CN105450430B - A kind of information transferring method and device - Google Patents
A kind of information transferring method and device Download PDFInfo
- Publication number
- CN105450430B CN105450430B CN201410342522.XA CN201410342522A CN105450430B CN 105450430 B CN105450430 B CN 105450430B CN 201410342522 A CN201410342522 A CN 201410342522A CN 105450430 B CN105450430 B CN 105450430B
- Authority
- CN
- China
- Prior art keywords
- virtual
- virtual machine
- domain
- virtual domain
- machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a kind of information transferring method and devices, are related to electronic information technical field, and the communication between virtual machine can be managed by allocation identification, reduce a possibility that data of the node device as caused by the communication between virtual machine leak.The method comprise the steps that first node equipment receives the data sent from source virtual machine to purpose virtual machine, and detect whether source virtual machine has virtual domain identifier, purpose virtual machine is located at first node equipment, first node equipment includes a virtual Domain, purpose virtual machine is located at a virtual Domain, virtual domain identifier is distributed by management equipment, and for as the virtual Domain where source virtual machine place node device establishes source virtual machine;If source virtual machine has virtual domain identifier, first node equipment sends the virtual Domain where data to purpose virtual machine according to the virtual domain identifier of the virtual Domain where purpose virtual machine.The present invention is suitable for the communications between virtual machine.
Description
Technical field
The present invention relates to electronic information technical field more particularly to a kind of information transferring methods and device.
Background technique
Virtual machine technique is to realize a kind of essential technology of cloud computing application scheme.In existing cloud computing scheme
In, need to realize the autonomous collaboration of height between the resource dynamic aggregation of cloud network, each node device in cloud network, so that empty
Boundary between quasi- machine is from traditional, single, dominant to fuzzy, extensive transformation.
Since the boundary between virtual machine is mainly to result caused by fuzzy, extensive transformation: due to cloud computing application
The demand of scheme needs to realize and communicates unimpeded between virtual machine, which results in the communications between virtual machine to be restricted degree
It reduces, so that possible across virtual boundary and carrying out violation communication between virtual machine.And it is different virtual in many cases,
Domain is built upon on the different node devices in system, and the communication between the virtual machine of different virtual Domains is actually not
The communication between node device where same virtual Domain;In some cases, the different virtual machines in the same virtual Domain
It is also the communication reality on the different node devices established in systems, between the different virtual machines in the same virtual Domain
Communication on border also with regard to being different between the node device where virtual Domain.In practical applications, if existing in cloud network
The lower node device of safe coefficient, and the virtual machine or virtual established on the lower node device of these safe coefficients
Domain, due between the different virtual machines between the virtual machine of virtual Domains different in cloud network or in the same virtual Domain
Communication is restricted degree reduction, has actually resulted in other sections in the lower node device of these safe coefficients and system
Point device is restricted degree reduction, so that the data easily lead in other node devices in system leak.
Summary of the invention
The embodiment of the present invention provides a kind of information transferring method and device, using method and device provided by the invention,
A possibility that data of the node device as caused by the communication between virtual machine leak can be reduced.
In order to achieve the above objectives, the embodiment of the present invention adopts the following technical scheme that
In a first aspect, the embodiment of the present invention provides a kind of method of information transmission, comprising:
First node equipment receives data from source virtual machine to purpose virtual machine that send from, and detects the source virtual machine and be
No to have virtual domain identifier, the purpose virtual machine is located at the first node equipment, and the first node equipment includes one
Virtual Domain, the purpose virtual machine are located at one virtual Domain, and the virtual domain identifier is distributed by management equipment, and for by
Virtual Domain where the source virtual machine that node device where the source virtual machine is established;
If the source virtual machine has the virtual domain identifier, the first node equipment is according to the purpose virtual machine institute
Virtual Domain virtual domain identifier, by where virtual Domain from the data to the purpose virtual machine send.
With reference to first aspect, in the first possible implementation of the first aspect, described virtual according to the purpose
The virtual domain identifier of virtual Domain where machine, by where virtual Domain from the data to the purpose virtual machine transmission include:
The first node equipment is virtual where obtaining virtual machine mark and the purpose virtual machine in the data
The virtual domain identifier in domain;The virtual machine mark is distributed by management equipment, and is set for the node where the purpose virtual machine
It is standby to establish the purpose virtual machine;
The first node equipment is determined according to the virtual domain identifier of the purpose virtual machine where the purpose virtual machine
Virtual Domain;
The first node equipment sends the virtual Domain where the data to the purpose virtual machine, in order to described
The node device that virtual Domain where purpose virtual machine is located at, according to virtual machine mark by the data to the purpose
Virtual machine is sent.
With reference to first aspect or the first possible implementation of first aspect, second in first aspect are possible
In implementation, further includes:
The first node equipment receives the network data that the management equipment is sent, and the network data includes at least mesh
Virtual machine communication strategy and firewall rule chain;
The first node equipment is identified according to the virtual domain identifier and virtual machine of the purpose virtual machine, by the network
Data are sent to the purpose virtual machine.
The possible implementation of second with reference to first aspect, in the third possible implementation of first aspect
In, further includes:
The first node equipment receives the virtual domain identifier for the second virtual Domain that the management equipment is sent, wherein to
Migration virtual machine is currently located in the first virtual Domain, and first virtual Domain is located in the first node equipment;
The first node equipment is according to the virtual domain identifier of second virtual Domain, by the net of the virtual machine to be migrated
The node device that network data are located to second virtual Domain is sent, and the virtual machine to be migrated is virtual to described second
Domain migration;
Using the corresponding virtual domain identifier of second virtual Domain as the void of the virtual Domain where the virtual machine to be migrated
Near-field mark.
The third possible implementation with reference to first aspect, in the 4th kind of possible implementation of first aspect,
The first node equipment by the virtual machine to be migrated to the second virtual domain migration when, further includes: the first node
Equipment receives the information sent to the virtual machine to be migrated, and the node that the information is located to second virtual Domain
Equipment is sent.
Second aspect, the embodiment of the present invention provide a kind of method of information transmission, comprising:
Receiving module, for receiving the data sent from source virtual machine to purpose virtual machine;
Processing module, for detecting whether the source virtual machine has virtual domain identifier, the purpose virtual machine is located at institute
First node equipment is stated, the first node equipment includes a virtual Domain, and the purpose virtual machine is located at one virtual
Domain;
Sending module, it is described if detecting that the source virtual machine has the virtual domain identifier for the processing module
First node equipment receives the receiving module according to the virtual domain identifier of the virtual Domain where the purpose virtual machine
Virtual Domain where from the data to the purpose virtual machine is sent;The virtual domain identifier is distributed by management equipment, and is used for
As the virtual Domain where node device where the source virtual machine establishes the source virtual machine.
In conjunction with second aspect, in the first possible implementation of the second aspect, the processing module is specifically used for
It is identified and the virtual Domain where the purpose virtual machine from virtual machine is obtained in the data that the receiving module receives
Virtual domain identifier;The virtual machine mark is distributed by management equipment, and is built for the node device where the purpose virtual machine
The vertical purpose virtual machine;
The processing module is also used to determine purpose virtual machine institute according to the virtual domain identifier of the purpose virtual machine
Virtual Domain;
The sending module, specifically for the data that receive the receiving module to the purpose virtual machine institute
Virtual Domain send, in order to the node device that the virtual Domain where the purpose virtual machine is located at, according to described virtual
Machine mark sends the data to the purpose virtual machine.
In conjunction with the possible implementation of the first of second aspect or second aspect, second in second aspect is possible
Receiving module described in implementation is also used to receive the network data that the management equipment is sent, and the network data is at least
Communication strategy and firewall rule chain including purpose virtual machine;
The sending module is also used to be identified according to the virtual domain identifier and virtual machine of the purpose virtual machine, will be described
The network data that receiving module receives is sent to the purpose virtual machine.
In conjunction with second of possible implementation of second aspect, in the third possible implementation of second aspect
In, the receiving module is also used to receive the virtual domain identifier for the second virtual Domain that the management equipment is sent, wherein wait move
It moves virtual machine to be currently located in the first virtual Domain, first virtual Domain is located in the first node equipment;
The sending module, the virtual Domain mark for second virtual Domain for being also used to be received according to the receiving module
Know, the node device that the network data of the virtual machine to be migrated is located to second virtual Domain is sent, and will be described
Virtual machine to be migrated is to the described second virtual domain migration;
The processing module is also used to using the corresponding virtual domain identifier of second virtual Domain as described to be migrated virtual
The virtual domain identifier of virtual Domain where machine.
In conjunction with the third possible implementation of second aspect, in the 4th kind of possible implementation of second aspect,
The receiving module is also used to the virtual machine to be migrated when the first node equipment to the described second virtual domain migration
When, receive the information sent to the virtual machine to be migrated;
The sending module, the information for being also used to receive the receiving module is to the second virtual Domain institute position
In node device send.
A kind of information transferring method and device provided in an embodiment of the present invention manage void by allocation identification by management equipment
Communication between quasi- machine, when source virtual machine sends data to purpose virtual machine, whether the virtual Domain where judgement source virtual machine
It is the mark foundation according to management equipment distribution, if then source virtual machine and the normal communication of purpose virtual machine.Relative to existing
Technology, the present invention in virtual Domain and virtual Domain in virtual machine be to be established under the control of management equipment, virtual machine it
Between the processes such as the communication mark that needs to be distributed according to management equipment, to limit the mark for not having management equipment distribution
Virtual machine and the lower virtual Domain established of management equipment control in virtual machine between communication.To enhance each virtual machine it
Between isolation, limit the communication between the virtual machine in illegal virtual machine and virtual Domain, reduce due between virtual machine
Communication caused by the data of node device a possibility that leaking.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for ability
For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to these attached drawings other attached
Figure.
Fig. 1 a is a kind of system architecture schematic diagram of information transmission provided in an embodiment of the present invention;
Fig. 1 is a kind of method flow diagram of information transmission provided in an embodiment of the present invention;
Fig. 2 is the method flow diagram of another information transmission provided in an embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram of the specific implementation of information transmission provided in an embodiment of the present invention;
Fig. 4 is a kind of specific method flow diagram of information transmission provided in an embodiment of the present invention;
Fig. 5 is the method flow diagram of another information provided in an embodiment of the present invention transmission;
Fig. 6 is a kind of structural schematic diagram of the device of information transmission provided in an embodiment of the present invention;
Fig. 7 is a kind of structural schematic diagram of the equipment of information transmission provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts all other
Embodiment shall fall within the protection scope of the present invention.
The embodiment of the present invention can be applied to a kind of information transmission system, and management is included at least in the information transmission system
Equipment, first node equipment and second node equipment.Management equipment and first node equipment and second node equipment are established wireless
Connection or wired connection.Equipment in the information transmission systems such as management equipment, first node equipment and second node equipment can
To be equipment that computer, server etc. have the functions such as data processing, storage, transmission.For example, as shown in Figure 1a, server 1
It can be used as management equipment, server 2 can be used as first node equipment, and server 3 can be used as second node equipment, service
It connects and carries out data transmission by network interface between device 1 and server 2 and server 3.
The embodiment of the present invention provides a kind of information transferring method, as shown in Figure 1, comprising:
101, first node equipment receives the data sent from source virtual machine to purpose virtual machine, and it is virtual to detect the source
Whether machine has virtual domain identifier.
Wherein, purpose virtual machine is located at the first node equipment, and the first node equipment includes a virtual Domain, institute
It states purpose virtual machine and is located at one virtual Domain.The virtual domain identifier is distributed by management equipment, and for empty by the source
Virtual Domain where the source virtual machine that node device where quasi- machine is established.
In the present embodiment, in virtual Domain and the establishment process of virtual machine, management equipment can be higher for safe coefficient
Node device distribute for establishing the virtual domain identifier of virtual Domain and for establishing virtual machine virtual machine mark.Wherein, no
It is distinguished between same virtual Domain by the virtual domain identifier that the management equipment is distributed.Such as: VPEID (Virtual
Path Entity Identifier, Virtual Channel entity identifier) it can be used as virtual domain identifier.It is generated by management equipment
VPEID, each VPEID only correspond to a virtual Domain and distinguish virtual Domain by VPEID.
It should be noted that it is virtual to have foundation by any one in the information transmission system in the embodiment of the present invention
The node device of the ability of domain and virtual machine executes, for ease of description, referred to as first node equipment.Such as: first node
Equipment can establish virtual Domain in first node equipment according to the VPEID that management equipment is distributed.
In the present embodiment, management equipment is set in the information transmission system, and is the information transmission system by management equipment
In each node device allocation identification.Management equipment can establish white list, when a node in the information transmission system is set
After the standby transmission solicited message to management equipment, management equipment detects that this node device is recorded in white list, then manages
This node device is determined as legitimate device by equipment, and distributes virtual domain identifier and/or virtual machine mark for legitimate device.
Management equipment can also obtain each in the information transmission system from equipment such as security centre, the firewall boxes of the information transmission system
The parameter of the safe coefficient for indicating node device such as the under fire number of node device, exception information flow, and according to institute
The safe coefficient of each node device in the parameter decision information transmission system of acquisition, and the node for safe coefficient higher than threshold value
Equipment distributes virtual domain identifier and/or virtual machine mark.
If 102, the source virtual machine has the virtual domain identifier, the first node equipment is virtual according to the purpose
The virtual domain identifier of virtual Domain where machine sends the virtual Domain where the data to the purpose virtual machine.
If the source virtual machine does not have the virtual domain identifier of management equipment distribution, do not deal with, or shielding
The data sent from source virtual machine to purpose virtual machine.
Usually in the information transmission system apply cloud computing scheme when, in order to improve each node device in cloud network it
Between independently cooperate with degree, each node device in the information transmission system, which has to establish, virtual Domain and establishes the permission of virtual machine,
Node device can establish virtual Domain and virtual machine automatically, and in order to guarantee between each virtual machine in the virtual Domain established
It is capable of the efficiency of data interaction, communication limitation is not provided between virtual machine.Such as: in the virtual Domain 1 that node device 1 is established
In, the virtual machine a that node device 1 establishes, node device 2 establishes virtual machine b, the communication between virtual machine a and virtual machine b
It is unrestricted, so that the communication between node device 1 and node device 2 is also unrestricted.
A kind of information transferring method provided in an embodiment of the present invention manages the communication between virtual machine by allocation identification,
When source virtual machine sends data to purpose virtual machine, whether the virtual Domain where determining source virtual machine is according to management equipment point
What the mark matched was established, if then source virtual machine and the normal communication of purpose virtual machine.Compared with the existing technology, the void in the present invention
Virtual machine in near-field and virtual Domain is established under the control of management equipment, and the processes such as communication between virtual machine need
According to the mark that management equipment is distributed, to limit the virtual machine and management equipment for not having the mark of management equipment distribution
The communication between virtual machine in the lower virtual Domain established of control.To enhance the isolation between each virtual machine, limit non-
The communication between virtual machine in the virtual machine and virtual Domain of method reduces the node as caused by the communication between virtual machine and sets
A possibility that standby data leak.
In the present embodiment, node device is established virtual according to the virtual domain identifier and virtual machine mark of management equipment distribution
Machine and virtual Domain, and communication is realized on the virtual machine and virtual Domain established, the embodiment of the present invention also provides a kind of information biography
Transmission method is as shown in Figure 2, comprising:
201, virtual Domain is established according to the virtual domain identifier that management equipment is distributed.
202, establish in the virtual Domain of the virtual domain identifier distributed with the management equipment includes purpose virtual machine
Virtual machine inside.
Wherein, the virtual machine established has the virtual domain identifier of place virtual Domain.
Optionally, in order to further increase the safety communicated between virtual machine, the establishment process of virtual machine can also be by
Management equipment monitoring.Therefore, 202 2021-2022 can be implemented as:
2021, receive the virtual machine mark of the management equipment distribution.
2022, according to virtual machine mark in the virtual Domain of the virtual domain identifier distributed with the management equipment
Establish the virtual machine including purpose virtual machine.
Wherein, the virtual machine mark distributed between different virtual machines by the management equipment distinguishes.Such as:
UID (Universally Unique Identifier, Universally Unique Identifier) can be used as virtual machine mark, be set by management
Standby to generate UID, each UID only corresponds to a virtual machine.The UID that first node equipment is distributed according to management equipment is in first segment
Virtual machine is established in the virtual Domain established on point device.Such as: in an information transmission system application scenarios as shown in Figure 3
In, server 1 establishes virtual Domain and virtual machine to management equipment request, and management equipment distributes VPEID and UID, clothes to server 1
Business device 1 establishes virtual Domain 1 according to the VPEID that management equipment is distributed, and is built in virtual Domain 1 according to the UID that management equipment is distributed
Vertical virtual machine or server 1 can also established in server 2 or established in information biography according to the UID that management equipment is distributed
Virtual machine is established in the virtual Domain on other servers in defeated system.
203, first node equipment receives the data sent from source virtual machine to purpose virtual machine, and it is virtual to detect the source
Whether machine has virtual domain identifier.
Wherein, purpose virtual machine is located at first node equipment, and source virtual machine is located at second node equipment, first node equipment
Including at least one virtual Domain, purpose virtual machine is located in one of in virtual Domain, and virtual domain identifier includes at least two first
Class mark, and a first kind identifies a corresponding virtual Domain.
If 204, the source virtual machine has the virtual domain identifier, the first node equipment is virtual according to the purpose
The virtual domain identifier of virtual Domain where machine sends the virtual Domain where the data to the purpose virtual machine.
If the source virtual machine does not have the virtual domain identifier of management equipment distribution, do not deal with, or shielding
The data sent from source virtual machine to purpose virtual machine.
A kind of information transferring method provided in an embodiment of the present invention controls virtual Domain by the distribution of mark by management equipment
Foundation, source virtual machine to purpose virtual machine send data when, determine source virtual machine where virtual Domain whether be according to pipe
The mark foundation of equipment distribution is managed, if then source virtual machine and the normal communication of purpose virtual machine.Compared with the existing technology, this hair
The virtual machine in virtual Domain and virtual Domain in bright is established under the control of management equipment, the communication etc. between virtual machine
Process needs the mark distributed according to management equipment, thus limit the virtual machine of the mark for not having management equipment distribution with
The communication between virtual machine in the lower virtual Domain established of management equipment control.To enhance the isolation between each virtual machine
Property, the communication between the virtual machine in illegal virtual machine and virtual Domain is limited, is reduced since the communication between virtual machine is led
A possibility that data of the node device of cause leak.
Wherein, as shown in figure 4,204 can be implemented as the method flow of 401-403.
401, the first node equipment is where obtaining virtual machine mark and the purpose virtual machine in the data
The virtual domain identifier of virtual Domain.
Wherein, virtual machine mark is distributed by management equipment, and establishes purpose for the node device where purpose virtual machine
Virtual machine.In the present embodiment, management equipment generates virtual domain identifier and virtual machine mark distributes to the first contact equipment, and can
It is sent so that virtual domain identifier and virtual machine are identified each node device into the information transmission system, and in the information transmission system
In each node device in establish virtual domain identifier and first node equipment upper foundation virtual Domain address between pair
It should be related to and the corresponding relationship between virtual machine mark and the address of the upper virtual machine of first node equipment.
Such as: when second node equipment needs the virtual machine established in first node equipment to send in the information transmission system
When data packet, it can be established according on virtual domain identifier and virtual machine identifier lookup as a purpose the first node equipment of virtual machine
Virtual machine address and the virtual Domain where virtual machine address, and according to where the address of virtual machine and virtual machine
The address of virtual Domain sends data packet to first node equipment.Wherein data packet can be encapsulated using MAC in UDP mode,
It adds this system and intercepts and captures void in back-end network driving in MAC (Media Access Control, medium access control) frame head portion
The data frame or this system that the virtual Domain network interface of quasi- machine issues intercept and capture capture virtual Domain network interface in TAP network-driven
The data frame of sending and inquiry obtains 32 VPE ID of the virtual domain interface in source, indicates virtual Domain where its, and by data envelope
Dress up UDP (User Datagram Protocol, User Datagram Protocol) data packet.So that first node equipment can be with
Virtual domain identifier and virtual machine mark are extracted from the data packet that second node equipment is sent.
402, the first node equipment determines the purpose virtual machine according to the virtual domain identifier of the purpose virtual machine
The virtual Domain at place.
It in the present embodiment, may include multiple virtual Domains in first node equipment, virtual Domain 1 therein is first segment
Point device is established according to virtual domain identifier, and first node equipment is sentenced after decapsulation has obtained virtual domain identifier in data packet
The fixed data packet is sent to virtual Domain 1.Such as: first node equipment can (Tap.Cn, website self-building service be flat in TAP
Platform) data packet that the virtual Domain established in first node equipment is sent is captured in network-driven, parsing data packet obtains second
The MAC Address of node device as source MAC, obtain the MAC Address MAC Address as a purpose of first node equipment, and obtain
It is taken as the VPEID of virtual domain identifier.Wherein, nuclear control in upper layer is called according to the kernel communication module in first node equipment
The interface that module provides completes policy lookup, when if unicast frame, inquires the IP address of first node equipment.If broadcast frame
When, inquire the IP address of node device where all virtual machines in same virtual Domain.The communication module of first node equipment creates
Kernel thread receives UDP message packet, obtains data packet and unseals the data received to obtain VPEID and UID information.
403, the first node equipment sends the virtual Domain where the data to the purpose virtual machine.
In order to the node device that the virtual Domain where the purpose virtual machine is located at, being identified according to the virtual machine will
The data are sent to the purpose virtual machine.Wherein, the institute distributed by the target node device according to the management equipment
The virtual domain identifier for stating purpose virtual machine establishes virtual Domain where the purpose virtual machine.Such as: first node equipment root
VPEID the and UID information obtained in the data packet sent according to second node, is determined as the first node equipment of purpose virtual machine
On virtual machine.
Further, the embodiment of the present invention can by management equipment by the communication strategy of virtual machine and firewall rule chain,
It is sent to management equipment and passes through the node device where the managed virtual Domain of allocation identification or virtual machine.Specific executive mode is such as
Under:
205, the first node equipment receives the network data that the management equipment is sent.
Wherein, network data includes at least the communication strategy and firewall rule chain of purpose virtual machine.
Such as: communication strategy and firewall rule chain of virtual machine etc. can be reported and be stored in management equipment, can also
Communication strategy and firewall rule chain etc. are generated with management equipment;Or management equipment obtains firewall from the security centre of system
Rule chain and communication strategy.It can according to the actual situation, for example, the communication strategy and firewall of virtual machine required in reality
Rule chain etc. is identical, unified to issue communication strategy and firewall rule chain etc. to virtual machine;Alternatively, the configuration according to virtual machine is wanted
It asks, distributes to communication strategy as defined in virtual machine and firewall rule chain etc..
206, the first node equipment is identified according to the virtual domain identifier and virtual machine of the purpose virtual machine, will be described
Network data is sent to the purpose virtual machine.
In the prior art, deployment access control, intrusion detection based on the formulation of existing virtual boundary, firewall are equilateral
Boundary's security strategy, when being applied in the virtual machine system for be related to cloud computing, since the isolation between each virtual machine is lost
Or weaken, cause existing boundaries security strategy when being applied to the virtual machine system for being related to cloud computing, virtual machine system fortune
Safety when row is still lower.It even will appear the node device where virtual machine or virtual Domain as caused by leaking data
The network datas such as communication strategy and firewall rule chain are lost or are stolen.It is managed in the embodiment of the present invention by the way that management equipment is unified
The reason network datas such as communication strategy and firewall rule chain issue, and avoid the communication strategy as caused by leaking data and prevent
The network datas such as wall with flues rule chain are lost or stolen problem.
In embodiments of the present invention, management equipment can issue redundancy strategy to related virtual Domain is migrated, so that moving
The node device after node device and migration before shifting can receive data information.As shown in Figure 5, comprising:
501, the first node equipment receives the virtual domain identifier for the second virtual Domain that the management equipment is sent.
Wherein, virtual machine to be migrated is currently located in the first virtual Domain, and first virtual Domain is located at the first node
In equipment.
502, the first node equipment is according to the virtual domain identifier of second virtual Domain, by the virtual machine to be migrated
The node device that is located to second virtual Domain of network data send, and by the virtual machine to be migrated to described second
Virtual domain migration.
In the present embodiment, the second virtual Domain can be located in first node equipment, and first node equipment is according to the second void
The virtual domain identifier of near-field transmits second virtual Domain of the network data of virtual machine to be migrated in first node equipment;The
Two virtual Domains can also be located on second node equipment or other node devices, and first node equipment is according to the void of the second virtual Domain
Near-field mark sends the network data of virtual machine to be migrated to second node equipment or other node devices.
503, using the corresponding virtual domain identifier of second virtual Domain as the virtual Domain where the virtual machine to be migrated
Virtual domain identifier.
Such as: virtual machine to be migrated is currently located in the first virtual Domain in first node equipment, the void of the first virtual Domain
Near-field is identified as first kind mark A, and virtual machine needs to be migrated are migrated to the second virtual Domain, the virtual domain identifier of the second virtual Domain
B is identified for the first kind.Then first node equipment by virtual machine to be migrated to the described second virtual domain migration, and will be to be migrated virtual
The virtual domain identifier of machine is revised as first kind mark B by first kind mark A.
Wherein, in the first node equipment by the virtual machine to be migrated to the second virtual domain migration when, it is described
First node equipment receives the information sent to the virtual machine to be migrated, and by the information to the second virtual Domain institute position
In node device send.To need to send data to virtual machine and is sent to what virtual machine to be moved into and be moved out simultaneously
Node device forms redundancy, so that the service disconnection on the virtual machine as caused by the migration of virtual machine is avoided, such as: system
In a node device need to virtual machine 1 send data packet, but virtual machine 1 have begun preparation by first node equipment
The second virtual Domain established on the virtual domain migration to third node device of the first of upper foundation can will then need to be sent to virtual
The data packet of machine 1 copies as two parts, is sent to the portion of first node equipment as first object information, is sent to third node
The portion of equipment is as the second target information.To realize the data temporal redundancies sent to virtual machine, set so that moving into node
Standby and node device of moving out can receive data information.Also, the communication plan of the virtual machine 1 stored in first node equipment
The information such as summary, firewall rule chain can also be sent to third node device, to guarantee net of the virtual machine in transition process
Network communication will not be interrupted.Such as: Hypervisor (management program) obtains migration event, issues virtual machine (vm) migration command information and arrives
In virtual Domain in transportable destination node equipment.The network that destination node equipment sends new virtual Domain to management equipment connects
Message breath, management equipment update interface database.New network interface information is issued into all relevant node equipments simultaneously, wherein
Relevant node equipment include carried out before virtual machine does not migrate communication node device or virtual machine do not migrate before will be into
The node device of row communication.In order to which relevant node equipment is communicated with the virtual machine after migration
A kind of information transferring method provided in an embodiment of the present invention manages the communication between virtual machine by allocation identification,
When source virtual machine sends data to purpose virtual machine, whether the virtual Domain where determining source virtual machine is according to management equipment point
What the mark matched was established, if then source virtual machine and the normal communication of purpose virtual machine, have management equipment point to limit not
The communication between virtual machine in the lower virtual Domain established of virtual machine and the management equipment control for the mark matched, enhances each virtual
Isolation between machine.And it gives and how to carry out virtual machine (vm) migration while enhancing the isolation between each virtual machine
Scheme, thus a possibility that data for also reducing during virtual machine (vm) migration leak.
The present invention provides a kind of information carrying means 60, the device 60 is for executing above-mentioned all methods, such as Fig. 6 institute
Show, comprising:
Receiving module 61, for receiving the data sent from source virtual machine to purpose virtual machine;
Processing module 62, for detecting whether the source virtual machine has virtual domain identifier, the purpose virtual machine is located at
The first node equipment, the first node equipment include a virtual Domain, and the purpose virtual machine is located at one void
Near-field;
Sending module 63, if detecting that the source virtual machine has the virtual domain identifier for the processing module 62,
The first node equipment connects the receiving module 61 according to the virtual domain identifier of the virtual Domain where the purpose virtual machine
Virtual Domain where from the data received to the purpose virtual machine is sent;The virtual domain identifier is distributed by management equipment,
And for as the virtual Domain where node device where the source virtual machine establishes the source virtual machine.
A kind of device of information transmission provided in an embodiment of the present invention, is managed logical between virtual machine by allocation identification
Letter, when source virtual machine sends data to purpose virtual machine, whether the virtual Domain where determining source virtual machine is to set according to management
What the mark that back-up is matched was established, if then source virtual machine and the normal communication of purpose virtual machine.Compared with the existing technology, in the present invention
Virtual Domain and virtual Domain in virtual machine be to be established under the control of management equipment, the processes such as communication between virtual machine
The mark distributed according to management equipment is needed, to limit virtual machine and the management of the mark for not having management equipment distribution
The communication between the virtual machine in virtual Domain established under apparatus management/control.To enhance the isolation between each virtual machine, limit
The communication between the virtual machine in illegal virtual machine and virtual Domain is made, the section as caused by the communication between virtual machine is reduced
A possibility that data of point device leak.
In the present embodiment, the processing module 62, specifically for the data received from the receiving module 61
The middle virtual domain identifier for obtaining the virtual Domain where virtual machine mark and the purpose virtual machine;The virtual machine mark is by managing
Equipment distribution, and the purpose virtual machine is established for the node device where the purpose virtual machine;
The processing module 62 is also used to determine the purpose virtual machine according to the virtual domain identifier of the purpose virtual machine
The virtual Domain at place;
The sending module 63, it is virtual to the purpose specifically for the data that receive the receiving module 61
Virtual Domain where machine is sent, in order to the node device that the virtual Domain where the purpose virtual machine is located at, according to described
Virtual machine mark sends the data to the purpose virtual machine.
Further, the receiving module 61 is also used to receive the network data that the management equipment is sent, the network
Data include at least the communication strategy and firewall rule chain of purpose virtual machine;
The sending module 63 is also used to be identified according to the virtual domain identifier and virtual machine of the purpose virtual machine, by institute
The network data that receiving module 61 receives is stated to send to the purpose virtual machine.
Optionally, the receiving module 61 is also used to receive the virtual Domain for the second virtual Domain that the management equipment is sent
Mark, wherein virtual machine to be migrated is currently located in the first virtual Domain, and first virtual Domain is located at the first node equipment
On;
The sending module 63, the virtual Domain for second virtual Domain for being also used to be received according to the receiving module 61
Mark, the node device that the network data of the virtual machine to be migrated is located to second virtual Domain are sent, and by institute
Virtual machine to be migrated is stated to the described second virtual domain migration;
The processing module 62 is also used to using the corresponding virtual domain identifier of second virtual Domain as the void to be migrated
The virtual domain identifier of virtual Domain where quasi- machine.
Wherein, the receiving module 61 is also used to the virtual machine to be migrated when the first node equipment to described
When the second virtual domain migration, the information sent to the virtual machine to be migrated is received;
The sending module 63, the information for being also used to receive the receiving module 61 is to second virtual Domain
The node device being located at is sent.
A kind of device of information transmission provided in an embodiment of the present invention, is managed logical between virtual machine by allocation identification
Letter, when source virtual machine sends data to purpose virtual machine, whether the virtual Domain where determining source virtual machine is to set according to management
What the mark that back-up is matched was established, if then source virtual machine and the normal communication of purpose virtual machine.Compared with the existing technology, in the present invention
Virtual Domain and virtual Domain in virtual machine be to be established under the control of management equipment, the processes such as communication between virtual machine
The mark distributed according to management equipment is needed, to limit virtual machine and the management of the mark for not having management equipment distribution
The communication between the virtual machine in virtual Domain established under apparatus management/control.To enhance the isolation between each virtual machine, limit
The communication between the virtual machine in illegal virtual machine and virtual Domain is made, the section as caused by the communication between virtual machine is reduced
A possibility that data of point device leak.
The embodiment of the invention provides a kind of equipment 70 of information transmission, as shown in fig. 7, including at least: processor 701,
Network interface 702, memory 703 and communication bus 704;The communication bus 704 is for realizing the processor 701, described
Connection communication between network interface 702 and the memory 703;The memory 703, for storing the information transmission
Equipment 70 in the process of running involved in data;It optionally, also include user interface 705, including display, keyboard or point
Hit equipment (for example, mouse, trace ball (trackball), touch-sensitive plate or touch sensitive display screen).Memory 703 may include height
Fast RAM memory, it is also possible to further include non-labile memory (non-volatile memory), for example, at least a magnetic
Disk storage.Memory 703 optionally may include at least one storage device for being located remotely from aforementioned processor 701;
In some embodiments, memory 703 stores following element, executable modules or data structures, or
Their subset of person or their superset:
Wherein operating system 7031 include various system programs, for realizing various basic businesses and processing based on hard
The task of part;Application program 7032 includes various application programs, for realizing various applied business.
Wherein, the network interface 702, for receiving the data sent from source virtual machine to purpose virtual machine;
Processor 701, for detecting whether the source virtual machine has virtual domain identifier, the purpose virtual machine is located at institute
First node equipment is stated, the first node equipment includes a virtual Domain, and the purpose virtual machine is located at one virtual
Domain, the virtual domain identifier are distributed by management equipment, and establish the source void for the node device where the source virtual machine
Virtual Domain where quasi- machine;
Processor 701, if being also used to the source virtual machine with the virtual domain identifier, the first node equipment according to
The virtual domain identifier of virtual Domain where the purpose virtual machine, then by network interface 702 by the data to the purpose
Virtual Domain where virtual machine is sent.
Wherein, processor 701 are specifically used for obtaining virtual machine mark and purpose virtual machine place from the data
Virtual Domain virtual domain identifier;The virtual machine mark is distributed by management equipment, and for where the purpose virtual machine
Node device establishes the purpose virtual machine;And the purpose virtual machine is determined according to the virtual domain identifier of the purpose virtual machine
The virtual Domain at place;And sent the virtual Domain where the data to the purpose virtual machine by network interface 702, so as to
In the node device that the virtual Domain where the purpose virtual machine is located at, according to virtual machine mark by the data to institute
State the transmission of purpose virtual machine.
Network interface 702 is also used to receive the network data that the management equipment is sent, and the network data includes at least
The communication strategy and firewall rule chain of purpose virtual machine;
Processor 701 is also used to be identified according to the virtual domain identifier and virtual machine of the purpose virtual machine, be connect by network
Mouth 702 sends the network data to the purpose virtual machine.
Network interface 702 is also used to receive the virtual domain identifier for the second virtual Domain that the management equipment is sent, wherein to
Migration virtual machine is currently located in the first virtual Domain, and first virtual Domain is located in the first node equipment;
Processor 701 is also used to the virtual domain identifier according to second virtual Domain, will be described by network interface 702
The node device that the network data of virtual machine to be migrated is located to second virtual Domain is sent, and will be described to be migrated virtual
Machine is to the described second virtual domain migration;And using the corresponding virtual domain identifier of second virtual Domain as the virtual machine to be migrated
The virtual domain identifier of the virtual Domain at place.
Network interface 702 is also used to the virtual machine to be migrated in the first node equipment to second virtual Domain
When migration, the information sent to the virtual machine to be migrated, and the node that the information is located to second virtual Domain
Equipment is sent.
A kind of information transmission equipment provided in an embodiment of the present invention manages the communication between virtual machine by allocation identification,
When source virtual machine sends data to purpose virtual machine, whether the virtual Domain where determining source virtual machine is according to management equipment point
What the mark matched was established, if then source virtual machine and the normal communication of purpose virtual machine.Compared with the existing technology, the void in the present invention
Virtual machine in near-field and virtual Domain is established under the control of management equipment, and the processes such as communication between virtual machine need
According to the mark that management equipment is distributed, to limit the virtual machine and management equipment for not having the mark of management equipment distribution
The communication between virtual machine in the lower virtual Domain established of control.To enhance the isolation between each virtual machine, limit non-
The communication between virtual machine in the virtual machine and virtual Domain of method reduces the node as caused by the communication between virtual machine and sets
A possibility that standby data leak.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for equipment reality
For applying example, since it is substantially similar to the method embodiment, so describing fairly simple, related place is referring to embodiment of the method
Part explanation.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by those familiar with the art, all answers
It is included within the scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.
Claims (10)
1. a kind of information transferring method characterized by comprising
First node equipment receives the data sent from source virtual machine to purpose virtual machine, and detects whether the source virtual machine has
There is virtual domain identifier, the purpose virtual machine is located at the first node equipment, and the first node equipment includes one virtual
Domain, the purpose virtual machine are located at one virtual Domain, and the virtual domain identifier is distributed by management equipment, and for by described
Virtual Domain where the source virtual machine that node device where source virtual machine is established, wherein virtual with virtual domain identifier
The virtual machine that machine is established by the node device that safe coefficient is higher than threshold value;
If the source virtual machine has the virtual domain identifier, the first node equipment is according to where the purpose virtual machine
The virtual domain identifier of virtual Domain sends the virtual Domain where the data to the purpose virtual machine.
2. information transferring method according to claim 1, which is characterized in that described according to where the purpose virtual machine
The virtual domain identifier of virtual Domain, by where virtual Domain from the data to the purpose virtual machine transmission include:
Virtual Domain of the first node equipment where obtaining virtual machine mark and the purpose virtual machine in the data
Virtual domain identifier;The virtual machine mark is distributed by management equipment, and is built for the node device where the purpose virtual machine
The vertical purpose virtual machine;
The first node equipment determines the void where the purpose virtual machine according to the virtual domain identifier of the purpose virtual machine
Near-field;
The first node equipment sends the virtual Domain where the data to the purpose virtual machine, in order to the purpose
The node device that virtual Domain where virtual machine is located at identifies the data are virtual to the purpose according to the virtual machine
Machine is sent.
3. information transferring method according to claim 1 or 2, which is characterized in that further include:
The first node equipment receives the network data that the management equipment is sent, and it is empty that the network data includes at least purpose
The communication strategy and firewall rule chain of quasi- machine;
The first node equipment is identified according to the virtual domain identifier and virtual machine of the purpose virtual machine, by the network data
It is sent to the purpose virtual machine.
4. information transferring method according to claim 3, which is characterized in that further include:
The first node equipment receives the virtual domain identifier for the second virtual Domain that the management equipment is sent, wherein to be migrated
Virtual machine is currently located in the first virtual Domain, and first virtual Domain is located in the first node equipment;
The first node equipment is according to the virtual domain identifier of second virtual Domain, by the network number of the virtual machine to be migrated
It is sent according to the node device being located to second virtual Domain, and the virtual machine to be migrated is moved to second virtual Domain
It moves;
Using the corresponding virtual domain identifier of second virtual Domain as the virtual Domain of the virtual Domain where the virtual machine to be migrated
Mark.
5. information transferring method according to claim 4, which is characterized in that the first node equipment will be described to be migrated
When virtual machine is to the second virtual domain migration, further includes:
The first node equipment receives the information sent to the virtual machine to be migrated, and the information is empty to described second
The node device that near-field is located at is sent.
6. a kind of information carrying means characterized by comprising
Receiving module, for receiving the data sent from source virtual machine to purpose virtual machine;
Whether processing module has a virtual domain identifier for detecting the source virtual machine, and the purpose virtual machine is located at described the
One node device, the first node equipment include a virtual Domain, and the purpose virtual machine is located at one virtual Domain;
Sending module, if for the processing module detect the source virtual machine have the virtual domain identifier, described first
Described in node device is received according to the virtual domain identifier of the virtual Domain where the purpose virtual machine, by the receiving module
Virtual Domain where from data to the purpose virtual machine is sent;The virtual domain identifier is distributed by management equipment, and for by institute
Node device where stating source virtual machine establishes the virtual Domain where the source virtual machine, wherein virtual with virtual domain identifier
The virtual machine that machine is established by the node device that safe coefficient is higher than threshold value.
7. information carrying means according to claim 6, which is characterized in that the processing module is specifically used for from described
The virtual Domain of the virtual Domain where virtual machine mark and the purpose virtual machine is obtained in the data that receiving module receives
Mark;The virtual machine mark is distributed by management equipment, and for described in the node device foundation as where the purpose virtual machine
Purpose virtual machine;
The processing module, where being also used to determine the purpose virtual machine according to the virtual domain identifier of the purpose virtual machine
Virtual Domain;
The sending module, specifically for where the data to the purpose virtual machine that receive the receiving module
Virtual Domain is sent, in order to the node device that the virtual Domain where the purpose virtual machine is located at, according to the virtual machine mark
Knowledge sends the data to the purpose virtual machine.
8. information carrying means according to claim 6 or 7, which is characterized in that the receiving module is also used to receive institute
The network data of management equipment transmission is stated, the network data includes at least the communication strategy and firewall rule of purpose virtual machine
Chain;
The sending module is also used to be identified according to the virtual domain identifier and virtual machine of the purpose virtual machine, by the reception
The network data that module receives is sent to the purpose virtual machine.
9. information carrying means according to claim 8, which is characterized in that the receiving module is also used to receive described
The virtual domain identifier for the second virtual Domain that management equipment is sent, wherein virtual machine to be migrated is currently located in the first virtual Domain, institute
The first virtual Domain is stated to be located in the first node equipment;
The sending module, the virtual domain identifier for second virtual Domain for being also used to be received according to the receiving module will
The node device that the network data of the virtual machine to be migrated is located to second virtual Domain is sent, and will be described to be migrated
Virtual machine is to the described second virtual domain migration;
The processing module is also used to using the corresponding virtual domain identifier of second virtual Domain as the virtual machine institute to be migrated
Virtual Domain virtual domain identifier.
10. information carrying means according to claim 9, which is characterized in that the receiving module is also used to when described the
One node device by the virtual machine to be migrated to the second virtual domain migration when, receive and sent to the virtual machine to be migrated
Information;
The sending module, the information for being also used to receive the receiving module are located to second virtual Domain
Node device is sent.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410342522.XA CN105450430B (en) | 2014-07-17 | 2014-07-17 | A kind of information transferring method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410342522.XA CN105450430B (en) | 2014-07-17 | 2014-07-17 | A kind of information transferring method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105450430A CN105450430A (en) | 2016-03-30 |
| CN105450430B true CN105450430B (en) | 2019-02-26 |
Family
ID=55560242
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410342522.XA Active CN105450430B (en) | 2014-07-17 | 2014-07-17 | A kind of information transferring method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105450430B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106506543B (en) * | 2016-12-20 | 2019-04-26 | 北京工业大学 | The implementation method of trusted agent module in a kind of Cloud Server |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101883158A (en) * | 2010-06-28 | 2010-11-10 | 中兴通讯股份有限公司 | Method and client for acquiring VLAN (Virtual Local Area Network) IDs (Identifiers) and network protocol addresses |
| CN102299929A (en) * | 2011-09-15 | 2011-12-28 | 北京天地云箱科技有限公司 | Access control method, system and device for virtual machine |
| CN102412978A (en) * | 2010-09-21 | 2012-04-11 | 杭州华三通信技术有限公司 | Method for carrying out network configuration for VM and system thereof |
| CN102571698A (en) * | 2010-12-17 | 2012-07-11 | 中国移动通信集团公司 | Access authority control method, system and device for virtual machine |
| CN102870381A (en) * | 2012-06-29 | 2013-01-09 | 华为技术有限公司 | PCIE switching system, apparatus and switching method |
| CN103138990A (en) * | 2013-03-12 | 2013-06-05 | 无锡城市云计算中心有限公司 | Virtual machine management method under cloud computing network and cloud computing network management device |
| CN103841186A (en) * | 2014-02-25 | 2014-06-04 | 汉柏科技有限公司 | Private cloud grouping method and system |
| EP2753044A1 (en) * | 2011-09-30 | 2014-07-09 | Huawei Technologies Co., Ltd. | Method and device for resource matching in vpc migration |
| CN103931144A (en) * | 2013-07-08 | 2014-07-16 | 华为技术有限公司 | Method, equipment and system for communication in virtual domain |
-
2014
- 2014-07-17 CN CN201410342522.XA patent/CN105450430B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101883158A (en) * | 2010-06-28 | 2010-11-10 | 中兴通讯股份有限公司 | Method and client for acquiring VLAN (Virtual Local Area Network) IDs (Identifiers) and network protocol addresses |
| CN102412978A (en) * | 2010-09-21 | 2012-04-11 | 杭州华三通信技术有限公司 | Method for carrying out network configuration for VM and system thereof |
| CN102571698A (en) * | 2010-12-17 | 2012-07-11 | 中国移动通信集团公司 | Access authority control method, system and device for virtual machine |
| CN102299929A (en) * | 2011-09-15 | 2011-12-28 | 北京天地云箱科技有限公司 | Access control method, system and device for virtual machine |
| EP2753044A1 (en) * | 2011-09-30 | 2014-07-09 | Huawei Technologies Co., Ltd. | Method and device for resource matching in vpc migration |
| CN102870381A (en) * | 2012-06-29 | 2013-01-09 | 华为技术有限公司 | PCIE switching system, apparatus and switching method |
| CN103138990A (en) * | 2013-03-12 | 2013-06-05 | 无锡城市云计算中心有限公司 | Virtual machine management method under cloud computing network and cloud computing network management device |
| CN103931144A (en) * | 2013-07-08 | 2014-07-16 | 华为技术有限公司 | Method, equipment and system for communication in virtual domain |
| CN103841186A (en) * | 2014-02-25 | 2014-06-04 | 汉柏科技有限公司 | Private cloud grouping method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105450430A (en) | 2016-03-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11115466B2 (en) | Distributed network services | |
| US10613883B2 (en) | Managing virtual machine migration | |
| EP3317804B1 (en) | Automatically preventing and remediating network abuse | |
| CN104170323B (en) | Fault handling method and device, system based on network function virtualization | |
| US10686837B2 (en) | Method and device for customizing security service | |
| WO2015081766A1 (en) | Sdn based virtual machine security policy migration system and method | |
| CN104392175A (en) | System and method and device for processing cloud application attack behaviors in cloud computing system | |
| EP2842285A1 (en) | Migration of a security policy of a virtual machine | |
| CN103618752A (en) | Virtual machine remote desktop safety access system and method | |
| CN106134141A (en) | A kind of method and device updating network service describer NSD | |
| CN111556047A (en) | Deployment method of security service in private cloud environment | |
| KR20110083084A (en) | Apparatus and method for operating server by using virtualization technology | |
| CN106685974A (en) | Establishing and providing method and device of safety protection services | |
| WO2013020521A1 (en) | Method and system for solving virtualization platform multilateral conflict | |
| CN105704042A (en) | Message processing method, BNG and BNG cluster system | |
| WO2018049583A1 (en) | User plane sharing method, device and supervising management device based on network slicing | |
| CN105303102A (en) | Secure access method for virtual machine and virtual machine system | |
| CN106911572A (en) | A kind of message processing method and device of the virtual machine realized based on SDN frameworks | |
| US20150372854A1 (en) | Communication control device, communication control program, and communication control method | |
| WO2015192583A1 (en) | Internet protocol (ip) address allocation method and apparatus, server and terminal | |
| CN108881460B (en) | Method and device for realizing unified monitoring of cloud platform | |
| CN105450430B (en) | A kind of information transferring method and device | |
| CN106559236B (en) | Equipment resource management method and device of service board, main control board and frame type equipment | |
| US20150334115A1 (en) | Dynamic provisioning of virtual systems | |
| KR20160050896A (en) | Method for generating of access controllr based of virtualization annd server thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |