CN106953788B - virtual network controller and control method - Google Patents
virtual network controller and control method Download PDFInfo
- Publication number
- CN106953788B CN106953788B CN201710082464.5A CN201710082464A CN106953788B CN 106953788 B CN106953788 B CN 106953788B CN 201710082464 A CN201710082464 A CN 201710082464A CN 106953788 B CN106953788 B CN 106953788B
- Authority
- CN
- China
- Prior art keywords
- flow
- bridge
- traffic
- ovs
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 12
- 238000002955 isolation Methods 0.000 abstract description 3
- 230000000694 effects Effects 0.000 abstract description 2
- 230000008859 change Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000001914 filtration Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
- H04L12/462—LAN interconnection over a bridge based backbone
- H04L12/4625—Single bridge functionality, e.g. connection of two networks over a single bridge
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/58—Association of routers
- H04L45/586—Association of routers of virtual routers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
Abstract
The invention discloses a virtual network controller and a control method. The controller includes: the system comprises a first OVS bridge and a second OVS bridge which are connected with each other, a router and a DHCP server which are connected with the second OVS bridge, and at least one linux bridge, wherein one linux bridge is connected with one virtual machine and is connected with the second OVS bridge through a virtual network card pair; the first OVS network bridge is connected with a host network port and is an external flow inlet and a virtual machine flow outlet; the DHCP server is used for providing IP address distribution service; routers are used to provide routing firewall services. The invention integrates OVS and the naming space, and realizes the arbitrary combination, intercommunication and isolation of the virtual network and the entity network because the resource in each naming space is transparent to other naming spaces; and the characteristics of the network flow such as source IP, destination IP, source port, destination port, connection state and the like can be filtered, and the safety protection effect is achieved.
Description
Technical Field
The invention relates to the technical field of virtual networks, in particular to a virtual network controller and a control method.
Background
cloud computing is a product of development and fusion of traditional computer and network technologies, such as distributed computing, parallel computing, utility computing, network storage, virtualization, load balancing and the like. Cloud computing is a mode for delivering and using IT resources, and refers to a network for acquiring resources such as required hardware, platforms, software, and services in an on-demand and flexible manner, and the network for providing the resources is called "cloud". Resources in the "cloud" appear to the user to be infinitely expandable and can be acquired at any time, used on demand, expanded at any time, paid for by volume. The main contents of cloud computing include Infrastructure As A Service (IAAS), platform as a Service, software as a Service, and the like.
at present, products under the line are more and more abundant in the cloud computing period, and the change of the requirements and the functions can cause the great change of the IAAS layer virtualization network. The conventional virtual network architecture is shown in fig. 1, and has the advantages of simplicity, easy operation (an operator does not need to master a complex virtual network technology), and the like. The device has a single use scene and simple functions, and is particularly suitable for internal and personal tests of small and medium-sized enterprises. However, the structure has the following problems for offline products in the cloud computing field: in order to ensure the isolation of the network among users, the host needs to allocate a host port and a virtual bridge to each user. Therefore, each change of the network (for example, the change of the number of users) requires adjustment of the underlying virtual network architecture, and the universality is not strong. The traditional virtual network architecture is also not conducive to expansion if new network requirements are needed at a later stage. The communication between networks depends on external network equipment, and users cannot control the communication between virtual machines in different networks or control the communication between virtual machines in the same network, so that the lack of safety function is caused.
Disclosure of Invention
in order to solve the above problems in the prior art, the present invention provides a virtual network controller and a control method.
in order to achieve the purpose, the invention adopts the following technical scheme:
The network system comprises a first OVS (openvsitch) bridge and a second OVS bridge which are connected with each other, a router and a DHCP (Dynamic Host Configuration Protocol) server which are connected with the second OVS bridge, and further comprises at least one linux bridge, wherein one linux bridge is connected with one virtual machine and is connected with the second OVS bridge through a virtual network card pair consisting of a first virtual network card and a second virtual network card; the first OVS network bridge is connected with a host network port and is an external flow inlet and a virtual machine flow outlet; the DHCP server is a DHCP server based on a namespace and is used for providing IP address distribution service; the router is a namespace (namespace) -based virtual router for providing routing and firewall services.
further, the OVS bridge includes a flow table and a channel, the flow table includes a header field, a counter, and an operation list, the header field includes an input port, an MAC source address, an MAC destination address, an ethernet type, a virtual local area network ID, an IP source address, an IP destination address, an IP port, a TCP source port, and a TCP destination port, and is used for performing matching check on input traffic; the counter is used for counting the number of matched data packets and bytes; the operation list is used for storing the matched action strategies.
The invention also provides a virtual network control method, which comprises the following steps:
the virtual machine flow input step:
The method comprises the steps that a first OVS bridge acquires external flow, checks the flow, and forwards the flow to a second OVS bridge after converting the flow according to a flow table strategy if a field or a plurality of fields of a data message of the flow is matched with a header field of a user-defined flow table; if the data message of the flow does not have a field matched with a header field of a user-defined flow table, directly forwarding the flow to a second OVS bridge;
The second OVS bridge checks the flow forwarded by the first OVS bridge, and if a certain field or a plurality of fields of the data message of the flow is/are matched with a header field of a user-defined flow table, the flow is converted according to a flow table strategy and then forwarded; if the data message of the flow does not have a field matched with a header field of a user-defined flow table, directly forwarding the flow: if the request is a DHCP request, forwarding the request to a DHCP server, if the request is cross-network access, forwarding the request to a router, and if the request is same-network access, forwarding the request to a linux bridge through a virtual network card pair;
the router performs firewall rule check on the flow forwarded by the second OVS bridge, and if the firewall is released, the router forwards the flow to the linux bridge of the released network; if the firewall rejects, discarding the traffic;
The linux bridge performs host firewall rule check on the traffic forwarded by the second OVS bridge, and if the host firewall is released, the traffic is forwarded to the virtual machine; if the host firewall rejects, discarding the traffic;
And (3) outputting the flow by the virtual machine:
The linux bridge acquires flow from the virtual machine, checks the host firewall rule, and forwards the flow to the second OVS bridge through the virtual network card pair if the host firewall is released; if the host firewall rejects, discarding the traffic;
the second OVS bridge checks the flow acquired from the linux bridge, and if a certain field or a plurality of fields of the data message of the flow is/are matched with a header field of a user-defined flow table, the flow is converted according to a flow table strategy and then forwarded; if the data message of the flow does not have a field matched with a header field of a user-defined flow table, directly forwarding the flow: if the traffic is the DHCP request, forwarding the traffic to a DHCP server, if the traffic is cross-network access, forwarding the traffic to a router, if the traffic is same network access, forwarding the traffic to a linux bridge of a target virtual machine through a virtual network card pair, and if the target address and the source address of the traffic are not in the same host, forwarding the traffic to a first OVS bridge;
The router carries out firewall rule check on the flow forwarded by the second OVS bridge, and if the firewall is released and the destination address is in the same host, the flow is directly forwarded to the linux bridge of the released network; if not, to the first OVS bridge; if the firewall rejects, discarding the traffic;
the first OVS bridge checks the flow forwarded by the second OVS bridge, and if a certain field or a plurality of fields of the data message of the flow is/are matched with a header field of a user-defined flow table, the flow is converted according to a flow table strategy and then forwarded to a host network port; and if the data message of the flow does not have a field matched with the header field of the user-defined flow table, directly forwarding the flow to a host network port.
Compared with the prior art, the invention has the following beneficial effects:
The virtual network controller comprises an OVS bridge, a router based on a name space, a DHCP server and a linux bridge for connecting virtual machines one by one (one linux bridge is connected with one virtual machine), so that system resources are not global any more but belong to a specific name space. Because the resources in each Namespace are transparent to other Namespace, the arbitrary combination, intercommunication and isolation of virtual networks and entity networks are realized; and the characteristics of the network flow such as source IP, destination IP, source port, destination port, connection state and the like can be filtered, and the safety protection effect is achieved.
Drawings
FIG. 1 is a diagram illustrating a conventional virtual network architecture;
FIG. 2 is a block diagram of a virtual network controller according to an embodiment of the present invention;
FIG. 3 is a block diagram of a virtual network controller according to another embodiment of the present invention;
Fig. 4 is a flowchart of a virtual network control method according to an embodiment of the present invention.
in the figure: 1-a first OVS network bridge, 2-a second OVS network bridge, 3-a virtual network card pair, 31-a first virtual network card, 32-a second virtual network card, 4-a linux network bridge, 5-a router and 6-a DHCP server.
Detailed Description
the present invention will be described in further detail with reference to the accompanying drawings.
Fig. 2 shows a schematic architecture diagram of a virtual network controller according to an embodiment of the present invention, which includes: the network system comprises a first OVS network bridge 1, a second OVS network bridge 2, a router 5 and a DHCP server 6, wherein the first OVS network bridge 1 and the second OVS network bridge 2 are connected with each other, the router 5 and the DHCP server 6 are connected with the second OVS network bridge 2, the network system further comprises at least one linux network bridge 4, and one linux network bridge 4 is connected with one virtual machine and is connected with the second OVS network bridge 2 through a pair of virtual network cards 3 consisting of a first virtual network card 31 and a second virtual network card 32; the DHCP server 6 is a namespace-based DHCP server and is used for providing IP address allocation service; the router 5 is a namespace-based virtual router for providing routing and firewall services.
in this embodiment, the virtual network card pair 3 (path pair) is a pair of virtual network cards under linux, and is used for a communication mode between different network namespaces. A data packet sent from a veth network card can directly reach the peer veth thereof, and a virtual link exists between the two. As shown in fig. 2, the first virtual network card 31 of the virtual network card pair 3 is connected to the second OVS bridge 2, and the second virtual network card 32 is connected to the linux bridge 4, and is configured to transmit traffic between the second OVS bridge 2 and the linux bridge 4.
in this embodiment, both the first OVS bridge 1 and the second OVS bridge 2 are openvsitch bridges. openvsitch is a virtual switch controller developed by nicora Networks, and openvsitch bridges are virtual switches created by openvsitch. The openvsitch supports openflow protocols, flow control strategies of flow of each virtual machine network card, multi-port binding based on a source MAC load balancing mode, a main standby mode and an L4 hash mode, IPV6 and multiple tunnel protocols.
in this embodiment, the router 5 is a virtual router based on a namespace, and can support routing policies between different networks, and also support iptables firewall rules, thereby enabling secure intercommunication in a three-layer network. The iptables is a command line tool for configuring a Linux kernel firewall and is used for controlling a Linux kernel netfilters module. If the Linux system is connected to the internet or a LAN, a server or a proxy server connecting the LAN and the internet, the system facilitates better control of IP packet filtering and firewall configuration on the Linux system. When the firewall makes a packet filtering decision, a set of following and composing rules are stored in a special packet filtering table which is integrated in the Linux kernel. In the packet filter table, rules are grouped in so-called chains (chain).
In this embodiment, the linux bridge 4 is configured to connect to a virtual machine, and is connected to the second OVS bridge 2 through the pair of virtual network cards 3. The linux bridge 4 is a linux-based bridge for connecting devices for TCP/IP layer two protocol switching, and functions similar to a real switch. The Linux bridge can be connected with other network devices on Linux, namely, a slave device is added, which is equivalent to connecting a network cable between a real switch and a user terminal. The linux bridge works on a data link layer, and when data arrives, the linux bridge broadcasts, forwards and discards according to MAC information in a message. In this embodiment, one host may correspond to multiple virtual machines, different virtual machines may belong to the same network or different networks, and one linux bridge 4 is connected to one virtual machine. Thus, the number of linux bridges 4 is at least 1. By setting different numbers of virtual machines, the virtual controller of the invention can be applied to different scenes. FIG. 2 is the simplest application scenario when the number of virtual machines is 1; fig. 3 is an application scenario in which the number of virtual machines is 2 and the virtual machines belong to the same network.
As an alternative embodiment, the OVS bridge (1, 2) comprises a flow table and a channel (the OVS supports the OpenFlow protocol for managing the flow table of the OVS bridge), the flow table comprises a header field, a counter and an operation list, the header field comprises an input port, a MAC source address, a MAC destination address, an ethernet type, a virtual local area network ID, an IP source address, an IP destination address, an IP port, a TCP source port, a TCP destination port, and is used for performing matching check on the input traffic; the counter is used for counting the number of matched data packets and bytes; the operation list is used for storing the matched action strategies, and the action strategies comprise forwarding after converting the header field, normal forwarding, discarding and the like.
the present invention further provides an embodiment of a virtual network control method, and a flowchart is shown in fig. 4, where the method includes:
step 100, inputting a flow by a virtual machine:
step 101, a first OVS bridge 1 obtains external traffic, checks the traffic, converts the traffic according to a flow table policy if a field or fields of a data packet of the traffic are matched with a header field of a flow table customized by a user (for example, if one flow table policy customized by the user is that a traffic with a matching source IP address of 192.168.1.1 and a virtual local area network ID of 10 changes the virtual local area network ID to 11, if the source IP address of the data packet of the traffic is 192.168.1.1 and the virtual local area network ID field is 10, the virtual local area network ID of the data packet of the traffic needs to be converted to 11), and forwards the data packet of the traffic to a second OVS bridge 2; if the data message of the flow does not have a field matched with the header field of the user-defined flow table, the flow is directly forwarded to a second OVS bridge 2;
102, the second OVS bridge 2 checks the traffic forwarded by the first OVS bridge 1, and if a certain field or a plurality of fields of the data packet of the traffic are matched with the header field of the user-defined flow table, the traffic is forwarded after being converted according to the flow table policy; if the data message of the flow does not have a field matched with a header field of a user-defined flow table, directly forwarding the flow: if the request is a DHCP request, forwarding the request to a DHCP server 6, if the request is cross-network access, forwarding the request to a router 5, and if the request is same-network access, forwarding the request to a linux bridge 4 through a virtual network card 3 pair;
Step 103, the router 5 performs firewall rule check on the traffic forwarded by the second OVS bridge 2, and if the firewall is released, forwards the traffic to the linux bridge of the released network; if the firewall rejects, discarding the traffic;
104, the linux bridge 4 performs host firewall rule check on the traffic forwarded by the second OVS bridge 2, and if the host firewall is released, forwards the traffic to the virtual machine; if the host firewall rejects, discarding the traffic;
step 200, the virtual machine outputs flow:
step 201, the linux bridge 4 acquires flow from the virtual machine, checks the host firewall rule, and forwards the flow to the second OVS bridge 2 through the virtual network card pair 3 if the host firewall is released; if the host firewall rejects, discarding the traffic;
Step 202, the second OVS bridge 2 checks the traffic acquired from the linux bridge 4, and if a field or fields of the data packet of the traffic are matched with a header field of a user-defined flow table, the traffic is converted according to a flow table policy and then forwarded; if the data message of the flow does not have a field matched with a header field of a user-defined flow table, directly forwarding the flow: if the request is a DHCP request, forwarding the request to a DHCP server 6, if the request is cross-network access, forwarding the request to a router 5, if the request is same-network access, forwarding the request to a linux bridge 4 of a destination virtual machine (different from the virtual machine in the step 201) through a virtual network card pair 3, and if the destination address and the source address of the traffic are not in the same host (physical host), forwarding the request to a first OVS bridge 1;
step 203, the router 5 checks the firewall rules of the traffic forwarded by the second OVS bridge 2, and if the firewall is released and the destination address is in the same host, the traffic is directly forwarded to the linux bridge 4 of the released network; if not, to the first OVS bridge 1; if the firewall rejects, discarding the traffic;
step 204, the first OVS bridge checks the traffic forwarded by the second OVS bridge, and if a field or fields of the data packet of the traffic are matched with the header field of the user-defined flow table, the traffic is converted according to the flow table policy and then forwarded to the host network port; and if the data message of the flow does not have a field matched with the header field of the user-defined flow table, directly forwarding the flow to a host network port.
The above description is only for the purpose of illustrating a few embodiments of the present invention, and should not be taken as limiting the scope of the present invention, in which all equivalent changes, modifications, or equivalent scaling-up or down, etc. made in accordance with the spirit of the present invention should be considered as falling within the scope of the present invention.
Claims (1)
1. a virtual network control method, comprising:
the virtual machine flow input step:
the method comprises the steps that a first OVS bridge acquires external flow, checks the flow, and forwards the flow to a second OVS bridge after converting the flow according to a flow table strategy if a field or a plurality of fields of a data message of the flow is matched with a header field of a user-defined flow table; if the data message of the flow does not have a field matched with a header field of a user-defined flow table, directly forwarding the flow to a second OVS bridge;
The second OVS bridge checks the flow forwarded by the first OVS bridge, and if a certain field or a plurality of fields of the data message of the flow is/are matched with a header field of a user-defined flow table, the flow is converted according to a flow table strategy and then forwarded; if the data message of the flow does not have a field matched with a header field of a user-defined flow table, directly forwarding the flow: if the request is a DHCP request, forwarding the request to a DHCP server, if the request is cross-network access, forwarding the request to a router, and if the request is same-network access, forwarding the request to a linux bridge through a virtual network card pair;
the router performs firewall rule check on the flow forwarded by the second OVS bridge, and if the firewall is released, the router forwards the flow to the linux bridge of the released network; if the firewall rejects, discarding the traffic;
the linux bridge performs host firewall rule check on the traffic forwarded by the second OVS bridge, and if the host firewall is released, the traffic is forwarded to the virtual machine; if the host firewall rejects, discarding the traffic;
and (3) outputting the flow by the virtual machine:
The linux bridge acquires flow from the virtual machine, checks the host firewall rule, and forwards the flow to the second OVS bridge through the virtual network card pair if the host firewall is released; if the host firewall rejects, discarding the traffic;
The second OVS bridge checks the flow acquired from the linux bridge, and if a certain field or a plurality of fields of the data message of the flow is/are matched with a header field of a user-defined flow table, the flow is converted according to a flow table strategy and then forwarded; if the data message of the flow does not have a field matched with a header field of a user-defined flow table, directly forwarding the flow: if the traffic is the DHCP request, forwarding the traffic to a DHCP server, if the traffic is cross-network access, forwarding the traffic to a router, if the traffic is same network access, forwarding the traffic to a linux bridge of a target virtual machine through a virtual network card pair, and if the target address and the source address of the traffic are not in the same host, forwarding the traffic to a first OVS bridge;
the router carries out firewall rule check on the flow forwarded by the second OVS bridge, and if the firewall is released and the destination address is in the same host, the flow is directly forwarded to the linux bridge of the released network; if not, to the first OVS bridge; if the firewall rejects, discarding the traffic;
the first OVS bridge checks the flow forwarded by the second OVS bridge, and if a certain field or a plurality of fields of the data message of the flow is/are matched with a header field of a user-defined flow table, the flow is converted according to a flow table strategy and then forwarded to a host network port; and if the data message of the flow does not have a field matched with the header field of the user-defined flow table, directly forwarding the flow to a host network port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710082464.5A CN106953788B (en) | 2017-02-16 | 2017-02-16 | virtual network controller and control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710082464.5A CN106953788B (en) | 2017-02-16 | 2017-02-16 | virtual network controller and control method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106953788A CN106953788A (en) | 2017-07-14 |
| CN106953788B true CN106953788B (en) | 2019-12-13 |
Family
ID=59466550
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710082464.5A Active CN106953788B (en) | 2017-02-16 | 2017-02-16 | virtual network controller and control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106953788B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2609258A (en) * | 2021-07-27 | 2023-02-01 | Cubic Telecom Ltd | Vehicle data |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107547404B (en) * | 2017-07-31 | 2019-11-05 | 新华三技术有限公司 | Flow table generation method and device and message forwarding method and device |
| CN108471383B (en) * | 2018-02-08 | 2021-02-12 | 华为技术有限公司 | Message forwarding method, device and system |
| CN110636036A (en) * | 2018-06-22 | 2019-12-31 | 复旦大学 | OpenStack cloud host network access control method based on SDN |
| CN108833305B (en) * | 2018-07-17 | 2024-04-05 | 北京西普阳光科技股份有限公司 | Virtual network device of host |
| CN109639554B (en) * | 2018-12-26 | 2022-01-21 | 山东有人物联网股份有限公司 | Remote VLAN implementation method |
| CN109768901B (en) * | 2019-01-23 | 2022-03-04 | 郑州云海信息技术有限公司 | Method and system for testing functions of BMC IPV6 based on virtual machine |
| CN109889529B (en) * | 2019-03-01 | 2021-06-08 | 国电南瑞科技股份有限公司 | IPTABLE-based firewall implementation method for communication controller |
| CN109889533B (en) * | 2019-03-11 | 2021-07-20 | 北京网御星云信息技术有限公司 | Security defense method and system under cloud environment and computer readable storage medium |
| CN110086824B (en) * | 2019-05-08 | 2021-10-15 | 苏州浪潮智能科技有限公司 | Self-adaptive configuration method, device and equipment for firewall policy of virtual machine |
| CN112187500A (en) * | 2019-07-04 | 2021-01-05 | 中兴通讯股份有限公司 | Network element management device and message processing method |
| CN111030980A (en) * | 2019-08-09 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Linux transparent network equipment platform implementation method, device and storage medium |
| CN112165460B (en) * | 2020-09-10 | 2023-07-25 | 杭州安恒信息技术股份有限公司 | Flow detection method, device, computer equipment and storage medium |
| CN112291252B (en) * | 2020-11-02 | 2022-06-24 | 浪潮云信息技术股份公司 | Architecture and method for realizing symmetric flow guidance of north-south flow |
| CN112671578B (en) * | 2020-12-23 | 2022-06-03 | 北京浪潮数据技术有限公司 | SRIOV virtual network configuration method and related device |
| CN113839933B (en) * | 2021-09-13 | 2023-09-26 | 紫光云(南京)数字技术有限公司 | Method for solving multi-network card flow by utilizing security group |
| CN114301868B (en) * | 2021-12-30 | 2023-07-11 | 上海观安信息技术股份有限公司 | Method for quickly generating virtual container floating IP and method and device for network direct connection |
| CN115834291B (en) * | 2022-11-16 | 2024-04-09 | 中国联合网络通信集团有限公司 | Distributed intranet service data acquisition method, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104394130A (en) * | 2014-11-12 | 2015-03-04 | 国云科技股份有限公司 | A multi-tenant virtual network isolating method |
| CN106034052A (en) * | 2015-03-13 | 2016-10-19 | 北京网御星云信息技术有限公司 | System and method for monitoring two-layer traffic among virtual machines |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9379973B2 (en) * | 2013-02-11 | 2016-06-28 | Cisco Technology, Inc. | Binary compatible extension architecture in an openflow compliant network environment |
-
2017
- 2017-02-16 CN CN201710082464.5A patent/CN106953788B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104394130A (en) * | 2014-11-12 | 2015-03-04 | 国云科技股份有限公司 | A multi-tenant virtual network isolating method |
| CN106034052A (en) * | 2015-03-13 | 2016-10-19 | 北京网御星云信息技术有限公司 | System and method for monitoring two-layer traffic among virtual machines |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2609258A (en) * | 2021-07-27 | 2023-02-01 | Cubic Telecom Ltd | Vehicle data |
| WO2023006716A1 (en) * | 2021-07-27 | 2023-02-02 | Cubic Telecom Limited | Vehicle data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106953788A (en) | 2017-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106953788B (en) | virtual network controller and control method | |
| CN105659563B (en) | System and method for the duplication of software-defined network perception data | |
| Jain et al. | Network virtualization and software defined networking for cloud computing: a survey | |
| US8730793B2 (en) | Method and apparatus providing network redundancy and high availability to remote network nodes | |
| CN103997414B (en) | Generate method and the network control unit of configuration information | |
| CN105610632B (en) | Virtual network equipment and related method | |
| US9917729B2 (en) | Methods, systems, and computer readable media for multi-layer orchestration in software defined networks (SDNs) | |
| CN112470436A (en) | Multi-cloud connectivity using SRV6 and BGP | |
| CA2968964C (en) | Source ip address transparency systems and methods | |
| CN104780088A (en) | Service message transmission method and equipment | |
| CN109120494A (en) | The method of physical machine is accessed in cloud computing system | |
| CN106656719A (en) | Inter-cloud communication method and related device, and inter-cloud communication configuration method and related device | |
| CN105262667A (en) | Method and device for controlling multicast transmission in Overlay network | |
| CN103763310A (en) | Firewall service system and method based on virtual network | |
| CN104394080A (en) | Method and device for achieving function of security group | |
| CN102916897B (en) | A kind of method and apparatus realizing VRRP load balancing | |
| CN111638957A (en) | Method for realizing cluster sharing type public cloud load balance | |
| EP4320839A1 (en) | Architectures for disaggregating sdn from the host | |
| EP4320516A1 (en) | Scaling host policy via distribution | |
| EP2924925A1 (en) | Communication system, virtual-network management device, communication node, and communication method and program | |
| CN106656717B (en) | A method of dividing network domains | |
| WO2023016248A1 (en) | Method for intercommunication between data centre cloud network and operator network, and communication apparatus | |
| CN117203615A (en) | Extending host policies via distribution | |
| WO2016145577A1 (en) | Access network system, and method and apparatus for processing data packet | |
| PAUL et al. | Mobie applications on global clouds using openflow and software-defined networking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: Room 0001, 1f, block B, No. 18, Zhongguancun Street, Haidian District, Beijing 100080 Patentee after: Beijing Xipu Sunshine Technology Co.,Ltd. Address before: Room 0001, 1f, block B, No. 18, Zhongguancun Street, Haidian District, Beijing 100086 Patentee before: BEIJING SIMPLEWARE EDUCATION TECHNOLOGY CO.,LTD. |
|
| CP03 | Change of name, title or address | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A virtual network controller and its control method Effective date of registration: 20220518 Granted publication date: 20191213 Pledgee: Xiamen International Bank Co.,Ltd. Beijing Branch Pledgor: Beijing Xipu Sunshine Technology Co.,Ltd. Registration number: Y2022990000280 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20231208 Granted publication date: 20191213 Pledgee: Xiamen International Bank Co.,Ltd. Beijing Branch Pledgor: Beijing Xipu Sunshine Technology Co.,Ltd. Registration number: Y2022990000280 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |