CN108449272A - A kind of implementation method that port forwarding service is provided based on OpenStack frameworks - Google Patents

A kind of implementation method that port forwarding service is provided based on OpenStack frameworks Download PDF

Info

Publication number
CN108449272A
CN108449272A CN201710848194.4A CN201710848194A CN108449272A CN 108449272 A CN108449272 A CN 108449272A CN 201710848194 A CN201710848194 A CN 201710848194A CN 108449272 A CN108449272 A CN 108449272A
Authority
CN
China
Prior art keywords
virtual
router
data
port
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710848194.4A
Other languages
Chinese (zh)
Inventor
段启中
宣善明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING XINHUA RUIDE ELECTRONIC READING TECHNOLOGY Co Ltd
Original Assignee
BEIJING XINHUA RUIDE ELECTRONIC READING TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING XINHUA RUIDE ELECTRONIC READING TECHNOLOGY Co Ltd filed Critical BEIJING XINHUA RUIDE ELECTRONIC READING TECHNOLOGY Co Ltd
Priority to CN201710848194.4A priority Critical patent/CN108449272A/en
Publication of CN108449272A publication Critical patent/CN108449272A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2521Translation architectures other than single NAT servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1023Server selection for load balancing based on a hash applied to IP addresses or costs

Abstract

The invention discloses a kind of implementation methods providing port forwarding service based on OpenStack frameworks, when virtual machine instance needs connected reference external network, example transfers data to the privately owned network segment interface for the virtual router example being connected with it by direct-connected virtual bridge first;The virtual bridge being attached thereto is routed to data to external port by example router;Then by entity network interface card, external entity interchanger is transferred data to;Data packet is routed to external network by outside router.Advantageous effect of the present invention:The present invention can support the direct hot plug Microsoft Loopback Adapter of tenant's cloud host is realized externally to provide network service, it can support by building virtual cloud Host routes example, port forwarding is provided, realize that tenant's cloud host externally provides the function of network service, tenant can be adjusted by tenant interface and be configured, flexible control port forwarding.

Description

A kind of implementation method that port forwarding service is provided based on OpenStack frameworks
Technical field
The present invention relates to fictitious host computers in private network in public cloud externally to provide service access interconnection technique field, especially It is a kind of implementation method that port forwarding service is provided based on OpenStack frameworks.
Background technology
With the fast development of public cloud business, many applications are proposed the upper cloud schedule of service.But in order to allow The service that cloud host is provided inside private network is accessed by external IP for external user, it is necessary to use computer network Technology, to solve user data package forwarding.
In recent years major cloud service provider, which is fallen over each other, develops SDN, promotes SDN fast-developing.However in actual application scenarios In, still using hardware mode come ensure network level stablize, auxiliary using SDN come management intranet network data packet stream to.Why Ensure the stabilization of network, high usage, safely and controllably remain most urgent and one of solve the problems, such as.Port retransmission technique is Through entity router memory and be widely used, but the router of software definition usually do not include port forwarding function, It needs additionally to configure and be arranged to realize.Under the framework of LinuxBridge+VLan, the bridge phase of cloud host and software definition Connection, tenant can only by the virtual router or router in-stance of soft definition carry out visiting from outside, internal cloud host by Network service cannot be externally provided in using private IP address.Exchange cost of the tenant with cloud service provider is increased, simultaneously It also increases many users and uses difficulty.Each cloud host binds a fixed external IP to provide service, not only increases Tenant's cost, and the tensity of publicly-owned IP resources can be increased.
Therefore, for the above problem, it is necessary to propose a kind of reality providing port forwarding service based on OpenStack frameworks Existing method.
Invention content
Purpose of the present invention is to overcome deficiency in the prior art, provide a kind of based on OpenStack frameworks offer end The implementation method of mouth forwarding service, realizes that internal cloud host externally provides the function of service, it is ensured that the data energy in tenant network Enough it is forwarded to public network.
In order to solve the above-mentioned technical problem, the present invention is achieved through the following technical solutions:
A kind of implementation method providing port forwarding service based on OpenStack frameworks, method and step are:Step 1: When virtual machine instance needs connected reference external network, example is transferred data to first by direct-connected virtual bridge and it The privately owned network segment interface of connected virtual router example;Step 2:External port route data by example router To the virtual bridge being attached thereto;Step 3:Pass through the direct-connected virtual switch created based on entity network interface card of virtual bridge Data are handed to entity network interface card by port, transfer data to external entity interchanger;Step 4:By outside router number It is routed to external network according to packet.
Include further:(1) when virtual machine needs externally to provide service, data enter physical exchange from Internet Machine;(2) virtual switch created by entity network interface card and entity network interface card;(3) pass through the virtual of internal virtual switchboard direct connection After bridge reaches router in-stance, the rule recorded by the nat tables of iptables carries out forwarding control to data stream;(4) The source address of data packet is modified, and the purpose network of request is then transferred to, and cloud host is rung according to the port of request It answers.
Preferably, further include OpenStack frameworks, the OpenStack frameworks include automation remote monitor supervision platform, control Node, calculate node, storage node, multiple switch and two core switch processed.
Preferably, two core switch are connect with multiple switch respectively, multiple interchangers respectively with automation Remote monitoring platform, control node, calculate node, storage node are connected.
Preferably, internal cloud host instances access outer net and are accessed to outer net by the forwarding of router transient port, and When outside need accesses internal service, then need to carry out port forwarding according to the port forward rule defined in advance to control.
Advantageous effect of the present invention:The present invention can support the direct hot plug Microsoft Loopback Adapter of tenant's cloud host is realized externally to provide net Network service can be supported, by building virtual cloud Host routes example, to provide port forwarding, realize that tenant's cloud host externally provides net The function of network service, tenant can be adjusted by tenant interface and be configured, flexible control port forwarding.
The technique effect of the design of the present invention, concrete structure and generation is described further below with reference to attached drawing, with It is fully understood from the purpose of the present invention, feature and effect.
Description of the drawings
Fig. 1 is the physical topological structure figure of the present invention;
Fig. 2 is the internal data flow graph of the present invention;
Fig. 3 is the port forwarding figure of the present invention.
Specific implementation mode
The embodiment of the present invention is described in detail below in conjunction with attached drawing, but the present invention can be defined by the claims Implement with the multitude of different ways of covering.
Such as Fig. 1 is simultaneously combined shown in Fig. 2 and Fig. 3, a kind of realization side providing port forwarding service based on OpenStack frameworks Method, method and step are:Step 1:When virtual machine instance needs connected reference external network, cloud host instances pass through first Direct-connected virtual bridge transfers data to the privately owned network segment interface for the virtual router example being connected with it;Step 2:Pass through Example router is routed to data the virtual bridge being attached thereto to external port;Step 3:It is direct-connected by virtual bridge Data are handed to entity network interface card by the port of the virtual switch based on the establishment of entity network interface card, transfer data to external entity friendship It changes planes;Step 4:Data packet is routed to external network by outside router.
Include further:(1) when virtual machine needs externally to provide service, data enter physical exchange from Internet Machine;(2) virtual switch created by entity network interface card and entity network interface card;(3) pass through the virtual of internal virtual switchboard direct connection After bridge reaches router in-stance, the rule recorded by the nat tables of iptables carries out forwarding control to data stream;(4) The source address of data packet is modified, and the purpose network of request is then transferred to, and cloud host is taken according to the port of request Business response.
Further, further include OpenStack frameworks, the OpenStack frameworks include automation remote monitor supervision platform, Control node, calculate node, storage node, multiple switch and two core switch, two core switch respectively with it is more A interchanger connection, multiple interchangers are saved with automation remote monitor supervision platform, control node, calculate node, storage respectively Point is connected.
Further, internal cloud host instances access outer net and are accessed to outer net by the forwarding of router transient port, And external host then needs to carry out port according to the port forward rule defined in advance when needing to access the service of internal cloud host Forwarding control.
The present invention can support the direct hot plug Microsoft Loopback Adapter of tenant's cloud host is realized externally to provide network service, can support to lead to Structure virtual cloud Host routes example is crossed, port forwarding is provided, realizes that tenant's cloud host externally provides the function of network service, rents Family can be adjusted by tenant interface and be configured, flexible control port forwarding.Wherein hot plug passes through API tune when binding public network IP Used in destination node changeable assembling Microsoft Loopback Adapter, when deletion, discharges public network IP, puts back to resource pool and deletes the Microsoft Loopback Adapter of establishment.
Whole process is based on OpenStack frameworks (physical topology such as Fig. 1), in router in-stance, by using monokaryon The NAT of framework realizes that port forwarding, external two core switch and multiple switch realize redundancy wiring, ensure the height of network It can use, be then attached to rack interchanger, realize that interior of equipment cabinet is arranged net.The flow of entire data flow is as shown in Figure 2.
When cloud host instances access outer net in cloud platform, internal request uses what is be not used by when passing through router Interim port mapping is established in port, and internal request is directly transmitted to target network, when returning to request temporarily, then by mapping Port carries the data on internal specified private clound host, and transient port is closed after the completion of session.
And outer net need access cloud platform in cloud host instances service when, request from Internet enter entity exchange Machine, entity interchanger pass the data to entity network interface card, and then entity network interface card is data forwarding to corresponding virtual switch port The virtual bridge of connection, virtual bridge pass the data to the router in-stance being connected with it again.In router in-stance, pass through The rule of the nat tables record of internal iptables, forwarding control is carried out to data stream.Mainly receive external request access reflect When the port penetrated, destination-address and the port of data packet are changed, data is allowed corresponding business can be accessed through outer net ip, Then data transmission is being gone out by this port, port forwarding is as shown in Figure 3.
The preferred embodiment of the present invention has been described in detail above.It should be appreciated that those skilled in the art without It needs creative work according to the present invention can conceive and makes many modifications and variations.Therefore, all technologies in the art Personnel are available by logical analysis, reasoning, or a limited experiment on the basis of existing technology under this invention's idea Technical solution, all should be in the protection domain being defined in the patent claims.

Claims (5)

1. a kind of implementation method providing port forwarding service based on OpenStack frameworks, it is characterised in that:Its method and step For:
Step 1:When virtual machine instance needs connected reference external network, virtual machine instance passes through direct-connected virtual net first Bridge transfers data to the privately owned network segment interface for the virtual router example being connected with it;
Step 2:Example router to external port by being routed to data the virtual bridge being attached thereto;
Step 3:Data are handed to reality by the port of the direct-connected virtual switch created based on entity network interface card of virtual bridge Body network interface card transfers data to external entity interchanger;
Step 4:Data packet is routed to external network by outside router.
2. a kind of implementation method providing port forwarding service based on OpenStack frameworks as described in claim 1, feature It is:Include further:
(1) when virtual machine needs externally to provide service, data packet enters physical switches from Internet, into entity net Card;
(2) virtual switch created by entity network interface card and entity network interface card, carries the data to virtual bridge;
(3) after reaching router in-stance by the virtual bridge of internal virtual switchboard direct connection, router in-stance is used The rule of the nat tables record of iptables, forwarding control is carried out to data stream;
(4) source address of data packet is modified, is then transferred to the purpose network of request, cloud host is according to the end of request Mouth is responded.
3. a kind of implementation method providing port forwarding service based on OpenStack frameworks as described in claim 1, feature It is:Further include OpenStack frameworks, the OpenStack frameworks include automation remote monitor supervision platform, control node, meter Operator node, storage node, multiple switch and two core switch.
4. a kind of implementation method providing port forwarding service based on OpenStack frameworks as claimed in claim 3, feature It is:Two core switch are connect with multiple switch respectively, and multiple interchangers are flat with automation remote monitoring respectively Platform, control node, calculate node, storage node are connected.
5. a kind of implementation method providing port forwarding service based on OpenStack frameworks as described in claim 1, feature It is:Internal cloud host instances access outer net and are accessed to outer net by the forwarding of router transient port, and external host needs When accessing internal service, then need to carry out port forwarding control according to the port forward rule defined in advance.
CN201710848194.4A 2017-09-19 2017-09-19 A kind of implementation method that port forwarding service is provided based on OpenStack frameworks Pending CN108449272A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710848194.4A CN108449272A (en) 2017-09-19 2017-09-19 A kind of implementation method that port forwarding service is provided based on OpenStack frameworks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710848194.4A CN108449272A (en) 2017-09-19 2017-09-19 A kind of implementation method that port forwarding service is provided based on OpenStack frameworks

Publications (1)

Publication Number Publication Date
CN108449272A true CN108449272A (en) 2018-08-24

Family

ID=63190884

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710848194.4A Pending CN108449272A (en) 2017-09-19 2017-09-19 A kind of implementation method that port forwarding service is provided based on OpenStack frameworks

Country Status (1)

Country Link
CN (1) CN108449272A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109451084A (en) * 2018-09-14 2019-03-08 华为技术有限公司 A kind of service access method and device
CN109669761A (en) * 2018-12-21 2019-04-23 合肥时代智慧高新投资管理有限公司 A kind of SDN controller system
CN109743415A (en) * 2019-02-27 2019-05-10 上海浪潮云计算服务有限公司 A kind of public cloud network resilience IP realization method and system
CN110535964A (en) * 2019-09-03 2019-12-03 北京首都在线科技股份有限公司 The data processing method and device realized based on Paas connector
CN111736955A (en) * 2020-06-29 2020-10-02 苏州浪潮智能科技有限公司 Data storage method, device and equipment and readable storage medium
CN112637088A (en) * 2019-09-24 2021-04-09 阿里巴巴集团控股有限公司 Network system, network processing method and apparatus, electronic device, and computer-readable storage medium
CN112804375A (en) * 2021-01-11 2021-05-14 上海思询信息科技有限公司 Configuration method of single network card and multiple IPs
CN113852991A (en) * 2021-08-20 2021-12-28 大唐网络有限公司 Data forwarding method of 5G user plane functional entity, device thereof and electronic equipment
CN114915603A (en) * 2022-07-18 2022-08-16 南京赛宁信息技术有限公司 Method and system for simulating three-layer switch based on OpenStack

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457439A (en) * 2011-12-07 2012-05-16 中标软件有限公司 Virtual switching system and method of cloud computing system
CN104468746A (en) * 2014-11-23 2015-03-25 国云科技股份有限公司 Method for realizing distributed virtual networks applicable to cloud platform
CN105391771A (en) * 2015-10-16 2016-03-09 张陵 Multi-tenant-oriented cloud network architecture
CN105721630A (en) * 2016-03-24 2016-06-29 国云科技股份有限公司 Method for virtual machines to share IP (Internet Protocol) of host machine to provide outer net services
US20160380874A1 (en) * 2014-03-27 2016-12-29 Nicira, Inc. Packet tracing in a software-defined networking environment
CN106612225A (en) * 2016-12-12 2017-05-03 武汉烽火信息集成技术有限公司 Openstack based agent deployment system and method
CN106685787A (en) * 2017-01-03 2017-05-17 华胜信泰信息产业发展有限公司 Power VM virtualized network management method and device based on Open Stack

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457439A (en) * 2011-12-07 2012-05-16 中标软件有限公司 Virtual switching system and method of cloud computing system
US20160380874A1 (en) * 2014-03-27 2016-12-29 Nicira, Inc. Packet tracing in a software-defined networking environment
CN104468746A (en) * 2014-11-23 2015-03-25 国云科技股份有限公司 Method for realizing distributed virtual networks applicable to cloud platform
CN105391771A (en) * 2015-10-16 2016-03-09 张陵 Multi-tenant-oriented cloud network architecture
CN105721630A (en) * 2016-03-24 2016-06-29 国云科技股份有限公司 Method for virtual machines to share IP (Internet Protocol) of host machine to provide outer net services
CN106612225A (en) * 2016-12-12 2017-05-03 武汉烽火信息集成技术有限公司 Openstack based agent deployment system and method
CN106685787A (en) * 2017-01-03 2017-05-17 华胜信泰信息产业发展有限公司 Power VM virtualized network management method and device based on Open Stack

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
FRANCO CALLEGATI,等: ""Performance of multi-tenant virtual networks in OpenStack-based cloud infrastructures"", 《2014 IEEE GLOBECOM WORKSHOPS (GC WKSHPS)》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109451084A (en) * 2018-09-14 2019-03-08 华为技术有限公司 A kind of service access method and device
CN109669761A (en) * 2018-12-21 2019-04-23 合肥时代智慧高新投资管理有限公司 A kind of SDN controller system
CN109669761B (en) * 2018-12-21 2023-01-13 合肥时代智慧高新投资管理有限公司 SDN controller system
CN109743415A (en) * 2019-02-27 2019-05-10 上海浪潮云计算服务有限公司 A kind of public cloud network resilience IP realization method and system
CN109743415B (en) * 2019-02-27 2021-11-19 上海浪潮云计算服务有限公司 Public cloud network elastic IP implementation method and system
CN110535964A (en) * 2019-09-03 2019-12-03 北京首都在线科技股份有限公司 The data processing method and device realized based on Paas connector
CN112637088A (en) * 2019-09-24 2021-04-09 阿里巴巴集团控股有限公司 Network system, network processing method and apparatus, electronic device, and computer-readable storage medium
CN111736955B (en) * 2020-06-29 2023-01-10 苏州浪潮智能科技有限公司 Data storage method, device and equipment and readable storage medium
CN111736955A (en) * 2020-06-29 2020-10-02 苏州浪潮智能科技有限公司 Data storage method, device and equipment and readable storage medium
CN112804375A (en) * 2021-01-11 2021-05-14 上海思询信息科技有限公司 Configuration method of single network card and multiple IPs
CN112804375B (en) * 2021-01-11 2022-11-25 上海思询信息科技有限公司 Configuration method for single network card and multiple IPs
CN113852991A (en) * 2021-08-20 2021-12-28 大唐网络有限公司 Data forwarding method of 5G user plane functional entity, device thereof and electronic equipment
CN114915603B (en) * 2022-07-18 2022-10-18 南京赛宁信息技术有限公司 Method and system for simulating three-layer switch based on OpenStack
CN114915603A (en) * 2022-07-18 2022-08-16 南京赛宁信息技术有限公司 Method and system for simulating three-layer switch based on OpenStack

Similar Documents

Publication Publication Date Title
CN108449272A (en) A kind of implementation method that port forwarding service is provided based on OpenStack frameworks
CN103354566B (en) Configure the communication between computer node
CN105515978B (en) Realize the method and device of distributed routing, physical host access
CN105637805B (en) Enhance mobile alternate channel to solve the node failure in wired networks
CN108768817A (en) A kind of virtualization network constructing system, data packet sending method
CN111917893B (en) Virtual private cloud and data center under cloud communication and configuration method and related device
CN103997414B (en) Generate method and the network control unit of configuration information
CN103944768B (en) Logical networking functionality is provided for managed computer networks
CN105978708B (en) The system and method for vCPE virtualization enterprise network is realized based on NFV
CN103581062B (en) Method and system for handling unknown unicast data packets
CN106502335B (en) For configuring the machine frame system and its configuration method of one or more servomechanisms
CN104639372A (en) Correlation method and system for overlay network based on SDN (Software Defined Network) and physical network
CN107342895A (en) A kind of network optimized approach of multi-tenant, system, computing device and storage medium
CN106953788A (en) A kind of Virtual Network Controller and control method
CN107111509A (en) Method for the virtual machine (vm) migration in computer network
CN110290045A (en) A kind of soft or hard binding model construction method in cloud framework lower network target range
CN111698346B (en) Private network address conversion method and device, private network gateway and storage medium
CN107809365A (en) It is a kind of to provide the VPN implementation methods of service based on OpenStack frameworks
CN105791402B (en) A kind of cloud computing platform network virtualization implementation method and corresponding plug-in unit and agency
CN107959614A (en) A kind of self-defined network-building method of multi-tenant based on network namespace, system
CN108777640A (en) A kind of server detection method, device, system and storage medium
CN104539632A (en) Programmable network equipment managing and controlling method based on virtual address spaces
CN106790759A (en) IPv4/IPv6 converting systems and method based on SDN
CN107241454A (en) A kind of method for realizing address administration, device, aaa server and SDN controllers
CN110324244B (en) Routing method based on Linux virtual server and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180824

RJ01 Rejection of invention patent application after publication