CN106878075A - A kind of message processing method and device - Google Patents

A kind of message processing method and device Download PDF

Info

Publication number
CN106878075A
CN106878075A CN201710087524.2A CN201710087524A CN106878075A CN 106878075 A CN106878075 A CN 106878075A CN 201710087524 A CN201710087524 A CN 201710087524A CN 106878075 A CN106878075 A CN 106878075A
Authority
CN
China
Prior art keywords
virtual machine
functional module
address
module
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710087524.2A
Other languages
Chinese (zh)
Other versions
CN106878075B (en
Inventor
王海
申志鹏
樊超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201710087524.2A priority Critical patent/CN106878075B/en
Publication of CN106878075A publication Critical patent/CN106878075A/en
Application granted granted Critical
Publication of CN106878075B publication Critical patent/CN106878075B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Abstract

The application provides a kind of message processing method and device, and the method is applied to this end node in cloud platform internal management network, and the method is:Receive message;The first functional module matched with the purpose IP address and VLAN ID of message carrying is found in multiple functional modules that this end node includes;The message is processed using first functional module;Wherein, the IP network section and VLAN belonging to multiple functional modules that described end node includes are different.

Description

A kind of message processing method and device
Technical field
The application is related to communication technical field, more particularly to a kind of message processing method and device.
Background technology
Cloud platform includes calculate node, control node and memory node, and control node externally provides login page, user Can be communicated with calculate node by login page.
Login page is the entrance of the access calculate node that control node is provided the user, but at present, login page Become the entrance of outside world cloud platform internal management network, larger risk is brought to the security of cloud platform.
The content of the invention
In view of this, the application provides a kind of message processing method and device, is used to protect cloud platform internal management network.
Specifically, the application is achieved by the following technical solution:
A kind of the application first aspect, there is provided message processing method, methods described is applied to cloud platform internal control net This end node in network, methods described includes:
Receive message;
The purpose IP address and VLAN ID carried with the message are found in multiple functional modules that this end node includes The first functional module for matching;
The message is processed using first functional module;
Wherein, the IP network section and VLAN belonging to multiple functional modules that described end node includes are different.
A kind of the application second aspect, there is provided message process device, described device is applied to cloud platform internal control net This end node in network, with the function of realizing the above method.The function can be realized by hardware, it is also possible to by hardware Corresponding software is performed to realize.The hardware or software include one or more modules corresponding with above-mentioned functions or unit.
In a kind of possible implementation, described device includes:
Receiving unit, for receiving message;
Module searches unit, for finding the mesh carried with the message in multiple functional modules for including in this end node IP address and the first functional modules for matching of VLAN ID;Wherein, belonging to multiple functional modules that described end node includes IP network section and VLAN it is different;
Message process unit, for processing the message using first functional module.
In alternatively possible implementation, described device includes communication interface, processor, memory and bus, described It is connected with each other by bus between communication interface, the processor and the memory;The processor is deposited by described in reading The logical order stored in reservoir, performs the message processing method described in the application first aspect.
The technical scheme that the application is provided is divided by the function to the management network inside cloud platform, according to node Performed management network function marks off multiple functional modules in intra-node, and to perform the work(of different management network functions The IP address and different VLAN ID of energy module assignment difference IP network section, so as to the realization between the difference in functionality of management network Network Isolation, accordingly even when the external world initiates the attack to page log-in module, the attack does not interfere with other of management network yet The network segment, so as to improve cloud platform reliability of operation and stability.
Brief description of the drawings
Fig. 1 is a kind of Organization Chart of the cloud platform shown in the exemplary embodiment of the application one;
Fig. 2 is a kind of flow chart of the message processing method shown in the exemplary embodiment of the application one;
Fig. 3 is a kind of networking schematic diagram of the cloud platform internal management network shown in the exemplary embodiment of the application one;
Fig. 4 is a kind of functional block diagram of the message process device shown in the exemplary embodiment of the application one;
Fig. 5 is a kind of hardware structure figure of the message process device shown in the exemplary embodiment of the application one.
Specific embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in implementation method do not represent all implementation methods consistent with the application.Conversely, they be only with it is such as appended The example of the consistent apparatus and method of some aspects described in detail in claims, the application.
It is the purpose only merely for description specific embodiment in term used in this application, and is not intended to be limiting the application. " one kind ", " described " and " being somebody's turn to do " of singulative used in the application and appended claims is also intended to include majority Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wraps May be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used for being distinguished from each other open same type of information.For example, not departing from In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determining ".
Technical scheme is illustrated with reference to Figure of description and each embodiment.
Management network inside current cloud platform only uses a network segment, it means that, the external world can be by control node The login page of offer, it is known that the network segment of the management network inside cloud platform.In this way, login page is undoubtedly into outside world cloud The entrance of platform, as long as the external world launches a offensive to page log-in module, it is possible to which chaff cloud platform interior manages the communication of network.
In order to solve the above problems, present applicant proposes a kind of message processing method and device, by cloud platform inside The function of management network divided, the management network function according to performed by node marks off multiple functions in intra-node Module, and to perform IP address and same VLAN that the functional module of same class management network function distributes same IP network section ID, the IP address and different VLANID of different IP network sections are distributed for the functional module for performing different management network functions, so that Network Isolation is realized between the difference in functionality of management network, accordingly even when the extraneous attack initiated to page log-in module, should Attack does not interfere with other network segments of management network yet, so as to improve cloud platform reliability of operation and stability.
The framework of cloud platform is introduced below by Fig. 1, control node, calculate node can be divided into by role in Fig. 1 And memory node, managing network communication is passed through between three.
In the application, the function to the management network of cloud platform is segmented, and a kind of optional dividing mode is as follows, should The function of managing network divide at following 4 points by mode:
First point:The page login function of cloud platform, control node can provide the user login page (dashboard) so that user can log in cloud platform and carry out associative operation, as saved to calculating by instructing instruction control node Point issues the trigger command for creating virtual machine.
Second point:The storage access function of cloud platform, control node and calculate node can be to the memory nodes of cloud platform It is written and read operation.
Thirdly:Virtual machine (VM) operational control function, control node can be by VNC (Virtual Network Console, virtual network controls platform) and calculate node communication, so as to log in the virtual machine created in calculate node, to virtual Machine carries out operational control.
4th point:The intercom feature of cloud platform, is mainly used in completing other management in addition to above three function Network function, such as synchronous configuration, the internal process status for monitoring each calculate node, inside story treatment creates virtual network, Virtual machine is created, fire wall etc. is created.
It should be noted that diversity and following cloud platform management network in view of the management network function criteria for classifying More new functions may be realized, the application is not intended to limit the dividing mode of management network function, these are only that one kind is specifically shown Example.
Can be in advance one IP network section of each function distribution and a VLAN for the difference in functionality of management network (Virtual Local Area Network, VLAN).For example, can specify that for realizing at above-mentioned first point --- cloud The communication network of the page login function of platform is 1.0.0.0/24, and VLAN ID are 100;For realizing above-mentioned second point --- The communication network of the storage access function of cloud platform is 2.0.0.0/24, and VLAN ID are 101;For realizing the above-mentioned 3rd Point --- the communication network of virtual machine operations control function is 3.0.0.0/24, and VLAN ID are 102;For realizing the above-mentioned 4th The communication network of the intercom feature of point --- cloud platform is 4.0.0.0/24, and VLAN ID are 104.
It is corresponding with the above-mentioned management network function for marking off, can be marked off inside control node and calculate node Multiple functional modules, the difference in functionality module on same node is respectively used to perform different management network functions;Then, control IP network section and VLAN that node and calculate node are pre-allocated according to the above-mentioned difference in functionality to manage network, are each functional module point With corresponding IP address and VLAN ID so that the multiple functional modules on same node are in different IP network section and VLAN, no It is in same IP network section and same VLAN with the functional module for being used to perform same class management network function on node.
For example, according to four functions of the above-mentioned management network for enumerating, four work(can be marked off inside control node Energy module, respectively:Page log-in module, for providing login page;First storage access module, for cloud platform inside Memory node in management network is written and read operation;First Virtual machine control module, for having created in calculate node Virtual machine carries out operational control;First intercommunication module, for completing other management network functions.
Three functional modules can be marked off inside calculate node, respectively:Second storage access module, for cloud Memory node in platform interior management network is written and read operation;Second Virtual machine control module, for coordinating control node (specifically coordinating the first Virtual machine control module in control node) completes to carry out the virtual machine created on this end node Operational control;Second intercommunication module, for coordinating control node (specifically to coordinate the first inside in control node logical Letter module) complete other management network functions.
Here, the second storage access module in the first storage access module and calculate node in control node, control The second Virtual machine control module on the first Virtual machine control module and calculate node on node, and in control node The second intercommunication module in one intercommunication module and calculate node, performs same class management network on as different nodes The functional module of function.
Equally, the application can be pre-allocated according to the above-mentioned difference in functionality to manage network IP network section and VLAN, to deposit The storage corresponding IP address of node distribution and VLAN ID so that in the first storage access module, calculate node in control node Second storage access module and memory node are in same IP network section and same VLAN.
Control node and calculate node can start an OVS (Open vSwitch, virtual friendship on this end node respectively Change planes), the outlet of OVS is the physical network card bound with cloud platform internal management network.Control node and calculate node can be with It is that each functional module distributes a unique port on the OVS of itself according to the functional module division result of itself, it is ensured that The corresponding port IP address of any one functional module port IP address punching not corresponding with other functional modules on same node It is prominent;Subsequently, the message that each functional module the sends VLAN ID allocated by the functional module is carried, management net is entered by OVS Network, through managing forwarded to peer node.
Specifically, the message processing method in cloud platform internal management network can be said by the method flow shown in Fig. 2 It is bright.The method can apply to this end node in cloud platform internal management network, this end node can be control node or Person's calculate node, the method may include following steps:
Step 201:Receive message.
Step 202:The purpose IP address carried with the message are found in multiple functional modules that this end node includes The first functional module matched with VLAN ID;Wherein, the IP network section belonging to multiple functional modules that described end node includes It is different with VLAN.
Step 203:The message is processed using first functional module.
When described end node is control node, first functional module can be following one of function mould Block:Page log-in module, for providing log-in interface;First storage access module, in cloud platform internal management network Memory node be written and read operation;First Virtual machine control module, for being carried out to the virtual machine created in calculate node Operational control;First intercommunication module, for completing other management network functions.
When described end node is calculate node, first functional module can be following one of function mould Block:Second storage access module, for being written and read operation to the memory node in cloud platform internal management network;Second is virtual Machine control module, for coordinating control node to complete the operational control that the virtual machine to having been created on this end node is carried out;Second Intercommunication module, for coordinating control node to complete other management network functions.
Especially, in step 201 message of this end node reception may come from it is right in cloud platform internal management network The second functional module on end node.First functional module and second functional module are for performing on different nodes Same class manages the functional module of network function, the IP ground of the IP address of first functional module and second functional module Location is in same IP network section, and first functional module belongs to same VLAN with second functional module.
So-called of a sort management network function, for example, when the first functional module for the first inside in control node is logical Letter module, when the second functional module is the second intercommunication module in calculate node, the second intercommunication module can basis The parameter that the instruction of the establishment virtual machine that the first intercommunication module is issued and establishment virtual machine need, on calculate node top Administration's virtual machine, what is performed between the two functional modules is of a sort management network function.
Described end node can create an OVS on this node, and be first functional module point on the OVS With a unique port, the outlet of the OVS is the physical network card bound with cloud platform internal management network.
The message that first functional module sends can enter the OVS by its port on OVS, and by this The physical network card of OVS connections enters cloud platform internal management network.The message enters peer node after managing forwarded.
For example, as shown in Figure 3, it is assumed that the IP address of the first intercommunication module in control node is 4.0.0.1, VLAN ID are 104, and the port on OVS 1 is a;The IP address of the second intercommunication module in calculate node is 4.0.0.2, VLAN ID are 104, and the port on OVS 2 is b.The message that then the first intercommunication module sends it is forwarded over Cheng Wei:
1st, the first intercommunication module generation message, the source address of the message is the IP address 4.0.0.1 of this module, purpose Address is the IP address 4.0.0.2 of the second intercommunication module in calculate node, and the message carries VLAN ID 104.
2nd, in control node, the message enters OVS 1 from port a.Support that the OVS 1 of OpenFlow will be according to pre-saving Flow table the message is matched, find the match is successful, then the message is sent on the physical network card being connected with OVS 1, And then the message is forwarded in management network.
3rd, be sent to for the message according to the purpose IP address and VLAN ID of the message by the forwarding unit in management network Calculate node, the message enters the OVS 2 being connected with the physical network card by the physical network card of calculate node.
4th, in calculate node, OVS 2 is matched according to the flow table that itself is preserved to the message, according to the purpose of the message IP address and VLAN ID can match port b, then the message is sent in calculate node includes second by port b Portion's communication module is processed.
So far, the description to Fig. 3 is completed.
In the application, because the message of dealing between node all carries specific VLAN ID, therefore ensure that network every From even if the flow in some network segment of management network is big again, not interfering with the communication of other network segments of management network yet;Together When, when external world's initiation is attacked page log-in module, the attack also cannot be introduced into managing other network segments of network, ensure significantly The stability of cloud platform operation.
For this problem, the application it is also proposed a kind of resolution policy, specifically be presented below:
Described end node can start the first virtual machine on this node;The IP address of first virtual machine with it is described The IP address of the first functional module is in same IP network section, and first virtual machine belongs to same with first functional module One VLAN.
For the message of IP address that source address is first functional module, by first virtual machine by the message Source address modification is the IP address of first virtual machine, then amended message is transmitted to the destination address correspondence of the message Node;For the message of IP address that destination address is first virtual machine, the message is turned by first virtual machine First functional module is issued to be processed.
Due to external " concealment " IP address of first functional module of first virtual machine, therefore described end node First functional module of other the outer nodes not directly with described end node communicates.
When the utilization rate of the CPU (Central Processing Unit, central processing unit) of first virtual machine exceedes During given threshold, described end node can start the second new virtual machine on this node, and be connect by second virtual machine For the function of performing first virtual machine;The IP address of second virtual machine is different from the IP ground of first virtual machine Location, and the IP address of second virtual machine is in same IP network section with the IP address of first functional module, and it is described Second virtual machine belongs to same VLAN with first functional module.With what is how be subject to by virtual machine solution login page Access as a example by attacking, control node can start the first virtual machine on this end node;The IP address of first virtual machine with The IP address of the page log-in module in control node is in same IP network section, and first virtual machine is stepped on the page Land module belongs to same VLAN.
The IP address of the page log-in module that control node is externally noticed is the IP address of first virtual machine, then user is led to The purpose IP address for crossing the access message for logging in cloud platform of user equipment transmission are the IP address of the first virtual machine.The One virtual machine forwards the packet to page log-in module after the access message is received.When page log-in module need to When the user equipment sends response message, then first the response message is sent to the first virtual machine, now the mesh of the response message Address be the user equipment address, source address for page log-in module address.First virtual machine is receiving the response After message, by the IP address that the source address modification of the response message is the first virtual machine, then again by the response behind modified address Message, is sent to user equipment.
After first virtual machine is started, control node is monitored to first virtual machine, when described first When the cpu busy percentage of virtual machine exceedes given threshold, show that first virtual machine is excessively busy, page log-in module has very much can Access can be received to attack, now control node can send alarm notification staff investigation failure, and on this end node Start the second new virtual machine, the IP address of second virtual machine is different from the IP address of first virtual machine, and described The IP address of the second virtual machine is in same IP network section, and second virtual machine with the IP address of the page log-in module Belong to same VLAN with the page log-in module.Execution first virtual machine is just taken over by second virtual machine afterwards Function, log in demand for normal user providing a new external IP address and use, and original access is attacked then Can be by being connected to up to the first virtual machine with what the first virtual machine was set up before, will not be to the second virtual machine and page log-in module Impact.
In sum, the technical scheme that the application is provided is drawn by the function to the management network inside cloud platform Point, the management network function according to performed by node marks off multiple functional modules in intra-node, and to perform different management The functional module of network function distributes the IP address and different VLAN ID of different IP network sections, so as in the difference of management network Network Isolation is realized between function, accordingly even when the external world initiates the attack to page log-in module, the attack does not interfere with pipe yet Other network segments of network are managed, so as to improve cloud platform reliability of operation and stability.And, the application is by by cloud platform The management network function for being easy to be attacked provides protection with virtual machine, it is ensured that the controller node of cloud platform will not be subject to Influence is attacked, the reliability of cloud platform is also improved.
The method that the application is provided is described above.The device that the application is provided is described below.
It is a kind of functional block diagram of message process device that the embodiment of the present application is provided referring to Fig. 4, the device can be with It is applied to this end node in cloud platform internal management network.Described device includes:
Receiving unit 401, for receiving message.
Module searches unit 402, for being found in multiple functional modules for including in this end node and the message is carried Purpose IP address and the first functional modules for matching of VLAN ID;Wherein, multiple functional modules that described end node includes Affiliated IP network section and VLAN are different.
Message process unit 403, for processing the message using first functional module.
Optionally, the message is from the second function mould on the peer node in the cloud platform internal management network Block;First functional module and second functional module are to be used to perform same class management network function on different nodes Functional module, the IP address of first functional module is in same IP network section with the IP address of second functional module, First functional module belongs to same VLAN with second functional module.
Optionally, when described end node be control node when, first functional module can for it is following one of them Functional module:Page log-in module, for providing log-in interface;First storage access module, for cloud platform internal control Memory node in network is written and read operation;First Virtual machine control module, for virtual to what is created in calculate node Machine carries out operational control;First intercommunication module, for completing other management network functions.
Optionally, when described end node be calculate node when, first functional module can for it is following one of them Functional module:Second storage access module, for being written and read operation to the memory node in cloud platform internal management network;The Two Virtual machine control modules, for coordinating control node to complete the operation control that the virtual machine to having been created on this end node is carried out System;Second intercommunication module, for coordinating control node to complete other management network functions.
Optionally, described device can also include:
Virtual machine start unit, for starting the first virtual machine on this end node;The IP address of first virtual machine Same IP network section, and first virtual machine and first functional module are in the IP address of first functional module Belong to same VLAN;For the message of IP address that source address is first functional module, will by first virtual machine The source address modification of the message is the IP address of first virtual machine, then amended message is transmitted to the purpose of the message The corresponding node in address;For the message of IP address that destination address is first virtual machine, will by first virtual machine The message is transmitted to first functional module and is processed.
Optionally, the virtual machine start unit, can be also used for exceeding when the utilization rate of the CPU of first virtual machine During given threshold, the second new virtual machine is started on this end node, and execution described first is taken over by second virtual machine The function of virtual machine;The IP address of second virtual machine is different from the IP address of first virtual machine, and second void The IP address of the IP address of plan machine and first functional module is in same IP network section, and second virtual machine with it is described First functional module belongs to same VLAN.
Optionally, described device can also include:
Virtual switch creating unit, for creating virtual switch on this end node, and in the virtual switch Upper is the unique port of first functional module distribution, and the outlet of the virtual switch is and cloud platform internal management network The physical network card of binding;The message that first functional module sends enters the virtual switch by the port, and leads to The physical network card for crossing the virtual switch connection enters cloud platform internal management network.
It should be noted that the division in the embodiment of the present invention to unit is schematical, only a kind of logic function Divide, there can be other dividing mode when actually realizing.Each functional unit in embodiments herein can be integrated in In one processing unit, or unit is individually physically present, it is also possible to which two or more units are integrated in one In individual unit.Above-mentioned integrated unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit Realize.
As shown in figure 5, the embodiment of the present application also provides a kind of message process device, described device include communication interface 501, Processor 502, memory 503 and bus 504;Wherein, communication interface 501, processor 502, memory 503 pass through bus 504 Complete mutual communication.
Wherein, communication interface 501, for being communicated with other nodes in cloud platform internal management network.Processor 502 can To be a CPU, memory 503 can be nonvolatile memory (non-volatile memory), and memory 503 In be stored with Message processing logical order, processor 502 can perform the Message processing logical order stored in memory 503, To realize the message processing method shown in Fig. 2, the flow shown in Fig. 2 is for details, reference can be made to.
The preferred embodiment of the application is the foregoing is only, is not used to limit the application, all essences in the application Within god and principle, any modification, equivalent substitution and improvements done etc. should be included within the scope of the application protection.

Claims (14)

1. a kind of message processing method, it is characterised in that methods described is applied to this end segment in cloud platform internal management network Point, methods described includes:
Receive message;
The purpose Internet protocol IP address and void carried with the message are found in multiple functional modules that this end node includes Intend the first functional module that LAN ID VLAN ID match;
The message is processed using first functional module;
Wherein, the IP network section and VLAN belonging to multiple functional modules that described end node includes are different.
2. the method for claim 1, it is characterised in that the message is from the cloud platform internal management network The second functional module on peer node;
First functional module and second functional module are for performing same class management network function on different nodes Functional module, the IP address of the IP address of first functional module and second functional module is in same IP network Section, first functional module belongs to same VLAN with second functional module.
3. the method for claim 1, it is characterised in that when described end node is control node, first work( Energy module is following one of functional module:
Page log-in module, for providing log-in interface;
First storage access module, for being written and read operation to the memory node in cloud platform internal management network;
First Virtual machine control module, for carrying out operational control to the virtual machine created in calculate node;
First intercommunication module, for completing other management network functions.
4. the method for claim 1, it is characterised in that when described end node is calculate node, first work( Energy module is following one of functional module:
Second storage access module, for being written and read operation to the memory node in cloud platform internal management network;
Second Virtual machine control module, for coordinating control node to complete the behaviour that the virtual machine to having been created on this end node is carried out Control;
Second intercommunication module, for coordinating control node to complete other management network functions.
5. the method for claim 1, it is characterised in that methods described also includes:
Start the first virtual machine on this end node;The IP ground of the IP address of first virtual machine and first functional module Location is in same IP network section, and first virtual machine belongs to same VLAN with first functional module;
For the message of IP address that source address is first functional module, by first virtual machine by the source ground of the message The IP address of first virtual machine is revised as in location, then the corresponding section of destination address that amended message is transmitted into the message Point;
For the message of IP address that destination address is first virtual machine, forwarded the packet to by first virtual machine First functional module is processed.
6. method as claimed in claim 5, it is characterised in that methods described also includes:
When the utilization rate of the central processor CPU of first virtual machine exceedes given threshold, start on this end node new The second virtual machine, and the function of performing first virtual machine is taken over by second virtual machine;
The IP address of second virtual machine be different from first virtual machine IP address, and second virtual machine IP ground Location is in same IP network section, and second virtual machine and the first function mould with the IP address of first functional module Block belongs to same VLAN.
7. the method for claim 1, it is characterised in that methods described also includes:
Virtual switch is created on this end node, and is that the first functional module distribution is unique on the virtual switch Port, the outlet of the virtual switch is the physical network card bound with cloud platform internal management network;
The message that first functional module sends enters the virtual switch by the port, and by the virtual friendship Change planes connection physical network card enter cloud platform internal management network.
8. a kind of message process device, it is characterised in that described device is applied to this end segment in cloud platform internal management network Point, described device includes:
Receiving unit, for receiving message;
Module searches unit, for finding the purpose net carried with the message in multiple functional modules for including in this end node The first functional module that border Protocol IP address and VLAN ID VLAN ID match;Wherein, described end node includes Multiple functional modules belonging to IP network section and VLAN it is different;
Message process unit, for processing the message using first functional module.
9. device as claimed in claim 8, it is characterised in that the message is from the cloud platform internal management network The second functional module on peer node;
First functional module and second functional module are for performing same class management network function on different nodes Functional module, the IP address of the IP address of first functional module and second functional module is in same IP network Section, first functional module belongs to same VLAN with second functional module.
10. device as claimed in claim 8, it is characterised in that when described end node is control node, first work( Energy module is following one of functional module:
Page log-in module, for providing log-in interface;
First storage access module, for being written and read operation to the memory node in cloud platform internal management network;
First Virtual machine control module, for carrying out operational control to the virtual machine created in calculate node;
First intercommunication module, for completing other management network functions.
11. devices as claimed in claim 8, it is characterised in that when described end node is calculate node, first work( Energy module is following one of functional module:
Second storage access module, for being written and read operation to the memory node in cloud platform internal management network;
Second Virtual machine control module, for coordinating control node to complete the behaviour that the virtual machine to having been created on this end node is carried out Control;
Second intercommunication module, for coordinating control node to complete other management network functions.
12. devices as claimed in claim 8, it is characterised in that described device also includes:
Virtual machine start unit, for starting the first virtual machine on this end node;The IP address of first virtual machine and institute The IP address for stating the first functional module is in same IP network section, and first virtual machine belongs to first functional module Same VLAN;
For the message of IP address that source address is first functional module, by first virtual machine by the source ground of the message The IP address of first virtual machine is revised as in location, then the corresponding section of destination address that amended message is transmitted into the message Point;
For the message of IP address that destination address is first virtual machine, forwarded the packet to by first virtual machine First functional module is processed.
13. devices as claimed in claim 12, it is characterised in that
The virtual machine start unit, is additionally operable to exceed setting when the utilization rate of the central processor CPU of first virtual machine During threshold value, the second new virtual machine is started on this end node, and it is virtual to take over execution described first by second virtual machine The function of machine;
The IP address of second virtual machine be different from first virtual machine IP address, and second virtual machine IP ground Location is in same IP network section, and second virtual machine and the first function mould with the IP address of first functional module Block belongs to same VLAN.
14. devices as claimed in claim 8, it is characterised in that described device also includes:
Virtual switch creating unit, for creating virtual switch on this end node, and be on the virtual switch First functional module distributes unique port, and the outlet of the virtual switch is to be bound with cloud platform internal management network Physical network card;
The message that first functional module sends enters the virtual switch by the port, and by the virtual friendship Change planes connection physical network card enter cloud platform internal management network.
CN201710087524.2A 2017-02-17 2017-02-17 A kind of message processing method and device Active CN106878075B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710087524.2A CN106878075B (en) 2017-02-17 2017-02-17 A kind of message processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710087524.2A CN106878075B (en) 2017-02-17 2017-02-17 A kind of message processing method and device

Publications (2)

Publication Number Publication Date
CN106878075A true CN106878075A (en) 2017-06-20
CN106878075B CN106878075B (en) 2019-08-06

Family

ID=59166511

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710087524.2A Active CN106878075B (en) 2017-02-17 2017-02-17 A kind of message processing method and device

Country Status (1)

Country Link
CN (1) CN106878075B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109428863A (en) * 2017-08-30 2019-03-05 阿里巴巴集团控股有限公司 Safety protecting method, data processing method, device and the equipment of container service
CN111669310A (en) * 2019-03-08 2020-09-15 厦门网宿有限公司 Batch processing method for network isolation space in pptp vpn and pptp vpn server
CN115150557A (en) * 2022-08-30 2022-10-04 杭州萤石软件有限公司 Internet of things camera, message processing method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841451A (en) * 2009-12-30 2010-09-22 北京世纪互联宽带数据中心有限公司 Virtual local area network-based speed limiting method and system for cloud hosts
CN101924707A (en) * 2010-09-27 2010-12-22 杭州华三通信技术有限公司 Method and equipment for processing message of address resolution protocol (ARP)
US20110075664A1 (en) * 2009-09-30 2011-03-31 Vmware, Inc. Private Allocated Networks Over Shared Communications Infrastructure
CN103746997A (en) * 2014-01-10 2014-04-23 浪潮电子信息产业股份有限公司 Network security solution for cloud computing center
CN104660479A (en) * 2015-02-13 2015-05-27 南京华讯方舟通信设备有限公司 Networking method and network system
CN106027491A (en) * 2016-04-29 2016-10-12 天津赞普科技股份有限公司 Independent link type communication processing method and system based on isolated IP (Internet Protocol) address

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110075664A1 (en) * 2009-09-30 2011-03-31 Vmware, Inc. Private Allocated Networks Over Shared Communications Infrastructure
CN101841451A (en) * 2009-12-30 2010-09-22 北京世纪互联宽带数据中心有限公司 Virtual local area network-based speed limiting method and system for cloud hosts
CN101924707A (en) * 2010-09-27 2010-12-22 杭州华三通信技术有限公司 Method and equipment for processing message of address resolution protocol (ARP)
CN103746997A (en) * 2014-01-10 2014-04-23 浪潮电子信息产业股份有限公司 Network security solution for cloud computing center
CN104660479A (en) * 2015-02-13 2015-05-27 南京华讯方舟通信设备有限公司 Networking method and network system
CN106027491A (en) * 2016-04-29 2016-10-12 天津赞普科技股份有限公司 Independent link type communication processing method and system based on isolated IP (Internet Protocol) address

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
夏之斌: "云计算的虚拟网络管理系统的研究与实现", 《中国优秀硕士论文全文数据库信息科技辑》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109428863A (en) * 2017-08-30 2019-03-05 阿里巴巴集团控股有限公司 Safety protecting method, data processing method, device and the equipment of container service
CN109428863B (en) * 2017-08-30 2022-08-02 阿里巴巴集团控股有限公司 Safety protection method, data processing method, device and equipment for container service
CN111669310A (en) * 2019-03-08 2020-09-15 厦门网宿有限公司 Batch processing method for network isolation space in pptp vpn and pptp vpn server
CN115150557A (en) * 2022-08-30 2022-10-04 杭州萤石软件有限公司 Internet of things camera, message processing method and device

Also Published As

Publication number Publication date
CN106878075B (en) 2019-08-06

Similar Documents

Publication Publication Date Title
CN104685507B (en) Virtual secure device architecture is provided to virtual cloud foundation structure
CN103346981B (en) Virtual switch method, relevant apparatus and computer system
CN103930882B (en) The network architecture with middleboxes
US9705930B2 (en) Method and system for using virtual tunnel end-point registration and virtual network identifiers to manage virtual extensible local area network access
CN103812704B (en) A kind of public network IP dynamic management approach of Virtual machine
CN105207873B (en) A kind of message processing method and device
US9641450B1 (en) Resource placement templates for virtual networks
CN105577548B (en) Message processing method and device in a kind of software defined network
ES2713078T3 (en) System and method to implement and manage virtual networks
CN103152256B (en) Virtual routing network design method based on cloud computing data center
CN106712988B (en) A kind of virtual network management method and device
CN106844000A (en) Using the method and apparatus of browser access linux container cluster under a kind of multi-user environment
CN103346900B (en) Method for configuring route after live migration of virtual machine and gateway in big double layer network
US20120317566A1 (en) Virtual machine packet processing
CN105429811B (en) network management system and method
CN103718527B (en) Communication security processing method, apparatus and system
CN104468368B (en) Configure the method and device of bgp neighbor
TW202037127A (en) Logical router comprising disaggregated network elements
CN106533890A (en) Message processing method, device and system
CN105635190B (en) Service executing apparatus in data center network and device
CN1826769A (en) Virtual network device
CN102884761A (en) Virtual switching overlay for cloud computing
JP2011160171A (en) Interface control system, interface control method, and program for controlling interface
CN107113219A (en) VLAN marks in virtual environment
CN108777640A (en) A kind of server detection method, device, system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant