CN107241460B - Floating address processing method and electronic equipment - Google Patents
Floating address processing method and electronic equipment Download PDFInfo
- Publication number
- CN107241460B CN107241460B CN201710520998.1A CN201710520998A CN107241460B CN 107241460 B CN107241460 B CN 107241460B CN 201710520998 A CN201710520998 A CN 201710520998A CN 107241460 B CN107241460 B CN 107241460B
- Authority
- CN
- China
- Prior art keywords
- data packet
- address
- network card
- virtual machine
- floating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a floating address processing method and electronic equipment, wherein the method comprises the following steps: when the first equipment receives a data packet forwarded by the second equipment, analyzing the data packet; judging whether the data packet carries identification information or not according to the analysis result of the data packet; if the data packet carries the identification information, the data packet is sent to a first network card of a virtual machine, and the address of the first network card is the floating address of the virtual machine; and if the data packet does not carry the identification information, the data packet is sent to a second network card of the virtual machine, and the address of the second network card is the intranet address of the virtual machine.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a floating address processing method and an electronic device.
Background
Due to limited IP resources, in order to save resources and cost in a cloud computing environment, and from a security point of view, a public network IP is generally not assigned to all Virtual Machines (VMs) by default, but a Floating address (Floating IP) manner is adopted, that is: a group of Floating IPs is leased as an IP pool, and when a certain VM needs a Floating IP, the Floating IP is mapped onto the corresponding VM through a Network Address Translation (NAT) manner, as shown in fig. 1, a target Address Translation (DNAT) and a source Address Translation (SNAT) are implemented through a virtual machine router (VRouter), where the DNAT translates the Floating IP into the IP of the VM in the intranet, and the SNAT translates the IP of the VM in the intranet into the corresponding Floating IP.
The existing scheme has at least the following disadvantages:
1) a User (User) of a VM cannot see whether the VM has a Floating IP and how much the Floating IP is in the VM, which may cause trouble to the User, for example, the User logs in a VM through a Secure Shell protocol (SSH), sees that the IP is inconsistent with an actual IP in the VM, and cannot confirm whether the IP is correctly logged in.
2) Because the user cannot see the Floating IP in the VM, the application of the user cannot directly use the Floating IP, which brings inconvenience to the application of the user, for example, MySQL service, whose service address is 10.100.211.100:3306, needs to monitor 10.100.211.100 IP from the view point of application configuration and security, but cannot be realized in this case.
Disclosure of Invention
To solve the foregoing technical problem, embodiments of the present invention provide a floating address processing method and an electronic device.
The floating address processing method provided by the embodiment of the invention comprises the following steps:
when the first equipment receives a data packet forwarded by the second equipment, analyzing the data packet;
judging whether the data packet carries identification information or not according to the analysis result of the data packet;
if the data packet carries the identification information, the data packet is sent to a first network card of a virtual machine, and the address of the first network card is the floating address of the virtual machine;
and if the data packet does not carry the identification information, the data packet is sent to a second network card of the virtual machine, and the address of the second network card is the intranet address of the virtual machine.
In an embodiment of the present invention, the method further includes:
the first equipment receives configuration information sent by the second equipment;
and the first equipment adds the first network card to the virtual machine based on the configuration information, and configures the floating address of the virtual machine to the first network card, wherein the virtual machine is also provided with the second network card, and the second network card corresponds to the intranet address of the virtual machine.
In an embodiment of the present invention, address information of a source sending end of the data packet is carried in an extended attribute field of the data packet, and the source sending end is a third device;
the method further comprises the following steps:
and if the data packet carries the identification information, extracting the address information of the third equipment from the data packet, and configuring the address information of the third equipment in the source address information of the data packet.
Another embodiment of the present invention provides a floating address processing method, including:
when receiving a data packet sent by third equipment, second equipment judges whether first-class address conversion is needed to be carried out on the data packet, wherein the first-class address conversion is used for converting a floating address into an intranet address;
when first-class address conversion is required to be performed on the data packet, converting a floating address in the data packet into a corresponding intranet address according to a forwarding table, and carrying identification information in the data packet, wherein the identification information is used for identifying that the first-class address conversion is performed on the data packet in the second device;
and sending the data packet to the first device.
In an embodiment of the present invention, the method further includes:
and carrying the address information of the third equipment in the extended attribute field of the data packet.
The electronic device provided by the embodiment of the invention is provided with a virtual machine, and the electronic device comprises:
the communication device is used for receiving the data packet forwarded by the second equipment;
the processor is used for analyzing the data packet; judging whether the data packet carries identification information or not according to the analysis result of the data packet; if the data packet carries the identification information, the data packet is sent to a first network card of a virtual machine, and the address of the first network card is the floating address of the virtual machine; and if the data packet does not carry the identification information, the data packet is sent to a second network card of the virtual machine, and the address of the second network card is the intranet address of the virtual machine.
In an embodiment of the present invention, the communication apparatus is further configured to receive configuration information sent by the second device;
the processor is further configured to add the first network card to the virtual machine based on the configuration information, and configure a floating address of the virtual machine to the first network card, where the virtual machine further has the second network card, and the second network card corresponds to an intranet address of the virtual machine.
In an embodiment of the present invention, address information of a source sending end of the data packet is carried in an extended attribute field of the data packet, and the source sending end is a third device;
the processor is further configured to extract address information of the third device from the data packet and configure the address information of the third device in source address information of the data packet if the data packet carries the identification information.
Another embodiment of the present invention provides an electronic device, including:
the communication device is used for receiving the data packet sent by the third equipment;
the processor is used for judging whether first-class address conversion is needed to be carried out on the data packet, and the first-class address conversion is used for converting a floating address into an intranet address; when first-class address conversion is required to be performed on the data packet, converting a floating address in the data packet into a corresponding intranet address according to a forwarding table, and carrying identification information in the data packet, wherein the identification information is used for identifying that the first-class address conversion is performed on the data packet in the second device;
the communication device is further configured to send the data packet to the first device.
In an embodiment of the present invention, the communication device is further configured to send configuration information to the first device, where the configuration information is used to add a first network card to the first device and configure a floating address of a virtual machine to the first network card, where the virtual machine further has a second network card, and the second network card corresponds to an intranet address of the virtual machine.
In the technical scheme of the embodiment of the invention, when receiving a data packet forwarded by second equipment, first equipment analyzes the data packet; judging whether the data packet carries identification information or not according to the analysis result of the data packet; if the data packet carries the identification information, the data packet is sent to a first network card of a virtual machine, and the address of the first network card is the floating address of the virtual machine; and if the data packet does not carry the identification information, the data packet is sent to a second network card of the virtual machine, and the address of the second network card is the intranet address of the virtual machine. By adopting the technical scheme of the embodiment of the invention, whether the data packet is accessed to the Floating IP of the VM or the internal address of the VM can be determined by judging whether the data packet carries the identification information or not, if the data packet is accessed to the Floating IP of the VM, the data packet is sent to the first network card of the virtual machine, and if the data packet is accessed to the internal address of the VM, the data packet is sent to the second network card of the virtual machine. The VM can know whether the VM configures the Floating IP (i.e., the address of the first network card) and the specific content of the configured Floating IP, so that the user can directly use the Floating IP as needed.
Drawings
FIG. 1 is a diagram of a prior art address translation framework;
FIG. 2 is a first processing framework diagram of Floating IP according to an embodiment of the present invention;
FIG. 3 is a first flowchart illustrating a floating address processing method according to an embodiment of the present invention;
FIG. 4 is a second flowchart illustrating a floating address processing method according to an embodiment of the present invention;
FIG. 5 is a third flowchart illustrating a floating address processing method according to an embodiment of the present invention;
FIG. 6 is a second processing framework for flowing IP in accordance with an embodiment of the present invention;
FIG. 7 is a diagram of a data packet according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
So that the manner in which the features and aspects of the embodiments of the present invention can be understood in detail, a more particular description of the embodiments of the invention, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings.
The embodiment of the invention provides a novel method for realizing the Floating IP, so that a user can directly see and use the Floating IP in a VM.
Fig. 2 is a first processing framework diagram of the Floating IP according to the embodiment of the present invention, as shown in fig. 2, the left side is a Computer Node (Computer Node), the right side is a Network Node (Network Node), and the processing flow of the Floating IP includes:
1. the administrator assigns a Floating IP, such as 10.100.211.3, to the VM through the management platform.
2. The management platform informs the Network Node, configures 10.100.211.3 on br-ext, and sets forwarding rules, so that it can forward the data packet with destination address 10.100.211.3 to the intranet IP of VM, such as 192.168.1.101.
3. Meanwhile, the computer Node needs to be notified to add an additional network card, namely Eth _ flowing IP, to the VM, and configure the IP to be flowing IP, namely 10.100.211.3.
4. When the user accesses 10.100.211.3, the Network Node first receives the user's packet and forwards it to the VM.
5. When br-int on computer Node receives data packet forwarded by Network Node, if data packet carries identification information, the data packet is forwarded to port (port) corresponding to Eth _ Floating IP, if data packet does not carry identification information, the data packet is forwarded to port corresponding to original Eth 0.
According to the technical scheme of the embodiment of the invention, 1) a user can directly see the flowing IP of the VM, so that the method is more intuitive and convenient; 2) the implementation of the Floating IP is completely transparent to the user, and the user can acquire the information of the Floating IP without borrowing a management platform; 3) because the Floating IP can be directly seen in the VM, the use of the user is more convenient and diversified, for example, the user can directly monitor and configure the own Floating IP.
Fig. 3 is a first flowchart illustrating a floating address processing method according to an embodiment of the present invention, as shown in fig. 3, the floating address processing method includes the following steps:
step 301: and when the first equipment receives the data packet forwarded by the second equipment, analyzing the data packet.
In the embodiment of the present invention, the first device is a Computer Node, and a VM is disposed on the first device. And the second equipment knowledge Network Node mainly realizes the routing function of the VM.
In the embodiment of the present invention, the second device first receives a packet sent by the user, and if DNAT processing is performed on the packet, it indicates that the data is a packet of a Floating IP accessing the VM, whereas if DNAT processing is not performed on the packet, it indicates that the data is not a packet of a Floating IP accessing the VM. For a packet that accesses the flowing IP of a VM, a flag (i.e., identification information) is marked in the packet to indicate that the packet is a packet that accesses the flowing IP of the VM.
Based on this, when the first device receives the data packet forwarded by the second device, the information carried in the data packet is analyzed.
Step 302: and judging whether the data packet carries identification information or not according to the analysis result of the data packet.
In the embodiment of the present invention, the parsing result includes two types, one type is that the packet carries identification information, which indicates that the packet is a packet of a Floating IP accessing the VM. The other is that the data packet does not carry identification information, which indicates that the data packet is a data packet of the intranet IP accessing the VM.
Step 303: and if the data packet carries the identification information, the data packet is sent to a first network card of the virtual machine, and the address of the first network card is the floating address of the virtual machine.
In the embodiment of the present invention, the first device has the second network card, and in addition, the first network card is newly added to the first device, where an address of the first network card is a Floating IP of the VM. Specifically, a first device receives configuration information sent by a second device; and the first equipment adds the first network card to the virtual machine based on the configuration information, and configures the floating address of the virtual machine to the first network card, wherein the virtual machine is also provided with the second network card, and the second network card corresponds to the intranet address of the virtual machine.
Here, the administrator allocates a Floating IP to the VM, and then the second device configures the Floating IP as the first device, and the first device adds the second network card and the corresponding port, and sets the address of the second network card as the configured Floating IP.
Based on this, if the received data packet carries the identification information, the data packet is sent to the first network card of the VM.
Step 304: and if the data packet does not carry the identification information, the data packet is sent to a second network card of the virtual machine, and the address of the second network card is the intranet address of the virtual machine.
And if the received data packet does not carry the identification information, the data packet is sent to a second network card of the VM.
In the above scheme, the execution sequence between step 303 and step 304 is not limited.
Fig. 4 is a second flowchart illustrating a floating address processing method according to an embodiment of the present invention, and as shown in fig. 4, the floating address processing method includes the following steps:
step 401: and when the first equipment receives the data packet forwarded by the second equipment, analyzing the data packet.
In the embodiment of the present invention, the first device is a Computer Node, and a VM is disposed on the first device. And the second equipment knowledge Network Node mainly realizes the routing function of the VM.
In the embodiment of the present invention, the second device first receives a packet sent by the user, and if DNAT processing is performed on the packet, it indicates that the data is a packet of a Floating IP accessing the VM, whereas if DNAT processing is not performed on the packet, it indicates that the data is not a packet of a Floating IP accessing the VM. For a packet that accesses the flowing IP of a VM, a flag (i.e., identification information) is marked in the packet to indicate that the packet is a packet that accesses the flowing IP of the VM.
Based on this, when the first device receives the data packet forwarded by the second device, the information carried in the data packet is analyzed.
Step 402: and judging whether the data packet carries identification information or not according to the analysis result of the data packet.
In the embodiment of the present invention, the parsing result includes two types, one type is that the packet carries identification information, which indicates that the packet is a packet of a Floating IP accessing the VM. The other is that the data packet does not carry identification information, which indicates that the data packet is a data packet of the intranet IP accessing the VM.
Step 403: if the data packet carries the identification information, extracting address information of third equipment from the data packet, configuring the address information of the third equipment in source address information of the data packet, and sending the data packet to a first network card of a virtual machine, wherein the address of the first network card is a floating address of the virtual machine.
In the embodiment of the present invention, the extended attribute field of the data packet carries address information of a source sending end of the data packet, and the source sending end is a third device. For example: the third device sends a data packet to the first device through the route of the second device, and when the second device forwards the data packet from the third device to the first device, the source address information of the data packet is the address of the second device.
In the embodiment of the present invention, the first device has the second network card, and in addition, the first network card is newly added to the first device, where an address of the first network card is a Floating IP of the VM. Specifically, a first device receives configuration information sent by a second device; and the first equipment adds the first network card to the virtual machine based on the configuration information, and configures the floating address of the virtual machine to the first network card, wherein the virtual machine is also provided with the second network card, and the second network card corresponds to the intranet address of the virtual machine.
Here, the administrator allocates a Floating IP to the VM, and then the second device configures the Floating IP as the first device, and the first device adds the second network card and the corresponding port, and sets the address of the second network card as the configured Floating IP.
Based on this, if the received data packet carries the identification information, the data packet is sent to the first network card of the VM.
Step 404: and if the data packet does not carry the identification information, the data packet is sent to a second network card of the virtual machine, and the address of the second network card is the intranet address of the virtual machine.
And if the received data packet does not carry the identification information, the data packet is sent to a second network card of the VM.
In the above scheme, the execution sequence between step 403 and step 404 is not limited.
Fig. 5 is a third schematic flowchart of a floating address processing method according to an embodiment of the present invention, and as shown in fig. 5, the floating address processing method includes the following steps:
step 501: when receiving a data packet sent by a third device, a second device determines whether a first-class address conversion is required to be performed on the data packet, wherein the first-class address conversion is used for converting a floating address into an intranet address.
In the embodiment of the present invention, the first device is a Computer Node, and a VM is disposed on the first device. And the second equipment knowledge Network Node mainly realizes the routing function of the VM. The third device is the source sender of the data packet.
In the embodiment of the present invention, the first type of address translation is also referred to as DNAT, and as compared to the first type of address translation, the second type of address translation is SNAT, and SNAT and DNAT are two data packet processing processes in opposite flow directions.
In the embodiment of the invention, when the second device receives the data packet sent by the third device, whether the floating address needs to be converted into the intranet address is judged.
Step 502: when the first-class address conversion is required to be performed on the data packet, a floating address in the data packet is converted into a corresponding intranet address according to a forwarding table, and the data packet carries identification information, wherein the identification information is used for identifying that the first-class address conversion is performed on the data packet in the second device.
In the embodiment of the invention, when the Floating address needs to be converted into the intranet address, the data packet is a data packet of the flowing IP for accessing the VM, and otherwise, when the Floating address does not need to be converted into the intranet address, the data packet is not the data packet of the flowing IP for accessing the VM. For a packet that accesses the flowing IP of a VM, a flag (i.e., identification information) is marked in the packet to indicate that the packet is a packet that accesses the flowing IP of the VM.
In addition, the second device sends configuration information to the first device, where the configuration information is used to add a first network card to the first device and configure a floating address of a virtual machine to the first network card, where the virtual machine further has a second network card corresponding to an intranet address of the virtual machine.
In the embodiment of the present invention, the second device further carries the address information of the third device in the extended attribute field of the data packet, which is convenient for the first device to know the source of the data packet.
Step 503: and sending the data packet to the first device.
When the first device receives the data packet, the method steps as shown in fig. 4 are performed.
Fig. 6 is a second processing frame diagram of the Floating IP according to the embodiment of the present invention, as shown in fig. 6, where the left side is a network Node and the right side is a Computer Node, and the processing flow of the Floating IP includes:
1) an administrator allocates a Floating IP for the VM through the management platform, and the management platform sends an allocation request to the nova-api.
2) And after the nova-api receives the distribution request, forwarding the distribution request to the neutron-server.
3) neutron-server first calls ovs-agent to add a tap port on vrouter; then calling l3-agent to configure the corresponding Floating IP to the tap port; and finally, issuing two forwarding flow tables to realize DNAT and SNAT between the Floating IP and the internal IP of the VM.
In the embodiment of the present invention, if the packet performs DNAT in the vruter, it indicates that the packet is a packet accessing a Floating IP of the VM, and a flag needs to be set in the packet to distinguish that the packet is an access to the Floating IP, and an IP (hereinafter referred to as a source IP) of a source sending end is written in the packet, specifically, the source IP is written in an extended attribute field of the packet, as shown in fig. 7.
4) neutron-server informs ovs-agent on the compute node where the VM is located, and creates a new Port pair, qbo and qvb respectively.
5) The nova-api informs the nova-computer on the computing node where the VM is located to add a new network card for the VM, and the corresponding Port is qvb; and (3) the nova-combute calls the hypervisor to add a new network card Eth _ flowing IP for the VM, and the flowing IP is configured on the network card.
6) The neutron-server issues a new flow table for br-int on a computing node where the VM is located, when the br-int receives a data packet for accessing the VM, the mark (namely identification information) in the data packet is judged, if the mark is not existed, the data packet is a data packet for accessing the internal IP, and the data packet is forwarded to eth0 of the VM; otherwise, the method is a data packet for accessing the FloatingIP, the real source IP is taken out from the extended attribute field of the data packet, and the source IP is replaced into the source address field in the data packet, so that the user in the VM can see the real source of the data packet.
Fig. 8 is a schematic structural composition diagram of an electronic device according to an embodiment of the present invention, where the electronic device is a computer node, the electronic device is provided with a virtual machine, and the electronic device includes:
a communication device 801, configured to receive a data packet forwarded by a second device;
a processor 802 configured to parse the data packet; judging whether the data packet carries identification information or not according to the analysis result of the data packet; if the data packet carries the identification information, the data packet is sent to a first network card of a virtual machine, and the address of the first network card is the floating address of the virtual machine; and if the data packet does not carry the identification information, the data packet is sent to a second network card of the virtual machine, and the address of the second network card is the intranet address of the virtual machine.
In an embodiment, the communication device 801 is further configured to receive configuration information sent by the second device;
the processor 802 is further configured to add the first network card to the virtual machine based on the configuration information, and configure a floating address of the virtual machine to the first network card, where the virtual machine further has the second network card, and the second network card corresponds to an intranet address of the virtual machine.
In an embodiment, an extended attribute field of the data packet carries address information of a source sending end of the data packet, where the source sending end is a third device;
the processor 802 is further configured to extract address information of the third device from the data packet if the data packet carries the identification information, and configure the address information of the third device in source address information of the data packet.
When the electronic device of the embodiment of the present invention is used as a network node, the electronic device includes:
a communication device 801, configured to receive a data packet sent by a third device;
a processor 802, configured to determine whether a first type of address translation is required for the data packet, where the first type of address translation is used to translate a floating address into an intranet address; when first-class address conversion is required to be performed on the data packet, converting a floating address in the data packet into a corresponding intranet address according to a forwarding table, and carrying identification information in the data packet, wherein the identification information is used for identifying that the first-class address conversion is performed on the data packet in the second device;
the communication device 801 is further configured to send the data packet to the first device.
In an embodiment, the communication device 801 is further configured to send configuration information to the first device, where the configuration information is used to add a first network card to the first device and configure a floating address of a virtual machine to the first network card, where the virtual machine further has a second network card, and the second network card corresponds to an intranet address of the virtual machine.
It will be understood by those skilled in the art that the implementation functions of the units in the electronic device shown in fig. 8 can be understood by referring to the related description of the floating address processing method.
The technical schemes described in the embodiments of the present invention can be combined arbitrarily without conflict.
In the embodiments provided in the present invention, it should be understood that the disclosed method and intelligent device may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one second processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention.
Claims (10)
1. A method for processing floating addresses, the method comprising:
when the first equipment receives a data packet forwarded by the second equipment, analyzing the data packet;
judging whether the data packet carries identification information or not according to the analysis result of the data packet;
if the data packet carries the identification information, the data packet is sent to a first network card of a virtual machine, and the address of the first network card is the floating address of the virtual machine;
and if the data packet does not carry the identification information, the data packet is sent to a second network card of the virtual machine, and the address of the second network card is the intranet address of the virtual machine.
2. The method of claim 1, further comprising:
the first equipment receives configuration information sent by the second equipment;
and the first equipment adds the first network card to the virtual machine based on the configuration information, and configures the floating address of the virtual machine to the first network card, wherein the virtual machine is also provided with the second network card, and the second network card corresponds to the intranet address of the virtual machine.
3. The method for processing floating address according to claim 1, wherein an extended attribute field of the data packet carries address information of a source sending end of the data packet, and the source sending end is a third device;
the method further comprises the following steps:
and if the data packet carries the identification information, extracting the address information of the third equipment from the data packet, and configuring the address information of the third equipment in the source address information of the data packet.
4. A method for processing floating addresses, the method comprising:
when receiving a data packet sent by third equipment, second equipment judges whether first-class address conversion is needed to be carried out on the data packet, wherein the first-class address conversion is used for converting a floating address into an intranet address;
when first-class address conversion is required to be performed on the data packet, converting a floating address in the data packet into a corresponding intranet address according to a forwarding table, and carrying identification information in the data packet, wherein the identification information is used for identifying that the first-class address conversion is performed on the data packet in the second device;
sending the data packet to a first device; the data packet can enable the first device to send the data packet to a first network card or a second network card of a virtual machine according to whether the data packet carries identification information or not, and the address of the first network card is a floating address of the virtual machine; and the address of the second network card is the intranet address of the virtual machine.
5. The method of claim 4, further comprising:
the second device sends configuration information to the first device, wherein the configuration information is used for adding a first network card to the first device and configuring a floating address of a virtual machine to the first network card, the virtual machine is further provided with a second network card, and the second network card corresponds to an intranet address of the virtual machine.
6. An electronic device, wherein a virtual machine is disposed on the electronic device, the electronic device comprising:
the communication device is used for receiving the data packet forwarded by the second equipment;
the processor is used for analyzing the data packet; judging whether the data packet carries identification information or not according to the analysis result of the data packet; if the data packet carries the identification information, the data packet is sent to a first network card of a virtual machine, and the address of the first network card is the floating address of the virtual machine; and if the data packet does not carry the identification information, the data packet is sent to a second network card of the virtual machine, and the address of the second network card is the intranet address of the virtual machine.
7. The electronic device according to claim 6, wherein the communication device is further configured to receive configuration information sent by the second device;
the processor is further configured to add the first network card to the virtual machine based on the configuration information, and configure a floating address of the virtual machine to the first network card, where the virtual machine further has the second network card, and the second network card corresponds to an intranet address of the virtual machine.
8. The electronic device according to claim 6, wherein address information of a source sender of the data packet is carried in an extended attribute field of the data packet, and the source sender is a third device;
the processor is further configured to extract address information of the third device from the data packet and configure the address information of the third device in source address information of the data packet if the data packet carries the identification information.
9. An electronic device, characterized in that the electronic device comprises:
the communication device is used for receiving the data packet sent by the third equipment;
the processor is used for judging whether first-class address conversion is needed to be carried out on the data packet, and the first-class address conversion is used for converting a floating address into an intranet address; when first-class address conversion is required to be carried out on the data packet, converting a floating address in the data packet into a corresponding intranet address according to a forwarding table, and carrying identification information in the data packet, wherein the identification information is used for identifying the first-class address conversion carried out on the data packet;
the communication device is further used for sending the data packet to the first equipment; the data packet can enable the first device to send the data packet to a first network card or a second network card of a virtual machine according to whether the data packet carries identification information or not, and the address of the first network card is a floating address of the virtual machine; and the address of the second network card is the intranet address of the virtual machine.
10. The electronic device according to claim 9, wherein the communication device is further configured to send configuration information to the first device, where the configuration information is used to add a first network card to the first device and configure a floating address of a virtual machine to the first network card, where the virtual machine further has a second network card, and the second network card corresponds to an intranet address of the virtual machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710520998.1A CN107241460B (en) | 2017-06-30 | 2017-06-30 | Floating address processing method and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710520998.1A CN107241460B (en) | 2017-06-30 | 2017-06-30 | Floating address processing method and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107241460A CN107241460A (en) | 2017-10-10 |
| CN107241460B true CN107241460B (en) | 2020-06-23 |
Family
ID=59989964
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710520998.1A Active CN107241460B (en) | 2017-06-30 | 2017-06-30 | Floating address processing method and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107241460B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111031020B (en) * | 2019-12-04 | 2022-07-15 | 紫光云(南京)数字技术有限公司 | Method for managing network and tenant network communication based on port mapping |
| CN115174524B (en) * | 2022-05-18 | 2024-01-02 | 天翼云科技有限公司 | Floating IP distribution method and device, electronic equipment and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1801790A (en) * | 2005-01-07 | 2006-07-12 | 华为技术有限公司 | Method for improving data communication reliability using floating IP address |
| CN101909054A (en) * | 2010-07-15 | 2010-12-08 | 华中科技大学 | Method for aggregating multiple network interface cards in virtualized environment |
| CN102110071A (en) * | 2011-03-04 | 2011-06-29 | 浪潮(北京)电子信息产业有限公司 | Virtual machine cluster system and implementation method thereof |
| WO2014203154A1 (en) * | 2013-06-21 | 2014-12-24 | C.R.D. Centro Ricerche Ducati Trento S.R.L. | System for the routing of data to computer networks |
| CN104270464A (en) * | 2014-10-22 | 2015-01-07 | 西安未来国际信息股份有限公司 | Cloud computing virtualized network architecture and optimization method |
| CN105872120A (en) * | 2015-12-14 | 2016-08-17 | 乐视云计算有限公司 | Public network IP processing method and device |
| CN106572014A (en) * | 2016-10-27 | 2017-04-19 | 曙光信息产业(北京)有限公司 | Virtual network system |
| CN106708597A (en) * | 2015-11-17 | 2017-05-24 | 中国移动通信集团公司 | Method, device and system for creating cluster environment on the basis of Openstack |
| CN106878482A (en) * | 2017-01-03 | 2017-06-20 | 新华三技术有限公司 | Method for network address translation and device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7877625B2 (en) * | 2008-04-16 | 2011-01-25 | Invensys Systems, Inc. | Efficient architecture for interfacing redundant devices to a distributed control system |
| US9749291B2 (en) * | 2011-07-15 | 2017-08-29 | International Business Machines Corporation | Securing applications on public facing systems |
| US11283907B2 (en) * | 2015-08-31 | 2022-03-22 | Red Hat, Inc. | Determining state of virtual router instance |
-
2017
- 2017-06-30 CN CN201710520998.1A patent/CN107241460B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1801790A (en) * | 2005-01-07 | 2006-07-12 | 华为技术有限公司 | Method for improving data communication reliability using floating IP address |
| CN101909054A (en) * | 2010-07-15 | 2010-12-08 | 华中科技大学 | Method for aggregating multiple network interface cards in virtualized environment |
| CN102110071A (en) * | 2011-03-04 | 2011-06-29 | 浪潮(北京)电子信息产业有限公司 | Virtual machine cluster system and implementation method thereof |
| WO2014203154A1 (en) * | 2013-06-21 | 2014-12-24 | C.R.D. Centro Ricerche Ducati Trento S.R.L. | System for the routing of data to computer networks |
| CN104270464A (en) * | 2014-10-22 | 2015-01-07 | 西安未来国际信息股份有限公司 | Cloud computing virtualized network architecture and optimization method |
| CN106708597A (en) * | 2015-11-17 | 2017-05-24 | 中国移动通信集团公司 | Method, device and system for creating cluster environment on the basis of Openstack |
| CN105872120A (en) * | 2015-12-14 | 2016-08-17 | 乐视云计算有限公司 | Public network IP processing method and device |
| CN106572014A (en) * | 2016-10-27 | 2017-04-19 | 曙光信息产业(北京)有限公司 | Virtual network system |
| CN106878482A (en) * | 2017-01-03 | 2017-06-20 | 新华三技术有限公司 | Method for network address translation and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107241460A (en) | 2017-10-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111131037B (en) | Data transmission method, device, medium and electronic equipment based on virtual gateway | |
| US10623505B2 (en) | Integrating service appliances without source network address translation in networks with logical overlays | |
| CN106533890B (en) | Message processing method, device and system | |
| EP2745474B1 (en) | Virtualization gateway between virtualized and non-virtualized networks | |
| US9407600B2 (en) | Service access method and device for conducting the same | |
| US8819211B2 (en) | Distributed policy service | |
| US9712538B1 (en) | Secure packet management for bare metal access | |
| US8483221B1 (en) | Leveraging physical network interface functionality for packet processing | |
| US20120297384A1 (en) | Virtual Managed Network | |
| US8640220B1 (en) | Co-operative secure packet management | |
| US11095755B2 (en) | Telemetry for disaggregated resources | |
| US20130058346A1 (en) | Distributed Routing Domains in Multi-Tenant Datacenter Virtual Networks | |
| CN103931140A (en) | Distributed address resolution service for virtualized networks | |
| US10178068B2 (en) | Translating network attributes of packets in a multi-tenant environment | |
| CN113176930B (en) | Floating address management method and system for virtual machines in container | |
| CN107241460B (en) | Floating address processing method and electronic equipment | |
| CN103442096B (en) | NAT method based on mobile Internet and system | |
| CN115022408A (en) | Data transmission method and device based on service grid and electronic equipment | |
| CN111240924A (en) | Detection method and system for Socket monitoring of Linux virtual machine | |
| US10652283B1 (en) | Deriving system architecture from security group relationships | |
| US10491427B2 (en) | Computer system, gateway apparatus control method and storage medium | |
| CN112433820A (en) | Method and system for acquiring IP (Internet protocol) of virtual machine host | |
| US11876691B2 (en) | End-to-end RDMA telemetry system | |
| CN114301665B (en) | Data processing method and device | |
| CN116781301A (en) | Cross-namespace container security protection method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |