CN105591863A - Method and device for realizing interworking between virtual private cloud network and external network - Google Patents
Method and device for realizing interworking between virtual private cloud network and external network Download PDFInfo
- Publication number
- CN105591863A CN105591863A CN201410559386.XA CN201410559386A CN105591863A CN 105591863 A CN105591863 A CN 105591863A CN 201410559386 A CN201410559386 A CN 201410559386A CN 105591863 A CN105591863 A CN 105591863A
- Authority
- CN
- China
- Prior art keywords
- list item
- data
- nat
- stream table
- table list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
Abstract
The invention discloses a method and device for realizing interworking between a virtual private cloud network and an external network. The method includes the following steps that: a virtual extensible local area network (Vxlan) gateway receives data from a router, searches a third flow table entry and a fourth flow table entry corresponding to the data in a first flow table, and searches an NAT table entry corresponding to the data in a network address translation (NAT) table according to the third flow table entry; the Vxlan gateway sends the data to the external network according to the found NAT table entry; the Vxlan gateway performs mirror imaging on the data according to the fourth flow table entry; the Vxlan gateway searches a fifth flow table entry corresponding to mirror-imaged data in a second flow table, searches an NAT table entry corresponding to the mirror-imaged data in the NAT table according to the found fifth flow table entry, and issues the found NAT table entry to the NAT table. With the method and device provided by the technical schemes of the invention adopted, mapping between the Vxlan and a Vlan can be avoided.
Description
Technical field
The present invention relates to virtual privately owned cloud network technology, espespecially one realize virtual privately owned cloud (VPC,VirtualPrivateCloud) method and apparatus of network and external network intercommunication.
Background technology
VPC is the privately owned cloud being present in shared or public cloud. Cloud operator can divide in public cloudGo out a part of resource and use to user, make user can as privately owned cloud, have and manage cloud. Privately ownedCloud can be installed in the mode of virtual machine (VM, VirtualMachine) server of different size; CanTo install or to dispose the shared storage of different size; Subnet division, self-defined network addressing voluntarilySpace, self-defined routing rule; Can configure mode and rule with external network intercommunication; Can pacifyDress network address translation (NAT, NetworkAddressTranslation), fire wall, load balancingThe equipment such as device, VPN (VPN, VirtualPrivateNetwork) gateway also configure correspondingRule; Can safeguard, monitor resource and network. Fig. 1 is virtual privately owned cloud network in general scheme, asShown in Fig. 1, the calculating of cloud platform uniform management, network, storage resources, each tenant can apply for oneOr multiple virtual privately owned cloud services. User can apply for virtual machine, network, the storage money of signing definedSource, and have and configure completely authority.
A user adopts an account login, is also a so-called tenant. Theory also can an accountThe corresponding multiple tenants in family, realize depending on platform. A tenant can create multiple networks, corresponding oneBottom virtual network encapsulated tags (for example VLAN (vlan, VirtualLocalAreaNetwork)Package identification or the virtual LAN (vxlan, VirtualeXtensibleLocalAreaNetwork) of expandingPackage identification vni), each virtual network has multiple subnets. Give tacit consent between multiple subnets and isolate,If tenant wishes intercommunication between subnet, need to create virtual router and articulate multiple subnets. If neededWill with external network intercommunication, need to create static routing or exterior gateway. A tenant Shen simultaneouslyPlease multiple resources of virtual machine, each virtual machine has one to multiple ports, media of each port arrangementAccess control (MAC, MediaAccessControl) address and private network Internet protocol (IP,InternetProtocol) address. If virtual machine is for external service, can arrangement one dynamicallyIP (FloatingIP), a static NAT rule of map network. If main frame needs to visit in subnetAsk outer net, except configuration virtual router, also need corresponding NAT device.
The management of virtual privately owned cloud network can pass through Openstack (US National Aeronautics and Space Administration andThe high in the clouds operational software of Rackspace R & D Cooperation) Neutron networking component complete, Neutron netNetwork assembly generates corresponding virtual privately owned cloud Internet resources according to tenant to the demand of network. The physics of bottomResource is passed through software defined network (SDN, SoftwareDefinedNetwork) technology after virtualAllocate, SDN controller builds network according to the requirement of Neutron networking component. Fig. 2 is virtualPrivately owned cloud network virtualization scheme, as shown in Figure 2, the L2 of virtual privately owned cloud network and L3 function andNetwork model can be realized by SDN controller, and the L4-L7 network equipment is by NeutronPlug-In interfaceDirectly control OF (OpenFlow) switch and the L4-L7 network equipment. The arranging service of L4-L7Also can realize by SDN. The resource management scheme of this virtual privately owned cloud network has network completelyControl ability, is beneficial to the network management and the control that become more meticulous. By PN, make business customizingChange ability grow. The openflow interface of standard is conducive to many producers mixed networking.
Virtual privately owned cloud network can be isolated by vxlan, can in each virtual privately owned cloud networkTo plan the own network segment and address pool, virtual machine (VM, the Virtual of virtual privately owned cloud insideMachine) can distribute private address, between virtual privately owned cloud, can have address overlap phenomenon. Figure3 is the schematic diagram of the existing method that realizes virtual private networks and external network intercommunication, as shown in Figure 3,In the time that the VM in virtual privately owned cloud network need to send data to external network, the control of SDN controllerOF switch carries out after Vxlan encapsulation data, controls OF switch data are sent by routerGive Vxlan gateway, the first-class table list item that Vxlan gateway issues according to SDN controller (comprises couplingInformation field and corresponding action, wherein, match information territory is Vxlan package identification) data are carried out to VxlanDecapsulation, and the second table list item issuing according to SDN controller (comprises match information territory and correspondingAction, wherein, match information territory is Vlan package identification) data are carried out to Vlan encapsulation, then willData retransmission after encapsulation is to NAT network element, and NAT network element adopts the mode of traversal in NAT rule listSearch NAT rule corresponding to data, according to the NAT rule finding, data are sent to external network.Wherein, NAT rule list comprises Vlan package identification and corresponding NAT rule.
Wherein, Vxlan gateway and NAT network element can set up separately, also can close and establish.
In the existing method that realizes virtual private networks and external network intercommunication, Vxlan gateway is at logarithmIn Vxlan decapsulation and Vlan encapsulation process, Vxlan package identification need to be mapped to Vlan according to carrying outMark, Vxlan package identification is 24 bits, and Vlan package identification is 12 bits, therefore, is reflectingPenetrate the situation that can have the corresponding Vlan mark of multiple Vxlan package identification in process, thereby reducedThe quantity of the virtual private networks that Vxlan gateway reality is supported. And in prior art, do not provide effectivelyMethod realize in virtual private networks and external network intercommunication process, avoid between Vxlan and VlanMapping.
Summary of the invention
In order to address the above problem, to the present invention proposes one and realize virtual privately owned cloud network and external networkThe method and apparatus of intercommunication, can avoid the mapping between Vxlan and Vlan.
In order to achieve the above object, the present invention proposes one and realize virtual privately owned cloud network and external networkThe method of intercommunication, comprising:
The virtual LAN Vxlan gateway of expanding receives the data from router, in first-class tableFind the 3rd stream table list item corresponding to data and the 4th stream table list item;
Vxlan gateway is searched data in network address translation NAT table according to the 3rd stream table list item correspondingNAT list item, sends to external network according to the NAT list item finding by data;
Vxlan gateway carries out mirror image according to the 4th stream table list item to data;
Vxlan gateway is searched the 5th stream table list item corresponding to data of mirror image in second table, according to looking intoThe 5th stream table list item finding is searched the NAT table corresponding to data of described mirror image in NAT rule list, the NAT list item finding is issued in NAT table.
Preferably, in the time searching less than NAT list item corresponding to data in described NAT table, the methodAlso comprise: abandon described data.
Preferably, when searching in described first-class table less than the 3rd stream table list item corresponding to described data andWhen the 4th stream table list item, in network address translation NAT table, search according to the 3rd stream table list item describedNAT list item corresponding to data also comprises before:
Described Vxlan gateway will be delivered to described SDN controller in described data;
Described Vxlan gateway receives from the 3rd stream table list item of described SDN controller and the 4th stream tableList item.
Preferably, when search the five stream table corresponding less than the data of described mirror image in described second tableWhen list item, the method also comprises:
Abandon the data of described mirror image.
Preferably, the method also comprises:
Described Vxlan gateway deletes described after NAT list item corresponding to the data that find described mirror imageFour stream table list items.
Preferably, described Vxlan gateway deletes after NAT list item corresponding to the data that find mirror imageFour stream table list items comprise:
It is special that described Vxlan gateway builds after NAT list item corresponding to the data that find described mirror imageThe 6th stream table list item of the special instruction correspondence of described structure is searched in instruction in described second table,Delete described the 4th stream table list item according to the 6th stream table list item finding.
Preferably, the method also comprises:
The matching domain information in the NAT list item finding is sent to described SDN by described Vxlan gatewayController, receives after the 7th stream table list item from described SDN controller, according to described the 7th stream tableList item is deleted described the 4th stream table list item.
Preferably, described first-class table comprises matching domain information, and the matching domain information of described first-class table isThe network address;
Described the 3rd stream table list item corresponding to data of searching in first-class table comprises:
The matching domain information of the destination address of described data and described first-class table is carried out described in matched and searchedThe 3rd stream table list item.
The invention allows for a kind of virtual LAN gateway of expanding, at least comprise:
First searches module, for receiving the data from router, in first-class table, finds numberAccording to the 3rd stream table list item and the 4th stream table list item of correspondence; Show list item in network address translation according to the 3rd streamIn NAT table, search NAT list item corresponding to data;
Sending module, for sending to external network according to the NAT list item finding by data;
Mirror image module, for find the 4th stream table list item corresponding to described data at described first-class table,According to described the 4th stream table list item, described data are carried out to mirror image;
Second searches module, for search the 5th stream table list item corresponding to data of mirror image at second table,The data of searching described mirror image according to the 5th stream table list item finding in NAT rule list are correspondingNAT list item;
Issue module, for the NAT list item finding being issued to described NAT table.
Preferably, also comprise:
Discard module, in the time that described first searches module searches less than NAT list item corresponding to data,Abandon described data.
Preferably, described first search module also for:
In described first-class table, search the three stream table list item corresponding less than data and the 4th stream table list itemTime, in network address translation NAT table, search NAT corresponding to data according to the 3rd stream table list item describedBefore list item, described SDN controller will be delivered in described data; Receive from described SDN controllerThe 3rd stream table list item and the 4th stream table list item.
Preferably, described second search module also for:
In described second table, search the five stream table list item corresponding less than the data of described mirror image, abandonThe data of described mirror image.
Preferably, also comprise:
Removing module, described in deleting after NAT list item corresponding to the data finding described mirror imageThe 4th stream table list item.
Preferably, described removing module specifically for:
After NAT list item corresponding to the data that find described mirror image, build special instruction, describedIn second table, search the 6th stream table list item of the special instruction correspondence of described structure, according to what findThe 6th stream table list item is deleted described the 4th stream table list item.
Preferably, described sending module also for:
Matching domain information in the NAT list item finding is sent to described SDN controller, receiveAfter the 7th stream table list item from described SDN controller, delete described the according to described the 7th stream table list itemFour stream table list items.
Compared with prior art, the present invention includes: Vxlan gateway receives the data from router,In first-class table, find the 3rd stream table list item corresponding to data and the 4th stream table list item, Vxlan gatewayIn NAT table, search NAT list item corresponding to data according to the 3rd stream table list item; According to what findData are sent to external network by NAT list item; Vxlan gateway is shown list item to described according to described the 4th streamData are carried out mirror image; Described Vxlan gateway is searched the 5th stream corresponding to data of mirror image in second tableTable list item, the data of searching described mirror image according to the 5th stream table list item finding in NAT rule listCorresponding NAT list item, is issued to the NAT list item finding in described NAT table. By thisBright scheme finds after the 3rd stream table list item corresponding to data, directly at NAT in first-class tableIn table, search corresponding NAT list item, and do not need data to carry out Vxlan decapsulation and Vlan encapsulationAfter carry out again NAT conversion, thereby avoided the mapping between Vxlan and Vlan.
Further, only data need to be searched in NAT table, and not need to comprise allIn the NAT rule list of NAT rule, search, thereby accelerated the transmission of data.
Brief description of the drawings
Below the accompanying drawing in the embodiment of the present invention is described, the accompanying drawing in embodiment is for to thisBright further understanding, is used from explanation the present invention with description one, does not form the present invention is protected to modelThe restriction of enclosing.
Fig. 1 is virtual privately owned cloud network in general scheme;
Fig. 2 is virtual privately owned cloud network virtualization scheme;
Fig. 3 is the schematic diagram of the existing method that realizes virtual private networks and external network intercommunication;
Fig. 4 is the flow chart of the method that realizes virtual private networks and external network intercommunication of the present invention;
Fig. 5 is the stream of the embodiment of the method that realizes virtual private networks and external network intercommunication of the present inventionCheng Tu;
Fig. 6 is the structure composition schematic diagram of Vxlan gateway of the present invention.
Detailed description of the invention
For the ease of those skilled in the art's understanding, below in conjunction with accompanying drawing, the present invention is further retouchedState, can not be used for limiting the scope of the invention. It should be noted that, in the situation that not conflicting,Variety of way in embodiment and embodiment in the application can combine mutually.
Referring to Fig. 4, the present invention proposes a kind of side that realizes virtual privately owned cloud network and external network intercommunicationMethod, comprising:
Step 100, Vxlan gateway receive the data from router, in first-class table, find numberAccording to the 3rd stream table list item and the 4th stream table list item of correspondence; Look in NAT table according to the 3rd stream table list itemLook for NAT list item corresponding to data, according to the NAT list item finding, data are sent to external network;Vxlan gateway carries out mirror image according to the 4th stream table list item to data; Vxlan gateway is searched in second tableThe 5th stream table list item that the data of mirror image are corresponding, according to the 5th stream table list item finding in NAT ruleNAT list item corresponding to data of searching mirror image in table, is issued to NAT by the NAT list item findingIn table.
In this step, in the time searching less than NAT list item corresponding to data, abandon data in NAT table.
In this step, first-class table comprises matching domain information and corresponding action, and NAT rule list comprisesJoin domain information and corresponding NAT rule.
Wherein, the matching domain information of first-class table is the network address. Can be by the destination address of data andThe matching domain information of first-class table is carried out matched and searched the 3rd stream table list item.
Wherein, the matching domain information of NAT rule list can be vni information, subnet information, source address letterIn breath, destination address information, source port information, destination interface information, translate etc. oneOr multiple. Can by the vni information in data, subnet information, source address information, destination address information,One or more and NAT rule in source port information, destination interface information, translate etc.The matching domain information of table is mated.
In this step, when search the five stream table list item corresponding less than the data of mirror image in second table,Or search NAT list item corresponding to data less than mirror image in NAT rule list time, abandon the number of mirror imageAccording to.
In this step, second table and NAT rule list are that SDN controller is issued to Vxlan net in advanceThe Central Shanxi Plain.
In this step, second table comprises matching domain information and corresponding action.
Wherein, the matching domain information of second table can be vni information, subnet information, source address information,In destination address information, source port information, destination interface information, translate etc. one or manyIndividual. Can be by the vni information in data, subnet information, source address information, destination address information, sourceOne or more and second table in port information, destination interface information, translate etc.Join domain information and carry out matched and searched the 5th stream table list item.
In this step, NAT rule list has comprised all NAT list item corresponding to NAT rule.
In this step, Vxlan gateway can also be deleted after NAT list item corresponding to the data that find mirror imageExcept the 4th stream table list item. Concrete, can be after NAT list item corresponding to the data that find mirror image structureBuild special instruction, in second table, search the 6th stream table list item of the special instruction correspondence of structure,Delete the 4th stream table list item according to the 6th stream table list item finding. Wherein, special instruction can be bagContaining the packet in specific matching territory, the 6th stream table list item can be the stream table being pre-configured in second tableList item.
Or the matching domain information in the NAT list item finding is sent to SDN control by Vxlan gatewayDevice processed, receives after the 7th stream table list item from SDN controller, deletes the according to the 7th stream table list itemFour stream table list items.
When search the three stream table list item corresponding less than data and the 4th stream table list item in first-class table time,Search in network address translation NAT table according to the 3rd stream table list item NAT list item corresponding to data itBefore also comprise:
Step 101, Vxlan gateway will be delivered to SDN controller in data; Vxlan gateway receives and arrivesFrom the 4th stream table list item and the 3rd stream table list item of SDN controller.
Wherein, Vxlan gateway can will be delivered to SDN controller by Packetin order in data.
Describe method of the present invention in detail below by specific embodiment, referring to Fig. 5, the method comprises:
Step 500, Vxlan gateway receive the data from router.
Step 501, Vxlan gateway are searched the 3rd stream table list item and the 4th corresponding to data in first-class tableStream table list item, if find the 3rd stream table list item, performs step 502; If find the 4th streamTable list item, performs step 505; If searched less than the 3rd stream table list item and the 4th stream table list item,Execution step 510.
Step 502, Vxlan gateway are searched data in NAT table according to the 3rd stream table list item correspondingNAT list item, if found, performs step 503; If search less than, perform step 504.
Step 503, Vxlan gateway send to external network according to the NAT list item finding by data.
Step 504, Vxlan gateway abandon data.
Step 505, Vxlan gateway carry out mirror image according to the 4th stream table list item to data.
Step 506, Vxlan gateway are searched the 5th stream table table corresponding to data of mirror image in second table, if found, perform step 507; If search less than, perform step 509.
Step 507, Vxlan gateway are searched in NAT rule list according to the 5th stream table list item findingThe NAT list item corresponding to data of mirror image, if found, performs step 508; If search less than,Perform step 509.
Step 508, Vxlan gateway are issued to the NAT list item finding in NAT table, and deleteThe 4th stream table list item.
Step 509, Vxlan gateway abandon the data of mirror image.
Step 510, Vxlan gateway will be delivered to SDN controller in data; Vxlan gateway receives and arrivesFrom the 4th stream table list item and the 3rd stream table list item of SDN controller, and perform step 501 and step 505.
Referring to Fig. 6, the invention allows for a kind of virtual LAN gateway of expanding, at least comprise:
First searches module, for receiving the data from router, in first-class table, finds numberAccording to the 3rd stream table list item and the 4th stream table list item of correspondence; Show list item in network address translation according to the 3rd streamIn NAT table, search NAT list item corresponding to data;
Sending module, for sending to external network according to the NAT list item finding by data;
Mirror image module, for find the 4th stream table list item corresponding to data at first-class table, according toFour stream table list items carry out mirror image to data;
Second searches module, for search the 5th stream table list item corresponding to data of mirror image at second table,In NAT rule list, search the NAT table corresponding to data of mirror image according to the 5th stream table list item finding;
Issue module, for the NAT list item finding being issued to described NAT table.
The virtual LAN gateway of expanding of the present invention also comprises:
Discard module, in the time that first searches module searches less than NAT list item corresponding to data, losesAbandon data.
Virtual expansion in LAN gateway of the present invention, first search module also for:
Search the three stream table list item corresponding less than data and the 4th stream table list item in first-class table time,Before searching NAT list item corresponding to data according to the 3rd stream table list item in network address translation NAT tableSDN controller will be delivered in data; Receive the 3rd stream table list item and the 4th from SDN controllerStream table list item.
Virtual expansion in LAN gateway of the present invention, second search module also for:
In second table, search the five stream table list item corresponding less than the data of mirror image, abandon the number of mirror imageAccording to.
The virtual LAN gateway of expanding of the present invention also comprises:
Removing module, for deleting the 4th stream table after NAT list item corresponding to the data finding mirror imageList item.
Virtual expansion in LAN gateway of the present invention, removing module specifically for:
After NAT list item corresponding to the data that find mirror image, build special instruction, at second tableIn search the 6th stream table list item of the special instruction correspondence of structure, according to the 6th stream table list item findingDelete the 4th stream table list item.
Virtual expansion in LAN gateway of the present invention, sending module also for:
Matching domain information in the NAT list item finding is sent to SDN controller, receive fromAfter the 7th stream table list item of SDN controller, delete the 4th stream table list item according to the 7th stream table list item.
It should be noted that, above-described embodiment understands for the ease of those skilled in the artOnly, be not limited to protection scope of the present invention, in the prerequisite that does not depart from inventive concept of the present inventionUnder, any apparent replacement and the improvement etc. that those skilled in the art make the present invention is all at thisWithin the protection domain of invention.
Claims (15)
1. a method that realizes virtual privately owned cloud network and external network intercommunication, is characterized in that, comprising:
The virtual LAN Vxlan gateway of expanding receives the data from router, in first-class tableFind the 3rd stream table list item corresponding to data and the 4th stream table list item;
Vxlan gateway is searched data in network address translation NAT table according to the 3rd stream table list item correspondingNAT list item, sends to external network according to the NAT list item finding by data;
Vxlan gateway carries out mirror image according to the 4th stream table list item to data;
Vxlan gateway is searched the 5th stream table list item corresponding to data of mirror image in second table, according to looking intoThe 5th stream table list item finding is searched the NAT table corresponding to data of described mirror image in NAT rule list, the NAT list item finding is issued in NAT table.
2. method according to claim 1, is characterized in that, when searching in described NAT tableDuring less than NAT list item corresponding to data, the method also comprises: abandon described data.
3. method according to claim 1 and 2, is characterized in that, when in described first-class tableWhile searching the three stream table list item corresponding less than described data and the 4th stream table list item, described according to the 3rdStream table list item also comprised search NAT list item corresponding to data in network address translation NAT table before:
Described Vxlan gateway will be delivered to described SDN controller in described data;
Described Vxlan gateway receives from the 3rd stream table list item of described SDN controller and the 4th stream tableList item.
4. method according to claim 1 and 2, is characterized in that, when in described second tableWhile searching the 5th stream table list item corresponding to data less than described mirror image, the method also comprises:
Abandon the data of described mirror image.
5. method according to claim 1 and 2, is characterized in that, the method also comprises:
Described Vxlan gateway deletes described after NAT list item corresponding to the data that find described mirror imageFour stream table list items.
6. method according to claim 5, is characterized in that, described Vxlan gateway is findingAfter NAT list item corresponding to the data of mirror image, deleting the 4th stream table list item comprises:
It is special that described Vxlan gateway builds after NAT list item corresponding to the data that find described mirror imageThe 6th stream table list item of the special instruction correspondence of described structure is searched in instruction in described second table,Delete described the 4th stream table list item according to the 6th stream table list item finding.
7. method according to claim 1 and 2, is characterized in that, the method also comprises:
The matching domain information in the NAT list item finding is sent to described SDN by described Vxlan gatewayController, receives after the 7th stream table list item from described SDN controller, according to described the 7th stream tableList item is deleted described the 4th stream table list item.
8. method according to claim 1 and 2, is characterized in that, described first-class table comprisesJoin domain information, the matching domain information of described first-class table is the network address;
Described the 3rd stream table list item corresponding to data of searching in first-class table comprises:
The matching domain information of the destination address of described data and described first-class table is carried out described in matched and searchedThe 3rd stream table list item.
9. the virtual LAN gateway of expanding, is characterized in that, at least comprises:
First searches module, for receiving the data from router, in first-class table, finds numberAccording to the 3rd stream table list item and the 4th stream table list item of correspondence; Show list item in network address translation according to the 3rd streamIn NAT table, search NAT list item corresponding to data;
Sending module, for sending to external network according to the NAT list item finding by data;
Mirror image module, for find the 4th stream table list item corresponding to described data at described first-class table,According to described the 4th stream table list item, described data are carried out to mirror image;
Second searches module, for search the 5th stream table list item corresponding to data of mirror image at second table,The data of searching described mirror image according to the 5th stream table list item finding in NAT rule list are correspondingNAT list item;
Issue module, for the NAT list item finding being issued to described NAT table.
10. the virtual LAN gateway of expanding according to claim 9, is characterized in that, also bagDraw together:
Discard module, in the time that described first searches module searches less than NAT list item corresponding to data,Abandon described data.
11. according to the virtual LAN gateway of expanding described in claim 9 or 10, it is characterized in that,Described first search module also for:
In described first-class table, search the three stream table list item corresponding less than data and the 4th stream table list itemTime, in network address translation NAT table, search NAT corresponding to data according to the 3rd stream table list item describedBefore list item, described SDN controller will be delivered in described data; Receive from described SDN controllerThe 3rd stream table list item and the 4th stream table list item.
12. according to the virtual LAN gateway of expanding described in claim 9 or 10, it is characterized in that,Described second search module also for:
In described second table, search the five stream table list item corresponding less than the data of described mirror image, abandonThe data of described mirror image.
13. according to the virtual LAN gateway of expanding described in claim 9 or 10, it is characterized in that,Also comprise:
Removing module, described in deleting after NAT list item corresponding to the data finding described mirror imageThe 4th stream table list item.
The 14. virtual LAN gateways of expanding according to claim 13, is characterized in that, described inRemoving module specifically for:
After NAT list item corresponding to the data that find described mirror image, build special instruction, describedIn second table, search the 6th stream table list item of the special instruction correspondence of described structure, according to what findThe 6th stream table list item is deleted described the 4th stream table list item.
15. according to the virtual LAN gateway of expanding described in claim 9 or 10, it is characterized in that,Described sending module also for:
Matching domain information in the NAT list item finding is sent to described SDN controller, receiveAfter the 7th stream table list item from described SDN controller, delete described the according to described the 7th stream table list itemFour stream table list items.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410559386.XA CN105591863B (en) | 2014-10-20 | 2014-10-20 | A kind of method and apparatus for realizing virtual private cloud network Yu external network intercommunication |
| PCT/CN2015/084963 WO2016062140A1 (en) | 2014-10-20 | 2015-07-23 | Method and apparatus for implementing interworking between virtual private cloud network and external network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410559386.XA CN105591863B (en) | 2014-10-20 | 2014-10-20 | A kind of method and apparatus for realizing virtual private cloud network Yu external network intercommunication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105591863A true CN105591863A (en) | 2016-05-18 |
| CN105591863B CN105591863B (en) | 2019-11-26 |
Family
ID=55760250
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410559386.XA Active CN105591863B (en) | 2014-10-20 | 2014-10-20 | A kind of method and apparatus for realizing virtual private cloud network Yu external network intercommunication |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105591863B (en) |
| WO (1) | WO2016062140A1 (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106059846A (en) * | 2016-08-19 | 2016-10-26 | 杭州华三通信技术有限公司 | Fault analysis method and device applied to VXLAN (Virtual eXtensible LAN) |
| CN106411857A (en) * | 2016-09-07 | 2017-02-15 | 河海大学 | Private cloud GIS service access control method based on virtual isolation mechanism |
| CN106686070A (en) * | 2016-12-13 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Database data migration method, device, terminal and system |
| CN107872542A (en) * | 2016-09-27 | 2018-04-03 | 阿里巴巴集团控股有限公司 | The method and the network equipment of a kind of data transfer |
| CN108023801A (en) * | 2016-10-31 | 2018-05-11 | 中国电信股份有限公司 | The resource regulating method and system of heterogeneous network |
| CN108449197A (en) * | 2018-01-03 | 2018-08-24 | 北京大学 | A kind of cloudy environment network construction method based on software defined network |
| CN109117650A (en) * | 2018-07-25 | 2019-01-01 | 华为技术有限公司 | A kind of creation method of enterprise's cloud and management platform |
| CN109561164A (en) * | 2017-09-27 | 2019-04-02 | 华为技术有限公司 | Management method, device and the NAT device of NAT table item |
| CN110088732A (en) * | 2016-12-19 | 2019-08-02 | 华为技术有限公司 | A kind of data package processing method, host and system |
| CN110290174A (en) * | 2019-05-24 | 2019-09-27 | 华为技术有限公司 | A kind of control method and control node of main cluster |
| CN110572327A (en) * | 2019-07-31 | 2019-12-13 | 苏州浪潮智能科技有限公司 | Method for realizing cross-network-segment data forwarding of neutron network and flow controllable method |
| CN110875884A (en) * | 2018-08-31 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Traffic migration system, data processing method and device |
| CN112242952A (en) * | 2019-07-16 | 2021-01-19 | 中移(苏州)软件技术有限公司 | Data forwarding method, cabinet top type switch and storage medium |
| WO2021139269A1 (en) * | 2020-08-06 | 2021-07-15 | 平安科技(深圳)有限公司 | Distributed routing method and apparatus based on open vswitch kernel state flow tables in overlay network |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109450905B (en) * | 2018-11-20 | 2021-05-04 | 郑州云海信息技术有限公司 | Method, device and system for transmitting data |
| CN111371666B (en) * | 2018-12-26 | 2021-12-31 | 华为技术有限公司 | Method, device and system for processing message |
| US10855584B2 (en) | 2018-12-28 | 2020-12-01 | Alibaba Group Holding Limited | Client-equipment-peering virtual route controller |
| CN115550258B (en) * | 2022-12-02 | 2023-03-31 | 苏州浪潮智能科技有限公司 | Traffic mirroring method, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050010822A1 (en) * | 2003-07-09 | 2005-01-13 | Xinyu Zhou | Firewall and method for configuring same |
| CN101707569A (en) * | 2009-12-21 | 2010-05-12 | 杭州华三通信技术有限公司 | Method and device for processing NAT service message |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1223159C (en) * | 2002-08-13 | 2005-10-12 | 华为技术有限公司 | Method of supporting address transfer application network |
| CN101119324B (en) * | 2007-09-21 | 2010-04-14 | 杭州华三通信技术有限公司 | Network address converting attribute self-adaptive method and apparatus |
-
2014
- 2014-10-20 CN CN201410559386.XA patent/CN105591863B/en active Active
-
2015
- 2015-07-23 WO PCT/CN2015/084963 patent/WO2016062140A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050010822A1 (en) * | 2003-07-09 | 2005-01-13 | Xinyu Zhou | Firewall and method for configuring same |
| CN101707569A (en) * | 2009-12-21 | 2010-05-12 | 杭州华三通信技术有限公司 | Method and device for processing NAT service message |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106059846A (en) * | 2016-08-19 | 2016-10-26 | 杭州华三通信技术有限公司 | Fault analysis method and device applied to VXLAN (Virtual eXtensible LAN) |
| CN106411857A (en) * | 2016-09-07 | 2017-02-15 | 河海大学 | Private cloud GIS service access control method based on virtual isolation mechanism |
| CN106411857B (en) * | 2016-09-07 | 2019-03-29 | 河海大学 | A kind of private clound GIS service access control method based on virtual isolation mech isolation test |
| CN107872542A (en) * | 2016-09-27 | 2018-04-03 | 阿里巴巴集团控股有限公司 | The method and the network equipment of a kind of data transfer |
| CN108023801B (en) * | 2016-10-31 | 2020-11-10 | 中国电信股份有限公司 | Resource scheduling method and system for heterogeneous network |
| CN108023801A (en) * | 2016-10-31 | 2018-05-11 | 中国电信股份有限公司 | The resource regulating method and system of heterogeneous network |
| US11003639B2 (en) | 2016-12-13 | 2021-05-11 | Tencent Technology (Shenzhen) Company Limited | Database data migration method, apparatus, terminal, system, and storage medium |
| CN106686070B (en) * | 2016-12-13 | 2020-10-16 | 腾讯科技(深圳)有限公司 | Database data migration method, device, terminal and system |
| CN106686070A (en) * | 2016-12-13 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Database data migration method, device, terminal and system |
| CN110088732A (en) * | 2016-12-19 | 2019-08-02 | 华为技术有限公司 | A kind of data package processing method, host and system |
| US11190375B2 (en) | 2016-12-19 | 2021-11-30 | Huawei Technolgoies Co., Ltd. | Data packet processing method, host, and system |
| CN110088732B (en) * | 2016-12-19 | 2021-08-20 | 华为技术有限公司 | Data packet processing method, host and system |
| CN109561164A (en) * | 2017-09-27 | 2019-04-02 | 华为技术有限公司 | Management method, device and the NAT device of NAT table item |
| CN109561164B (en) * | 2017-09-27 | 2021-02-09 | 华为技术有限公司 | NAT table entry management method and device and NAT equipment |
| CN108449197A (en) * | 2018-01-03 | 2018-08-24 | 北京大学 | A kind of cloudy environment network construction method based on software defined network |
| CN108449197B (en) * | 2018-01-03 | 2020-11-20 | 北京大学 | Multi-cloud environment network construction method based on software defined network |
| CN109117650A (en) * | 2018-07-25 | 2019-01-01 | 华为技术有限公司 | A kind of creation method of enterprise's cloud and management platform |
| WO2020019839A1 (en) * | 2018-07-25 | 2020-01-30 | 华为技术有限公司 | Method for creating enterprise cloud and management platform |
| CN110875884A (en) * | 2018-08-31 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Traffic migration system, data processing method and device |
| CN110875884B (en) * | 2018-08-31 | 2023-10-31 | 阿里巴巴集团控股有限公司 | Traffic migration system, data processing method and device |
| CN110290174A (en) * | 2019-05-24 | 2019-09-27 | 华为技术有限公司 | A kind of control method and control node of main cluster |
| US11729102B2 (en) | 2019-05-24 | 2023-08-15 | Huawei Cloud Computing Technologies Co., Ltd. | Active-active cluster control method and control node |
| CN112242952A (en) * | 2019-07-16 | 2021-01-19 | 中移(苏州)软件技术有限公司 | Data forwarding method, cabinet top type switch and storage medium |
| CN110572327A (en) * | 2019-07-31 | 2019-12-13 | 苏州浪潮智能科技有限公司 | Method for realizing cross-network-segment data forwarding of neutron network and flow controllable method |
| WO2021139269A1 (en) * | 2020-08-06 | 2021-07-15 | 平安科技(深圳)有限公司 | Distributed routing method and apparatus based on open vswitch kernel state flow tables in overlay network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105591863B (en) | 2019-11-26 |
| WO2016062140A1 (en) | 2016-04-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105591863A (en) | Method and device for realizing interworking between virtual private cloud network and external network | |
| EP2995067B1 (en) | A direct connect virtual private interface for a one to many connection with multiple virtual private clouds | |
| US10187302B2 (en) | Source address translation in overlay networks | |
| CN107959654B (en) | Data transmission method and device and mixed cloud system | |
| US9584546B2 (en) | Providing services to virtual overlay network traffic | |
| KR102054338B1 (en) | Routing vlan tagged packets to far end addresses of virtual forwarding instances using separate administrations | |
| CN103580980B (en) | The method and device thereof that virtual network finds and automatically configures automatically | |
| US10606454B2 (en) | Stage upgrade of image versions on devices in a cluster | |
| Lasserre et al. | Framework for data center (DC) network virtualization | |
| EP3975487A1 (en) | Scalable handling of bgp route information in vxlan with evpn control plane | |
| US10374884B2 (en) | Automatically, dynamically generating augmentation extensions for network feature authorization | |
| US9559896B2 (en) | Network-assisted configuration and programming of gateways in a network environment | |
| US10454880B2 (en) | IP packet processing method and apparatus, and network system | |
| WO2016173271A1 (en) | Message processing method, device and system | |
| US20180013798A1 (en) | Automatic link security | |
| EP2760174A1 (en) | Virtual private cloud access authentication method and related apparatus | |
| CN107046506B (en) | Message processing method, flow classifier and service function example | |
| CN109274570B (en) | VPN construction method and device and computer readable storage medium | |
| CN103227757A (en) | Message forwarding method and equipment | |
| CN106712988A (en) | Virtual network management method and device | |
| JP2022541381A (en) | COMMUNICATION METHOD, GATEWAY, AND MANAGEMENT METHOD AND APPARATUS IN HYBRID CLOUD ENVIRONMENT | |
| JP2013162418A (en) | Cloud system, gateway device, communication control method, and communication control program | |
| KR20180104377A (en) | Method for inter-cloud virtual networking over packet optical transport network | |
| CN105933235B (en) | Data communications method and device | |
| Kanada et al. | Network-virtualization nodes that support mutually independent development and evolution of node components |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |