CN108989071B - Virtual service providing method, gateway device, and storage medium - Google Patents

Virtual service providing method, gateway device, and storage medium Download PDF

Info

Publication number
CN108989071B
CN108989071B CN201710404649.3A CN201710404649A CN108989071B CN 108989071 B CN108989071 B CN 108989071B CN 201710404649 A CN201710404649 A CN 201710404649A CN 108989071 B CN108989071 B CN 108989071B
Authority
CN
China
Prior art keywords
virtual
service
board
configuring
network address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710404649.3A
Other languages
Chinese (zh)
Other versions
CN108989071A (en
Inventor
孙金伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201710404649.3A priority Critical patent/CN108989071B/en
Publication of CN108989071A publication Critical patent/CN108989071A/en
Application granted granted Critical
Publication of CN108989071B publication Critical patent/CN108989071B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5041Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the time relationship between creation and deployment of a service

Abstract

The invention provides a virtual service providing method for gateway equipment, the gateway equipment and a storage medium, wherein the gateway equipment is provided with a routing board and a business board, virtual service is realized by deploying virtual network application resources on the business board, and a conventional routing function is realized by the routing board, so that the integration of equipment functions can be realized, and only the gateway equipment is deployed when enterprise network deployment is carried out, thereby reducing the equipment deployment and maintenance cost.

Description

Virtual service providing method, gateway device, and storage medium
Technical Field
The present invention relates to the field of enterprise-level intelligent gateways, and in particular, to a virtual service providing method for a gateway device, and a storage medium.
Background
In the prior art, in addition to a routing switching device, such as a ct (communication technology) device, a conventional enterprise network also needs to deploy various special it (information technology) hardware devices, such as a firewall, a WAN accelerator, an auditing system, a mail system, and the like, which requires a large amount of investment in the network construction stage and special maintenance equipment in the later stage, thereby increasing the equipment deployment and maintenance cost.
Disclosure of Invention
The embodiment of the invention provides a virtual service providing method for gateway equipment, the gateway equipment and a storage medium, which are used for reducing equipment deployment and maintenance cost in the existing enterprise network.
According to an aspect of the present invention, there is provided a virtual service providing method for a gateway device, including:
configuring a service board management channel for managing the service board arranged on the gateway equipment through the service board arranged on the gateway equipment;
downloading virtual network function application resources to the service board through the service board management channel;
and calling the virtual network function application resources in the service board to provide virtual services.
According to another aspect of the present invention, there is provided a gateway apparatus including: the virtual service providing program comprises a routing board, a service board, a memory, a processor and a virtual service providing program which is stored on the memory and can run on the processor, wherein the steps of the virtual service providing method provided in the foregoing are realized when the virtual service providing program is executed by the processor.
According to still another aspect of the present invention, there is provided a computer-readable storage medium storing a virtual service providing program, the virtual service providing program being executed to implement the virtual service providing control method provided in the foregoing of the present invention.
The embodiment of the invention has the following beneficial effects:
the gateway equipment is provided with a routing board and a service board, virtual services are realized by deploying virtual network function application resources on the service board, and a conventional routing function is realized by the routing board, so that the integration of the functions of the equipment can be realized, for example, the functions of a firewall, a WAN accelerator, an auditing system, a mail system and the like are realized by deploying the virtual network function application resources on the service board, so that only the gateway equipment is deployed when enterprise network deployment is carried out, and the equipment deployment and maintenance cost is reduced.
Drawings
Fig. 1 is a block diagram illustrating a virtual service providing apparatus according to a first embodiment of the present invention;
fig. 2 is a flowchart of a virtual service providing method according to a first embodiment of the present invention;
fig. 3 is a structural diagram of a gateway device according to a first embodiment of the present invention;
fig. 4 is a system diagram of a router apparatus according to a second embodiment of the present invention;
fig. 5 is a flowchart of a method for operating a router device according to a second embodiment of the present invention;
FIG. 6 is a flow chart of a service board management channel according to a second embodiment of the present invention;
fig. 7 is a flowchart of virtual device management according to a second embodiment of the present invention;
fig. 8 is a flowchart of the service orchestration according to the second embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention will now be further explained by means of embodiments in conjunction with the accompanying drawings.
The first embodiment:
fig. 1 is a block diagram of a virtual service providing apparatus according to a first embodiment of the present invention, and as can be seen from fig. 1, the virtual service providing apparatus 1 for a gateway device according to this embodiment includes: a management module 11, a download module 12 and a service module 13, wherein,
the management module 11 is configured to configure a service board management channel for managing the service board set on the gateway device through the service board set on the gateway device;
the downloading module 12 is configured to download the virtual network function application resource to the service board through the service board management channel;
the service module 13 is configured to invoke a virtual network function application resource in the service board, and provide a virtual service.
In some embodiments, the management module 11 in the above embodiments is configured to:
acquiring a first network address configured by a user;
calculating a second network address according to the first network address;
configuring the second network address as the network address of the routing board, and configuring the first network address as the network address of the service board;
and configuring port mapping of the first network address and the second network address, and establishing a service board management channel.
Specifically, the management module 11 is configured to: configuring a port of a routing board into a dynamic host configuration protocol server mode, configuring a second network address into a network address of the routing board, configuring a port of a service board into a dynamic host configuration protocol client mode, and configuring a first network address into a network address of the service board; and converting the first network address into a second network address according to the regular mapping of the port of the routing board and the port number of the transmission control protocol.
In practical application, the management module 11 is configured to configure a service board to obtain an Address and a default route through a DHCP (Dynamic Host Configuration Protocol), configure NAT (Network Address Translation) port mapping on the routing board, convert a service board Address of a routing device into a routing board Network management Address, allow a gateway management system to manage the routing board, and log in to the service board through the port mapping of the routing board, so as to implement control of the gateway management system on the service board.
In some embodiments, the download module 12 in the above embodiments is configured to:
establishing a communication connection with an application store;
downloading the mirror image file of the virtual network function application resource from the application store to a storage single board in the service board;
according to the service deployment request of the virtual service, selecting the corresponding virtual network function application resource from the storage single board to transmit to the function single board in the service board, and generating and configuring virtual equipment corresponding to the virtual network function application resource, wherein the virtual equipment is used for providing the virtual service.
In practical application, the storage board is used for providing a local warehouse function for the gateway device, and the local warehouse is a warehouse arranged on the gateway device, so that the local warehouse can be directly called when needed in the future, and downloading from a remote warehouse on a server is not needed.
In practical application, the download module 12 is connected to an application store to download a Virtual Network Function (VNF) image to a local repository, and copies the image to a service board to be operated, and the gateway management system operates creation, stop, and the like of a Virtual device through a virsh (command for managing a Virtual machine) command set; configuring a VRF (Virtual Routing Forwarding, Virtual network function Routing Forwarding table) channel of a Routing board port and a Virtual device; increasing VRF NAT mapping to complete the conversion from public network address to private network address and make the outer network access the virtual equipment with the routing board public network address + port number; a Virtual device default layer two Area Network (Virtual Local Area Network) is added to a service port for subsequent service flow forwarding.
In some embodiments, the download module 12 in the above embodiments is configured to:
configuring a virtual network function routing forwarding table of a routing board subinterface;
establishing a network address of the virtual equipment and port mapping of a virtual network function routing forwarding table;
configuring a two-layer forwarding virtual local area network address of the virtual equipment, and adding the two-layer forwarding virtual local area network address into a service port of the routing board;
configuring a default route of a virtual network function route forwarding table to gateway equipment;
and starting the virtual network function application resources to generate the virtual equipment.
In some embodiments, the download module 12 in the above embodiments is configured to:
before starting the virtual network function application resources and generating virtual equipment, detecting the resource use state of a service board; in practical application, the resource use state includes the use states of resources such as the number of CPUs (central processing units), hard disks, memories and the like;
judging whether the residual resources meet the creation requirements of the virtual equipment or not according to the resource use state;
when the residual resources meet the creation requirement, starting the virtual network function application resources to generate virtual equipment;
and when the residual resources do not meet the creation requirement, optimizing the resources.
In some embodiments, the download module 12 in the above embodiments is configured to:
configuring a virtual network function routing forwarding table for the virtual equipment;
configuring a routing identifier and a network address family of virtual equipment in a virtual network function routing forwarding table;
configuring a network address of a management subinterface used for receiving external management information in the virtual equipment;
and binding the network address of the management sub-interface with the network address of the service sub-interface of the service board in the virtual network function routing forwarding table.
In some embodiments, the service module 13 in the above embodiments is configured to:
judging whether the virtual service needs to carry out business chain arrangement or not;
if so, sequentially importing the service flows into corresponding virtual equipment according to the service processing sequence of the virtual service;
configuring a flow classification rule of the service flow through an access control list;
configuring a flow guide rule of a service flow according to the port, and binding a flow classification rule;
and binding the flow guiding rule of the service flow to the corresponding port.
In practical application, the service module 13 performs different service chain management according to different types of VNFs, and for a VNF requiring service chain processing, according to a service processing order required by a user, sequentially directs traffic onto virtualized physical resources for processing; selecting and configuring flow classification through an Access Control List (ACL), and matching the flow classification according to a source port, a source IP, a destination port, a destination IP and an outgoing VLAN; and then configuring a strategy according to the port and binding flow classification, and finally binding the strategy to the port to realize VNF service flow processing.
The embodiment provides a virtual service providing device for gateway equipment, the gateway equipment is provided with a routing board and a service board, virtual service is realized by deploying virtual network function application resources on the service board, and a conventional routing function is realized by the routing board, so that the integration of equipment functions can be realized, for example, functions such as a firewall, a WAN accelerator, an auditing system, a mail system and the like are realized by deploying the virtual network function application resources on the service board, so that when enterprise network deployment is carried out, only the gateway equipment is deployed, and the equipment deployment and maintenance cost is reduced.
Fig. 2 is a flowchart of a virtual service providing method according to a first embodiment of the present invention, and as can be seen from fig. 2, the virtual service providing method for a gateway device according to the present embodiment includes:
s201: configuring a service board management channel for managing the service board arranged on the gateway equipment through the service board arranged on the gateway equipment;
s202: downloading virtual network function application resources to the service board through the service board management channel;
s203: and calling the virtual network function application resources in the service board to provide virtual services.
In some embodiments, step S202 in the above embodiments includes:
downloading the mirror image file of the virtual network function application resource from the application store to a storage single board in the service board;
according to the service deployment request of the virtual service, selecting the corresponding virtual network function application resource from the storage single board to transmit to the function single board in the service board, and generating and configuring virtual equipment corresponding to the virtual network function application resource, wherein the virtual equipment is used for providing the virtual service.
In practical application, step S202 downloads the VNF image to the local repository by connecting to the application store, copies the image to the service board that needs to be operated, and the gateway management system operates the creation, stop, and the like of the virtual device through the virsh command set; configuring a VRF channel of a routing board port and virtual equipment; increasing VRF NAT mapping to complete the conversion from public network address to private network address and make the outer network access the virtual equipment with the routing board public network address + port number; and adding the default two-layer forwarding VLAN of the virtual equipment to the service port so as to facilitate the forwarding of the subsequent service flow.
In some embodiments, configuring the virtual device in the above embodiments includes:
configuring a virtual network function routing forwarding table of a routing board subinterface;
establishing a network address of the virtual equipment and port mapping of a virtual network function routing forwarding table;
configuring a two-layer forwarding virtual local area network address of the virtual equipment, and adding the two-layer forwarding virtual local area network address into a service port of the routing board;
configuring a default route of a virtual network function route forwarding table to gateway equipment;
and starting the virtual network function application resources to generate the virtual equipment.
In some embodiments, before starting the virtual network function application resource and generating the virtual device, the virtual service providing method in the foregoing embodiments further includes:
detecting the resource use state of a service board;
judging whether the residual resources meet the creation requirements of the virtual equipment or not according to the resource use state;
when the residual resources meet the creation requirement, starting the virtual network function application resources to generate virtual equipment;
and when the residual resources do not meet the creation requirement, optimizing the resources.
In some embodiments, the configuring the virtual network function routing forwarding table of the routing board subinterface in the above embodiments includes:
configuring a virtual network function routing forwarding table for the virtual equipment;
configuring a routing identifier and a network address family of virtual equipment in a virtual network function routing forwarding table;
configuring a network address of a management subinterface used for receiving external management information in the virtual equipment;
and binding the network address of the management sub-interface with the network address of the service sub-interface of the service board in the virtual network function routing forwarding table.
In some embodiments, the invoking of the virtual network function application resource in the service board in the foregoing embodiments, the providing of the virtual service includes:
judging whether the virtual service needs to carry out business chain arrangement or not;
if so, sequentially importing the service flows into corresponding virtual equipment according to the service processing sequence of the virtual service;
configuring a flow classification rule of the service flow through an access control list;
configuring a flow guide rule of a service flow according to the port, and binding a flow classification rule;
and binding the flow guiding rule of the service flow to the corresponding port.
In some embodiments, configuring the service board management channel in the above embodiments includes:
acquiring a first network address configured by a user;
calculating a second network address according to the first network address;
configuring the second network address as the network address of the routing board, and configuring the first network address as the network address of the service board;
and configuring port mapping of the first network address and the second network address, and establishing a service board management channel.
In some embodiments, the configuring the second network address as the network address of the routing board and the configuring the first network address as the network address of the service board in the above embodiments include: configuring a port of a routing board into a dynamic host configuration protocol server mode, configuring a second network address into a network address of the routing board, configuring a port of a service board into a dynamic host configuration protocol client mode, and configuring a first network address into a network address of the service board;
at this time, configuring the port mapping of the first network address and the second network address in the above embodiment includes: and converting the first network address into a second network address according to the regular mapping of the port of the routing board and the port number of the transmission control protocol.
In practical application, step S201 obtains an address and a default route from a service board through a DHCP protocol, configures NAT port mapping on the routing board, converts a service board address of a routing device into a routing board network management address, allows a gateway management system to manage the routing board, and logs in to the service board through the port mapping of the routing board, thereby implementing control of the gateway management system on the service board.
The embodiment provides a virtual service providing method for gateway equipment, the gateway equipment is provided with a routing board and a service board, virtual service is realized by deploying virtual network function application resources on the service board, and a conventional routing function is realized by the routing board, so that the integration of equipment functions can be realized, for example, functions such as a firewall, a WAN accelerator, an auditing system, a mail system and the like are realized by deploying the virtual network function application resources on the service board, so that when enterprise network deployment is carried out, only the gateway equipment is deployed, and the equipment deployment and maintenance cost is reduced.
Fig. 3 is a structural diagram of a gateway device according to a first embodiment of the present invention; as can be seen from fig. 3, the gateway device 3 provided in this embodiment includes: a processor 31, a memory 32, a communication bus 33, a routing board 34, a service board 35, and a virtual service providing program stored on the memory 32 and operable on the processor 31, the virtual service providing program, when executed by the processor, implementing the steps of any virtual service providing method provided by the present invention; wherein the content of the first and second substances,
the communication bus 33 is used for realizing connection communication among the processor 31, the memory 32, the routing board 34 and the service board 35;
the processor 31 is adapted to execute the program stored in the memory 32 to implement the steps of:
configuring a service board management channel for managing the service board arranged on the gateway equipment through the service board arranged on the gateway equipment;
downloading virtual network function application resources to the service board through the service board management channel;
and calling the virtual network function application resources in the service board to provide virtual services.
In practical applications, the processor 31 provides an operation interface of the gateway management system to a user, and provides the operation interface to receive configuration operations of the user.
In some embodiments, the processor 31 is configured to execute a program stored in the memory 32 to perform the following steps:
downloading the mirror image file of the virtual network function application resource from the application store to a storage single board in the service board;
according to the service deployment request of the virtual service, selecting the corresponding virtual network function application resource from the storage single board to transmit to the function single board in the service board, and generating and configuring virtual equipment corresponding to the virtual network function application resource, wherein the virtual equipment is used for providing the virtual service.
In some embodiments, the processor 31 is configured to execute a program stored in the memory 32 to perform the following steps:
configuring a virtual network function routing forwarding table of a routing board subinterface;
establishing a network address of the virtual equipment and port mapping of a virtual network function routing forwarding table;
configuring a two-layer forwarding virtual local area network address of the virtual equipment, and adding the two-layer forwarding virtual local area network address into a service port of the routing board;
configuring a default route of a virtual network function route forwarding table to gateway equipment;
and starting the virtual network function application resources to generate the virtual equipment.
In some embodiments, the processor 31 is configured to execute a program stored in the memory 32 to perform the following steps:
before starting the virtual network function application resources and generating virtual equipment, detecting the resource use state of a service board;
judging whether the residual resources meet the creation requirements of the virtual equipment or not according to the resource use state;
when the residual resources meet the creation requirement, starting the virtual network function application resources to generate virtual equipment;
and when the residual resources do not meet the creation requirement, optimizing the resources.
In some embodiments, the processor 31 is configured to execute a program stored in the memory 32 to perform the following steps:
configuring a virtual network function routing forwarding table for the virtual equipment;
configuring a routing identifier and a network address family of virtual equipment in a virtual network function routing forwarding table;
configuring a network address of a management subinterface used for receiving external management information in the virtual equipment;
and binding the network address of the management sub-interface with the network address of the service sub-interface of the service board in the virtual network function routing forwarding table.
In some embodiments, the processor 31 is configured to execute a program stored in the memory 32 to perform the following steps:
judging whether the virtual service needs to carry out business chain arrangement or not;
if so, sequentially importing the service flows into corresponding virtual equipment according to the service processing sequence of the virtual service;
configuring a flow classification rule of the service flow through an access control list;
configuring a flow guide rule of a service flow according to the port, and binding a flow classification rule;
and binding the flow guiding rule of the service flow to the corresponding port.
In some embodiments, the processor 31 is configured to execute a program stored in the memory 32 to perform the following steps:
acquiring a first network address configured by a user;
calculating a second network address according to the first network address;
configuring the second network address as the network address of the routing board, and configuring the first network address as the network address of the service board;
and configuring port mapping of the first network address and the second network address, and establishing a service board management channel.
In some embodiments, the processor 31 is configured to execute a program stored in the memory 32 to perform the following steps:
configuring a port of a routing board into a dynamic host configuration protocol server mode, configuring a second network address into a network address of the routing board, configuring a port of a service board into a dynamic host configuration protocol client mode, and configuring a first network address into a network address of the service board;
and converting the first network address into a second network address according to the regular mapping of the port of the routing board and the port number of the transmission control protocol.
The embodiment provides a gateway device, which is provided with a routing board and a service board, and implements virtual service by deploying virtual network function application resources on the service board, and implements a conventional routing function through the routing board, so that the integration of device functions can be implemented.
In some embodiments, the present invention further provides a computer-readable storage medium storing a virtual service providing program consisting of one or more programs, the virtual service providing program being executed to implement the steps of:
configuring a service board management channel for managing the service board arranged on the gateway equipment through the service board arranged on the gateway equipment;
downloading virtual network function application resources to the service board through the service board management channel;
and calling the virtual network function application resources in the service board to provide virtual services.
In practical applications, the processor 31 provides an operation interface of the gateway management system to a user, and provides the operation interface to receive configuration operations of the user.
In some embodiments, the virtual service provider in the above embodiments is executed to implement the steps of:
downloading the mirror image file of the virtual network function application resource from the application store to a storage single board in the service board;
according to the service deployment request of the virtual service, selecting the corresponding virtual network function application resource from the storage single board to transmit to the function single board in the service board, and generating and configuring virtual equipment corresponding to the virtual network function application resource, wherein the virtual equipment is used for providing the virtual service.
In some embodiments, the virtual service provider in the above embodiments is executed to implement the steps of:
configuring a virtual network function routing forwarding table of a routing board subinterface;
establishing a network address of the virtual equipment and port mapping of a virtual network function routing forwarding table;
configuring a two-layer forwarding virtual local area network address of the virtual equipment, and adding the two-layer forwarding virtual local area network address into a service port of the routing board;
configuring a default route of a virtual network function route forwarding table to gateway equipment;
and starting the virtual network function application resources to generate the virtual equipment.
In some embodiments, the virtual service provider in the above embodiments is executed to implement the steps of:
before starting the virtual network function application resources and generating virtual equipment, detecting the resource use state of a service board;
judging whether the residual resources meet the creation requirements of the virtual equipment or not according to the resource use state;
when the residual resources meet the creation requirement, starting the virtual network function application resources to generate virtual equipment;
and when the residual resources do not meet the creation requirement, optimizing the resources.
In some embodiments, the virtual service provider in the above embodiments is executed to implement the steps of:
configuring a virtual network function routing forwarding table for the virtual equipment;
configuring a routing identifier and a network address family of virtual equipment in a virtual network function routing forwarding table;
configuring a network address of a management subinterface used for receiving external management information in the virtual equipment;
and binding the network address of the management sub-interface with the network address of the service sub-interface of the service board in the virtual network function routing forwarding table.
In some embodiments, the virtual service provider in the above embodiments is executed to implement the steps of:
judging whether the virtual service needs to carry out business chain arrangement or not;
if so, sequentially importing the service flows into corresponding virtual equipment according to the service processing sequence of the virtual service;
configuring a flow classification rule of the service flow through an access control list;
configuring a flow guide rule of a service flow according to the port, and binding a flow classification rule;
and binding the flow guiding rule of the service flow to the corresponding port.
In some embodiments, the virtual service provider in the above embodiments is executed to implement the steps of:
acquiring a first network address configured by a user;
calculating a second network address according to the first network address;
configuring the second network address as the network address of the routing board, and configuring the first network address as the network address of the service board;
and configuring port mapping of the first network address and the second network address, and establishing a service board management channel.
In some embodiments, the virtual service provider in the above embodiments is executed to implement the steps of:
configuring a port of a routing board into a dynamic host configuration protocol server mode, configuring a second network address into a network address of the routing board, configuring a port of a service board into a dynamic host configuration protocol client mode, and configuring a first network address into a network address of the service board;
and converting the first network address into a second network address according to the regular mapping of the port of the routing board and the port number of the transmission control protocol.
The embodiment provides a storage medium, a gateway device is provided with a routing board and a service board, a program in the gateway device realizes virtual service by deploying virtual network function application resources on the service board, and realizes a conventional routing function through the routing board, so that the integration of device functions can be realized, for example, functions such as a firewall, a WAN accelerator, an auditing system, a mail system and the like are realized by deploying virtual network function application resources on the service board, so that only the gateway device is deployed when enterprise network deployment is performed, and the device deployment and maintenance cost is reduced.
The present invention will now be further explained with reference to specific application scenarios.
The embodiment is used for providing a lightweight micro cloud gateway implementation method fusing a traditional Network device architecture and an SDN (Software Defined Network)/NFV (Network Function Virtualization) technology, and the method not only supports a traditional routing exchange Function, but also supports an X86 service board, can integrate various third party VNFs (Virtualized Network functions), provides value-added services on the basis of providing routing exchange, realizes connection and application on-demand, realizes arrangement of a comprehensive service flow, improves resource utilization efficiency, reduces enterprise investment cost, and ensures development, compatibility and easy deployment of the micro cloud gateway. The capacity of NFVO (Network Function Virtualization editor), VNFM (Virtual Network application Management), TECS (Tulip Elastic Cloud System, Tulip Cloud Management System), SDN (Software defined Network) controller, SDN editor and Network Management is integrated, thereby realizing the capacity of Virtual equipment life cycle Management, service chain forwarding path arrangement, equipment configuration distribution, VNF creation and the like, greatly simplifying the Network elements of a top-level arrangement System, greatly reducing the number of deployed Network elements, meanwhile, networking is relatively simplified, and functions such as a firewall, a WAN (Value Added Network) acceleration, an AC (Access Controller), internet behavior management and the like which are realized by special hardware in the prior art are integrated on a micro cloud gateway in a software form, so that All in a box reduces hardware cost and equipment faults; the visual self-service application of business simplifies the business opening, reduces the human cost, is convenient for management and maintenance, and improves the user experience.
In order to achieve the above object, the present embodiment provides a light-weight micro cloud gateway scheme that merges a traditional network device architecture and an SDN/NFV technical method, and the main steps include:
opening a service board management channel: the service board obtains an address and a default route through a DHCP protocol, NAT port mapping is configured on the route board, the address of the service board of the route equipment is converted into a network management address of the route board, a gateway management system can manage the route board, and the gateway management system logs in the service board through the port mapping of the route board, so that the control of the gateway management system on the service board is realized.
Virtual device/VNF management: connecting an application store to download a VNF mirror image to a local warehouse, copying the mirror image to a service board needing to be operated, and operating the creation, the stop and the like of virtual equipment by a gateway management system through a virsh command set; configuring a VRF channel of a routing board port and virtual equipment; increasing VRF NAT mapping to complete the conversion from public network address to private network address and make the outer network access the virtual equipment with the routing board public network address + port number; and adding the default two-layer forwarding VLAN of the virtual equipment to the service port so as to facilitate the forwarding of the subsequent service flow.
And (3) service chain arrangement: different service chain management is carried out according to different types of VNFs, and for the VNFs needing service chain processing, the flow is sequentially led into the virtualized physical resources to be processed according to the service processing sequence required by the user; flow classification is configured through an ACL, and the flow classification is matched according to a source port, a source IP, a destination port, a destination IP and an outgoing VLAN; and then configuring a strategy according to the port and binding flow classification, and finally binding the strategy to the port to realize VNF service flow processing.
The structural composition of the system related in the scheme is as shown in fig. 4, a plurality of service boards can be deployed on router equipment, a plurality of virtual resource devices can be virtualized on each service board, and addresses of the service boards are obtained from the router boards through DHCP; the operation of a service board, the operation of virtual equipment and the flow message of a service chain of the gateway management system are all interacted with router equipment, the equipment has the functions of pipeline and hosting, required VNF is downloaded from an application store to the upper surface of the service board to be operated, the instruction vrf of the operation of the virtual equipment is searched by a routing table and then PAT mapping is carried out to convert the routing table into corresponding virtual equipment, and the installation of the VNF and the management of the virtual equipment are completed; the SFC (Service flow Chain) determines which virtualized resource devices to enter, and meets the requirement that the installed VNF generates a corresponding function. In this embodiment, only one router device is used, and a lightweight gateway management system is combined to complete the whole CPE (Customer Premise Equipment) political-enterprise scheme, so that the number of network elements is extremely simple, the networking is extremely simple, and the network elements of the top-level arrangement system are extremely simplified.
In this embodiment, two types of VNFs, namely a virtual firewall and a virtual mail server, are taken as an example (whether destination addresses are VNFs themselves are distinguished, and different destination addresses determine different processing manners of service flows), a destination address of a virtual firewall service flow may not be a VNF itself and may not be processed by a service chain, and an implementation process is described, where an overall flow is as shown in fig. 5:
s501: and configuring a service board management channel.
The service board management channel is opened, so that the orchestration system can log in to the service board through the device IP and the mapping port to provide conditions for subsequent virtual device management, and the processing of this step is the same for different VNF types, which may be specifically divided into the following steps, as shown in fig. 6,
s601: the user appoints the service plate IP, the IP requires 30 bit mask, removes the network address and broadcast address, the remaining two addresses are distributed to the service plate and the corresponding route plate port, here, the user is required to input one of the two IPs, the other one is calculated by the arranging system;
s602: after the input in step S601, it is required to inquire whether the ip is occupied, and if the ip is occupied, the ip needs to be modified and then input;
s603: calculating another IP which is not used in the network segment according to the IP input by the user and using the IP as the IP of the port of the routing board;
s604: configuring an IP of a port of a routing board, starting a DHCP protocol at the port as a service end to enable, configuring a default route, and configuring the IP input by a user in a DHCP address pool;
s605: the port of the service board connected with the port enables a DHCP client mode, the default configuration of the configuration is preset in the configuration of the port, the port in an address pool can be obtained according to a DHCP protocol after the configuration is enabled, and after an IP address is obtained, the address of the port of the service board can be PING-passed on the routing board;
s606: the method comprises the steps of configuring CGN (Carrier-Grade NAT, address translation technology of an operator level) PAT (port address translation) port mapping, converting an X86 service board address into a routing board network management address through routing board port and TCP (Transmission Control Protocol) port number rule mapping, and finally operating the destination of a service board through a device address and a port number.
S502: and downloading the VNF mirror image and configuring a virtual equipment management channel.
The VNF mirror image is downloaded, and a virtual device management channel is configured, so that the orchestration system can manage the virtual device, and a service chain VLAN of the virtual device is set to provide conditions for subsequent service flow forwarding, where the process is shown in fig. 7.
S701: connecting a VNF application store, downloading the mirror image of the VNF to be installed to a local warehouse, downloading the mirror image of a virtual firewall and a virtual mail server in the embodiment, wherein the VNF in the application store is developed by a third party, a gateway management system provides a standard port which can be compatible, and the local warehouse has the advantage that if other equipment needs to be deployed, secondary downloading can be avoided;
s702: transmitting the images of the firewall and the mail server in the local warehouse to a service board to be operated, then generating a configuration file of Virtual equipment corresponding to the image, wherein the configuration file comprises the name of the Virtual equipment, the configuration of the Virtual equipment (cpu number, memory, hard disk size and the like), a default IP (169.15.100.101) and a default physical address, creating the Virtual equipment by using a virsh create command, and logging in by using a VNC (Virtual Network Computer) after the creation is successful;
s703: vrf (VPN routing forwarding table) configuring routing board sub-ports, where the vrf plays a role of isolating Virtual device addresses, different Virtual devices configure different vrf, configure rd (route distingguiser) and address family, configure addresses of management sub-ports of the Virtual devices, where the addresses require the same Network segment as the Virtual device addresses, and bind service sub-ports in vrf, in this embodiment, two management ports of vnf (Virtual Network Function, Virtual Network application) adopt two different sub-ports of the same physical port, a firewall 4003 and a mail server 4004 have the same Network segment as the address and vnf, configure different vrf on the two sub-ports, configure ipv4 address family, and make ip addresses of vnf visible in a private Network routing table;
s704: configuring vrf pat mapping for a virtual device IP, configuring mapping rules for the virtual device IP (the IP is set in a configuration file for creating the virtual device) and a private network port number, wherein the private network port number can be connected to an internal network manager, the virtual device can be accessed through a public network IP and the private network port number of the device, the management of the virtual device is realized, and the performance of the virtual device is obtained through a virsh command and an id number of vnf after the virtual device IP logs in a service board;
s705: configuring a two-layer forwarding VLAN of a virtual device, adding the VLAN to a service port of a routing board, wherein different virtual service devices have different VLANs, a virtual firewall in the embodiment needs two forwarding VLANs 4001 and 4002 to be in and out, 4001 is an inlet at a user side and an outlet at a WAN, 4002 is a service flow inlet at the WAN side and an outlet at the user side, a mail server needs one forwarding VLAN 4006, and VLAN numbers are automatically allocated by a service resource system to ensure that the VLAN numbers cannot be repeated;
s706: configuring vrf default route to the device gateway, so that all data streams of destination addresses are routed out from the default route, wherein the ip route vrf name 0.0.0.00.0.0.0 gateway global and the two vrf need to configure different default routes;
s707: establishing virtual equipment;
and checking the service board resource use condition, the CPU number, the hard disk and the memory use, starting a mirror image preset on the service board by using a virsh command if the residual resources meet the created requirement, and optimizing resource processing if the residual resources do not meet the condition.
After the virtual device is established, parameters such as the performance of the virtual device can be inquired through the address of the routing board and the port mapping.
S503: and arranging and issuing service chains.
The service chain refers to a combined service provided by a plurality of virtual devices according to a specific order, which can enable the service flow to pass through the chain nodes in order in a unidirectional or bidirectional way to generate specific functions, the virtual devices can be virtual physical function devices such as a firewall, wan acceleration, a virtual gateway and the like, the service flow with the destination address not being vnf can enter the service chain such as the firewall, and the service flow with the destination address being vnf can not enter the service chain such as a mail server. The arrangement content includes virtual function devices to be selected, the order arrangement of each device, the direction of the service flow passing through each virtual device, the unidirectional or bidirectional direction, and the flow guide rule, and the flow is as shown in fig. 8:
s801: selecting virtual service equipment according to functions to be realized, for example, vnf of the type of virtual firewall, wan acceleration, virtual gateway, etc. requires service chain processing to realize different functions, for example, it can be decided whether firewall filtering and acceleration processing are performed for the authority of different users, and these virtual equipment need to be created through virtual equipment management channel;
s802: setting the direction of the service flow passing through the virtual equipment, unidirectional or bidirectional according to the requirement function of different users, and implementing two-layer forwarding by the service flow passing through the VLAN of each sub-port. The firewall in this embodiment adopts a bidirectional service chain, and configures a user side and a WAN side at the same time, where a flow at the user side enters from VLAN 4001, a flow measured by the WAN enters from VLAN 4002, and different physical ports are selected in both directions;
s803: adding a flow guiding rule of a service chain, and carrying out flow guiding through a quintuple + VLAN, wherein the quintuple refers to a source port, a source IP, a destination port, a destination IP and a protocol type; the five-tuple and the VLAN can be configured with any attribute or even not, if no configuration indicates that any condition can be satisfied, the rule name in this embodiment is acpowan 001, the source IP is 5.5.5.5, the destination IP is 6.6.6.6, and the VLAN is 565, which indicates that only a data stream that meets the condition can be imported;
s804: selecting the device port through which the flow guiding rule passes, so that the flow guiding rule and the port form a binding relationship, where the port and the rule are in a many-to-many relationship, for example, the rule may be configured on a plurality of ports, and one port may also be configured with a plurality of different rules, in this embodiment, the ACL flow rule is bound by the user side adding ports gei-0/6/0/1 of the firewall;
s805: generating flow classification according to quintuple + VLAN, realizing the flow classification by using an ACL mode, wherein each rule describes a certain matching condition, screening and filtering messages according to fields in the messages, then carrying out flow classification, configuration, binding and conversion of the ACL rules, and controlling and processing flow by using a QoS technology after classification, wherein the configuration name is class-map flow classification of ACtoWAN001 and the corresponding ACL rules are bound;
s806: generating port flow behaviors, performing flow behavior configuration on a flow message, and providing different service qualities for different application requirements, wherein one flow behavior can bind a plurality of flow classifications for relevant processing, an egress port needs to be specified, namely a service port of an x86 board and a routing board, an egress VLAN of the flow classification is specified, and a service chain into which a service flow needs to enter is specified, in the embodiment, a policy-map with a name of gei-0/6/0/1 is configured, a corresponding class-map is bound, a VNF serial number 0 to pass is specified, an egress VLAN 4002 of the service flow is specified, and an egress port of the service flow is specified;
s807: binding strategy mapping on the port, configuring H-QoS function, and carrying out hierarchical scheduling on the flow; the configuration is converted into a cli command, and the cli command is issued, wherein the service-policy binding policy-map with the physical port name of gei-0/6/0/1 is configured in the embodiment, and then the generated cli command of the acl, class-map, policy-map, and service-policy is issued to the device, so that the configuration is completed.
The embodiment provides a light-weight micro cloud gateway implementation method integrating a traditional network equipment architecture and an SDN/NFV technology, the whole scheme is only based on one router equipment, the control of a service board and the operation of virtual equipment are realized in an address and port mapping mode, and the networking is simple and convenient; enterprise users select applications in the application market according to needs, can rent and buy, completely and independently customize virtual applications, and are flexible, convenient, investment-saving and maintenance-cost-reducing. The gateway management system only interacts with equipment, the virtual equipment VNF and the operation of the service chain are forwarded through the equipment, the equipment serves as a pipeline and a hosting function, the VNF developed by a third party can be flexibly loaded, the value added service is quickly realized, the scheme greatly reduces the user investment, and the method is suitable for small and medium-sized enterprises facing to government and enterprises.
In summary, the implementation of the embodiment of the present invention has at least the following advantages:
the invention provides a virtual service providing method for gateway equipment, the gateway equipment and a storage medium, wherein the gateway equipment is provided with a routing board and a service board, virtual service is realized by deploying virtual network function application resources on the service board, and a conventional routing function is realized by the routing board, so that the integration of equipment functions can be realized, for example, the functions of a firewall, a WAN accelerator, an auditing system, a mail system and the like are realized by deploying the virtual network function application resources on the service board, so that only the gateway equipment is deployed when enterprise network deployment is carried out, and the equipment deployment and maintenance cost is reduced.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above embodiments are only examples of the present invention, and are not intended to limit the present invention in any way, and any simple modification, equivalent change, combination or modification made by the technical essence of the present invention to the above embodiments still fall within the protection scope of the technical solution of the present invention.

Claims (9)

1. A virtual service providing method for a gateway device, comprising:
configuring a service board management channel for managing the service board arranged on the gateway equipment through the service board arranged on the gateway equipment;
downloading virtual network function application resources to the service board through the service board management channel;
calling a virtual network function application resource in the service board to provide virtual service;
the downloading of the virtual network function application resource to the service board includes:
downloading the mirror image file of the virtual network function application resource from an application store to a storage single board in the service board;
and selecting a corresponding virtual network function application resource from the storage single board according to the service deployment request of the virtual service, transmitting the corresponding virtual network function application resource to a function single board in the service board, and generating and configuring virtual equipment corresponding to the virtual network function application resource, wherein the virtual equipment is used for providing the virtual service.
2. The virtual service providing method according to claim 1, wherein configuring the virtual device includes:
configuring a virtual network function routing forwarding table of a routing board subinterface;
establishing a network address of the virtual equipment and port mapping of the virtual network function routing forwarding table;
configuring a two-layer forwarding virtual local area network address of the virtual equipment, and adding the two-layer forwarding virtual local area network address into a service port of the routing board;
configuring a default route of the virtual network function route forwarding table to the gateway device;
and starting the virtual network function application resource to generate the virtual equipment.
3. The virtual service providing method according to claim 2, before starting the virtual network function application resource and generating the virtual device, further comprising:
detecting the resource use state of the service board;
judging whether the residual resources meet the creation requirement of the virtual equipment or not according to the resource use state;
when the residual resources meet the creation requirement, starting the virtual network function application resources to generate the virtual equipment;
and when the residual resources do not meet the creation requirement, optimizing the resources.
4. The virtual service provisioning method of claim 2 wherein said configuring a virtual network function routing forwarding table of said routing board subinterface comprises:
configuring the virtual network function routing forwarding table for the virtual device;
configuring a routing identifier and a network address family of the virtual device in the virtual network function routing forwarding table;
configuring a network address of a management sub-interface used for receiving external management information in the virtual equipment;
and binding the network address of the management sub-interface with the network address of the service sub-interface of the service board in the virtual network function routing forwarding table.
5. The virtual service providing method according to claim 1, wherein the invoking of the virtual network function application resource in the service board, providing the virtual service comprises:
judging whether the virtual service needs to carry out business chain arrangement or not;
if so, sequentially importing the service flows into corresponding virtual equipment according to the service processing sequence of the virtual service;
configuring a flow classification rule of the service flow through an access control list;
configuring a flow guide rule of a service flow according to the port, and binding a flow classification rule;
and binding the flow guiding rule of the service flow to the corresponding port.
6. The virtual service providing method according to any one of claims 1 to 5, wherein configuring the service board management channel includes:
acquiring a first network address configured by a user;
calculating a second network address according to the first network address;
configuring the second network address as a network address of a routing board, and configuring the first network address as a network address of the service board;
and configuring port mapping of the first network address and the second network address, and establishing the service board management channel.
7. The virtual service providing method according to claim 6, wherein:
the configuring the second network address as the network address of the routing board, and the configuring the first network address as the network address of the service board comprises: configuring the port of the routing board into a dynamic host configuration protocol server mode, configuring the second network address into the network address of the routing board, configuring the port of the service board into a dynamic host configuration protocol client mode, and configuring the first network address into the network address of the service board;
the configuring the port mapping of the first network address and the second network address comprises: and converting the first network address into the second network address according to the regular mapping of the port of the routing board and the port number of the transmission control protocol.
8. A gateway device, comprising: a routing board, a traffic board, a memory, a processor and a virtual service provider stored on said memory and executable on said processor, said virtual service provider when executed by said processor implementing the steps of the virtual service providing method according to any of claims 1 to 7.
9. A computer-readable storage medium, on which a virtual service providing program is stored, which when executed by a processor implements the steps of the virtual service providing method according to any one of claims 1 to 7.
CN201710404649.3A 2017-06-01 2017-06-01 Virtual service providing method, gateway device, and storage medium Active CN108989071B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710404649.3A CN108989071B (en) 2017-06-01 2017-06-01 Virtual service providing method, gateway device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710404649.3A CN108989071B (en) 2017-06-01 2017-06-01 Virtual service providing method, gateway device, and storage medium

Publications (2)

Publication Number Publication Date
CN108989071A CN108989071A (en) 2018-12-11
CN108989071B true CN108989071B (en) 2021-04-20

Family

ID=64502615

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710404649.3A Active CN108989071B (en) 2017-06-01 2017-06-01 Virtual service providing method, gateway device, and storage medium

Country Status (1)

Country Link
CN (1) CN108989071B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110278118B (en) * 2019-07-16 2022-07-29 中国联合网络通信集团有限公司 End-to-end service quality assurance system
CN111064715B (en) * 2019-11-29 2022-05-17 北京浪潮数据技术有限公司 Method and device for arranging firewall and computer readable storage medium
WO2021138815A1 (en) * 2020-01-07 2021-07-15 刘建新 Mobile terminal management and control system and service data processing method
CN111262762B (en) * 2020-01-20 2021-08-03 烽火通信科技股份有限公司 vCPE tenant-based SFC service chain multi-WAN service realization method and system
CN111404811B (en) * 2020-03-16 2022-03-01 杭州迪普科技股份有限公司 Message forwarding method and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103607430A (en) * 2013-10-30 2014-02-26 中兴通讯股份有限公司 Network processing method and system, and network control center

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015024168A1 (en) * 2013-08-20 2015-02-26 华为技术有限公司 Method for realizing residential gateway service function and server
EP3077907B1 (en) * 2013-12-06 2019-08-14 Nokia Solutions and Networks Oy Management of network entity selection
CN105141495B (en) * 2015-08-25 2021-04-02 青岛海尔智能家电科技有限公司 Virtual device creating method and gateway device
CN106506197B (en) * 2016-10-19 2022-04-15 北京邦天信息技术有限公司 Method and device for managing core service platform

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103607430A (en) * 2013-10-30 2014-02-26 中兴通讯股份有限公司 Network processing method and system, and network control center

Also Published As

Publication number Publication date
CN108989071A (en) 2018-12-11

Similar Documents

Publication Publication Date Title
CN108989071B (en) Virtual service providing method, gateway device, and storage medium
US10547463B2 (en) Multicast helper to link virtual extensible LANs
Medhat et al. Service function chaining in next generation networks: State of the art and research challenges
US11310241B2 (en) Mirroring virtual network traffic
JP6125682B2 (en) Network control system that configures the middle box
US20190273681A1 (en) Adding multi-tenant awareness to a network packet processing device on a Software Defined Network (SDN)
CN104718723B (en) For the networking in virtual network and the frame of security service
CN107342895B (en) Multi-tenant network optimization method, system, computing device and storage medium
CN105637822B (en) For providing the system, apparatus and method of data service
EP2457159B1 (en) Dynamically migrating computer networks
CN112166579B (en) Multi-server architecture cluster providing virtualized network functionality
US9590855B2 (en) Configuration of transparent interconnection of lots of links (TRILL) protocol enabled device ports in edge virtual bridging (EVB) networks
CN110089078A (en) The method and apparatus of business transponder via dynamic coverage network is provided
Toghraee Learning OpenDaylight
US20230299992A1 (en) Enhanced endpoint multicast emulation
Oberle et al. The network aspect of infrastructure-as-a-service
Bakshi Network considerations for open source based clouds
Grønsund et al. A solution for SGi-LAN services virtualization using NFV and SDN
AU2017204765A1 (en) Network control system for configuring middleboxes
Mechtri et al. Inter-cloud networking gateway architecture
Guler Multicast Aware Virtual Network Embedding in Software Defined Networks
Aouadj et al. Composing data and control functions to ease virtual networks programmability
Borcoci Network Function Virtualization and Software Defined Networking Cooperation
Molinos et al. Designing and Prototyping of SDN Switch for Application-Driven Approach
Janovic Integrating ACI with Virtualization and Container Platforms

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant