CN108123886A - The data forwarding method and device of a kind of cloud computing platform - Google Patents
The data forwarding method and device of a kind of cloud computing platform Download PDFInfo
- Publication number
- CN108123886A CN108123886A CN201611072970.8A CN201611072970A CN108123886A CN 108123886 A CN108123886 A CN 108123886A CN 201611072970 A CN201611072970 A CN 201611072970A CN 108123886 A CN108123886 A CN 108123886A
- Authority
- CN
- China
- Prior art keywords
- data
- security protection
- software switch
- protection node
- path
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2441—Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2483—Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/33—Flow control; Congestion control using forward notification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/50—Queue scheduling
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses the data forwarding methods and device of a kind of cloud computing platform.This method includes:When the data volume for the data that security protection node is being handled is more than preset data amount threshold value, the data pending to the security protection node shunt;The corresponding forward-path of data creation after respectively shunting, wherein, the forward-path includes the forward-path by the security protection node and the forward-path without the security protection node;According to the forward-path, corresponding flow table is configured;By the flow table issuance to interchanger, to indicate that the interchanger forwards the data after corresponding shunting according to the flow table.By technical scheme, security protection nodes break down can be avoided, ensures the serviceability of business, reduces the loss of user.
Description
Technical field
The present embodiments relate to a kind of data forwarding technology more particularly to a kind of data forwarding methods of cloud computing platform
And device.
Background technology
In the tide of cloud computing fast development, at SDN (Software Define Network, software defined network)
The new technological revolution of a ripple under, traditional equipment manufacturer is overturned by SDN patterns, network function virtualization and virtual increment
Service product will step the upper new arena of history.
In cloud computing platform, request data package is sent to before Website server, first by security protection node to request
Data packet is detected, and the request data package of safety then is forwarded to Website server, so as to achieve the purpose that security protection.
In the prior art, when accessing Website server more than expected burst big flow, it is particularly easy to cause the event of security protection node
Barrier, so that request data package cannot be sent to Website server in time, causes damages to user.
The content of the invention
The embodiment of the present invention provides a kind of data forwarding method and device of cloud computing platform, to avoid security protection node
It breaks down, reduces the loss of user.
In a first aspect, an embodiment of the present invention provides a kind of data forwarding method of cloud computing platform, including:
When the data volume for the data that security protection node is being handled is more than preset data amount threshold value, the safety is prevented
The pending data of shield node are shunted;
The corresponding forward-path of data creation after respectively shunting, wherein, the forward-path includes passing through the peace
The forward-path of full protection node and the forward-path without the security protection node;
According to the forward-path, corresponding flow table is configured;
By the flow table issuance to interchanger, after indicating that the interchanger forwards corresponding shunting according to the flow table
Data.
Further, further include:
When the security protection node breaks down, the flow table that the security protection node is included in the flow table is deleted
, form new flow table;
By the new flow table issuance to the interchanger, to indicate the interchanger according to the new flow table forwarding pair
The data answered.
Further, when the data volume of the data handled when security protection node is more than preset data amount threshold value,
Before the data pending to the security protection node shunt, further include:
The data volume for the data that the security protection node is being handled and the preset data amount are obtained from management node
The comparative result of threshold value.
Further, when the data volume of the data handled when security protection node is more than preset data amount threshold value,
Before the data pending to the security protection node shunt, further include:
Obtain the data volume for the data that the security protection node is being handled, and by the data volume and the present count
It is compared according to amount threshold value.
Further, the interchanger includes physical switches, the first software switch and the second software switch;
The forward-path by the security protection node includes following at least one paths:
First software switch is reached from the physical switches, reaches the peace from first software switch
Full protection node reaches first software switch from the security protection node, is reached from first software switch
The physical switches reach the second software switch from the physical switches and reach net from second software switch
The path of site server composition;
Second software switch is reached from the Website server, reaches the object from second software switch
Interchanger is managed, first software switch is reached from the physical switches, from described in first software switch arrival
Security protection node, reached from the security protection node first software switch and from first software switch to
The path formed up to the physical switches;
The forward-path without the security protection node includes following at least one paths:
Second software switch is reached from the physical switches and from described in second software switch arrival
The path of Website server composition;
Second software switch is reached from the Website server, the object is reached from second software switch
Manage group of switches into path.
Second aspect, the embodiment of the present invention additionally provide a kind of data forwarding device of cloud computing platform, which includes:
Data distribution module, for working as the data volume for the data that security protection node is being handled more than preset data amount threshold
During value, the data pending to the security protection node shunt;
Path creation module, for being respectively the corresponding forward-path of data creation after shunting, wherein, the forwarding road
Footpath includes the forward-path by the security protection node and the forward-path without the security protection node;
Flow table configuration module, for according to the forward-path, configuring corresponding flow table;
First data forwarding module, for by the flow table issuance to interchanger, to indicate the interchanger according to
Flow table forwards the data after corresponding shunting.
Further, further include:
New flow table forms module, for when the security protection node breaks down, deleting and being included in the flow table
The flow table item of the security protection node, forms new flow table;
Second data forwarding module, for by the new flow table issuance to the interchanger, to indicate the interchanger
Corresponding data are forwarded according to the new flow table.
Further, further include:
Data volume comparative result acquisition module, for being more than in the data volume of the data handled when security protection node
During preset data amount threshold value, before the data pending to the security protection node shunt, institute is obtained from management node
State the data volume for the data that security protection node is being handled and the comparative result of the preset data amount threshold value.
Further, further include:
Data volume comparison module, for being more than preset data in the data volume of the data handled when security protection node
When measuring threshold value, before the data pending to the security protection node shunt, the security protection node is being obtained
The data volume of the data of processing, and by the data volume compared with the preset data amount threshold value.
Further, the interchanger includes physical switches, the first software switch and the second software switch;
The forward-path by the security protection node includes following at least one paths:
First software switch is reached from the physical switches, reaches the peace from first software switch
Full protection node reaches first software switch from the security protection node, is reached from first software switch
The physical switches reach the second software switch from the physical switches and reach net from second software switch
The path of site server composition;
Second software switch is reached from the Website server, reaches the object from second software switch
Interchanger is managed, first software switch is reached from the physical switches, from described in first software switch arrival
Security protection node, reached from the security protection node first software switch and from first software switch to
The path formed up to the physical switches;
The forward-path without the security protection node includes following at least one paths:
Second software switch is reached from the physical switches and from described in second software switch arrival
The path of Website server composition;
Second software switch is reached from the Website server, the object is reached from second software switch
Manage group of switches into path.
The data volume for the data that the embodiment of the present invention is being handled by working as security protection node is more than preset data amount threshold
During value, the data pending to security protection node shunt;The corresponding forward-path of data creation after respectively shunting,
A part of pending data are separated without the security protection node, are solved because of the number of security protection node processing
According to excessive, the problem of causing security protection node failure is measured, reach and avoided security protection nodes break down, reduced user's
The effect of loss.
Description of the drawings
Fig. 1 is a kind of flow chart of the data forwarding method of cloud computing platform in the embodiment of the present invention one;
Fig. 2 is security protection node in the data forwarding method of the cloud computing platform in the embodiment of the present invention one to website
The schematic diagram that server is protected;
Fig. 3 is a kind of flow chart of the data forwarding method of cloud computing platform in the embodiment of the present invention two;
Fig. 4 is a kind of flow chart of the data forwarding method of cloud computing platform in the embodiment of the present invention three;
Fig. 5 is a kind of structure diagram of the data forwarding device of cloud computing platform in the embodiment of the present invention four.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining the present invention rather than limitation of the invention.It also should be noted that in order to just
Part related to the present invention rather than entire infrastructure are illustrated only in description, attached drawing.
Embodiment one
A kind of flow chart of the data forwarding method for cloud computing platform that Fig. 1 provides for the embodiment of the present invention one, this implementation
Example is applicable to the situation of the data forwarding of cloud computing platform, and this method can be by cloud computing platform provided in an embodiment of the present invention
Data forwarding device perform, which can be used software and/or the mode of hardware is realized, which can be integrated in cloud computing
In the SDN controllers of platform.
Fig. 2 is security protection node in the data forwarding method of cloud computing platform provided in an embodiment of the present invention to website
The schematic diagram that server is protected.As shown in Fig. 2, security protection node 11 and first is deployed on the first physical server 1
Software switch 12 is deployed with 21 and second software switch 22 of Website server on second physical server 2, here not to peace
The quantity of full protection node and software switch is limited.Management node 4 is used for the operation feelings to security protection node 11
Condition is monitored, and SDN controllers 3 are used for the response data distribution path of the request data and Website server 21 for user, and
Flow table is issued to physical switches 6, the first software interactive and 12 and the second software interactive and 22.Access request input by user etc.
Data enter network 5, and 1. data passage path is sent to physical switches 6 by network 5, management node 4 obtains security protection section
Whether the data volume of point processing is more than preset data amount threshold value and the whether available situation of security protection node, management node 4
The situation of security protection node is sent to SDN controllers 3.It is of course also possible to which management node 4 is not required, directly controlled by SDN
Device is monitored security protection node, obtains the operating condition of security protection node.It can use and need in security protection node
The data volume of processing is in the case where security protection node can be in the range of processing data amount, access request input by user etc.
Data enter network 5,1. data passage path is sent to physical switches 6 by network 5, and SDN controllers 3 are according to the purposes of data
Address is Website server, calculates forward-path, and issues flow table to physical switches 6, the first software switch 12 and the
Two software switch 22.The path by security protection node 11 that SDN controllers 3 are built includes:Request data is handed over from physics
2. 6 ports connected with security protection node 11 of changing planes reach the first software switch 12 along path, are exchanged from the first software
2. machine 12 reaches security protection node 11 along path, the first software switch is 3. reached along path from security protection node 11
12nd, reached from the first software switch 12 along 3. port that path is connected by physical switches 6 with security protection node 11
4. physical switches 6 reach physical switches 6 and Website server 21 in physical switches 6 from physical switches 6 along path
5. the port of connection is reached from physical switches 6 by physical switches 6 with the port that Website server 21 is connected along path
It second software switch 22 and 5. reaches from the second software switch 22 along path Website server 21 and forms request data
Request path;6. response data reaches the second software switch 22 from Website server 21 along path, is exchanged from the second software
Machine 22 reaches physical switches 6 along 6. port that path is connected by physical switches 6 with Website server 21, is handed over from physics
It changes planes and 6 the port that physical switches 6 are connected with security protection node 11 in physical switches 6 is 7. reached along path, pass through object
8. reason interchanger 6 and the port that security protection node 11 is connected reaches the first software switch 12, from the first software along path
8. interchanger 12 reaches security protection node 11 along path, the friendship of the first software is 9. reached from security protection node 11 along path
Change planes 12 and from 9. port that the first software switch 12 is connected along path by physical switches 6 with security protection node 11
Physical switches 6 are reached, entire group of paths is into the response path of Website server response data.
As shown in Figure 1, this method specifically comprises the following steps:
S110, when the data volume for the data that security protection node is being handled is more than preset data amount threshold value, to described
The pending data of security protection node are shunted.
Specifically, the effect of the security protection node, which is the data such as the response to the access request of user, carries out safe prison
It surveys, checks whether the data that user sends are safe, avoid that Website server is caused to attack.The security protection node is being located
The data of reason include the data such as the access request of user and the response data of Website server.Wherein, the preset data amount threshold
The upper limit for the data volume that value can be handled according to security protection node is set, and is smaller than or equal to the security protection section
The upper limit for the data volume that point can be handled.
The data volume for the data that security protection node is being handled and the comparative result of preset data amount threshold value, SDN controls
Device can obtain that (comparative result is sent to by such as management node from the management node being managed to security protection node
SDN controllers) or SDN controllers security protection node is monitored, active obtaining security protection node is being located
The data of reason, and statistics amount, obtain compared with preset data amount.
Since the data volume that the security protection node is being handled alreadys exceed preset data amount threshold value, in order to avoid prominent
The data of hair big flow, which reach security protection node, causes security protection node failure, it is necessary to pending to security protection node
Data are shunted, and the data of security protection node processing are needed to give other security protection node processings either a part
It is handled without security protection node and is sent directly into Website server.
S120, the corresponding forward-path of data creation after respectively shunting.
Wherein, the forward-path includes passing through the forward-path of the security protection node and prevent without the safety
Protect the forward-path of node.
In order to avoid the security protection node breaks down, the pending data of security protection node are shunted,
By a security protection node processing part, a part is not handled by the security protection node.Security protection node is pending
The access request of data including user and the response data of Website server, the two is corresponding, the forward-path of establishment
It is back and forth corresponding, i.e. the forward-path of response data and the forward-path of access request is opposite.
S130 according to the forward-path, configures corresponding flow table.
Wherein, the flow table is equivalent to conventional switch and the routing table of router, the high speed inquiry and forwarding of interchanger
Function is completed by flow table.Multiple flow table items can be included in each flow table, each flow table item is by packet header domain, counter
It is formed with three parts of action.
S140, by the flow table issuance to interchanger, to indicate that the interchanger forwards corresponding point according to the flow table
Data after stream.
Specifically, it is more than preset data amount threshold value that SDN controllers, which obtain the data volume that security protection node is being handled,
After information, according to the source address of input data and destination address Network Search resource, forward-path is calculated, and issues flow table
With instruction to interchanger, such interchanger just can know that how this forwards the data packet.After interchanger has flow table, the data flow
Subsequent data packet directly can be matched and handled according to flow table there is no need to the guidance again by controller.
Optionally, the interchanger includes physical switches, the first software switch and the second software switch;
The forward-path by the security protection node includes following at least one paths:
First software switch is reached from the physical switches, reaches the peace from first software switch
Full protection node reaches first software switch from the security protection node, is reached from first software switch
The physical switches reach the second software switch from the physical switches and reach institute from second software switch
State the path of Website server composition;
Second software switch is reached from the Website server, reaches the object from second software switch
Interchanger is managed, first software switch is reached from the physical switches, from described in first software switch arrival
Security protection node, reached from the security protection node first software switch and from first software switch to
The path formed up to the physical switches;
The forward-path without the security protection node includes following at least one paths:
Second software switch is reached from the physical switches and from described in second software switch arrival
The path of Website server composition;
Second software switch is reached from the Website server, the object is reached from second software switch
Manage group of switches into path.
Specifically, as shown in Fig. 2, the data volume of the data handled in security protection node is more than preset data amount threshold
In the case of value, SDN controllers 3 calculate forward-path, and issue flow table to physical switches according to the destination address of data
6th, the first software switch 12 and the second software switch 22.The path by security protection node 11 that SDN controllers 3 are built
Including:Request data from physical switches 6 by physical switches 6 and the port that Website server 21 is connected along path 2. to
Security protection node 11 is 2. reached up to the first software switch 12, from the first software switch 12 along path, from security protection
3. node 11 reaches the first software switch 12 along path, 3. passes through physical exchange along path from the first software switch 12
The port that machine 6 is connected with Website server 21 reaches physical switches 6, physics friendship is 4. reached from physical switches 6 along path
The port that physical switches 6 in 6 of changing planes are connected with Website server 21, passes through physical switches 6 and website from physical switches 6
5. the port that server 21 connects reaches the second software switch 22 along path and from the second software switch 22 along path
5. it reaches Website server 21 to form, the request path of this entire path composition request data;Response data is from Website server
21 the second software switch 22 is 6. reached along path, from the second software switch 22 along path 6. by physical switches 6
The port being connected with Website server 21 reaches physical switches 6,7. reaches physical switches along path from physical switches 6
The port that physical switches 6 are connected with security protection node 11 in 6, it is anti-with safety by physical switches 6 from physical switches 6
The port that shield node 11 connects 8. reached along path the first software switch 12, from the first software switch 12 along path 8.
It reaches security protection node 11, the first software switch 12 9. reached from security protection node 11 along path and from the first software
Interchanger 12 reaches physical switches 6 along 9. port that path is connected by physical switches 6 with security protection node 11, and
Response data is sent in network by the port of physical switches and network connection from physical switches 6, this entire group of paths
Into the response path of response data.The path without security protection node 11 that SDN controllers 3 are built includes:Request data
The port that physical switches 6 are connected with Website server 21 in physical switches 6 is 4. reached along path from physical switches 6,
The second software is 5. reached from physical switches 6 along path with the port that Website server 21 is connected by physical switches 6 to hand over
Change planes and 22 and 5. reach Website server along path from the second software switch 22, this entire path composition request data please
Ask path;6. response data reaches the second software switch 22 from Website server 21 along path, from the second software switch
6. 22 reach the port that physical switches 6 are connected with Website server 21 in physical switches 6 along path, from physical switches
7. 6 reach the port that physical switches 6 are connected with network 5 with the port that Website server 21 is connected along path, connect with network 5
The port connect, the response path of this entire path composition response data.
The technical solution of the present embodiment, the data volume of the data handled by working as security protection node is more than present count
During according to amount threshold value, the data pending to security protection node shunt;Corresponding turn of data creation after respectively shunting
Path is sent out, a part of pending data are separated without the security protection node, are solved because of security protection node
The data volume of processing is excessive, the problem of causing security protection node failure, has reached and has avoided security protection nodes break down, has subtracted
The effect of the loss of few user.
Based on the above technical solutions, it is more than default in the data volume of the data handled when security protection node
During data-quantity threshold, before the data pending to the security protection node shunt, it can also include:
Obtain the data volume for the data that the security protection node is being handled, and by the data volume and the present count
It is compared according to amount threshold value.
SDN controllers are monitored security protection node, the data that active obtaining security protection node is being handled, and
Statistics amount compared with preset data amount threshold value, can monitor the data that security protection node is being handled in real time
Amount, so as to timely shunt, ensures the normal operation of security protection node, avoids safety more than the situation of preset data amount threshold value
Protect nodes break down.
Embodiment two
Fig. 3 is a kind of flow diagram of the data forwarding method of cloud computing platform provided by Embodiment 2 of the present invention, this
Embodiment is optimized based on previous embodiment, provides the data forwarding method of preferred cloud computing platform, is specifically,
It further includes:When the security protection node breaks down, the flow table that the security protection node is included in the flow table is deleted
, form new flow table;By the new flow table issuance to the interchanger, to indicate the interchanger according to the new stream
Table forwards corresponding data.
Correspondingly, the method for the present embodiment specifically comprises the following steps:
S210, when the data volume for the data that security protection node is being handled is more than preset data amount threshold value, to described
The pending data of security protection node are shunted.
S220, the corresponding forward-path of data creation after respectively shunting.
S230 according to the forward-path, configures corresponding flow table.
S240, by the flow table issuance to interchanger, to indicate that the interchanger forwards corresponding point according to the flow table
Data after stream.
S250 when the security protection node breaks down, is deleted and the security protection node is included in the flow table
Flow table item, form new flow table.
Specifically, in cloud computing platform can by replace security protection node come the security protection node to failure into
Row maintenance, but it is inadequate only to replace security protection node.The security protection node failure of failure is allowed to recover, except replacing
It changes outside fail safe node and also needs to create new security protection node and new security protection node be added anti-
Protect strategy etc..The recovery time of whole process includes:The discovery time of failure, the establishment of new security protection node, in new safety
Prevention policies are added on protection node, replace the durations such as fail safe node.The time of reparation is longer, recovers the week needed
Phase is longer, and whole process business is all to interrupt, it is impossible to continuously be serviced for user, longer pair of the time of interruption
User's loss is bigger.Therefore, the present embodiment is exactly the emergency measure taken in the case where security protection node breaks down.
Wherein, the flow table is made of many flow table items, and each flow table item is exactly a forwarding rule.Interchanger has
After flow table, the subsequent data packet of the data flow can be carried out directly there is no need to the guidance again by controller according to flow table
Matching and processing.When there are special circumstances, corresponding flow table item can be deleted.The present embodiment is exactly in security protection section
It, can be by the access request of user and corresponding for the service that fast quick-recovery provides user in the case that point breaks down
The data such as the response data of Website server are realized without the security protection node, that is, delete and the safety is included in flow table
The flow table item of node is protected, forms new flow table.
SDN controllers can actively be monitored security protection node, so as to obtain the operation feelings of security protection node
Condition when security protection node breaks down, can directly detect;Can also be that management node carries out security protection node
Monitoring, SDN controllers are sent to by the fault condition of security protection node.
S260, by the new flow table issuance to the interchanger, to indicate the interchanger according to the new flow table
Forward corresponding data.
Specifically, as shown in Figure 1, management node 4 is monitored security protection node 11 in the present embodiment, discovery is safe
Protection node 11 breaks down, and management node 4 sends the information of security protection nodes break down to SDN controllers 3, SDN
Controller 3 receives the information of the transmission of management node 4, deletes the flow table item for including the security protection node in flow table, is formed
New flow table.That is, the path change that SDN controllers 3 are built is:Request data from physical switches 6 along path 4.
The port that physical switches 6 are connected with Website server 21 in physical switches 6 is reached, is handed over from physical switches 6 by physics
It changes planes and 6 5. reaches the second software switch 22 and from the second software switch along path with the port that Website server 21 is connected
5. 22 reach the request path of Website server composition request data along path;Response data is from Website server 21 along road
6. footpath reaches the second software switch 22, physics in physical switches 6 is 6. reached from the second software switch 22 along path and is handed over
It changes planes 6 ports being connected with Website server 21, from the port that physical switches 6 are connected with Website server 21 along path 7.
The port that physical switches 6 are connected with network 5 is reached, response data is sent in network by the port, this entire path
Form the response path of response data.
The technical solution of the present embodiment includes the flow table item of security protection node by deleting, forms new stream in flow table
Table, by new flow table issuance to interchanger, to indicate that interchanger forwards corresponding data according to new flow table.It is anti-to solve safety
In the case of protecting node failure, the problem of data cannot continuously transmit, it can continuously provide service to the user, reduce the damage of user
It loses.
Embodiment three
Fig. 4 is a kind of flow diagram of the data forwarding method for cloud computing platform that the embodiment of the present invention three provides, this
Embodiment is optimized based on previous embodiment, provides the data forwarding method of preferred cloud computing platform, is specifically,
When the data volume of the data handled when security protection node is more than preset data amount threshold value, to the security protection node
Before pending data are shunted, still further comprise:The security protection node is obtained from management node handling
Data data volume and the preset data amount threshold value comparative result.
Correspondingly, the method for the present embodiment specifically comprises the following steps:
S310 obtains the data volume for the data that the security protection node is being handled and the present count from management node
According to the comparative result of amount threshold value.
Management node is monitored the operating condition of security protection node, is being handled by comparing security protection node
Data volume and preset data amount threshold value size, to detect the situation of the processing data amount of security protection node in real time, can be with
Effectively prevent security protection nodes break down.
S320, when the data volume for the data that security protection node is being handled is more than preset data amount threshold value, to described
The pending data of security protection node are shunted.
S330, the corresponding forward-path of data creation after respectively shunting.
S340 according to the forward-path, configures corresponding flow table.
S350, by the flow table issuance to interchanger, to indicate that the interchanger forwards corresponding point according to the flow table
Data after stream.
In a specific example, if the preset data amount threshold value of security protection node is 100, security protection node
The data volume of the data handled is 30, then it may determine that security protection node can be with normal operation, it is possible to logical
Crossing the configuration of SDN controllers must be by the path of security protection node, if the data volume that security protection node is being handled is
110, then it may determine that data volume is excessive, note that SDN controllers configure corresponding path.
The technical solution of the present embodiment, by the data that the data that security protection node is being handled are obtained from management node
The comparative result of amount and preset data amount threshold value, determines whether data volume is excessive, and then is Maked Path by SDN controllers, reaches
To security protection nodes break down is avoided, the effect of the loss of user is reduced, and by management node come to preventing safely
Shield node is monitored, it is possible to reduce the data processing amount of SDN controllers can know the shape of security protection node more in time
State avoids data volume from excessively causing the situation of security protection node failure as far as possible, can more effectively provide service to the user.
Example IV
Fig. 5 is a kind of structure diagram of the data forwarding device of cloud computing platform of the embodiment of the present invention four.This implementation
Example is applicable to the situation of the data forwarding of terminal device cloud computing platform, which can be used the mode of software and/or hardware
It realizes, which can be integrated in the SDN controllers of cloud computing platform, as shown in figure 4, the data forwarding of the cloud computing platform
Device specifically include:Data distribution module 41, path creation module 42,43 and first data forwarding module of flow table configuration module
44。
Wherein, data distribution module 41 is more than default for working as the data volume for the data that security protection node is being handled
During data-quantity threshold, the data pending to the security protection node shunt;
Path creation module 42, for being respectively the corresponding forward-path of data creation after shunting, wherein, the forwarding
Path includes the forward-path by the security protection node and the forward-path without the security protection node;
Flow table configuration module 43, for according to the forward-path, configuring corresponding flow table;
First data forwarding module 44, for by the flow table issuance to interchanger, to indicate the interchanger according to institute
It states flow table and forwards the data after corresponding shunting.
Optionally, further include:
New flow table forms module, for when the security protection node breaks down, deleting and being included in the flow table
The flow table item of the security protection node, forms new flow table;
Second data forwarding module, for by the new flow table issuance to the interchanger, to indicate the interchanger
Corresponding data are forwarded according to the new flow table.
Optionally, further include:
Data volume comparative result acquisition module, for being more than in the data volume of the data handled when security protection node
During preset data amount threshold value, before the data pending to the security protection node shunt, institute is obtained from management node
State the data volume for the data that security protection node is being handled and the comparative result of the preset data amount threshold value.
Optionally, further include:
Data volume comparison module, for being more than preset data in the data volume of the data handled when security protection node
When measuring threshold value, before the data pending to the security protection node shunt, the security protection node is being obtained
The data volume of the data of processing, and by the data volume compared with the preset data amount threshold value.
Optionally, the interchanger includes physical switches, the first software switch and the second software switch;
The forward-path by the security protection node includes following at least one paths:
First software switch is reached from the physical switches, reaches the peace from first software switch
Full protection node reaches first software switch from the security protection node, is reached from first software switch
The physical switches reach the second software switch from the physical switches and reach institute from second software switch
State the path of Website server composition;
Second software switch is reached from the Website server, reaches the object from second software switch
Interchanger is managed, first software switch is reached from the physical switches, from described in first software switch arrival
Security protection node, reached from the security protection node first software switch and from first software switch to
The path formed up to the physical switches;
The forward-path without the security protection node includes following at least one paths:
Second software switch is reached from the physical switches and from described in second software switch arrival
The path of Website server composition;
Second software switch is reached from the Website server, the object is reached from second software switch
Manage group of switches into path.
The technical solution of the present embodiment passes through data distribution module, path creation module, flow table configuration module and the first number
According to forwarding module, can security protection nodes break down be avoided as far as possible, reduce the loss of user.
The said goods can perform the method that any embodiment of the present invention is provided, and possess the corresponding function module of execution method
And advantageous effect.
Note that it above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that
The invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art various apparent variations,
It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out by above example to the present invention
It is described in further detail, but the present invention is not limited only to above example, without departing from the inventive concept, also
It can include other more equivalent embodiments, and the scope of the present invention is determined by scope of the appended claims.
Claims (10)
1. a kind of data forwarding method of cloud computing platform, applied to cloud platform, which is characterized in that including:
When the data volume for the data that security protection node is being handled is more than preset data amount threshold value, to the security protection section
The pending data of point are shunted;
The corresponding forward-path of data creation after respectively shunting, wherein, the forward-path includes preventing by the safety
The forward-path and the forward-path without the security protection node for protecting node;
According to the forward-path, corresponding flow table is configured;
By the flow table issuance to interchanger, to indicate that the interchanger forwards the number after corresponding shunting according to the flow table
According to.
2. it according to the method described in claim 1, it is characterized in that, further includes:
When the security protection node breaks down, the flow table item that the security protection node is included in the flow table is deleted,
Form new flow table;
By the new flow table issuance to the interchanger, to indicate that the interchanger is corresponding according to the new flow table forwarding
Data.
3. method according to claim 1 or 2, which is characterized in that in the data handled when security protection node
When data volume is more than preset data amount threshold value, before the data pending to the security protection node shunt, further include:
The data volume for the data that the security protection node is being handled and the preset data amount threshold value are obtained from management node
Comparative result.
4. method according to claim 1 or 2, which is characterized in that in the data handled when security protection node
When data volume is more than preset data amount threshold value, before the data pending to the security protection node shunt, further include:
Obtain the data volume for the data that the security protection node is being handled, and by the data volume and the preset data amount
Threshold value is compared.
5. method according to claim 1 or 2, which is characterized in that the interchanger includes physical switches, the first software
Interchanger and the second software switch;
The forward-path by the security protection node includes following at least one paths:
First software switch is reached from the physical switches, is prevented from first software switch arrival safety
Node is protected, first software switch is reached from the security protection node, from described in first software switch arrival
Physical switches reach the second software switch from the physical switches and reach website clothes from second software switch
The path of business device composition;
Second software switch is reached from the Website server, reaches the physics friendship from second software switch
It changes planes, first software switch is reached from the physical switches, reaches the safety from first software switch
Node is protected, first software switch is reached from the security protection node and reaches institute from first software switch
State the path of physical switches composition;
The forward-path without the security protection node includes following at least one paths:
Second software switch is reached from the physical switches and reaches the website from second software switch
The path of server composition;
Second software switch is reached from the Website server, reaching the physics from second software switch hands over
It changes planes the path of composition.
6. a kind of data forwarding device of cloud computing platform, applied to cloud platform, which is characterized in that including:
Data distribution module, for working as the data volume for the data that security protection node is being handled more than preset data amount threshold value
When, the data pending to the security protection node shunt;
Path creation module, for being respectively the corresponding forward-path of data creation after shunting, wherein, the forward-path bag
Include the forward-path by the security protection node and the forward-path without the security protection node;
Flow table configuration module, for according to the forward-path, configuring corresponding flow table;
First data forwarding module, for by the flow table issuance to interchanger, to indicate the interchanger according to the flow table
Forward the data after corresponding shunting.
7. device according to claim 6, which is characterized in that further include:
New flow table forms module, for when the security protection node breaks down, deleting in the flow table comprising described
The flow table item of security protection node forms new flow table;
Second data forwarding module, for by the new flow table issuance to the interchanger, with indicate the interchanger according to
The new flow table forwards corresponding data.
8. the device according to claim 6 or 7, which is characterized in that further include:
Data volume comparative result acquisition module, for being more than default in the data volume of the data handled when security protection node
During data-quantity threshold, before the data pending to the security protection node shunt, the peace is obtained from management node
The comparative result of the data volume for the data that full protection node is being handled and the preset data amount threshold value.
9. the device according to claim 6 or 7, which is characterized in that further include:
Data volume comparison module, for being more than preset data amount threshold in the data volume of the data handled when security protection node
During value, before the data pending to the security protection node shunt, obtain the security protection node and handling
Data data volume, and by the data volume compared with the preset data amount threshold value.
10. the device according to claim 6 or 7, which is characterized in that the interchanger includes physical switches, first soft
Part interchanger and the second software switch;
The forward-path by the security protection node includes following at least one paths:
First software switch is reached from the physical switches, is prevented from first software switch arrival safety
Node is protected, first software switch is reached from the security protection node, from described in first software switch arrival
Physical switches reach the second software switch from the physical switches and reach website clothes from second software switch
The path of business device composition;
Second software switch is reached from the Website server, reaches the physics friendship from second software switch
It changes planes, first software switch is reached from the physical switches, reaches the safety from first software switch
Node is protected, first software switch is reached from the security protection node and reaches institute from first software switch
State the path of physical switches composition;
The forward-path without the security protection node includes following at least one paths:
Second software switch is reached from the physical switches and reaches the website from second software switch
The path of server composition;
Second software switch is reached from the Website server, reaching the physics from second software switch hands over
It changes planes the path of composition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611072970.8A CN108123886A (en) | 2016-11-29 | 2016-11-29 | The data forwarding method and device of a kind of cloud computing platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611072970.8A CN108123886A (en) | 2016-11-29 | 2016-11-29 | The data forwarding method and device of a kind of cloud computing platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108123886A true CN108123886A (en) | 2018-06-05 |
Family
ID=62226575
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611072970.8A Pending CN108123886A (en) | 2016-11-29 | 2016-11-29 | The data forwarding method and device of a kind of cloud computing platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108123886A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108881246A (en) * | 2018-06-27 | 2018-11-23 | 中国联合网络通信集团有限公司 | A kind of method and device of vessel safety protection |
| CN111124682A (en) * | 2019-12-24 | 2020-05-08 | 珠海大横琴科技发展有限公司 | Elastic resource allocation method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103346922A (en) * | 2013-07-26 | 2013-10-09 | 电子科技大学 | Controller for determining network state based on SDN (Software Defined Networking) and determination method thereof |
| CN104202388A (en) * | 2014-08-27 | 2014-12-10 | 福建富士通信息软件有限公司 | Automatic load balancing system based on cloud platform |
| CN104753951A (en) * | 2015-04-13 | 2015-07-01 | 成都双奥阳科技有限公司 | Network security traffic platform based on software definition |
| CN105656841A (en) * | 2014-11-11 | 2016-06-08 | 杭州华三通信技术有限公司 | Method and device for realizing virtual firewall in software defined network |
-
2016
- 2016-11-29 CN CN201611072970.8A patent/CN108123886A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103346922A (en) * | 2013-07-26 | 2013-10-09 | 电子科技大学 | Controller for determining network state based on SDN (Software Defined Networking) and determination method thereof |
| CN104202388A (en) * | 2014-08-27 | 2014-12-10 | 福建富士通信息软件有限公司 | Automatic load balancing system based on cloud platform |
| CN105656841A (en) * | 2014-11-11 | 2016-06-08 | 杭州华三通信技术有限公司 | Method and device for realizing virtual firewall in software defined network |
| CN104753951A (en) * | 2015-04-13 | 2015-07-01 | 成都双奥阳科技有限公司 | Network security traffic platform based on software definition |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108881246A (en) * | 2018-06-27 | 2018-11-23 | 中国联合网络通信集团有限公司 | A kind of method and device of vessel safety protection |
| CN111124682A (en) * | 2019-12-24 | 2020-05-08 | 珠海大横琴科技发展有限公司 | Elastic resource allocation method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10659345B2 (en) | Service path protection method, controller, device and system | |
| CN108512703A (en) | BRAS turns backup method, device, equipment and the machine readable storage medium of control separation | |
| CN106375384A (en) | Management system of mirror network flow in virtual network environment and control method | |
| CN104580107B (en) | malicious attack detection method and controller | |
| CN108040055A (en) | A kind of fire wall combined strategy and safety of cloud service protection | |
| CN101557343B (en) | Detecting and protecting method of double-layer loop in VRRP topological network | |
| CN106533736B (en) | Network equipment restarting method and device | |
| CN108123919A (en) | The monitoring guard system and method for network | |
| CN108306747B (en) | Cloud security detection method and device and electronic equipment | |
| US8131871B2 (en) | Method and system for the automatic reroute of data over a local area network | |
| CN106101163A (en) | Network architecture safety monitoring system based on OpenFlow | |
| US8724450B2 (en) | Network relay system and method of controlling a network relay system | |
| CN102523113B (en) | Chip realization method for MEP configuration on cross-chip aggregated link in Ethernet network OAM and chip realization system | |
| CN109981450B (en) | Path communication maintenance method, device and system | |
| CN108028828A (en) | A kind of distributed denial of service ddos attack detection method and relevant device | |
| CN107645472A (en) | A kind of virtual machine traffic detecting system based on OpenFlow | |
| CN106411863A (en) | Virtualization platform for processing network traffic of virtual switches in real time | |
| EP2466816B1 (en) | Method and device for detecting validation of an access control list | |
| CN108123886A (en) | The data forwarding method and device of a kind of cloud computing platform | |
| CN106559323A (en) | A kind of method and apparatus sent on SDN equipment first packet | |
| WO2016117302A1 (en) | Information processing device, information processing method, and recording medium | |
| CN110401601A (en) | A kind of mimicry Routing Protocol system and method | |
| CN109391543A (en) | Method and system, business recovery auxiliary system for multi-service fault recovery | |
| CN100364280C (en) | Method for sending safety strategy | |
| CN107135121A (en) | The switching method and device of a kind of network node |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180605 |
|
| RJ01 | Rejection of invention patent application after publication |