CN106803796A - Multi-tenant network topology reconstructing method based on cloud platform - Google Patents
Multi-tenant network topology reconstructing method based on cloud platform Download PDFInfo
- Publication number
- CN106803796A CN106803796A CN201710125690.7A CN201710125690A CN106803796A CN 106803796 A CN106803796 A CN 106803796A CN 201710125690 A CN201710125690 A CN 201710125690A CN 106803796 A CN106803796 A CN 106803796A
- Authority
- CN
- China
- Prior art keywords
- bridge
- network
- information
- tenant
- cloud platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000002955 isolation Methods 0.000 claims abstract description 26
- 238000004364 calculation method Methods 0.000 claims abstract description 3
- 230000006855 networking Effects 0.000 claims description 3
- 238000004321 preservation Methods 0.000 claims description 2
- 229920006395 saturated elastomer Polymers 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 5
- 238000007726 management method Methods 0.000 description 2
- 230000006378 damage Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
- H04L43/045—Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Abstract
The invention discloses the multi-tenant network topology reconstructing method based on cloud platform, belong to credible field of cloud calculation.The bottom-layer network isolation environment of cloud platform offer can not be provided completely due to cloud user.This method is based on Hypervisor and obtains cloud platform each calculate node VM information, virtual network device information is obtained based on underlying device order, further according to the annexation between VM and the network equipment, topology reconstruction algorithm is designed, intuitively express current cloud platform bottom multi-tenant Network Isolation state.Compared with cloud platform is supplied to tenant network topology, the present invention bypasses cloud platform and directly obtains related network information from bottom, can effectively find such as directly to be mounted to from Hypervisor the VM of tenant network, it is easy to tenant to judge whether the bottom-layer network of oneself is saturated, the bottom-layer network isolation environment that cloud platform is provided is judged, also allow for cloud platform keeper simultaneously to find in time and solve problem, the structure for credible cloud is significant.
Description
Technical field
The invention belongs to the credible cloud field of cloud computing, it is related to a kind of multi-tenant network topology reconstruct side based on cloud platform
Method.
Background technology
In recent years, cloud computing turns into the focus that areas of information technology are discussed, increasing enterprises and individuals user's selection
Operation system is deployed in cloud platform.Due to the characteristic of the shared underlying resource of cloud computing, multi-tenant isolating problem turns into major
Publicly-owned cloud platform needs one of key issue for solving.Network virtualization technology as the publicly-owned cloud platform of main flow real-time performance base
Plinth, for the multi-tenant Network Isolation of cloud platform provides guarantee.However, under the cloud environment of multi-tenant, being set different from conventional physical
Standby, virtual network device is distributed in cloud platform each node, is faced with more security risks, once these risk problems are sent out
It is raw, it is likely that the Network Isolation between destruction tenant and tenant, cause tenant completely to trust cloud service provider.
For current cloud platform multi-tenant Network Isolation problem, many researchs are expanded in the industry.At present, with Openstack
The Network Isolation of multi-tenant, such as Openstack latest editions are realized using network virtualization technology for the main flow cloud platform for representing
Networking component Neutron realizes that the double layer network of multi-tenant is isolated using Open vSwitch (OVS) with reference to mechanism such as VLAN, profit
Realize that multi-tenant three-layer network is isolated with Iptables fire walls and Network NameSpace mechanism.Yan Liyu etc. is based on again
A kind of Single Point of Faliure problem that above-mentioned Openstack multi-tenants networking isolation solution is present, it is proposed that distributed multi-tenant
Network Isolation solution, will the virtual router of tenant, interchanger and protecting wall deployed with devices to each calculate node
To realize the cloud platform multi-tenant Network Isolation of High Availabitity.Ruozhou Yu etc. are then based on Openstack multi-tenant Network Isolations
The drawbacks of management configuration of presence, it is proposed that NeFuCloud schemes, the isolation network of multi-tenant is built based on NFV technologies.
Kai Li etc. then propose the multi-tenant virtual network customized solution based on SDN, and cloud platform is realized by the way of network burst
The Network Isolation of multi-tenant.
Although above-mentioned solution proposes the every method for solving the problems, such as cloud platform multi-tenant Network Isolation, but does not fill
Point consider the security risk that exists of these virtual network devices in itself, once risk occurs, the private network of tenant be likely to by
Malice is permeated, for example, a keeper for malice creates a VM by Hypervisor is mounted to tenant's virtual bridge, then
Tenant network, the VM isolations in influence tenant's private network are penetrated into, and tenant can not have found the suspicious virtual machine.Based on this
Plant security risk to consider, tenant can not completely trust the Network Isolation environment of cloud platform offer.
The content of the invention
Regarding to the issue above, the present invention uses a kind of multi-tenant network topology reconstructing method based on cloud platform, flat from cloud
Multi-tenant network topology in platform bottom reconstruct run-time environment, expression cloud platform multi-tenant Network Isolation state directly perceived.
The technical solution adopted by the present invention is the multi-tenant network topology reconstructing method based on cloud platform, the thinking of the method
It is as follows:In cloud platform each calculate node, all VM information run in corresponding node are obtained by Hypervisor, afterwards
All VM information to obtaining are traveled through, and obtain the network connection information of each VM, including MAC Address and its carry net
Bridge information;On the other hand, the bridge information of each calculate node is obtained by underlying device order, bridge information includes traditional net
Bridge and OVS bridges, afterwards according to the VM information and bridge information for obtaining, determine the annexation between VM and each bridge, weight
The VM network topologies of the structure calculate node, form the cloud platform multi-tenant network topology in overall run-time environment.
The step of the method, includes:
Step one, reads the configuration of cloud platform network of relation and tenant's information, determines network mode that cloud platform uses and each
The network topology of individual tenant planning in advance.
Step 2, calls each calculate node respective fictional platform api, obtains all of VM in each calculate node,
Travel through all VM, obtain configuration file, parse the network connection information of each VM according to configuration file, including the VM each net
The mac address information of network interface, the bridge information of the interface carry and in the corresponding connecting interface information of the bridge.
Step 3, the bridge information that each calculate node is disposed is obtained by underlying device order, and bridge is divided into two classes:Pass
System bridge and OVS bridges, the information of acquisition include title, the total interface title of bridge and the classification of bridge of bridge.
Step 4, the VM network connection informations obtained in step 2 are corresponding with the bridge information that step 3 is obtained, that is, determine
The annexation of VM and bridge, according to this, sets up the annexation of all VM and bridge in calculate node, and bridge and bridge it
Between annexation, that is, reconstruct the network topology tree in the calculate node.
Step 5, in a certain calculate node, attempts creating a VM by virtual platform API, and be mounted to certain privately
On the bridge of individual tenant VM institutes carry, re-start step 2 to step 5, reconstruction calculations node tenant topology, and with step one
Whether the cloud platform network topology of the tenant of middle acquisition planning in advance is contrasted, and is seen tenant's topology of reconstruct and can be found management
The suspicious VM that member creates privately.
By being supplied to the Network Isolation topology contrast of tenant with cloud platform, the method for the present invention can effectively find cloud
Suspicious VM present in platform tenant network topology, and it is supplied to a friendly real-time cloud platform multi-tenant net directly perceived of tenant
Network topology, is easy to user to make credible judgement to the basic network isolation environment that the cloud platform is provided.
Brief description of the drawings
Fig. 1 is the cloud platform multi-tenant Network Isolation scene graph that the present invention is based on;
Fig. 2 is cloud platform multi-tenant network topology reconstructing method flow chart involved in the present invention.
Specific embodiment
The present invention is described further with reference to the accompanying drawings and detailed description.
Current main-stream cloud platform is generally as shown in Figure 1 for the solution of multi-tenant Network Isolation.Under the scene, hold
Typically virtual switch (Virtual Switch) and the translational bridging (Network Bridge) for carrying tenant's bottom-layer network set
Standby, usual and tenant the deploying virtual machine of these equipment draws the bottom that grading mode realizes tenant in calculate node by VLAN
Network Isolation.Compared with traditional mode, under such a distributed cloud platform multi-tenant Network Isolation framework, originally can
Letter border is thoroughly broken, and any one point occurs security risk, may all break the Network Isolation state of multi-tenant.
The present invention is implemented will be based on the scene, and bottom is using Openstack cloud platforms deployment tenant network topology, group of networks
Part uses Neutron components, calculate node virtualized environment to be based on Libvirt and KVM and build, and network uses VLAN patterns.
Multi-tenant network topology reconstructing method based on cloud platform, whole flow process is as shown in Figure 2.
Step one, obtain Openstack cloud platform network associated profiles, including/etc/nova/nova.conf and/
Etc/neutron/neutron.conf, therefrom reads network of relation configuration, and obtain cloud platform further according to configuration information gives in advance
The network topology of tenant's planning.
Step 2, VM information is gathered by Libvirt virsh related commands, and virsh list-all take the calculating section
All of VM on point.Virsh dumpxml instance-name take VM details, as follows:
Wherein interface parts are the MAC Address of VM and its network equipment information of connection, and VM data are defined accordingly
It is abstract as follows:
Wherein name is the VM titles, and macs represents the network interface of VM, is an array, and array item is each network
The specifying information of interface:MAC_ADDRiThe MAC Address of the network interface is identified, BRIDGE_NAME is the bridge of the interface carry
Information, NETWORKjThe private network information belonging to the interface is represented, one two layers of privately owned net is represented with VLAN_ID here
Segment information, status represents current state or RUNNING, STOP of the VM etc..
Step 3, under Openstack environment, virtual bridge is related to two classes, and a class is traditional Network Bridge, separately
An outer class is all kinds of OVS bridges under OpenvSwitch, typical such as br-int.Openstack is by by this two classes net
Bridge realizes multi-tenant constructing network topology.This is obtained to the device command of the collection based on bottom of bridge information, wherein
Network Bridge bridge Information Pull brctl show orders are obtained, and OVS Bridge bridge information uses OVS-vsctl
Show orders are obtained.Define bridge information data abstract as follows:
Wherein name is the title of the bridge, and the BRIDGE_NAME with Virtual Machine carries is corresponding, bridge_
Type represents the type of the bridge, is the interface that network_bridge or OVS_bridge, ports are represented on the bridge,
With an array representation, INTERFACEiThen represent the information of each interface of the bridge.
Step 4, according to the annexation between VM and bridges, and the annexation between bridges, reconstruct cloud
Platform multi-tenant network topology tree.Design tree node class table 1:
Table 1:Cloud platform multi-tenant network topology tree node UML is described
Wherein name is the nodename, and the node is a VM, or a Network Bridge, or one
Individual OVS Bridge, childlist are the next node layers for having annexation with the node, are an array item;Member side
Method addChild is the method for increasing the tree node child node.Cloud platform multi-tenant network topology class, such as table 2 are designed afterwards:
Table 2:The reconstruct class UML descriptions of cloud platform multi-tenant network topology
Wherein member variable tree_root be the tree with node, vms is each VM node that the tree includes, lbs and
Obs represents Network Bridge and OVS the Bridge nodes in the tree respectively, is array;Member function
CreateTopology is the method for reconstructing cloud platform multi-tenant network topology tree, and displayTopology is to print the tree
Method, topologyToXML is the method that the topological tree is converted into XML file preservation.Whole createTopology methods
Process is as follows:
(1) obs and lbs is traveled through, TreeNode examples is built to each of which array item.
(2) traversal vms is every, judges that the corresponding BRIDGE_NAME of the VM each mac whether there is in obs or lbs
In, if it is present creating TreeNode examples to the VM network interfaces, and transfer the corresponding bridge of the interface
AddChild methods, the then next level of child nodes as the bridge;By as above traveling through, VMs and each net are then established
The topological connection relation of bridge.
(3) annexation between obs and lbs each bridge is obtained by network equipment bind command, if connection,
The addChild methods of the corresponding tree nodes of obs are then called, it is child node to add corresponding lbs bridges.
(4) the addChild methods of tree_root are called, each obs bridge is added as child node, so far from top to bottom
Form a complete tenant topological tree
Step 5, the user with administrator right attempts creating a VM by Libvirt, and is mounted to certain
Individual bridge, topological tree information is collected using the method again, and tenant's topology that the cloud platform obtained with step one is provided is carried out
Contrast.
Found by contrasting, this method can effectively find that the keeper is created to the VM of tenant's topology, and cloud privately
The VM is had no in tenant's topology that platform is provided.Simultaneously in implementation process, record this method is in reconstruct cloud platform multi-tenant net
CPU and memory source shared by network topology, result is the topology reconstruction in the case where each calculate node averagely has 12 VM
1% is no more than to cpu busy percentage, internal memory is used less than 35M.Thus it is believed that passing through cloud platform multi-tenant network topology weight
Structure, while can effectively representing cloud platform multi-tenant Network Isolation state, will not cause excessive resource consumption to cloud platform.
Claims (2)
1. the multi-tenant network topology reconstructing method of cloud platform is based on, it is characterised in that:The thinking of the method is as follows:In cloud platform
In each calculate node, all VM information run in corresponding node are obtained by Hypervisor, owned to acquisition afterwards
VM information is traveled through, and obtains the network connection information of each VM, including MAC Address and its carry bridge information;It is another
Aspect, the bridge information of each calculate node is obtained by underlying device order, and bridge information includes translational bridging and OVS nets
Bridge, afterwards according to the VM information and bridge information for obtaining, determines the annexation between VM and each bridge, reconstructs the calculating section
The VM network topologies of point, form the cloud platform multi-tenant network topology in overall run-time environment;
The step of the method, includes:
Step one, reads the configuration of cloud platform network of relation and tenant's information, determines that the network mode that cloud platform is used is rented with each
The network topology of family planning in advance;
Step 2, calls each calculate node respective fictional platform api, obtains all of VM in each calculate node, traversal
All VM, obtain configuration file, and the network connection information of each VM is parsed according to configuration file, including the VM each network connects
Mouthful mac address information, the bridge information of the interface carry and in the corresponding connecting interface information of the bridge;
Step 3, the bridge information that each calculate node is disposed is obtained by underlying device order, and bridge is divided into two classes:Traditional net
Bridge and OVS bridges, the information of acquisition include title, the total interface title of bridge and the classification of bridge of bridge;
Step 4, in step 2 obtain VM network connection informations it is corresponding with the bridge information that step 3 is obtained, i.e., determination VM with
The annexation of bridge, according to this, sets up the annexation of all VM and bridge in calculate node, and between bridge and bridge
Annexation, that is, reconstruct the network topology tree in the calculate node;
Step 5, in a certain calculate node, attempts creating a VM by virtual platform API, and be mounted to certain rent privately
On the bridge of family VM institutes carry, re-start step 2 to step 5, reconstruction calculations node tenant topology, and with step one in obtain
Whether the cloud platform network topology of the tenant for taking planning in advance is contrasted, and is seen tenant's topology of reconstruct and can be found that keeper is private
From the suspicious VM for creating.
2. the multi-tenant network topology reconstructing method based on cloud platform according to claim 1, it is characterised in that:
Current main-stream cloud platform is generally as shown in Figure 1 for the solution of multi-tenant Network Isolation;Under the scene, carry and rent
Typically virtual switch and the translational bridging equipment of family bottom-layer network, usual and tenant the deploying virtual machine of these equipment is in meter
Operator node, draws grading mode and realizes that the bottom-layer network of tenant is isolated by VLAN;
This method is implemented to be adopted using Openstack cloud platforms deployment tenant network topology, networking component based on the scene, bottom
Neutron components, calculate node virtualized environment is used to be based on Libvirt and KVM and build, network uses VLAN patterns;
Multi-tenant network topology reconstructing method based on cloud platform;
Step one, obtains Openstack cloud platform network associated profiles, including/etc/nova/nova.conf and/etc/
Neutron/neutron.conf, therefrom reads network of relation configuration, and cloud platform is obtained in advance to tenant further according to configuration information
The network topology of planning;
Step 2, VM information is gathered by Libvirt virsh related commands, and virsh list-all are taken in the calculate node
All of VM;Virsh dumpxml instance-name take VM details, as follows:
Wherein interface parts are the MAC Address of VM and its network equipment information of connection, and VM data abstractions are defined accordingly
It is as follows:
Wherein name is the VM titles, and macs represents the network interface of VM, is an array, and array item is each network interface
Specifying information:The MAC Address of the network interface is identified, BRIDGE_NAME is the bridge information of the interface carry, represents that this connects
Private network information belonging to mouthful, represents one two layers of privately owned network segment information with VLAN_ID here, and status represents the VM
Current state or RUNNING, STOP;
Step 3, under Openstack environment, virtual bridge is related to two classes, and a class is traditional Network Bridge, and in addition one
Class is all kinds of OVS bridges under OpenvSwitch, typical such as br-int;Openstack is by by this two classes bridge reality
Existing multi-tenant constructing network topology;This is obtained to the device command of the collection based on bottom of bridge information, wherein Network
Bridge bridge Information Pull brctl show orders are obtained, and OVS Bridge bridges information uses OVS-vsctl show orders
Obtain;Define bridge information data abstract as follows:
Wherein name is the title of the bridge, and the BRIDGE_NAME with Virtual Machine carries is corresponding, bridge_type
The type of the bridge is represented, is the interface that network_bridge or OVS_bridge, ports are represented on the bridge, with one
Individual array representation, then it represents that the information of the bridge each interface;
Step 4, according to the annexation between VM and bridges, and the annexation between bridges, reconstruct cloud platform
Multi-tenant network topology tree;Design tree node class table 1:
Table 1:Cloud platform multi-tenant network topology tree node UML is described
Wherein name is the nodename, and the node is a VM, or a Network Bridge, or one
OVS Bridge, childlist are the next node layers for having annexation with the node, are an array item;Member method
AddChild is the method for increasing the tree node child node;Cloud platform multi-tenant network topology class, such as table 2 are designed afterwards:
Table 2:The reconstruct class UML descriptions of cloud platform multi-tenant network topology
Wherein member variable tree_root be the tree with node, vms is each VM node that the tree includes, lbs and obs points
Network Bridge and OVS the Bridge nodes in the tree are not represented, are array;Member function createTopology
Method to reconstruct cloud platform multi-tenant network topology tree, displayTopology is the method for printing the tree,
TopologyToXML is the method that the topological tree is converted into XML file preservation;Whole createTopology procedures are such as
Under:
(1) obs and lbs is traveled through, TreeNode examples is built to each of which array item;
(2) traversal vms is every, judges that the corresponding BRIDGE_NAME of the VM each mac whether there is in obs or lbs,
If it is present creating TreeNode examples to the VM network interfaces, and transfer the corresponding bridge of the interface
AddChild methods, the then next level of child nodes as the bridge;By as above traveling through, VMs and each net are then established
The topological connection relation of bridge;
(3) annexation between obs and lbs each bridge is obtained by network equipment bind command, if connection, is then adjusted
With the addChild methods of the corresponding tree nodes of obs, it is child node to add corresponding lbs bridges;
(4) the addChild methods of tree_root are called, each obs bridge is added as child node, is so far formed from top to bottom
One complete tenant topological tree
Step 5, the user with administrator right attempts creating a VM by Libvirt, and is mounted to certain net
Bridge, topological tree information is collected using the method again, and tenant's topology that the cloud platform obtained with step one is provided is contrasted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710125690.7A CN106803796B (en) | 2017-03-05 | 2017-03-05 | Multi-tenant network topology reconstruction method based on cloud platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710125690.7A CN106803796B (en) | 2017-03-05 | 2017-03-05 | Multi-tenant network topology reconstruction method based on cloud platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106803796A true CN106803796A (en) | 2017-06-06 |
| CN106803796B CN106803796B (en) | 2020-07-03 |
Family
ID=58987686
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710125690.7A Expired - Fee Related CN106803796B (en) | 2017-03-05 | 2017-03-05 | Multi-tenant network topology reconstruction method based on cloud platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106803796B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107959689A (en) * | 2018-01-10 | 2018-04-24 | 北京工业大学 | A kind of cloud platform tenant network isolation test |
| CN108418815A (en) * | 2018-02-12 | 2018-08-17 | 国网浙江省电力有限公司 | User virtual machine data access method of gathering evidence and system |
| CN108521403A (en) * | 2018-03-09 | 2018-09-11 | 山东超越数控电子股份有限公司 | A method of multi-tenant network on Docker container platforms is isolated |
| CN109040276A (en) * | 2018-08-20 | 2018-12-18 | 郑州云海信息技术有限公司 | A kind of method, apparatus, computer storage medium and terminal constructing cloud platform |
| CN110324248A (en) * | 2018-03-30 | 2019-10-11 | 中移(苏州)软件技术有限公司 | A kind of bare metal server route renewing method, device, electronic equipment and medium |
| CN111147252A (en) * | 2019-12-19 | 2020-05-12 | 北京可信华泰信息技术有限公司 | Trusted connection method for cloud environment |
| CN113992522A (en) * | 2021-09-02 | 2022-01-28 | 深信服科技股份有限公司 | Network topological graph generation method and device, electronic equipment and storage medium |
| CN114221859A (en) * | 2022-01-06 | 2022-03-22 | 烽火通信科技股份有限公司 | Method and system for generating tenant network physical link connectivity topology |
| CN115314390A (en) * | 2022-06-23 | 2022-11-08 | 清华大学 | Multi-mode-supporting cloud computing network measurement planning system and method |
| WO2023065922A1 (en) * | 2021-10-22 | 2023-04-27 | 中移(苏州)软件技术有限公司 | Interactive method, computer device, and computer storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103684858A (en) * | 2013-12-04 | 2014-03-26 | 华为技术有限公司 | Method and relevant device for generating tenant network and processing label message |
| CN103747059A (en) * | 2013-12-26 | 2014-04-23 | 华中科技大学 | Method and system for guaranteeing cloud computing server cluster network |
| US20150067677A1 (en) * | 2013-08-27 | 2015-03-05 | Connectloud, Inc. | Method and apparatus for defining virtual machine placement logic that is configurable and restricts virtual machine provisioning within a software defined cloud |
| CN104486192A (en) * | 2014-12-05 | 2015-04-01 | 国云科技股份有限公司 | VLAN (Virtual Local Area Network) isolation method |
-
2017
- 2017-03-05 CN CN201710125690.7A patent/CN106803796B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150067677A1 (en) * | 2013-08-27 | 2015-03-05 | Connectloud, Inc. | Method and apparatus for defining virtual machine placement logic that is configurable and restricts virtual machine provisioning within a software defined cloud |
| CN103684858A (en) * | 2013-12-04 | 2014-03-26 | 华为技术有限公司 | Method and relevant device for generating tenant network and processing label message |
| CN103747059A (en) * | 2013-12-26 | 2014-04-23 | 华中科技大学 | Method and system for guaranteeing cloud computing server cluster network |
| CN104486192A (en) * | 2014-12-05 | 2015-04-01 | 国云科技股份有限公司 | VLAN (Virtual Local Area Network) isolation method |
Non-Patent Citations (4)
| Title |
|---|
| KAI LI等: "MVNC: A SDN-based Multi-tenant Virtual Network Customization Mechanism in Cloud Data Center", 《2016 INTERNATIONAL CONFERENCE ON NETWORKING AND NETWORK APPLICATIONS (NANA)》 * |
| 严立宇等: "云计算网络中多租户虚拟网络隔离的分布式实现研究", 《计算机应用与软件》 * |
| 常立伟: "Quantum中多租户隔离与网络服务扩展研究", 《中国优秀硕士学位论文全文数据库》 * |
| 李莉等: "基于OpenStack云平台Neutron关键技术研究", 《长春理工大学学报(自然科学版)》 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107959689B (en) * | 2018-01-10 | 2020-09-25 | 北京工业大学 | Cloud platform tenant network isolation test method |
| CN107959689A (en) * | 2018-01-10 | 2018-04-24 | 北京工业大学 | A kind of cloud platform tenant network isolation test |
| CN108418815A (en) * | 2018-02-12 | 2018-08-17 | 国网浙江省电力有限公司 | User virtual machine data access method of gathering evidence and system |
| CN108521403A (en) * | 2018-03-09 | 2018-09-11 | 山东超越数控电子股份有限公司 | A method of multi-tenant network on Docker container platforms is isolated |
| CN110324248A (en) * | 2018-03-30 | 2019-10-11 | 中移(苏州)软件技术有限公司 | A kind of bare metal server route renewing method, device, electronic equipment and medium |
| CN110324248B (en) * | 2018-03-30 | 2021-07-30 | 中移(苏州)软件技术有限公司 | Bare metal server route updating method and device, electronic equipment and medium |
| CN109040276B (en) * | 2018-08-20 | 2022-03-22 | 郑州云海信息技术有限公司 | Method and device for constructing cloud platform, computer storage medium and terminal |
| CN109040276A (en) * | 2018-08-20 | 2018-12-18 | 郑州云海信息技术有限公司 | A kind of method, apparatus, computer storage medium and terminal constructing cloud platform |
| CN111147252A (en) * | 2019-12-19 | 2020-05-12 | 北京可信华泰信息技术有限公司 | Trusted connection method for cloud environment |
| CN111147252B (en) * | 2019-12-19 | 2022-03-15 | 北京可信华泰信息技术有限公司 | Trusted connection method for cloud environment |
| CN113992522A (en) * | 2021-09-02 | 2022-01-28 | 深信服科技股份有限公司 | Network topological graph generation method and device, electronic equipment and storage medium |
| CN113992522B (en) * | 2021-09-02 | 2024-04-09 | 深信服科技股份有限公司 | Network topology graph generation method and device, electronic equipment and storage medium |
| WO2023065922A1 (en) * | 2021-10-22 | 2023-04-27 | 中移(苏州)软件技术有限公司 | Interactive method, computer device, and computer storage medium |
| CN114221859A (en) * | 2022-01-06 | 2022-03-22 | 烽火通信科技股份有限公司 | Method and system for generating tenant network physical link connectivity topology |
| CN114221859B (en) * | 2022-01-06 | 2023-12-01 | 烽火通信科技股份有限公司 | Tenant network physical link connectivity topology generation method and system |
| CN115314390A (en) * | 2022-06-23 | 2022-11-08 | 清华大学 | Multi-mode-supporting cloud computing network measurement planning system and method |
| CN115314390B (en) * | 2022-06-23 | 2023-05-16 | 清华大学 | Cloud computing network measurement planning system and method supporting multiple modes |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106803796B (en) | 2020-07-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106803796A (en) | Multi-tenant network topology reconstructing method based on cloud platform | |
| US9825817B2 (en) | Network configuration auto-deployment | |
| US9686146B2 (en) | Reconfiguring interrelationships between components of virtual computing networks | |
| US11558426B2 (en) | Connection tracking for container cluster | |
| CN104718723B (en) | For the networking in virtual network and the frame of security service | |
| CN105074692B (en) | Use the distributed network management system of the Policy model of the more dimension labels of logic-based | |
| US20160357424A1 (en) | Collapsing and placement of applications | |
| US11196628B1 (en) | Monitoring container clusters | |
| CN109644141A (en) | Method and system for visual network | |
| US20160254968A1 (en) | Dynamic troubleshooting workspaces for cloud and network management systems | |
| US20130108259A1 (en) | Affinity modeling in a data center network | |
| CN104243193A (en) | Network topology dynamic allocation and display method and device | |
| CN111371595A (en) | Network security deployment method, device, equipment and readable storage medium | |
| CN106170947B (en) | A kind of alarm information processing method, relevant device and system | |
| US9674045B2 (en) | Methods, systems, and computer readable media for modeling packet technology services using a packet virtual network (PVN) | |
| Callegati et al. | Performance of multi-tenant virtual networks in openstack-based cloud infrastructures | |
| CN107632937A (en) | A kind of method, apparatus tested cluster virtual machine, readable storage medium storing program for executing | |
| CN113542074B (en) | Method and system for visually managing east-west network flow of kubernets cluster | |
| Avramov et al. | The Policy Driven Data Center with ACI: Architecture, Concepts, and Methodology | |
| US20130166260A1 (en) | Distributed Internet Protocol Network Analysis Model with Real Time Response Performance | |
| CN106533720B (en) | Compiling method and device for network service request and controller | |
| Zichao et al. | Ethernet topology discovery for virtual local area networks with incomplete information | |
| Yang et al. | Model driven advanced hybrid cloud services for big data: Paradigm and practice | |
| Iizawa et al. | Network abstraction and control models for hierarchical SDN controllers | |
| Okita et al. | Virtual network configuration management system for data center operations and management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200703 |