CN106789176A - A kind of method that cloud platform virtual network maps network of computer room - Google Patents

A kind of method that cloud platform virtual network maps network of computer room Download PDF

Info

Publication number
CN106789176A
CN106789176A CN201611083978.4A CN201611083978A CN106789176A CN 106789176 A CN106789176 A CN 106789176A CN 201611083978 A CN201611083978 A CN 201611083978A CN 106789176 A CN106789176 A CN 106789176A
Authority
CN
China
Prior art keywords
network
cloud platform
virtual
virtual network
computer room
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201611083978.4A
Other languages
Chinese (zh)
Inventor
熊梦
杨松
季统凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
G Cloud Technology Co Ltd
Original Assignee
G Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by G Cloud Technology Co Ltd filed Critical G Cloud Technology Co Ltd
Priority to CN201611083978.4A priority Critical patent/CN106789176A/en
Publication of CN106789176A publication Critical patent/CN106789176A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to field of cloud computer technology, the method that particularly a kind of cloud platform virtual network maps network of computer room.Network of computer room is carried out separate design by the method for the present invention by internal institution organizational structure, afterwards in cloud platform rear end virtual networks, in the virtual networks logic displaying of cloud platform front end, the virtual network of each interior tissue of unit is flexibly controlled finally by cloud platform front end.The present invention brings computer room physical network into cloud platform and is managed, mapping relations are set up by with virtual network, can realize that internal institution respectively organizes the flexible management and control network configuration of oneself, while also disclosure satisfy that network service of the cloud platform unification to each tissue carries out effective monitoring.

Description

A kind of method that cloud platform virtual network maps network of computer room
Technical field
The present invention relates to field of cloud computer technology, the method that particularly a kind of cloud platform virtual network maps network of computer room.
Background technology
With the popularization of cloud computing technology, increasing enterprises and institutions start to build the privately owned cloud platform of oneself.It is single Position is required for planning as a whole the Internet Use of our unit's each tissue of inside, so as to energy during the cloud platform for building oneself It is enough that the computer room physical network of internal institution is mapped to cloud platform, and be required to flexibly control each internal group by cloud platform The virtual network knitted.Current one when oneself privately owned cloud platform is built, typically all directly by all departments of unit Virtual network be divided in a big distance piece the inside, could not accomplish virtual network fine granularity between internal institution tissue every From differentiation, so caused consequence is:
(1) cloud platform virtual network managerial confusion, internal institution is not carried out rationally when being respectively organized in establishment virtual network Distance piece separate;
(2) cloud platform can not effectively realize that each virtual network communication organized is monitored to internal institution, so Specific interior tissue cannot be quickly navigated to when Traffic Anomaly occurs in cloud platform.
The content of the invention
Present invention solves the technical problem that be to propose that a kind of cloud platform virtual network maps the implementation method of network of computer room, Can guarantor unit respectively tissue by cloud platform can flexibly control have by oneself virtual network, can also realize that cloud platform is fine-grained to each Tissue is effectively isolated to be monitored with traffic communication, while ensureing the rapid physical positioning of abnormal flow.
The present invention solve above-mentioned technical problem technical scheme be:
Described method includes:
Network of computer room is carried out into separate design by internal institution organizational structure;
In cloud platform rear end virtual networks, front end virtual networks logic displaying;
The virtual network of constituent parts is flexibly controlled finally by cloud platform front end.
It is described network of computer room is carried out into separate design by unit organization framework to include:
Define the internal institution organizational information that cloud platform provides network service;
Define the network of computer room information that the constituent parts interior tissue is distributed;
The described internal institution organizational information that defines includes the title of interior tissue;
The network of computer room information of described definition internal institution tissue refers to plan the isolation physical network of each tissue, bag Include double layer network, VLAN section, IP sections, hardware firewall rule, routing iinformation, switch A CESS mouthfuls and TRUNK port communications.
Described refers to the thing that each department's network of computer room is configured in cloud platform in cloud platform rear end virtual networks The reason network information;
Described physical network information includes the OVS bridges corresponding to the physical network card of cloud platform node, the sheet of physical network card Ground IP, the virtual network distance piece that internal institution is respectively organized;
Described virtual network distance piece includes VLAN sections and tunnel ID sections;
Described VLAN sections refers to that to be used one group can lead to when cloud platform configuration is using VLAN virtual network patterns Letter VLAN ID;
Described tunnel ID sections refers to, when cloud platform configuration is using GRE or VXLAN virtual network patterns, to be used One group of tunnel that can be communicated ID.
It is described the virtual networks logic displaying of cloud platform front end refer to set up each interior tissue title of unit and its The corresponding relation of correspondence virtual network distance piece is simultaneously shown by front end page.
It is described flexibly to control the virtual network of each interior tissue of unit to include by cloud platform front end:
Create, delete, change and check the virtual network of each interior tissue of unit;
Monitor and alert the network service of each interior tissue of unit.
The present invention program's has the beneficial effect that:
1st, the implementation method that a kind of cloud platform virtual network maps network of computer room is provided, by by cloud platform virtual network Distance piece is mapped with computer room physical network, the fine-grained virtual network for distinguishing each interior tissue of unit, it is to avoid cloud platform The managerial confusion of virtual network.
2nd, realize supervising the network service of each interior tissue of unit by cloud platform invention also provides a kind of Control, and corresponding internal institution tissue can be quickly navigated to when flow is noted abnormalities.
3rd, the differentiation by the way that internal institution tissue to be carried out virtual network distance piece of the invention, it is ensured that user is creating and making The physical network information of oneself is accurately grasped during with virtual network, the user experience of cloud platform is improve.
Brief description of the drawings
The present invention is further described below in conjunction with the accompanying drawings:
Fig. 1 is flow chart of the invention;
Fig. 2 is that network of computer room of the invention configures figure.
Specific embodiment
As shown in Figure 1, 2, below in conjunction with the accompanying drawing in the embodiment of the present invention, to the technical scheme in the embodiment of the present invention Carry out clear, complete description.The present invention is described by taking VLAN isolation methods as an example.
Architecture configuration computer room physical network first as shown in Figure 2, physical network IP sections of each interior tissue of planning unit, VLAN distance pieces, configure the outer net IP communications in hardware firewall (router) and route, in configuration hardware switch accordingly ACCESS mouthfuls and TRUNK mouthfuls.
Cloud platform rear end virtual networks are as follows:
[m12_type_vlan]
###The following configuration parameters should be correct!###
Network_vlan_ranges=physnet2:30:39, physnet2:50:59, physnet2:90:100
Each distance piece of virtual network as defined above is respectively vlan30-vlan39, vlan50-vlan59, vlan90- vlan100.Then each distance piece can be distributed to corresponding internal institution tissue by us, and such as vlan30-vlan39 is distributed to Technical Development Department's door, vlan50-vlan59 distributes to platform product department etc..
Continue the OVS bridge corresponding informances of configuration cloud platform rear end virtual network:
[ovs]
# configures local physical network card IP
Local_ip=192.168.50.30
# configured tunneling techniques network mode is VXLAN
Tunnel_type=vxlan
# configured tunneling techniques network mode can use
Enable_tunneling=True
# configures the OVS bridge mapping relations of virtual network
Bridge_mappings=physnet2:Br-vlan, physnet1:br-flat
The virtual network logic displaying of cloud platform front end is defined, that is, sets up each corresponding virtual net of interior tissue title of unit The corresponding relation of network distance piece is simultaneously shown by front end page.Tables of data gcloud_department_vlans is set up, is preserved such as Lower corresponding relation:
Technical Development Department:vlan30-vlan39
Platform product portion:vlan50-vlan59
......
The virtual network of constituent parts is flexibly controlled finally by cloud platform front end.Here citing platform product portion needs to set up One internal virtual network net1, corresponding IP sections is 11.11.11.1/24.Cloud platform super keepe or platform product portion Keeper logs in cloud platform, selection platform product portion, system queries gcloud_department_vlans when creating virtual network Table extracts the vlans information corresponding to platform product portion, and keeper creates and computer room physical network firstly the need of selection vlan50 The virtual outer net of consistent led to outer net, the cloud main frame that one section of IP of selection is distributed in cloud platform is used, it is assumed that IP sections of distribution It is 192.168.50.100-192.168.50.200.Own vlan (vlan51-vlan59) then can be arbitrarily selected to enter afterwards Rack the establishment of platform virtual network and virtual subnet, such as selection vlan51 creates virtual network net1, then creates corresponding Subnet, sets IP sections during 11.11.11.1/24, and subsequent use, can at any time to change and delete what is created Virtual Intranet.
Continue to set up the virtual Intranet in platform product portion and the NAT of outer net, it is ensured that the Cloud Server on net1 (is configured with The IP of vlan51, the virtual Intranet 11.11.11.1/24 network segments) outer net can be led to, cloud platform then monitors each by monitoring module The network traffic conditions of individual virtual network distance piece (namely each interior tissue of monitoring unit).
The VLAN isolation mappings of the above disclosed privately owned cloud platform only for enterprises and institutions, it is only this hair Bright one of embodiment, other embodiment is similar to.Certainly the interest field of the present invention can not be limited with this embodiment, Therefore the equivalent variations made according to the claims in the present invention, still belong to the scope that the present invention is covered.

Claims (7)

1. a kind of method that cloud platform virtual network maps network of computer room, it is characterised in that described method includes:
Network of computer room is carried out into separate design by internal institution organizational structure;
In cloud platform rear end virtual networks, front end virtual networks logic displaying;
The virtual network of constituent parts is flexibly controlled finally by cloud platform front end.
2. method according to claim 1, it is characterised in that:
It is described network of computer room is carried out into separate design by unit organization framework to include:
Define the internal institution organizational information that cloud platform provides network service;
Define the network of computer room information that the constituent parts interior tissue is distributed;
The described internal institution organizational information that defines includes the title of interior tissue;
The network of computer room information of described definition internal institution tissue refers to plan the isolation physical network of each tissue, including two Layer network, VLAN section, IP sections, hardware firewall rule, routing iinformation, switch A CESS mouthfuls and TRUNK port communications.
3. method according to claim 1, it is characterised in that it is described cloud platform rear end virtual networks refer to The physical network information of each department's network of computer room is configured in cloud platform;
OVS bridges corresponding to physical network card of the described physical network information including cloud platform node, the local IP of physical network card, The virtual network distance piece that internal institution is respectively organized;
Described virtual network distance piece includes VLAN sections and tunnel ID sections;
Described VLAN sections refers to that to be used one group can communicate when cloud platform configuration is using VLAN virtual network patterns VLAN ID;
Described tunnel ID sections refers to be used one when cloud platform configuration is using GRE or VXLAN virtual network patterns The tunnel that group can communicate ID.
4. method according to claim 2, it is characterised in that it is described cloud platform rear end virtual networks refer to The physical network information of each department's network of computer room is configured in cloud platform;
OVS bridges corresponding to physical network card of the described physical network information including cloud platform node, the local IP of physical network card, The virtual network distance piece that internal institution is respectively organized;
Described virtual network distance piece includes VLAN sections and tunnel ID sections;
Described VLAN sections refers to that to be used one group can communicate when cloud platform configuration is using VLAN virtual network patterns VLAN ID;
Described tunnel ID sections refers to be used one when cloud platform configuration is using GRE or VXLAN virtual network patterns The tunnel that group can communicate ID.
5. the method according to claim any one of 1-4, it is characterised in that described defines virtual net in cloud platform front end The displaying of network logic refers to set up the corresponding relation of the unit corresponding virtual network distance piece of each interior tissue title and by preceding End page presentation.
6. the method according to claim any one of 1-4, it is characterised in that described is flexibly controlled by cloud platform front end The virtual network of each interior tissue of unit includes:
Create, delete, change and check the virtual network of each interior tissue of unit;
Monitor and alert the network service of each interior tissue of unit.
7. method according to claim 5, it is characterised in that it is described by cloud platform front end flexibly control unit it is each in The virtual network of portion's tissue includes:
Create, delete, change and check the virtual network of each interior tissue of unit;
Monitor and alert the network service of each interior tissue of unit.
CN201611083978.4A 2016-11-30 2016-11-30 A kind of method that cloud platform virtual network maps network of computer room Withdrawn CN106789176A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611083978.4A CN106789176A (en) 2016-11-30 2016-11-30 A kind of method that cloud platform virtual network maps network of computer room

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611083978.4A CN106789176A (en) 2016-11-30 2016-11-30 A kind of method that cloud platform virtual network maps network of computer room

Publications (1)

Publication Number Publication Date
CN106789176A true CN106789176A (en) 2017-05-31

Family

ID=58913683

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611083978.4A Withdrawn CN106789176A (en) 2016-11-30 2016-11-30 A kind of method that cloud platform virtual network maps network of computer room

Country Status (1)

Country Link
CN (1) CN106789176A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102307246A (en) * 2010-09-25 2012-01-04 广东电子工业研究院有限公司 Protection system and method for secure communication among virtual machines based on cloud computing
CN102790711A (en) * 2012-07-19 2012-11-21 上海安达通信息安全技术股份有限公司 VLAN method for controlling PC inter-access in same broadcast domain
US8660129B1 (en) * 2012-02-02 2014-02-25 Cisco Technology, Inc. Fully distributed routing over a user-configured on-demand virtual network for infrastructure-as-a-service (IaaS) on hybrid cloud networks
CN104463492A (en) * 2014-12-23 2015-03-25 国家电网公司 Operation management method of electric power system cloud simulation platform
CN105099950A (en) * 2014-04-17 2015-11-25 华为技术有限公司 Resource allocation method, message communication method and devices

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102307246A (en) * 2010-09-25 2012-01-04 广东电子工业研究院有限公司 Protection system and method for secure communication among virtual machines based on cloud computing
US8660129B1 (en) * 2012-02-02 2014-02-25 Cisco Technology, Inc. Fully distributed routing over a user-configured on-demand virtual network for infrastructure-as-a-service (IaaS) on hybrid cloud networks
CN102790711A (en) * 2012-07-19 2012-11-21 上海安达通信息安全技术股份有限公司 VLAN method for controlling PC inter-access in same broadcast domain
CN105099950A (en) * 2014-04-17 2015-11-25 华为技术有限公司 Resource allocation method, message communication method and devices
CN104463492A (en) * 2014-12-23 2015-03-25 国家电网公司 Operation management method of electric power system cloud simulation platform

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SHERRY5636: "通过划分vlan的方法组建内部可供1000人上网的局域网", 《URL:HTTPS://BLOG.CSDN.NET/U012762009/ARTICLE/DETAILS/46963443》 *

Similar Documents

Publication Publication Date Title
US11870755B2 (en) Dynamic intent-based firewall
CN103825954B (en) A kind of OpenFlow control methods and corresponding plug-in unit, platform and network
US20210152443A1 (en) Technologies for annotating process and user information for network flows
CN104253770B (en) Realize the method and apparatus of the distributed virtual switch system
CN103930882B (en) The network architecture with middleboxes
EP3522452A1 (en) Verifying network intents
CN104539457B (en) Equipment based on software definition technology unifies the methods, devices and systems of management and control
US20210036916A1 (en) Switch triggered traffic tracking
US20200162517A1 (en) Method and apparatus to have entitlement follow the end device in network
CN104811393B (en) Multicast message duplication method, device and open flow controller
CN102801820B (en) MAC address publishing method and device in EVI network
CN104618321B (en) System and method for the enterprise objective management of computer network
CN103701633B (en) Setup and maintenance system of visual cluster application for distributed search SolrCloud
ATE303690T1 (en) SYSTEM AND METHOD FOR RULES-BASED NETWORK MANAGEMENT OF VIRTUAL PRIVATE NETWORKS
CN103688490B (en) A kind of Protection path computational methods, relevant device and system
CN104092684B (en) A kind of OpenFlow agreements support VPN method and apparatus
CN107317768A (en) Traffic scheduling method and device
US20200162355A1 (en) Fabric data plane monitoring
CN106027527A (en) Anonymous communication method based on software defined network (SDN) environment
CN106302076A (en) Set up the method in VXLAN tunnel, system and SDN controller
CN103746914A (en) Method, device and system for building corresponding relationship between private network label and primary VRF (VPN (virtual private network) routing and forwarding table)
CN109510777A (en) Flow table method of combination, device and SDN controller
DE102021125019B4 (en) ORCHESTRATING UNITS FOR THE INTERNET OF THINGS
CN106878095A (en) A kind of network collocating method and system based on scenario distributed emulation
CN104702591A (en) Method and system for penetrating through firewall based on port forwarding multiplexing technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20170531

WW01 Invention patent application withdrawn after publication