtual machine is connected to internal bridge, and internal bridge is connected with interior network bridge by veth pair;Interior network bridge addition Internal physical network card;Outer net network interface card adds external network interface card.
Flow rules be provided in internal bridge and interior network bridge connection port between, the inside bridge of each network and Interior network bridge is isolated by vlan.
The present invention program's has the beneficial effect that:
1st, method of the invention solves the bottleneck of Single Point of Faliure, and communication failure occurs in one of calculate node will not shadow Ring the communication between other virtual machines.
2nd, method of the invention can effectively reduce the virtual machine under the traffic load between network, same calculate node Packet is all limited in the inside of calculate node, it is not necessary to by the processing of external switch.
Brief description of the drawings
The present invention is further described below in conjunction with the accompanying drawings:
Fig. 1 is flow chart of the invention;
Embodiment
As shown in figure 1, specific implementation process of the present invention is as follows:
(1) calculate node creates 3 bridges
#ovs-vsctl add-br br-int
#ovs-vsctl add-br br-ex
#ovs-vsctl add-br br-phy
#ovs-vsctl add-port br-phy eth1;ovs-vsctl add-port br-ex ext2
(2) it is one dhcp cyberspace of network creation
#ip netns add dhcp-net1
#ovs-vsctl add-port br-int tap9tag platform 9--set interface tap9type platforms internal
#ip netns exec dhcp-net1ip addr add 192.168.12.1/24dev tap9
#ip netns exec dhcp-net1ifconfig tap9promisc up
Then dhcp services are started on dhcp-net1 again
A route network space is created for each user, and gateway is set
#ip netns add qr-123456
#ovs-vsctl add-port br-int gw_tag9tag platform 9--set interface gw_tag9type platforms internal
#ip netns exec qr-123456ip addr add 192.168.12.254dev gw_tag9
#ip netns exec qr-123456ifconfig gw_tag9hw ether e0:0e:aa:bb:cc:dd
#ip netns exec qr-123456ifconfig gw_tag9promisc up
#ovs-vsctl add-port br-int gw_tag8tag platform 8--set interface gw_tag8type platforms internal
#ip link set gw_tag8netns qr-123456
#ip netns exec qr-123456ip addr add 192.10.10.254dev gw_tag8
#ip netns exec qr-123456ifconfig gw_tag8hw ether f0:0f:aa:bb:cc:dd
#ip netns exec qr-123456ifconfig gw_tag8promisc up
(3) create virtual machine and accordingly update arp tables
#ip netns exec qr-123456arp-s 192.168.12.123e0:0e:a1:b1:c1:d1
#ip netns exec qr-123456arp-s 192.10.10.123f0:0f:a2:b2:c2:d2
(4) internally bridge and interior network bridge set flow rules

Claims (2)

1. a kind of distribution router implementation method suitable for cloud computing, it is characterised in that:Described method includes following step Suddenly:
Step one:Each calculate node creates three bridges, is respectively internal bridge, interior network bridge and outer network bridge;Virtual machine Internal bridge is connected to, internal bridge is connected with interior network bridge by veth pair;Interior network bridge adds internal physical network card; Outer network bridge adds external network interface card;
Step 2:Calculate node is the virtual network of each one isolation of network creation, is named as dhcp cyberspaces, Dhcp cyberspaces add a network interface and are connected to internal bridge, and start dhcp services in virtual network;
Step 3:Each calculate node is ordered to need one new cyberspace of multiple network creations of the same tenant of communication Entitled route network space;And a network port is added to route network space for each network, it is used as the net of each network Close;It is arranged to identical mac and ip in the gateway of same network of each calculate node;
Step 4:When creating virtual machine, the arp tables in each calculate node route network space are accordingly updated, and virtual machine is connected Onto internal bridge;
Step 5:Internally bridge and interior network bridge set flow rules, and described flow rules are specially:
1) VLAN created on network is converted into the VLAN of inside;2) virtual machine in calculate node is directed to the arp of gateway Request data package is all abandoned, and is not sent to beyond node;3) destination address sent in calculate node is gateway MAC address Packet all abandon, be not sent to beyond node;4) virtual machine is sent out packet in calculate node, and source address is The gateway MAC MAC Address for being revised as distributing to node;5) number sent from other Node-unique MAC address received According to source MAC be revised as the MAC Address of gateway.
2. the distribution router implementation method according to claim 1 suitable for cloud computing, it is characterised in that:Flow is advised Between the port for being then provided in internal bridge and the connection of interior network bridge, the inside bridge and interior network bridge of each network pass through Vlan isolates.
CN201410737360.XA 2014-12-05 2014-12-05 A kind of distribution router implementation method suitable for cloud computing Active CN104468775B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410737360.XA CN104468775B (en) 2014-12-05 2014-12-05 A kind of distribution router implementation method suitable for cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410737360.XA CN104468775B (en) 2014-12-05 2014-12-05 A kind of distribution router implementation method suitable for cloud computing

Publications (2)

Publication Number Publication Date
CN104468775A CN104468775A (en) 2015-03-25
CN104468775B true CN104468775B (en) 2017-10-10

Family

ID=52914127

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410737360.XA Active CN104468775B (en) 2014-12-05 2014-12-05 A kind of distribution router implementation method suitable for cloud computing

Country Status (1)

Country Link
CN (1) CN104468775B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9887961B2 (en) 2015-05-22 2018-02-06 International Business Machines Corporation Multi-tenant aware dynamic host configuration protocol (DHCP) mechanism for cloud networking
CN106487695B (en) * 2015-08-25 2019-10-01 华为技术有限公司 A kind of data transmission method, virtual network managing device and data transmission system
WO2017032300A1 (en) * 2015-08-25 2017-03-02 华为技术有限公司 Data transmission method, virtual network management apparatus, and data transmission system
CN105871740B (en) * 2016-06-27 2019-04-23 联想(北京)有限公司 A kind of communication means of distributed network, system and control node
CN106850354A (en) * 2017-02-22 2017-06-13 郑州云海信息技术有限公司 A kind of processing method and processing device of Single Point of Faliure
CN106936943A (en) * 2017-03-21 2017-07-07 深信服科技股份有限公司 The distribution method and system of virtual machine address
CN107172120B (en) * 2017-03-27 2022-06-28 联想(北京)有限公司 Information processing method, processing node and network node
CN106953943B (en) * 2017-04-25 2019-07-16 中国联合网络通信集团有限公司 Method and device suitable for switch communication
CN107547439B (en) * 2017-09-08 2021-01-05 中国银联股份有限公司 Network flow control method and computing node
CN108471383B (en) * 2018-02-08 2021-02-12 华为技术有限公司 Message forwarding method, device and system
CN109710423B (en) * 2018-12-11 2020-11-03 上海云轴信息科技有限公司 Method and equipment for communication between virtual machines
US11240160B2 (en) * 2018-12-28 2022-02-01 Alibaba Group Holding Limited Method, apparatus, and computer-readable storage medium for network control
CN112243045A (en) * 2019-07-16 2021-01-19 北京东土科技股份有限公司 Service data processing method and device, node structure and electronic equipment
CN112398728B (en) * 2019-08-14 2024-03-08 中兴通讯股份有限公司 Virtual gateway smooth evolution method, gateway equipment and storage medium
CN113839876B (en) * 2021-10-28 2023-05-02 上海云轴信息科技有限公司 Transmission path optimization method and equipment for internal network
CN117014371B (en) * 2023-07-05 2024-10-18 曙光云计算集团股份有限公司 Network traffic processing method and device, electronic equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102255903A (en) * 2011-07-07 2011-11-23 广州杰赛科技股份有限公司 Safety isolation method for virtual network and physical network of cloud computing
CN103746997A (en) * 2014-01-10 2014-04-23 浪潮电子信息产业股份有限公司 Network security solution for cloud computing center

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102255903A (en) * 2011-07-07 2011-11-23 广州杰赛科技股份有限公司 Safety isolation method for virtual network and physical network of cloud computing
CN103746997A (en) * 2014-01-10 2014-04-23 浪潮电子信息产业股份有限公司 Network security solution for cloud computing center

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Quantum中多租户隔离与网络服务扩展研究";常立伟;《《中国优秀硕士学位论文全文数据库》》;20131231;全文 *

Also Published As

Publication number Publication date
CN104468775A (en) 2015-03-25

Similar Documents

Publication Publication Date Title
CN104468775B (en) A kind of distribution router implementation method suitable for cloud computing
EP3466037B1 (en) Subnet stretching via layer three communications
JP6475704B2 (en) Adaptive overlay networking
EP3254417B1 (en) Method and system for supporting port ranging in a software-defined networking (sdn) system
JP6087922B2 (en) Communication control method and gateway
EP2491684B1 (en) Method and apparatus for transparent cloud computing with a virtualized network infrastructure
US9473404B2 (en) Symmetric flow processing in a software-defined networking (SDN) system
CN105591863B (en) A kind of method and apparatus for realizing virtual private cloud network Yu external network intercommunication
EP3386157A1 (en) Packet transmission method, device and system
CN109120494A (en) The method of physical machine is accessed in cloud computing system
US11509581B2 (en) Flow-based local egress in a multisite datacenter
US20140185615A1 (en) Switch fabric support for overlay network features
CN104767685B (en) A kind of flow forwarding method and device
CN103036788A (en) Implementation method of multi-interface gateway equipment data transmitting
CN105391771A (en) Multi-tenant-oriented cloud network architecture
WO2019036381A1 (en) Managing network connectivity between cloud computing service endpoints and virtual machines
US9647902B2 (en) Virtualized network for virtualized guests as an independent overlay over a physical network
CN103763310A (en) Firewall service system and method based on virtual network
CN105591820A (en) Container network management system and method with high scalability
CN105635332A (en) Method for multiple virtual machines to share IP of single external network
CN104301129A (en) Dynamic host configuration method and system in software defined network
CN114301868B (en) Method for quickly generating virtual container floating IP and method and device for network direct connection
CN105791402A (en) Network virtualization realization method of cloud computing platform and corresponding plug-in and agent
CN104601428A (en) Communication method of virtual machines
CN106059803A (en) Method for realizing southbound and northbound communication of virtual machines on computing nodes

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 523808 19th Floor, Cloud Computing Center, Chinese Academy of Sciences, No. 1 Kehui Road, Songshan Lake Hi-tech Industrial Development Zone, Dongguan City, Guangdong Province

Patentee after: G-Cloud Technology Co., Ltd.

Address before: 523808 No. 14 Building, Songke Garden, Songshan Lake Science and Technology Industrial Park, Dongguan City, Guangdong Province

Patentee before: G-Cloud Technology Co., Ltd.