CN105721630A - Method for virtual machines to share IP (Internet Protocol) of host machine to provide outer net services - Google Patents
Method for virtual machines to share IP (Internet Protocol) of host machine to provide outer net services Download PDFInfo
- Publication number
- CN105721630A CN105721630A CN201610173257.6A CN201610173257A CN105721630A CN 105721630 A CN105721630 A CN 105721630A CN 201610173257 A CN201610173257 A CN 201610173257A CN 105721630 A CN105721630 A CN 105721630A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- bridge
- host
- intranet
- outer net
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
Abstract
The invention relates to the technical field of cloud computation, and particularly relates to a method for virtual machines to share an IP (Internet Protocol) of a host machine to provide outer net services. The method disclosed by the invention comprises the steps of: creating a network bridge in the host machine; connecting a network card of the host machine, which is connected with an outer net, to the created network bridge; setting an IP for the created network bridge; creating the virtual machines in the host machine and connecting the virtual machines to the created network bridge; setting intranet IPs for virtual network cards of the virtual machines and adding routes; and finally, setting NAT (Network Address Translation) mapping in the host machine. The invention provides a method capable of enabling a plurality of virtual machines and the host machine thereof to share one outer net IP to provide services outwards; particularly, when the outer net is an Internet public network, the method can improve the utilization rate of an IP of the public network, and relieve the pressure of the insufficient IPs of the public network to a certain degree; and the method can be used in the outer net services of the virtual machines.
Description
Technical field
The present invention relates to field of cloud computer technology, particularly a kind of virtual machine shares the host IP method providing outer net service.
Background technology
IPv4 and cloud computing
To exhaust according to Britain's BBC, IPv4 public network address.Once having a detailed numeral out, up to now IPv4 free time address only remaining 300,000,000, by existing speed, to JIUYUE in 2011 9 days, they will all run out.Come in and along with the rise of cloud computing, in order to resource makes full use of, generally the virtual out multiple virtual machines of physical node will be used, so, if it is obviously unwise all to distribute a public network IP to every virtual machine.
NAT maps
NAT (NetworkAddressTranslation, network address translation) proposes for 1994.When being already assigned to local ip address (specific address namely only used in this private network) at some main frames within private network, but when wanting again now with main-machine communication (being not required to encryption) on the Internet, NAT method can be used.
Current cloud platform realizes NAT and maps and be typically all employing SNAT and Floating IP address two kinds of methods of binding, and SNAT achieves virtual machine and accesses outer net, but outer net computer cannot actively connecting virtual machine, namely virtual machine cannot externally provide service;Floating IP address then achieves the two-way access of virtual machine and outer net computer, but must use a floating outer net IP by a virtual machine, and this is obviously also unable to reach alleviates the pressure that public network IP is not enough.
Summary of the invention
Present invention solves the technical problem that and be in that to provide a kind of virtual machine to share the host IP method providing outer net service, the present invention can solve the problem that present stage IPv4 public network address is not enough, virtual machine in cloud platform can not have public network IP simultaneously and connect outer net the problem externally providing service.
This invention address that the technical scheme of above-mentioned technical problem is:
Comprise the steps:
Step 1: create bridge in host;
Step 2: the network interface card that host connects outer net accesses the bridge created;
Step 3: the bridge for creating arranges IP;
Step 4: create virtual machine in host and access the bridge of described establishment;
Step 5: the Microsoft Loopback Adapter for virtual machine arranges Intranet IP and increases route;
Step 6: NAT is finally set in host and maps.
Described bridge can be linuxbridge bridge, it is also possible to be OVS bridge, and namely linuxbridge bridge utilizes the linux instrument brctl bridge created;Namely OVS bridge utilizes the openvswitch virtual switch that ovs-vsctl instrument creates;
The environment network at described outer net and host node place;
Described Intranet is the privately owned network segment creating virtual machine and using for it arranges IP.
Described is, and the bridge created arranges IP farther includes:
Outer net IP is set for bridge, i.e. the IP of network residing for host node;
Intranet IP is set for bridge, namely will be set to the default gateway inside virtual machine after the IP of private network described in virtual machine, this Intranet IP in host.
Described host creates virtual machine and accesses the bridge of described establishment and farther include:
Virtual machine configuration network inter-face portion is set, adopts bridge joint mode, and the bridge attribute bridge for above-mentioned establishment is set;
Virtual machine is started by configuration file;
Described bridge joint is a kind of internetwork connection mode between virtual machine and host, according to the address of the link layer of OSI network model, the process that network packet is forwarded, is operated in the second layer of OSI.
Default route rule is added in described referring to for virtual machine increase route in virtual machine, and the default gateway of virtual machine is arranged to the Intranet IP that above-mentioned bridge is arranged.
Described host arranges NAT mapping farther include:
Host arranges SNAT for virtual machine Intranet IP;
Host does port mapping for virtual machine Intranet IP.
Described port mapping refers to and realizes the mapping between outer net IP port and virtual machine Intranet IP port by arranging the NAT rule of iptable inside virtual flow-line.
The present invention program has the beneficial effect that:
1, the method for the present invention ensures that same host virtual machine all of the above all shares the outer net IP of the destination node method externally providing service, without additionally reallocation outer net IP, improves the utilization rate of outer net IP;When outer net is the Internet public network, the inventive method alleviates the problem that IPv4 public network IP is not enough to a certain extent.
2, the method for the present invention not only can ensure that virtual machine can externally provide service, accept the access of outer net computer passively;Also can guarantee that virtual machine actively connects outer net simultaneously.
3, the Method And Principle of the present invention is reliable, it is simple to realize, it is possible to be readily integrated in third party cloud platform.
Accompanying drawing explanation
Below in conjunction with accompanying drawing, the present invention is further described:
Fig. 1 is the flow chart of the present invention.
Detailed description of the invention
As it is shown in figure 1, first the present invention is created above bridge at host, we illustrate for linuxbridge bridge here, other as openvswitch bridge realize similar.Perform create bridge as issued orders and activate:
brctladdbrbr-nat
ifconfigbr-natup
Then the network interface card connecting outer net on host is accessed the bridge br-nat being created above.Assume that the Adapter Name of host connection outer net is called eth0, then:
brctladdifbr-nateth0
ifconfigeth0up
Bridge br-nat for creating arranges outer net IP and the Intranet IP of virtual machine place Intranet:
ipaddradd20.251.32.25/24devbr-nat
ipaddradd192.168.0.1/24devbr-nat
As above we are provided with outer net IP for bridge br-nat be 20.251.32.25, Intranet IP is 192.168.0.1.This Intranet IP is the default route gateway creating virtual machine below.
Then in host, create virtual machine and access bridge br-nat.Here mainly needing configuration virtual machine to be connected to host in the way of bridge joint, network portion configuration file is as follows:
Start virtual machine and Intranet IP and default route are set inside virtual machine, assuming that virtual machine is provided with Intranet IP is 192.168.0.6, it is as follows that default route is then set, with linux virtual machine instance (windows virtual machine is arranged in control panel network attribute):
routeadddefaultgw192.168.0.1
Here must assure that the gateway IP of default route is the Intranet IP arranged in bridge br-nat in host.
Finally NAT mapping ruler is set inside host, mainly includes the SNAT and outer net IP of virtual machine Intranet IP and host outer net IP and the port mapping rule of Intranet IP.It is as follows that rule is set:
Following rule is set:
iptables-APOSTROUTING-s192.168.0.1/24-jSNAT--to-source20.251.32.25
Iptables-tnat-IPREROUTING-d20.251.32.25-ptcp-mtcp--dport 8899-jDNAT--to-destination192.168.0.6:80
iptables-tnat-IPOSTROUTING-s192.168.0.0/255.255.255.0-d192.168.0.6-ptcp-mtcp--dport80-jSNAT--to-source192.168.0.1
iptables-IINPUT-d192.168.0.3-ptcp-mtcp--dport80-ibr-nat-jACCEPT
Map us through NAT above to achieve and all unify to be sent by host outer net IP20.251.32.25 from the packet virtual machine place Intranet and 192.168.0.0/24;The access host IP20.251.32.25 next from outer net computer and packet then unified 80 ports being forwarded to virtual machine 192.168.0.6 that port numbers is 8899, namely virtual machine externally provides WEB service.
Outer net service of the present invention refers to the various service based on software program, for instance web services, mail service, SSH remote login service etc..
Claims (10)
1. a virtual machine shares the host IP method providing outer net service, it is characterised in that comprise the steps:
Step 1: create bridge in host;
Step 2: the network interface card that host connects outer net accesses the bridge created;
Step 3: the bridge for creating arranges IP;
Step 4: create virtual machine in host and access the bridge of described establishment;
Step 5: the Microsoft Loopback Adapter for virtual machine arranges Intranet IP and increases route;
Step 6: NAT is finally set in host and maps.
2. method according to claim 1, it is characterised in that described bridge can be linuxbridge bridge, it is also possible to be OVS bridge, namely linuxbridge bridge utilizes the linux instrument brctl bridge created;Namely OVS bridge utilizes the openvswitch virtual switch that ovs-vsctl instrument creates;
The environment network at described outer net and host node place;
Described Intranet is the privately owned network segment creating virtual machine and using for it arranges IP.
3. method according to claim 1, it is characterised in that described is, and the bridge created arranges IP farther includes:
Outer net IP is set for bridge, i.e. the IP of network residing for host node;
Intranet IP is set for bridge, namely will be set to the default gateway inside virtual machine after the IP of private network described in virtual machine, this Intranet IP in host.
4. method according to claim 2, it is characterised in that described is, and the bridge created arranges IP farther includes:
Outer net IP is set for bridge, i.e. the IP of network residing for host node;
Intranet IP is set for bridge, namely will be set to the default gateway inside virtual machine after the IP of private network described in virtual machine, this Intranet IP in host.
5. the method according to any one of Claims 1-4, it is characterised in that create virtual machine in described host and access the bridge of described establishment and farther include:
Virtual machine configuration network inter-face portion is set, adopts bridge joint mode, and the bridge attribute bridge for above-mentioned establishment is set;
Virtual machine is started by configuration file;
Described bridge joint is a kind of internetwork connection mode between virtual machine and host, according to the address of the link layer of OSI network model, the process that network packet is forwarded, is operated in the second layer of OSI.
6. the method according to any one of Claims 1-4, it is characterised in that: default route rule is added in described referring to for virtual machine increase route in virtual machine, and the default gateway of virtual machine is arranged to the Intranet IP that above-mentioned bridge is arranged.
7. method according to claim 5, it is characterised in that default route rule is added in described referring to for virtual machine increase route in virtual machine, and the default gateway of virtual machine is arranged to the Intranet IP that above-mentioned bridge is arranged.
8. the method according to any one of Claims 1-4, it is characterised in that NAT mapping is set in described host and farther includes:
Host arranges SNAT for virtual machine Intranet IP;
Host does port mapping for virtual machine Intranet IP.
Described port mapping refers to and realizes the mapping between outer net IP port and virtual machine Intranet IP port by arranging the NAT rule of iptable inside virtual flow-line.
9. method according to claim 5, it is characterised in that NAT mapping is set in described host and farther includes:
Host arranges SNAT for virtual machine Intranet IP;
Host does port mapping for virtual machine Intranet IP.
Described port mapping refers to and realizes the mapping between outer net IP port and virtual machine Intranet IP port by arranging the NAT rule of iptable inside virtual flow-line.
10. method according to claim 6, it is characterised in that NAT mapping is set in described host and farther includes:
Host arranges SNAT for virtual machine Intranet IP;
Host does port mapping for virtual machine Intranet IP.
Described port mapping refers to and realizes the mapping between outer net IP port and virtual machine Intranet IP port by arranging the NAT rule of iptable inside virtual flow-line.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610173257.6A CN105721630A (en) | 2016-03-24 | 2016-03-24 | Method for virtual machines to share IP (Internet Protocol) of host machine to provide outer net services |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610173257.6A CN105721630A (en) | 2016-03-24 | 2016-03-24 | Method for virtual machines to share IP (Internet Protocol) of host machine to provide outer net services |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105721630A true CN105721630A (en) | 2016-06-29 |
Family
ID=56158965
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610173257.6A Pending CN105721630A (en) | 2016-03-24 | 2016-03-24 | Method for virtual machines to share IP (Internet Protocol) of host machine to provide outer net services |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105721630A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106878482A (en) * | 2017-01-03 | 2017-06-20 | 新华三技术有限公司 | Method for network address translation and device |
| CN107301083A (en) * | 2017-06-16 | 2017-10-27 | 郑州云海信息技术有限公司 | One kind creates OpenStack virtual machines method and OpenStack dummy machine systems |
| WO2018014434A1 (en) * | 2016-07-21 | 2018-01-25 | 网宿科技股份有限公司 | Network system, proxy server, and data processing method and system used by same |
| CN107948061A (en) * | 2017-11-23 | 2018-04-20 | 成都智蜂网科技有限责任公司 | Hot standby the double route system and its control method that can be shunted based on bridge joint |
| CN107968849A (en) * | 2017-11-28 | 2018-04-27 | 新浪网技术(中国)有限公司 | The method and device that a kind of network special line is plugged into |
| CN108089910A (en) * | 2016-11-23 | 2018-05-29 | 北京国双科技有限公司 | The method and apparatus for configuring virtual machine IP address |
| CN108259629A (en) * | 2016-12-28 | 2018-07-06 | 阿里巴巴集团控股有限公司 | The switching method and device of virtual IP address |
| CN108449272A (en) * | 2017-09-19 | 2018-08-24 | 大唐网络有限公司 | A kind of implementation method that port forwarding service is provided based on OpenStack frameworks |
| CN108924268A (en) * | 2018-09-11 | 2018-11-30 | 网宿科技股份有限公司 | A kind of container cloud service system and pod creation method, device |
| CN111835876A (en) * | 2019-04-22 | 2020-10-27 | 杭州海康威视系统技术有限公司 | Network address configuration method, device, server cluster and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040133690A1 (en) * | 2002-10-25 | 2004-07-08 | International Business Machines Corporaton | Technique for addressing a cluster of network servers |
| CN104125243A (en) * | 2013-04-23 | 2014-10-29 | 浙江大学 | Method of penetrating internal network to remotely connect large-scale virtual machines |
| CN104407913A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | Method for implementing two-wire access through virtual machine with single network card |
| CN104468746A (en) * | 2014-11-23 | 2015-03-25 | 国云科技股份有限公司 | Method for realizing distributed virtual networks applicable to cloud platform |
-
2016
- 2016-03-24 CN CN201610173257.6A patent/CN105721630A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040133690A1 (en) * | 2002-10-25 | 2004-07-08 | International Business Machines Corporaton | Technique for addressing a cluster of network servers |
| CN104125243A (en) * | 2013-04-23 | 2014-10-29 | 浙江大学 | Method of penetrating internal network to remotely connect large-scale virtual machines |
| CN104407913A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | Method for implementing two-wire access through virtual machine with single network card |
| CN104468746A (en) * | 2014-11-23 | 2015-03-25 | 国云科技股份有限公司 | Method for realizing distributed virtual networks applicable to cloud platform |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018014434A1 (en) * | 2016-07-21 | 2018-01-25 | 网宿科技股份有限公司 | Network system, proxy server, and data processing method and system used by same |
| CN108089910A (en) * | 2016-11-23 | 2018-05-29 | 北京国双科技有限公司 | The method and apparatus for configuring virtual machine IP address |
| CN108259629A (en) * | 2016-12-28 | 2018-07-06 | 阿里巴巴集团控股有限公司 | The switching method and device of virtual IP address |
| CN106878482B (en) * | 2017-01-03 | 2020-01-03 | 新华三技术有限公司 | Network address translation method and device |
| CN106878482A (en) * | 2017-01-03 | 2017-06-20 | 新华三技术有限公司 | Method for network address translation and device |
| CN107301083A (en) * | 2017-06-16 | 2017-10-27 | 郑州云海信息技术有限公司 | One kind creates OpenStack virtual machines method and OpenStack dummy machine systems |
| CN108449272A (en) * | 2017-09-19 | 2018-08-24 | 大唐网络有限公司 | A kind of implementation method that port forwarding service is provided based on OpenStack frameworks |
| CN107948061A (en) * | 2017-11-23 | 2018-04-20 | 成都智蜂网科技有限责任公司 | Hot standby the double route system and its control method that can be shunted based on bridge joint |
| CN107968849A (en) * | 2017-11-28 | 2018-04-27 | 新浪网技术(中国)有限公司 | The method and device that a kind of network special line is plugged into |
| CN107968849B (en) * | 2017-11-28 | 2020-12-25 | 新浪网技术(中国)有限公司 | Method and device for network private line connection |
| CN108924268A (en) * | 2018-09-11 | 2018-11-30 | 网宿科技股份有限公司 | A kind of container cloud service system and pod creation method, device |
| CN108924268B (en) * | 2018-09-11 | 2021-05-25 | 网宿科技股份有限公司 | Container cloud service system and pod creation method and device |
| CN111835876A (en) * | 2019-04-22 | 2020-10-27 | 杭州海康威视系统技术有限公司 | Network address configuration method, device, server cluster and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105721630A (en) | Method for virtual machines to share IP (Internet Protocol) of host machine to provide outer net services | |
| US10432475B2 (en) | Mapping relationships among virtual elements across a system | |
| US11848800B2 (en) | Connecting virtual computer networks with overlapping IP addresses using transit virtual computer network | |
| CN105515978B (en) | Realize the method and device of distributed routing, physical host access | |
| US8670450B2 (en) | Efficient software-based private VLAN solution for distributed virtual switches | |
| CN104486192B (en) | A kind of virtual network partition method | |
| CN105635332A (en) | Method for multiple virtual machines to share IP of single external network | |
| CN116210204A (en) | System and method for VLAN switching and routing services | |
| CN104468746A (en) | Method for realizing distributed virtual networks applicable to cloud platform | |
| CN116803053A (en) | Mechanism for providing customer VCN network encryption using customer managed keys in a network virtualization device | |
| CN104506403B (en) | A kind of virtual network management method for supporting multi-stage isolation | |
| CN107276826A (en) | A kind of capacitor network collocation method and device | |
| US11695692B2 (en) | Transparent high availability for customer virtual machines achieved using a hypervisor-based side channel bonding and monitoring | |
| CN111083148A (en) | Method for realizing VPN gateway based on cloud computing field | |
| US20240039847A1 (en) | Highly-available host networking with active-active or active-backup traffic load-balancing | |
| CN107171857A (en) | A kind of network virtualization method and apparatus based on user's group | |
| WO2023150143A1 (en) | Multi-cloud control plane architecture | |
| US20230031462A1 (en) | Selective handling of traffic received from on-premises data centers | |
| CN105446797A (en) | Virtual machine access service method | |
| US11876710B2 (en) | Dynamic IP routing in a cloud environment | |
| US20240097973A1 (en) | Secure bi-directional network connectivity system between private networks | |
| CN106059803A (en) | Method for realizing southbound and northbound communication of virtual machines on computing nodes | |
| US11736558B2 (en) | Transparent mounting of external endpoints between private networks | |
| US11929976B2 (en) | Virtual network routing gateway that supports address translation for dataplane as well as dynamic routing protocols (control plane) | |
| WO2023249822A1 (en) | Geometric based flow programming |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160629 |