CN106656717A - Network domain division method - Google Patents

Network domain division method Download PDF

Info

Publication number
CN106656717A
CN106656717A CN201510714310.4A CN201510714310A CN106656717A CN 106656717 A CN106656717 A CN 106656717A CN 201510714310 A CN201510714310 A CN 201510714310A CN 106656717 A CN106656717 A CN 106656717A
Authority
CN
China
Prior art keywords
network
virtual
interface
domains
virtual network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510714310.4A
Other languages
Chinese (zh)
Other versions
CN106656717B (en
Inventor
周清志
王璟珣
贝少峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Huayao Technology Co., Ltd
Original Assignee
ARRAY NETWORKS (BEIJING) Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ARRAY NETWORKS (BEIJING) Inc filed Critical ARRAY NETWORKS (BEIJING) Inc
Priority to CN201510714310.4A priority Critical patent/CN106656717B/en
Publication of CN106656717A publication Critical patent/CN106656717A/en
Application granted granted Critical
Publication of CN106656717B publication Critical patent/CN106656717B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention provides a network domain division method. Firstly n virtual network domains are obtained through division according to the tenant number requirement, and n virtual protocol stacks are also established and a tenant ID is correspondingly allocated for each virtual network domain; and then m physical interfaces are selected according to the number of the virtual network domains, virtual interfaces which can be generated by the m physical interfaces are correspondingly distributed to n virtual network interfaces through division and then the n virtual network interfaces are added to the virtual network domains. When the physical interfaces cannot meet the requirements of the tenants, the network domains can be divided in a more flexible mode without being limited by the fact of whether the switch supports VLAN; meanwhile, each tenant network domain uses its independent virtual protocol stack so that network communication of other domains is not influenced when the network of one domain has problems.

Description

A kind of method for dividing network domains
Technical field
The present invention relates to control field is paid in network application, more particularly to one kind is not only restricted to VLAN (Virtual Local Area Network VLANs) the method that network domains are divided under cloud environment, belong to many rents Family network technology.
Background technology
As cloud plan and virtualized trend grow in intensity, the concept of tenant is more and more important, in cloud environment In divide suitable Internet resources for each tenant, and it is network that can not interact between different tenants The function of one indispensability of equipment.All it is by VLAN (Virtual in the current load balancing network equipment Local Area Network, VLAN) dividing network, one VLAN of each user, using VLAN To isolate tenant, VLAN is also a kind of network technology of comparative maturity, and each VLAN has the ID of oneself, Different VLAN represent different tenants, do not interact.But VLAN is used and also have some problems, 1) need The support of physical switches chunk mouth is wanted, it is more complicated during actual deployment, it is necessary to need the friendship for supporting VLAN Change planes, only more than three layers switches just have this function.2) by its agreement (IEEE802.1Q) VALN mark Know symbol only 12, vlan id numbers are 4094, that is, most 4094 subnet tenants, uncomfortable For public cloud, although finally can be using VxLAN (virtual Extensible LAN, virtual expansible office Domain net) solving the problems, such as quantity, but VxLAN encapsulates two layers of link data bag using IP loads, brings The problem of efficiency.3) VLAN can not accomplish the separation of protocol stack, although that is, divided multiple VLAN, But public or a set of protocol stack instance, if protocol stack data is out of joint, whole network environment Will occur abnormal.
The content of the invention
To overcome problem present in prior art, the present invention provide it is a kind of be not only restricted to VLAN in cloud environment The lower method for dividing network domains so that the network domains after division have independent protocol stack instance, do not interfere with each other.
A kind of method for dividing network domains of the present invention, carries out first system configuration:At least include upper layer application journey Sequence module, management of network domains module, network interface etc., described network interface includes physical network card, network Management interface, described physical network card can be many physical interfaces, and each physical interface can at most arrange 4096 Individual virtual network interface, when the physical interface can not meet user's needs, the inventive method is by following step Rapid composition:
Step 1, needs to divide n virtual network domain according to user's number, while n virtual protocol stack is set up, Different network domains use oneself independent virtual protocol stack, and correspond to each virtual network domain distribution one ID;
Step 2, according to virtual network domain number m physical interface is chosen, and above-mentioned m physical interface can be produced Raw virtual interface correspondence is divided on n virtual network interface, is then added n virtual network interface To in virtual network domain, wherein n and m is positive integer, and n is more than or equal to m.
The present invention can be with when system physical interface can not meet tenant's needs, on the basis of original hardware device More flexible model split network domains, are not only restricted to whether switch supports VLAN;Simultaneously different network domains Using oneself independent virtual protocol stack, there is problem in the network in a domain, do not interfere with the network in other domains Communication.
Description of the drawings
Fig. 1 is present system structure and method schematic diagram.
Specific embodiment
In the following description, in order that reader more fully understands the application and to propose many technologies thin Section.But, even if it will be understood by those skilled in the art that without these ins and outs and being based on The many variations of following embodiment and modification, are also each claim of the application skill required for protection Art scheme.
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to this Bright embodiment is described in further detail.
As shown in figure 1, present system is configured to:At least include upper level applications module 5, network domains pipe Reason module 2, network interface 1 etc., network interface include physical network card, network management interface, Physical Network Card can be many physical interfaces, and each physical interface can at most arrange 4096 virtual network interfaces, work as thing When reason interface can not meet user's needs, the inventive method is comprised the steps of:
Step 1, needs to divide n virtual network domain 3, while correspondence establishment n virtual according to user's number Protocol stack 4, and correspond to each one ID of virtual network domain distribution;
Step 2, according to virtual network domain number m physical interface is chosen, and m physical interface need to be adopted Virtual interface correspondence is divided on n virtual network interface, then n virtual network interface is added into void In intending network domains.
In a preference of the application, user is tenant.In other examples, user can also be it Its type, might not be the relation rented between service provider.For example, it may be major company Private clound, each team for the said firm subordinate provides service.
User includes first kind user and Equations of The Second Kind user, and the wherein bandwidth demand of first kind user is less than second Class user;
In a preference of the application, the switch for not supporting VLAN is used.Certainly, Less can be problematic if switch supports VLAN.The virtual protocol stack is ICP/IP protocol Stack.
In the step of m physical interface of selection according to virtual network domain number, multiple first kind users close Same physical interface, each Equations of The Second Kind user takes alone a physical interface.
Now give an actual example explanation, and for a public cloud provider first load balancing service is provided, and the cloud service is provided Business's first has 5000 little tenants, and 3 big tenants, wherein, 5000 little tenants without bandwidth requirement, but Restriction more than VLAN 4096, the big tenant of the other three, each tenant requires bandwidth 10G.Can be so Realize the support to this 5003 tenants.
It is assumed that the network equipment for using has 4 physical network cards, every physical network card has 4 interfaces, and each connects Mouth is handled up and can arrive 10G, it is believed that have 16 to handle up for 10G physical traffic interface, in addition the network set Standby also 2 management interfaces.Here only need to use physical traffic interface.
Step one:5003 domains are first divided, while 5003 protocol stacks of correspondence establishment, and correspond to each Network domains distribute a tenant ID;
Each domain is each tenant's service
domain domain1
domain domain2
domain domain3
...
domain domain5003
Domain1, domain2 ... domain5003 is the name of network domains.
Step 2:Distinct interface is divided in different network domains, for 5000 little tenants therein, by There can only be 4096 tenants in the maximum VLAN that limits of a physical interface, so we can use 2 things Reason interface, each physical interface divides 2500 VLAN virtual interfaces, 5000 network domains can be then divided altogether .Other 3 big tenants, because each tenant requires bandwidth 10G, then need each tenant to use a physics Interface.It is assumed herein that physical interface is respectively port1, port2 ... port16.
So first dividing 5000 VLAN virtual interfaces based on 2 physical interfaces.
vlan port1 vlan1
vlan port1 vlan2
...
vlan port1 vlan2500
vlan port2 vlan2501
vlan port2 vlan2502
...
vlan port2 vlan5000
So far, 5000 VLAN virtual interfaces are divided, then correspond to and the virtual interface and physics are connect Mouth is added in network domains:
domain domain1 vlan1
domain domain2 vlan2
...
domain domain5000 vlan5000
domain domain5001 port3
domain domain5002 port4
domain domain5003 port5
So far to 5000 domains of little tenant, and 3 domains of big tenant are assigned with affiliated interface, the present invention The correlation step for dividing network domains is over.
Continue with illustrate a user packet flow process, such as tenant 1 in the network domains of oneself, A HTTP service is for example created on domain1, then for the stream that the HTTP request of client is processed Journey is as follows:
Step 1, client sends the request of HTTP Ethernet datas bag to port1;
Step 2, port1 physical interfaces have received above-mentioned Ethernet data bag;
Step 3, port1 is given to virtual interface 1 above-mentioned Ethernet data bag, virtual interface 1 it is described with Too network data bag is given to the virtual protocol stack 1 of domain1 and is processed, and the HTTP of upper level applications is given afterwards Service;
Step 4, HTTP service processes this HTTP request, and after construction response virtual protocol stack 1 is given, empty Intend the encapsulation HTTP request of agreement 1, the letter such as the route of client, MAC Address is found in virtual protocol stack 1 Breath, sends the responses to client;
Step 5, client receives this request, closing the transaction.
It should be noted that each unit mentioned in each equipment embodiment of the invention is all logical block, Physically, a logical block can be the one of a physical location, or a physical location Part, can be with the combination of multiple physical locations realization, these logical block physics realization sides of itself Formula is not most important, and the combination of the function that these logical blocks are realized is only the solution present invention and is carried The key of the technical problem for going out.Additionally, the innovative part in order to project the present invention, the present invention is without introducing Above-mentioned each equipment embodiment and the list less close with technical problem relation proposed by the invention is solved Unit, but this be not intended that do not exist the said equipment embodiment and other about implementation unit.
Although by referring to some of the preferred embodiment of the invention, the present invention is shown and Description, but it will be understood by those skilled in the art that it can be made respectively in the form and details Plant and change, without departing from the spirit and scope of the present invention.

Claims (4)

1. it is a kind of divide network domains method, it is characterised in that at least including carry out upper level applications module, Management of network domains module, the system configuration of network interface, described method is made up of following steps:
Needed to divide n virtual network domain according to user's number, while n virtual protocol stack of correspondence establishment, Different network domains use oneself independent virtual protocol stack, and correspond to each virtual network domain distribution one ID;
M physical interface, the void that the m physical interface need to be adopted are chosen according to virtual network domain number Intend interface correspondence to be divided on n virtual network interface, be then added to the n virtual network interface In the virtual network domain, wherein n and m is positive integer, and n is more than or equal to m.
2. the method for dividing network domains as claimed in claim 1, it is characterised in that user includes the first kind User and Equations of The Second Kind user, the wherein bandwidth demand of first kind user are less than Equations of The Second Kind user;
In the step of m physical interface of selection according to virtual network domain number, multiple first kind users close Same physical interface, each Equations of The Second Kind user takes alone a physical interface.
3. the method for dividing network domains as claimed in claim 1, it is characterised in that the virtual protocol stack It is ICP/IP protocol stack.
4. the method for dividing network domains as claimed in claim 1, it is characterised in that the method is used to not prop up Hold the switch of VLAN.
CN201510714310.4A 2015-10-28 2015-10-28 A method of dividing network domains Active CN106656717B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510714310.4A CN106656717B (en) 2015-10-28 2015-10-28 A method of dividing network domains

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510714310.4A CN106656717B (en) 2015-10-28 2015-10-28 A method of dividing network domains

Publications (2)

Publication Number Publication Date
CN106656717A true CN106656717A (en) 2017-05-10
CN106656717B CN106656717B (en) 2019-06-28

Family

ID=58829399

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510714310.4A Active CN106656717B (en) 2015-10-28 2015-10-28 A method of dividing network domains

Country Status (1)

Country Link
CN (1) CN106656717B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109547239A (en) * 2018-11-14 2019-03-29 赵显涛 Strange land cloud data center management system based on three-layer network framework
CN110191043A (en) * 2019-05-23 2019-08-30 北京永信至诚科技股份有限公司 The VLAN division method and system in City-level network target range
CN111294221A (en) * 2018-12-07 2020-06-16 网宿科技股份有限公司 Network isolation configuration method and device based on haproxy

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1747443A (en) * 2004-09-10 2006-03-15 华为技术有限公司 Improvement of user access capacity of wide band access apparatus
CN1878115A (en) * 2005-06-07 2006-12-13 中兴通讯股份有限公司 VPN realizing method
CN101009683A (en) * 2006-01-13 2007-08-01 飞塔信息科技(北京)有限公司 Computer system and method for processing network flow
CN102255903A (en) * 2011-07-07 2011-11-23 广州杰赛科技股份有限公司 Safety isolation method for virtual network and physical network of cloud computing
CN102857416A (en) * 2012-09-18 2013-01-02 中兴通讯股份有限公司 Method for implementing virtual network and virtual network
CN104348696A (en) * 2014-11-17 2015-02-11 京信通信系统(中国)有限公司 Method and equipment for dividing multiple VLANs (Virtual Local Area Network)
US20150172181A1 (en) * 2012-05-30 2015-06-18 Yokogawa Electric Corporation Communication device
US20150188773A1 (en) * 2013-12-30 2015-07-02 International Business Machines Corporation Overlay network movement operations

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1747443A (en) * 2004-09-10 2006-03-15 华为技术有限公司 Improvement of user access capacity of wide band access apparatus
CN1878115A (en) * 2005-06-07 2006-12-13 中兴通讯股份有限公司 VPN realizing method
CN101009683A (en) * 2006-01-13 2007-08-01 飞塔信息科技(北京)有限公司 Computer system and method for processing network flow
CN102255903A (en) * 2011-07-07 2011-11-23 广州杰赛科技股份有限公司 Safety isolation method for virtual network and physical network of cloud computing
US20150172181A1 (en) * 2012-05-30 2015-06-18 Yokogawa Electric Corporation Communication device
CN102857416A (en) * 2012-09-18 2013-01-02 中兴通讯股份有限公司 Method for implementing virtual network and virtual network
US20150188773A1 (en) * 2013-12-30 2015-07-02 International Business Machines Corporation Overlay network movement operations
CN104348696A (en) * 2014-11-17 2015-02-11 京信通信系统(中国)有限公司 Method and equipment for dividing multiple VLANs (Virtual Local Area Network)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109547239A (en) * 2018-11-14 2019-03-29 赵显涛 Strange land cloud data center management system based on three-layer network framework
CN111294221A (en) * 2018-12-07 2020-06-16 网宿科技股份有限公司 Network isolation configuration method and device based on haproxy
CN111294221B (en) * 2018-12-07 2023-03-03 网宿科技股份有限公司 Network isolation configuration method and device based on haproxy
CN110191043A (en) * 2019-05-23 2019-08-30 北京永信至诚科技股份有限公司 The VLAN division method and system in City-level network target range

Also Published As

Publication number Publication date
CN106656717B (en) 2019-06-28

Similar Documents

Publication Publication Date Title
JP7483074B2 (en) Method and apparatus for implementing and managing a virtual switch - Patents.com
EP2995067B1 (en) A direct connect virtual private interface for a one to many connection with multiple virtual private clouds
CN104601428A (en) Communication method of virtual machines
CN106656717A (en) Network domain division method
Ranjbar et al. Domain isolation in a multi-tenant software-defined network
JP6317042B2 (en) Data center linkage system and method
AU2017202823B2 (en) Method and apparatus for implementing and managing virtual switches
US9521065B1 (en) Enhanced VLAN naming
Lax Network development: Transition from Private IP (MPLS) towards Internet based solutions

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100125 Beijing city Chaoyang District Liangmaqiao Road No. 40 building 10 room 1001, twenty-first Century

Patentee after: Beijing Huayao Technology Co., Ltd

Address before: 100125 Beijing city Chaoyang District Liangmaqiao Road No. 40 building 10 room 1001, twenty-first Century

Patentee before: Huayao (China) Technology Co., Ltd.