CN106803796B - Multi-tenant network topology reconstruction method based on cloud platform - Google Patents
Multi-tenant network topology reconstruction method based on cloud platform Download PDFInfo
- Publication number
- CN106803796B CN106803796B CN201710125690.7A CN201710125690A CN106803796B CN 106803796 B CN106803796 B CN 106803796B CN 201710125690 A CN201710125690 A CN 201710125690A CN 106803796 B CN106803796 B CN 106803796B
- Authority
- CN
- China
- Prior art keywords
- bridge
- network
- tenant
- information
- cloud platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000002955 isolation Methods 0.000 claims abstract description 29
- 238000010276 construction Methods 0.000 claims abstract description 3
- 238000003491 array Methods 0.000 claims description 2
- 238000007639 printing Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
- H04L43/045—Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Abstract
The invention discloses a cloud platform-based multi-tenant network topology reconstruction method, and belongs to the field of trusted cloud computing. The cloud user cannot completely trust the underlying network isolation environment provided by the cloud platform. The method includes the steps that VM information of each computing node of a cloud platform is obtained based on Hypervisor, virtual network equipment information is obtained based on a bottom equipment command, a topology reconstruction algorithm is designed according to the connection relation between VM and network equipment, and the current isolation state of the bottom multi-tenant network of the cloud platform is expressed visually. Compared with the topology provided by the cloud platform for the tenant network, the method and the system provided by the invention bypass the cloud platform and directly acquire the related network information from the bottom layer, can effectively discover the VM directly mounted on the tenant network from the Hypervisor, are convenient for the tenant to judge whether the own bottom layer network is infiltrated or not, judge the isolation environment of the bottom layer network provided by the cloud platform, are also convenient for a cloud platform administrator to timely discover and solve problems, and have important significance for the construction of a trusted cloud.
Description
Technical Field
The invention belongs to the field of trusted cloud of cloud computing, and relates to a multi-tenant network topology reconstruction method based on a cloud platform.
Background
In recent years, cloud computing has become a hot spot in the information technology field discussion, and more enterprises and individual users choose to deploy business systems on a cloud platform. Due to the characteristic that cloud computing shares underlying resources, the multi-tenant isolation problem becomes one of the key problems that need to be solved by each large public cloud platform. The network virtualization technology is used as a network implementation basis of a mainstream public cloud platform and provides guarantee for multi-tenant network isolation of the cloud platform. However, in a multi-tenant cloud environment, unlike a traditional physical device, a virtual network device is distributed at each node of a cloud platform, and faces more security risks, and once these risk problems occur, network isolation between tenants is likely to be broken, so that the tenants cannot completely trust a cloud service provider.
Aiming at the current problem of cloud platform multi-tenant network isolation, a lot of research is developed in the industry. At present, a mainstream cloud platform represented by Openstack utilizes a Network virtualization technology to realize multi-tenant Network isolation, for example, an Openstack latest version Network component Neutron uses mechanisms such as Open VSwitch (OVS) in combination with VLAN to realize multi-tenant two-layer Network isolation, and an Iptables firewall and a Network NameSpace mechanism are used to realize multi-tenant three-layer Network isolation. Strictly speaking, based on the single-point fault problem existing in the Openstack multi-tenant network isolation solution, a distributed multi-tenant network isolation solution is provided, namely, a virtual router, a switch and a protection wall device of a tenant are deployed to each computing node to achieve high-availability cloud platform multi-tenant network isolation. Ruozhou Yu et al propose a NeFuCloud scheme based on the disadvantage of management configuration existing in Openstack multi-tenant network isolation, and construct a multi-tenant isolation network based on the NFV technology. Kai Li and the like propose a multi-tenant virtual network customization scheme based on SDN, and realize the multi-tenant network isolation of the cloud platform by adopting a network fragmentation mode.
Although the above solutions provide various methods for solving the cloud platform multi-tenant network isolation problem, security risks existing in the virtual network devices are not fully considered, once the risks occur, the private network of the tenant is likely to be maliciously infiltrated, for example, a malicious administrator creates a VM through Hypervisor to mount to a tenant virtual bridge, and then infiltrates into the tenant network, so that VM isolation in the tenant private network is affected, and the tenant cannot discover the suspicious virtual machine. Based on this security risk consideration, tenants cannot fully trust the network isolation environment provided by the cloud platform.
Disclosure of Invention
Aiming at the problems, the invention adopts a multi-tenant network topology reconstruction method based on a cloud platform to reconstruct the multi-tenant network topology in a real-time operation environment from the bottom layer of the cloud platform, and visually express the multi-tenant network isolation state of the cloud platform.
The technical scheme adopted by the invention is a multi-tenant network topology reconstruction method based on a cloud platform, and the method has the following ideas: on each computing node of the cloud platform, acquiring all VM information running on the corresponding node through Hypervisor, and traversing all the acquired VM information to obtain network connection information of each VM, including MAC addresses and network bridge information mounted by the MAC addresses; on the other hand, the bridge information of each computing node is obtained through a bottom layer device command, the bridge information comprises a traditional bridge and an OVS bridge, then the connection relation between the VM and each bridge is determined according to the obtained VM information and the bridge information, the VM network topology of the computing node is reconstructed, and the cloud platform multi-tenant network topology in the whole real-time operation environment is formed.
The method comprises the following steps:
reading the relevant network configuration and tenant information of the cloud platform, and determining a network mode adopted by the cloud platform and a network topology planned in advance by each tenant.
And step two, calling the API of the virtualization platform related to each computing node, acquiring all VMs on each computing node, traversing all the VMs, acquiring a configuration file, and analyzing the network connection information of each VM according to the configuration file, wherein the network connection information comprises the MAC address information of each network interface of the VM, the network bridge information mounted by the interface and the connection interface information corresponding to the network bridge.
Step three, acquiring the information of the network bridge deployed by each computing node through a bottom layer device command, wherein the network bridge is divided into two types: the traditional bridge and the OVS bridge acquire information including the name of the bridge, the names of all interfaces of the bridge and the category of the bridge.
And step four, the VM network connection information obtained in the step two corresponds to the bridge information obtained in the step three, namely the connection relation between the VM and the bridge is determined, and accordingly, the connection relation between all the VMs on the computing node and the bridge and the connection relation between the bridge and the bridge are established, namely the network topology tree on the computing node is reconstructed.
And step five, in a certain computing node, trying to create a VM through a virtualization platform API, privately mounting the VM to a bridge mounted by a certain tenant VM, re-performing the step two to the step five, reconstructing a computing node tenant topology, comparing the reconstructed computing node tenant topology with the cloud platform network topology which is obtained in the step one and planned by the tenant in advance, and judging whether the reconstructed tenant topology can find the suspicious VM created privately by an administrator.
By comparing with the network isolation topology provided by the cloud platform for the tenants, the method provided by the invention can effectively discover suspicious VMs existing in the network topology of the cloud platform tenants, and provide the tenants with an intuitive and friendly real-time cloud platform multi-tenant network topology, so that users can conveniently make credibility judgment on the basic network isolation environment provided by the cloud platform.
Drawings
FIG. 1 is a diagram of a cloud platform multi-tenant network isolation scenario upon which the present invention is based;
fig. 2 is a flowchart of a cloud platform multi-tenant network topology reconstruction method according to the present invention.
Detailed Description
The invention is further described with reference to the following figures and detailed description.
The current mainstream cloud platform solution for multi-tenant network isolation is generally as shown in fig. 1. In this scenario, the underlying Network of the tenant is usually a Virtual Switch (Virtual Switch) and a traditional Bridge (Network Bridge) device, these devices are usually deployed with a Virtual machine of the tenant at a computing node, and the underlying Network of the tenant is isolated by means of VLAN partitioning. Compared with the traditional mode, under the distributed cloud platform multi-tenant network isolation architecture, the original credible boundary is thoroughly broken, and the network isolation state of the multi-tenant can be broken when any one point generates a security risk.
The implementation of the invention is based on the scene, the bottom layer adopts an Openstack cloud platform to deploy a tenant network topology, a network component adopts a Neutron component, a computing node virtualization environment is constructed based on Libvirt and KVM, and the network adopts a VLAN mode.
The whole process of the multi-tenant network topology reconstruction method based on the cloud platform is shown in fig. 2.
The method comprises the steps of firstly, obtaining related configuration files of the Openstack cloud platform network, wherein the related configuration files comprise/etc/nova/nova.conf and/etc/neutron/neutron.conf, reading related network configuration from the related configuration files, and then obtaining a network topology planned for a tenant in advance by the cloud platform according to configuration information.
And step two, acquiring VM information through a Libvirt virsh related command, and taking all VMs on the computing node by virsh list-all. virsh dumpxml instance-name gets VM details as follows:
the interface part is the MAC address of the VM and the information of the network equipment connected with the VM, and the data abstraction of the VM is defined as follows according to the interface part:
the name is the name of the VM, macs represents the network interface of the VM and is an array, and the array items are the specific information of each network interface: MAC _ ADDRiIdentifying the MAC address of the NETWORK interface, BRIDGE _ NAME being the BRIDGE information, NETWORKK, carried by the interfacejThe interface is represented by private network information, here, VLAN _ ID is used to represent a two-layer private network segment information, and status represents the current state of the VM or RUNNING, STOP, etc.
And step three, under the Openstack environment, the virtual bridges relate to two types, one type is the traditional Network Bridge, and the other type is various OVS bridges under OpenvSwitch, such as br-int and the like. Openstack implements multi-tenant network topology construction by means of these two types of bridges. The Network Bridge information is acquired based on a bottom-layer device command, wherein the Network Bridge information is acquired by using a brctl show command, and the OVS Bridge information is acquired by using an OVS-vsctshow command. Bridge information data abstraction is defined as follows:
wherein, NAME is the NAME of the BRIDGE, corresponding to BRIDGE _ NAME mounted by Virtual Machine, BRIDGE _ type represents the type of the BRIDGE, and is network _ BRIDGE or OVS _ BRIDGE, ports represents the INTERFACE on the BRIDGE, and is represented by an array, INTERFACEiInformation for each interface of the bridge is indicated.
And fourthly, reconstructing the cloud platform multi-tenant network topology tree according to the connection relation between the VM and the bridges and the connection relation between the bridges. Design tree node class table 1:
table 1: UML description of cloud platform multi-tenant network topology tree nodes
Wherein name is the name of the node, the node is a VM, or a Network Bridge, or an OVS Bridge, and childlist is a next-layer node having a connection relation with the node and is an array item; the member method addChild is a method of adding child nodes to the tree node. Then, a cloud platform multi-tenant network topology class is designed, as shown in table 2:
table 2: cloud platform multi-tenant network topology reconfiguration UML description
Wherein, the member variable tree _ root is the following node of the tree, the VMs is each VM node contained in the tree, and lbs and obs respectively represent the Network Bridge and OVS Bridge nodes in the tree, both of which are arrays; the membership function createTopology is a method for reconstructing a cloud platform multi-tenant network topology tree, displayTopology is a method for printing the tree, and topologyToXML is a method for converting the topology tree into an XML file for storage. The whole createTopology method process is as follows:
(1) and traversing obs and lbs, and constructing a TreeNode instance for each array item.
(2) Traversing each item of VMs, judging whether BRIDGE _ NAME corresponding to each mac of the VM exists in obs or lbs, if so, creating a TreeNode instance for the network interface of the VM, calling an addHild method of a BRIDGE node corresponding to the interface, and then becoming a next-layer child node of the BRIDGE; through the traversal as above, the topological connection relationship between the VMs and each bridge is then established.
(3) And acquiring the connection relation between the obs and the lbs bridges through the network equipment connection command, if the connection exists, calling an addHild method of the corresponding tree node of the obs, and adding the corresponding lbs bridge as a child node.
(4) Calling an addHild method of tree _ root, adding each obs bridge as a child node, and forming a complete tenant topology tree from top to bottom
And step five, the user with the administrator authority tries to create a VM through Libvirt and mounts the VM to a certain bridge, and the topology tree information is collected again by adopting the method and compared with the tenant topology provided by the cloud platform obtained in the step one.
Through comparison and discovery, the method can effectively discover the VM privately created to the tenant topology by the administrator, and the VM does not exist in the tenant topology provided by the cloud platform. Meanwhile, in the implementation process, CPU and memory resources occupied by the method in reconstructing the multi-tenant network topology of the cloud platform are recorded, and as a result, under the condition that each computing node averagely has 12 VMs, the utilization rate of the topology reconstruction on the CPU is not more than 1%, and the memory usage is less than 35M. Therefore, the cloud platform multi-tenant network topology reconstruction can effectively represent the cloud platform multi-tenant network isolation state, and meanwhile excessive resource consumption cannot be caused to the cloud platform.
Claims (2)
1. The multi-tenant network topology reconstruction method based on the cloud platform is characterized by comprising the following steps: the method has the following ideas: on each computing node of the cloud platform, acquiring all VM information running on the corresponding node through Hypervisor, and traversing all the acquired VM information to obtain network connection information of each VM, including MAC addresses and network bridge information mounted by the MAC addresses; on the other hand, the bridge information of each computing node is obtained through a bottom layer device command, the bridge information comprises a traditional bridge and an OVS bridge, then the connection relation between the VM and each bridge is determined according to the obtained VM information and the bridge information, the VM network topology of the computing node is reconstructed, and the cloud platform multi-tenant network topology in the whole real-time operation environment is formed;
the method comprises the following steps:
reading relevant network configuration and tenant information of a cloud platform, and determining a network mode adopted by the cloud platform and a network topology planned in advance by each tenant;
step two, calling a virtualization platform API related to each computing node, acquiring all VMs on each computing node, traversing all VMs, acquiring a configuration file, and analyzing network connection information of each VM according to the configuration file, wherein the network connection information comprises MAC address information of each network interface of the VM, bridge information mounted by the interface and connection interface information corresponding to the bridge;
step three, acquiring the information of the network bridge deployed by each computing node through a bottom layer device command, wherein the network bridge is divided into two types: the traditional bridge and the OVS bridge acquire information including the name of the bridge, the names of all interfaces of the bridge and the category of the bridge;
step four, the VM network connection information obtained in the step two corresponds to the bridge information obtained in the step three, namely the connection relation between the VM and the bridge is determined, and accordingly, the connection relation between all the VMs on the computing node and the bridge and the connection relation between the bridge and the bridge are established, namely, the network topology tree on the computing node is reconstructed;
and step five, in a certain computing node, trying to create a VM through a virtualization platform API, and privately mounting the VM to a bridge mounted by a certain tenant VM, re-performing the step two to the step four, reconstructing a computing node tenant topology, comparing the reconstructed computing node tenant topology with the cloud platform network topology which is obtained in the step one and is planned by the tenant in advance, and judging whether the reconstructed tenant topology can find the suspicious VM created privately by an administrator.
2. The cloud platform-based multi-tenant network topology reconstruction method according to claim 1, characterized in that:
the current mainstream cloud platform is realized by utilizing virtual network equipment aiming at the solution of multi-tenant network isolation, virtual switches and traditional network bridge equipment are used for bearing a tenant underlying network, the equipment and virtual machines of the tenant are deployed at a computing node, and the underlying network isolation of the tenant is realized in a VLAN (virtual local area network) dividing mode;
the implementation of the method is based on the scene, the bottom layer adopts an Openstack cloud platform to deploy a tenant network topology, a network component adopts a Neutron component, a computing node virtualization environment is constructed based on Libvirt and KVM, and a network adopts a VLAN mode;
the multi-tenant network topology reconstruction method based on the cloud platform comprises the following steps:
acquiring related configuration files of an Openstack cloud platform network, wherein the related configuration files comprise/etc/nova/nova.conf and/etc/neutron/neutron.conf, reading related network configuration from the related configuration files, and acquiring a network topology planned for a tenant by the cloud platform in advance according to configuration information;
acquiring VM information through a Libvirt virsh related command, and taking all VMs on the computing node by virsh list-all; virsh dumpxml instance-name gets VM details as follows:
the interface part is the MAC address of the VM and the information of the network equipment connected with the VM, and the data abstraction of the VM is defined as follows according to the interface part:
in the definition VM data abstraction class, VM _ name is the name of the VM, macs represents the network interface of the VM, and is an array, and the array items are the specific information of each network interface: MAC _ ADD identifies the MAC address of the NETWORK interface, BRIDGE _ NAME is the BRIDGE information mounted on the interface, NETWORKjIndicating private network information to which the interface belongsHere, VLAN _ ID is used to represent a two-layer private network segment information, and status represents the current state of the VM;
step three, under the Openstack environment, the virtual bridges relate to two types, one type is the traditional Networkbridge, and the other type is various OVS bridges under OpenvSwitch; openstack realizes the construction of multi-tenant network topology by means of the two types of bridges; the acquisition of the Bridge information is obtained based on a bottom-layer device command, wherein the NetworkBridge Bridge information is obtained by using a brctl show command, and the OVS Bridge information is obtained by using an OVS-vsctl show command; bridge information data abstraction is defined as follows:
wherein br _ NAME is the NAME of the BRIDGE, and corresponds to BRIDGE _ NAME mounted by Virtual Machine, BRIDGE _ type represents the type of the BRIDGE, and is network _ BRIDGE or OVS _ BRIDGE, ports represents the interface on the BRIDGE, and is represented by a character string array, and each character string in the array indicates the NAME of each network interface on the BRIDGE;
step four, reconstructing a cloud platform multi-tenant network topology tree according to the connection relation between the VM and the bridges and the connection relation between the bridges; design tree node class table 1:
Wherein ndname is the name of the node, the node is a VM, or a Network Bridge, or an OVS Bridge, and childlist is a next-level node having a connection relation with the node and is an array item; the member method addChild is a method for increasing child nodes of the tree node; then, a cloud platform multi-tenant network topology class is designed, as shown in table 2:
table 2: cloud platform multi-tenant network topology reconfiguration UML description
Wherein, the member variable tree _ root is the root node of the tree, the VMs is each VM node contained in the tree, and lbs and obs respectively represent the Network Bridge and OVS Bridge nodes in the tree, both of which are arrays; the membership function createTopology is a method for reconstructing a cloud platform multi-tenant network topology tree, displayTopology is a method for printing the tree, and topologytoXML is a method for converting the topology tree into an XML file for storage; the whole createTopology method process is as follows:
(1) traversing obs and lbs, and constructing a TreeNode instance for each array item;
(2) traversing each item of VMs, judging whether BRIDGE _ NAME corresponding to each mac of the VM exists in obs or lbs, if so, creating a TreeNode instance for the network interface of the VM, calling an addHild method of a BRIDGE node corresponding to the interface, and then becoming a next-layer child node of the BRIDGE; through the traversal, the topological connection relation between the VMs and each bridge is established;
(3) acquiring the connection relation between obs and lbs bridges through a network equipment connection command, if connection exists, calling an addHild method of the corresponding tree node of obs, and adding the corresponding lbs bridge as a child node;
(4) calling an addChild method of a tree _ root, and adding each obs bridge as a child node to form a complete tenant topology tree from top to bottom;
and step five, a user with administrator authority tries to create a VM through Libvirt, mounts the VM to a certain bridge, and collects topology tree information again by adopting a multi-tenant network topology reconstruction method based on the cloud platform and compares the topology tree information with the tenant topology provided by the cloud platform acquired in the step one.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710125690.7A CN106803796B (en) | 2017-03-05 | 2017-03-05 | Multi-tenant network topology reconstruction method based on cloud platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710125690.7A CN106803796B (en) | 2017-03-05 | 2017-03-05 | Multi-tenant network topology reconstruction method based on cloud platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106803796A CN106803796A (en) | 2017-06-06 |
CN106803796B true CN106803796B (en) | 2020-07-03 |
Family
ID=58987686
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710125690.7A Expired - Fee Related CN106803796B (en) | 2017-03-05 | 2017-03-05 | Multi-tenant network topology reconstruction method based on cloud platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106803796B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107959689B (en) * | 2018-01-10 | 2020-09-25 | 北京工业大学 | Cloud platform tenant network isolation test method |
CN108418815A (en) * | 2018-02-12 | 2018-08-17 | 国网浙江省电力有限公司 | User virtual machine data access method of gathering evidence and system |
CN108521403A (en) * | 2018-03-09 | 2018-09-11 | 山东超越数控电子股份有限公司 | A method of multi-tenant network on Docker container platforms is isolated |
CN110324248B (en) * | 2018-03-30 | 2021-07-30 | 中移(苏州)软件技术有限公司 | Bare metal server route updating method and device, electronic equipment and medium |
CN109040276B (en) * | 2018-08-20 | 2022-03-22 | 郑州云海信息技术有限公司 | Method and device for constructing cloud platform, computer storage medium and terminal |
CN111147252B (en) * | 2019-12-19 | 2022-03-15 | 北京可信华泰信息技术有限公司 | Trusted connection method for cloud environment |
CN113992522B (en) * | 2021-09-02 | 2024-04-09 | 深信服科技股份有限公司 | Network topology graph generation method and device, electronic equipment and storage medium |
CN116010017A (en) * | 2021-10-22 | 2023-04-25 | 中移(苏州)软件技术有限公司 | Interaction method, computer equipment and computer storage medium |
CN114221859B (en) * | 2022-01-06 | 2023-12-01 | 烽火通信科技股份有限公司 | Tenant network physical link connectivity topology generation method and system |
CN115314390B (en) * | 2022-06-23 | 2023-05-16 | 清华大学 | Cloud computing network measurement planning system and method supporting multiple modes |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103684858A (en) * | 2013-12-04 | 2014-03-26 | 华为技术有限公司 | Method and relevant device for generating tenant network and processing label message |
CN103747059A (en) * | 2013-12-26 | 2014-04-23 | 华中科技大学 | Method and system for guaranteeing cloud computing server cluster network |
CN104486192A (en) * | 2014-12-05 | 2015-04-01 | 国云科技股份有限公司 | VLAN (Virtual Local Area Network) isolation method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150067677A1 (en) * | 2013-08-27 | 2015-03-05 | Connectloud, Inc. | Method and apparatus for defining virtual machine placement logic that is configurable and restricts virtual machine provisioning within a software defined cloud |
-
2017
- 2017-03-05 CN CN201710125690.7A patent/CN106803796B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103684858A (en) * | 2013-12-04 | 2014-03-26 | 华为技术有限公司 | Method and relevant device for generating tenant network and processing label message |
CN103747059A (en) * | 2013-12-26 | 2014-04-23 | 华中科技大学 | Method and system for guaranteeing cloud computing server cluster network |
CN104486192A (en) * | 2014-12-05 | 2015-04-01 | 国云科技股份有限公司 | VLAN (Virtual Local Area Network) isolation method |
Non-Patent Citations (4)
Title |
---|
MVNC: A SDN-based Multi-tenant Virtual Network Customization Mechanism in Cloud Data Center;Kai Li等;《2016 International Conference on Networking and Network Applications (NaNA)》;20160625;全文 * |
Quantum中多租户隔离与网络服务扩展研究;常立伟;《中国优秀硕士学位论文全文数据库》;20140115;I139-154 * |
云计算网络中多租户虚拟网络隔离的分布式实现研究;严立宇等;《计算机应用与软件》;20161115;全文 * |
基于OpenStack云平台Neutron关键技术研究;李莉等;《长春理工大学学报(自然科学版)》;20151201;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN106803796A (en) | 2017-06-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106803796B (en) | Multi-tenant network topology reconstruction method based on cloud platform | |
US11750653B2 (en) | Network intrusion counter-intelligence | |
US11894996B2 (en) | Technologies for annotating process and user information for network flows | |
CN107947961B (en) | SDN-based Kubernetes network management system and method | |
US10523541B2 (en) | Federated network and application data analytics platform | |
US20220070065A1 (en) | Enriched flow data for network analytics | |
CN111543038B (en) | Network stream splicing using middleware stream splicing | |
US10142173B2 (en) | Automated creation of private virtual networks in a service provider network | |
Cohen et al. | An intent-based approach for network virtualization | |
US11789802B2 (en) | System and method of mapping and diagnostics of data center resources | |
US20190123983A1 (en) | Data integration and user application framework | |
CN110785963B (en) | Collecting network model and node information from a network | |
CA2914802A1 (en) | Distributed lock management in a cloud computing environment | |
CN103595772A (en) | Cloud data center network deployment scheme based on virtual router | |
US10554501B2 (en) | Network migration assistant | |
CN103685441B (en) | A kind of remote desktop control system based on Loongson terminal | |
CN111557087A (en) | Discovering intermediate devices using traffic stream stitching | |
US11627166B2 (en) | Scope discovery and policy generation in an enterprise network | |
US11706239B2 (en) | Systems and methods for detecting vulnerabilities in network processes during runtime | |
US11895156B2 (en) | Securing network resources from known threats | |
US9319271B2 (en) | Management device and management method | |
Xing et al. | Constructing a virtual networking environment in a geo-distributed programmable layer-2 networking environment (G-PLaNE) | |
White et al. | Netbed: an integrated experimental environment | |
Kwak et al. | FRACTAL: A framework for recursive abstraction of SDN control-plane for large-scale production networks | |
Litan | The application of VLAN in college library network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200703 |
|
CF01 | Termination of patent right due to non-payment of annual fee |