CN109274570B - VPN construction method and device and computer readable storage medium - Google Patents
VPN construction method and device and computer readable storage medium Download PDFInfo
- Publication number
- CN109274570B CN109274570B CN201710583327.XA CN201710583327A CN109274570B CN 109274570 B CN109274570 B CN 109274570B CN 201710583327 A CN201710583327 A CN 201710583327A CN 109274570 B CN109274570 B CN 109274570B
- Authority
- CN
- China
- Prior art keywords
- vpn
- vpn gateway
- message
- gateway
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
Abstract
The invention discloses a construction method and a construction device of a VPN (virtual private network), and relates to the technical field of computer networks. The method comprises the following steps: respectively deploying VPN gateways in VPC subnets of a sending end and a receiving end as gateways of the VPC subnets; sending a message of a VM (virtual machine) of a sending end through a VPN gateway of the sending end; and receiving the message through the VPN gateway at the receiving end, and forwarding the message in the VPC subnet at the receiving end. The method and the device can reduce the complexity of networking configuration.
Description
Technical Field
The present invention relates to the field of computer network technologies, and in particular, to a method and an apparatus for constructing a VPN, and a computer-readable storage medium.
Background
A VPN (Virtual Private Network) can establish a Private Network on a public Network, thereby realizing encrypted communication. Thus, interworking and networking between a Private network environment (such as an internet data center, a branch office, etc.) and a public VPC (Virtual Private Cloud) can be achieved through the VPN.
In the prior art, the intercommunication between the opposite ends is mainly realized by an IPsec (Internet Protocol Security) VPN technology, a private line technology, a VPC network docking technology, and the like.
Disclosure of Invention
The inventors of the present invention have found that the following problems exist in the above prior art: routing needs to be configured for different devices respectively, which results in complex networking configuration. The present inventors have devised a solution to at least one of the above-mentioned problems.
The invention aims to provide a construction technical scheme of VPN.
According to an embodiment of the present invention, there is provided a VPN construction method, including: respectively deploying VPN gateways in VPC subnets of a sending end and a receiving end to serve as gateways of the VPC subnets; sending a message of a Virtual Machine (VM) of a sending end through a VPN gateway of the sending end; and receiving the message through a receiving end VPN gateway, and forwarding the message in the receiving end VPC subnet.
Optionally, according to the received network requirement, the VPN controller issues a corresponding configuration to the sending end VPN gateway and the receiving end VPN gateway to create a cloud VPN connection.
Optionally, the network requirement is issued to the VPN controller through a VPN service system.
Optionally, the network requirement includes connection requirement information of the VPN gateway at the transmitting end and subscription requirement information of the VPN service.
Optionally, logging in the VPN service system and inputting network requirements.
Optionally, network information of the tenant and the VPC subnet where the tenant is located and related information of the sending-end VPN gateway are input in the VPN service system.
Optionally, generating, by the VPN controller, an ID of an Overlay (Overlay network) tunnel according to the network requirement; and issuing corresponding interface configuration of the Overlay tunnel to the sending end VPN gateway and the receiving end VPN gateway according to the ID.
Optionally, interface configuration of the Overlay tunnel is executed, the interface of the Overlay tunnel is accessed through the sending-end VPN gateway, and the message is transmitted through the Overlay tunnel.
Optionally, the Overlay tunnel is a VXLAN (Virtual Extensible LAN) tunnel.
Optionally, VXLAN encapsulation is performed on the message, and the message is transmitted through the VXLAN.
Optionally, the VXLAN decapsulation is performed on the received message through the receiving-end VPN gateway.
Optionally, the message is transmitted to the VPN gateway of the transmitting end according to a route by the virtual router VR of the transmitting end.
Optionally, forwarding the message to the VR of the receiving end according to the route through the receiving end VPN gateway; and forwarding the message in the VPC subnet of the receiving end according to a destination IP through the VR of the receiving end.
Optionally, the VPN gateways are each configured with a public network IP.
Optionally, the VPN gateway is a light-weight software VPN gateway deployed in the VPC subnet based on a VM image.
According to another embodiment of the present invention, there is provided a VPN construction apparatus including: the VPN gateway at the transmitting end is used for transmitting the message of the VM of the VPC subnet where the VPN gateway is located; the receiving end VPN gateway is used for receiving the message and forwarding the message in the VPC subnet where the receiving end VPN gateway is located; the transmitting end VPN gateway and the receiving end VPN gateway are respectively deployed in VPC subnets of the transmitting end and the receiving end to serve as subnet gateways.
Optionally, the apparatus further comprises: and the VPN controller is used for issuing corresponding configuration to the sending end VPN gateway and the receiving end VPN gateway according to the received network requirement so as to establish cloud VPN connection.
Optionally, the apparatus further comprises: and the VPN service system is used for issuing the network requirement to the VPN controller.
Optionally, the VPN service system is further configured to enter the network requirement.
Optionally, the VPN service system is further configured to enter network information of a tenant and a VPC subnet where the tenant is located, and related information of the sending-end VPN gateway.
Optionally, the VPN controller generates an ID of an Overlay tunnel according to a network requirement, and issues corresponding interface configuration of the Overlay tunnel to the receiving end and a VPN gateway of the receiving end according to the ID.
Optionally, the network requirement includes connection requirement information of the VPN gateway at the transmitting end and a VPN service subscription requirement.
Optionally, the sending-end VPN gateway executes interface configuration of the Overlay tunnel to access the interface of the Overlay tunnel, and transmits the packet through the Overlay tunnel.
Optionally, the Overlay tunnel is a VXLAN tunnel.
Optionally, the sending-end VPN gateway performs VXLAN encapsulation on the packet, and transmits the packet through the VXLAN.
Optionally, the receiving-end VPN gateway performs VXLAN decapsulation on the received packet.
Optionally, the apparatus further comprises: and the transmitting end virtual router VR is used for transmitting the message to the transmitting end VPN gateway according to the route.
Optionally, the method further comprises: and the receiving end VR is used for receiving the message forwarded by the receiving end VPN gateway according to the route and forwarding the message in the receiving end VPC subnet according to the destination IP.
Optionally, both the sending-end VPN gateway and the receiving-end VPN gateway are configured with a public network IP.
Optionally, the sending-end VPN gateway and the receiving-end VPN gateway are light-weight software VPN gateways that are deployed in VPC subnets that the sending-end VPN gateway and the receiving-end VPN gateways belong to based on VM images.
According to still another embodiment of the present invention, there is provided a virtual private network VPN construction apparatus including: a memory and a processor coupled to the memory, the processor configured to execute the method of constructing a VPN according to any of the above embodiments based on instructions stored in the memory device.
According to still another embodiment of the present invention, there is provided a computer-readable storage medium on which a computer program is stored, the program, when executed by a processor, implementing the method of constructing a VPN according to any one of the above-described embodiments.
One advantage of the present invention is that by deploying VPN gateways inside a VPC subnet, three layers of both ends of VPN gateways and controllers are accessible; the networking configuration is intensively issued to the VPN gateway based on the controller, and the routing configuration of the equipment is not required to be carried out one by one, so that the complexity of the networking configuration is reduced.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description, serve to explain the principles of the invention.
The invention will be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 shows a flowchart of an embodiment of a VPN construction method of the present invention.
Fig. 2 shows a flowchart of another embodiment of the VPN construction method of the present invention.
Fig. 3 is a schematic diagram showing another embodiment of the VPN construction method of the present invention.
Fig. 4 is a block diagram showing an embodiment of the VPN construction apparatus of the present invention.
Fig. 5 is a block diagram showing another embodiment of the VPN construction apparatus of the present invention.
Fig. 6 is a block diagram showing still another embodiment of the VPN construction apparatus of the present invention.
Detailed Description
Various exemplary embodiments of the present invention will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Fig. 1 shows a flowchart of an embodiment of a VPN construction method of the present invention.
As shown in fig. 1, in step 120, VPN gateways are respectively deployed inside the VPC subnets of the transmitting end and the receiving end, as gateways of the VPC subnets. The IP of different VPC subnets of the same customer may vary.
In one embodiment, the VPN gateway may be deployed inside the VPC subnet based on the VM image. The VPN Gateway may be a lightweight software form VPN Gateway, such as a CGW (Central Gateway). The VM images are issued after public cloud auditing is passed, can be selected and imported by a customer when the VM is created, and comprise VPN gateway software. A user can simply and quickly establish and deploy the software VPN gateway by adopting the configured VM image.
In step 140, the message of the VM of the sender is sent through the VPN gateway of the sender. For example, the sending-end VPN gateway may send the packet according to the reachable information of the cloud VPN network (including the subnet list of each VPC subnet, the MAC address of the relevant VPN gateway, etc.) and the destination IP.
In one embodiment, the message may be transmitted to the sender-side VPN gateway through the VR on the sender-side according to the route.
In step 160, the packet is received by the receiving-end VPN gateway and forwarded inside the receiving-end VPC subnet.
In one embodiment, the message is forwarded to the VR at the receiving end according to the route through the VPN gateway at the receiving end, and then forwarded inside the VPC subnet at the receiving end according to the destination IP through the VR at the receiving end.
In the embodiment, the VPN gateway is deployed in each VPC subnet as the subnet gateway, and the equipment does not need to be individually routed one by one, so that the complexity of networking configuration is reduced.
Fig. 2 shows a flowchart of another embodiment of the VPN construction method of the present invention.
As shown in fig. 2, in step 1401, a VPN service system is logged in and a network requirement is entered. For example, the VPN service system may be a Portal, which provides a graphical login interface for a user administrator and a cloud VPN service provider administrator, implements functions such as tenant management, VPC management, CGW management, and cloud VPN service management, and supports configuration management of roles and permissions of tenants.
In one embodiment, as shown in fig. 3, a user administrator may log in to the VPN service system 32, and input network information of tenants and their VPC subnets 30 and related information of the sender VPN gateway 302; and cloud VPN service information and a real-time state can be inquired, and the bandwidth can be adjusted as required to take effect in real time.
In step 1402, the network requirement is issued to the VPN controller by the VPN service system 32. For example, the network requirements may include connection requirement information (e.g., CGW endpoint, bandwidth requirements, etc.) of the sending VPN gateway 302 and VPN traffic subscription requirement information.
In one embodiment, the VPN service system 32 may send the relevant information (such as gateway ID, MAC, IP, and VPC subnet where it is located) of the sending-end VPN gateway 302 to the VPN controller 33; the VPN controller 33 stores the relevant information and performs configuration management; the VPN controller 33 may establish a netconf connection based on the IP of the transmitting-end VPN gateway 302, send the system internal IP of the VPN controller 33 to the transmitting-end VPN gateway 302, and establish an openflow channel; the VPN controller 33 may generate the system internal IP of the transmitting-end VPN gateway 302, and issue the configuration to the transmitting-end VPN gateway 302, thereby implementing online management of the VPN controller.
In step 1403, according to the network requirement, the VPN controller 33 issues corresponding configurations to the sending end VPN gateway 302 and the receiving end VPN gateway 312 to create a cloud VPN connection. For example, each VPN gateway may be configured with public network IP, such that each VPN gateway is capable of achieving three-tier reachability with other VPN gateways and VPN controllers 33.
In an embodiment, the VPN controller 33 issues, according to the ID, interface configuration of the Overlay tunnel to the sending-end VPN gateway 302 and the receiving-end VPN gateway 312 by generating the ID of the Overlay tunnel according to the network requirement, where the Overlay tunnel may be a VXLAN tunnel; and executing interface configuration of the Overlay tunnel, accessing the interface of the Overlay tunnel through the sending-end VPN gateway 302, and transmitting the message through the Overlay tunnel.
In another embodiment, VR303 sends the message of VM301 to the sending-end VPN gateway 302 according to the route, and the sending-end VPN gateway 302 performs VXLAN encapsulation on the message of VM301 and transmits the message through VXLAN. For example, the transmitting-side VPN gateway 302 may perform packet encapsulation and transmission based on the flow table issued by the VPN controller 33. The receiving end VPN gateway 312 decapsulates the received message by VXLAN and forwards the message to the VR313 of the receiving end according to the route; the VR313 at the receiving end forwards the message inside the VPC subnet 31 at the receiving end according to the destination IP, e.g. via VR313 to VM 311.
In the embodiment, the VPN gateway in a light-weight software form replaces a VPN gateway in a hardware form, and a public network IP is configured for the VPN gateway, so that three layers of access between each VPN gateway and a VPN controller are realized; the VPN controller is used for issuing route configuration to each VPN gateway in a centralized manner, and routing configuration of each device is not required independently, so that networking complexity is reduced; the networking requirements are automatically issued to the VPN controller through the VPN service system, and the VPN controller constructs VPN tunnels in a centralized manner as required, so that automatic networking as required is realized; by adopting the overlay tunnel, the decoupling with the existing VPC service system is realized, so that the construction of the VPN channel between the multi-party heterogeneous VPC subnets is unrelated to the VPC subnet technology, and the problem of interconnection and intercommunication between heterogeneous clouds is solved.
Fig. 4 is a block diagram showing an embodiment of the VPN construction apparatus of the present invention.
As shown in fig. 4, the apparatus includes a transmitting-side VPN gateway 41 and a receiving-side VPN gateway 42.
The sending end VPN gateway 41 sends the message of the VM of the VPC subnet where it is located; receiving end VPN gateway 42 receives the message and forwards the message in VPC subnet where the receiving end VPN gateway is located; the transmitting-side VPN gateway 41 and the receiving-side VPN gateway 42 are respectively disposed inside VPC subnets of the transmitting side and the receiving side as subnet gateways. Public network IP may be configured for the transmitting-end VPN gateway 41 and the receiving-end VPN gateway 41, and the transmitting-end VPN gateway 41 and the receiving-end VPN gateway 42 may be light-weight software VPN gateways that are deployed in VPC subnets to which they belong based on VM images.
In one embodiment, as shown in fig. 5, the apparatus further includes a VPN controller 53 and a VPN service system 54. For example, VPN controller 53 and VPN service system 54 may be deployed in a data center of a VPN provider, and VPN controller 53 may interface with VPN service system 54 through a northbound interface (e.g., a Rest interface, etc.), and may interface with transmitting-side VPN gateway 41 and receiving-side VPN gateway 42 through a southbound interface (e.g., a netconf, an openflow interface, etc.), and perform data interaction.
The VPN service system 54 inputs the network requirement and issues it to the VPN controller 53. The VPN controller 53 issues corresponding configurations to the transmitting-side VPN gateway 41 and the receiving-side VPN gateway 42 according to network requirements to create a cloud VPN connection. The network requirements comprise the connection requirement information of the VPN gateway of the sending end and the order requirement of the VPN service. The VPN service system 54 may also enter network information of the tenant and its VPC subnet and related information of the sender VPN gateway 41, and issue the network information to the VPN controller 53.
In one embodiment, the VPN controller 53 generates an ID of an Overlay tunnel according to a network requirement, and issues interface configurations of the Overlay tunnel to the receiving end and the VPN gateways of the receiving end according to the ID. The sending end VPN gateway 41 performs interface configuration of the Overlay tunnel to access the interface of the Overlay tunnel, and transmits the packet through the Overlay tunnel. For example, the Overlay tunnel may be a VXLAN tunnel.
The transmitting-end VPN gateway 41 performs VXLAN encapsulation on the message and transmits the message through VXLAN. The receiving end VPN gateway 42 performs VXLAN decapsulation on the received message.
In one embodiment, the apparatus may further include a transmitting end VR55 and a receiving end VR 56.
And the transmitting end VR55 transmits the message to the VPN gateway according to the route. The receiving end VR56 receives the message forwarded by the receiving end VPN gateway 42 according to the route and forwards the message inside the receiving end VPC subnet according to the destination IP.
In the embodiment, the VPN gateway in a light-weight software form replaces a VPN gateway in a hardware form, and a public network IP is configured for the VPN gateway, so that three layers of access between each VPN gateway and a VPN controller are realized; the VPN controller is used for issuing route configuration to each VPN gateway in a centralized manner, and routing configuration of each device is not required independently, so that networking complexity is reduced; the networking requirements are automatically issued to the VPN controller through the VPN service system, and the VPN controller constructs VPN tunnels in a centralized manner as required, so that automatic networking as required is realized; by adopting the overlay tunnel, the decoupling with the existing VPC service system is realized, so that the construction of the VPN channel between the multi-party heterogeneous VPC subnets is unrelated to the VPC subnet technology, and the problem of interconnection and intercommunication between heterogeneous clouds is solved.
Fig. 6 is a block diagram showing still another embodiment of the VPN construction apparatus of the present invention.
As shown in fig. 6, the apparatus 60 of this embodiment includes: a memory 61 and a processor 62 coupled to the memory 61, wherein the processor 62 is configured to execute the VPN construction method according to any embodiment of the present invention based on the instructions stored in the memory 61.
The memory 61 may include, for example, a system memory, a fixed nonvolatile storage medium, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader (Boot Loader), a database, and other programs.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
So far, the construction method, apparatus and computer-readable storage medium of the VPN according to the present invention have been described in detail. Some details well known in the art have not been described in order to avoid obscuring the concepts of the present invention. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
The method and system of the present invention may be implemented in a number of ways. For example, the methods and systems of the present invention may be implemented in software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustrative purposes only, and the steps of the method of the present invention are not limited to the order specifically described above unless specifically indicated otherwise. Furthermore, in some embodiments, the present invention may also be embodied as a program recorded in a recording medium, the program including machine-readable instructions for implementing a method according to the present invention. Thus, the present invention also covers a recording medium storing a program for executing the method according to the present invention.
Although some specific embodiments of the present invention have been described in detail by way of illustration, it should be understood by those skilled in the art that the above illustration is only for the purpose of illustration and is not intended to limit the scope of the invention. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the invention. The scope of the invention is defined by the appended claims.
Claims (26)
1. A construction method of a Virtual Private Network (VPN) comprises the following steps:
respectively deploying VPN gateways in Virtual Private Cloud (VPC) subnets of a sending end and a receiving end to serve as gateways of the VPC subnets;
sending a message of a virtual machine VM of a sending end through a VPN gateway of the sending end;
receiving the message through a receiving end VPN gateway, and forwarding the message in the receiving end VPC subnet;
the VPN gateway is a light-weight software form VPN gateway which is deployed in the VPC subnet based on a VM mirror image;
the sending, by the sending-end VPN gateway, the message of the virtual machine VM of the sending end includes:
according to the received network requirements, the VPN controller issues corresponding configuration to the sending end VPN gateway and the receiving end VPN gateway to establish cloud VPN connection;
the step of issuing, by the VPN controller, corresponding configuration to the receiving-end VPN gateway and the receiving-end VPN gateway to create a cloud VPN connection according to the received network requirement includes:
generating an ID covering a network Overlay tunnel by the VPN controller according to the network requirement;
and issuing corresponding interface configuration of the Overlay tunnel to the sending end VPN gateway and the receiving end VPN gateway according to the ID.
2. The method of claim 1, wherein the network requirement is issued to the VPN controller via a VPN service system.
3. The construction method according to claim 1, wherein the network requirement includes the sender-side VPN gateway connection requirement information and VPN service subscription requirement information.
4. The construction method according to claim 1, wherein the sending, by the sender-side VPN gateway, the message of the virtual machine VM of the sender includes:
and logging in a VPN service system and inputting a network requirement.
5. The build method of claim 4, wherein said logging into said VPN business system comprises:
and inputting network information of the tenant and the VPC subnet where the tenant is located and related information of the VPN gateway of the sending end in the VPN service system.
6. The construction method according to claim 1, wherein the sending, by the sender-side VPN gateway, the message of the virtual machine VM of the sender includes:
and executing interface configuration of the Overlay tunnel, accessing the interface of the Overlay tunnel through the VPN gateway of the sending end, and transmitting the message through the Overlay tunnel.
7. The construction method according to claim 6, wherein the Overlay tunnel is a virtual extensible local area network (VXLAN) tunnel.
8. The method of claim 7, wherein the tunneling the packet through the Overlay comprises:
and carrying out VXLAN packaging on the message, and transmitting the message through the VXLAN.
9. The method of claim 8, wherein the receiving the message through a receiving end VPN gateway comprises:
and carrying out VXLAN decapsulation on the received message through the VPN gateway of the receiving end.
10. The construction method according to any one of claims 1 to 9,
and the message is transmitted to the VPN gateway of the transmitting end according to a route through the virtual router VR of the transmitting end.
11. The construction method according to any of claims 1-9, wherein the forwarding inside the receiving VPC subnet comprises:
forwarding the message to the VR of the receiving end according to the route through the VPN gateway of the receiving end;
and forwarding the message in the VPC subnet of the receiving end according to a destination IP through the VR of the receiving end.
12. The construction method according to any one of claims 1 to 9,
the VPN gateways are each configured with a public network IP.
13. A construction apparatus of a virtual private network VPN, comprising:
the system comprises a sending end VPN gateway, a virtual private cloud VPC subnet and a virtual machine VM gateway, wherein the sending end VPN gateway is used for sending messages of a virtual machine VM of the virtual private cloud VPC subnet where the sending end VPN gateway is located;
the receiving end VPN gateway is used for receiving the message and forwarding the message in the VPC subnet where the receiving end VPN gateway is located;
the transmitting end VPN gateway and the receiving end VPN gateway are respectively deployed in VPC subnets of a transmitting end and a receiving end to serve as subnet gateways, and the transmitting end VPN gateway and the receiving end VPN gateway are light-weight software form VPN gateways which are deployed in the VPC subnets of the transmitting end and the receiving end based on VM images;
and the VPN controller is used for issuing corresponding configuration to the sending end VPN gateway and the receiving end VPN gateway according to the received network requirement so as to establish cloud VPN connection, generating an ID (identity) covering a network Overlay tunnel according to the network requirement, and issuing corresponding interface configuration of the Overlay tunnel to the receiving end VPN gateway and the receiving end VPN gateway according to the ID.
14. The build device of claim 13, further comprising:
and the VPN service system is used for issuing the network requirement to the VPN controller.
15. The apparatus of claim 13, wherein the network requirements include the sender-side VPN gateway connection requirement information and VPN traffic subscription requirements.
16. The building apparatus of claim 14, wherein the VPN traffic system is further configured to enter the network requirements.
17. The construction apparatus according to claim 14, wherein the VPN service system is further configured to enter network information of tenants and VPC subnetworks where the tenants are located and related information of the sender VPN gateway.
18. The apparatus according to claim 13, wherein the sender VPN gateway performs interface configuration of the Overlay tunnel to access an interface of the Overlay tunnel, and transmits the packet through the Overlay tunnel.
19. The build device of claim 18, wherein the Overlay tunnel is a virtual extensible local area network (VXLAN) tunnel.
20. The building apparatus according to claim 19, wherein the sender VPN gateway performs VXLAN encapsulation on the message and transmits the message through the VXLAN.
21. The building apparatus according to claim 20, wherein the receiving-side VPN gateway de-encapsulates the received packet by VXLAN.
22. The build device of any of claims 13-21, further comprising:
and the transmitting end virtual router VR is used for transmitting the message to the transmitting end VPN gateway according to the route.
23. The build device of any of claims 13-21, further comprising:
and the receiving end VR is used for receiving the message forwarded by the receiving end VPN gateway according to the route and forwarding the message in the receiving end VPC subnet according to the destination IP.
24. The building apparatus according to any one of claims 13-21, wherein the sender-side VPN gateway and the receiver-side VPN gateway are each configured with a public network IP.
25. A construction apparatus of a virtual private network VPN, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of constructing a virtual private network VPN according to any one of claims 1-12 based on instructions stored in the memory means.
26. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of constructing a virtual private network VPN according to any one of claims 1 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710583327.XA CN109274570B (en) | 2017-07-18 | 2017-07-18 | VPN construction method and device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710583327.XA CN109274570B (en) | 2017-07-18 | 2017-07-18 | VPN construction method and device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109274570A CN109274570A (en) | 2019-01-25 |
| CN109274570B true CN109274570B (en) | 2021-04-20 |
Family
ID=65152505
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710583327.XA Active CN109274570B (en) | 2017-07-18 | 2017-07-18 | VPN construction method and device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109274570B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111510310B (en) * | 2019-01-30 | 2023-05-23 | 顺丰科技有限公司 | Network mode implementation method and device under public cloud architecture |
| CN109936629B (en) * | 2019-02-27 | 2021-09-03 | 浪潮云信息技术股份公司 | Hybrid cloud network interconnection method and system |
| CN110336730B (en) * | 2019-07-09 | 2022-01-18 | 腾讯科技(深圳)有限公司 | Network system and data transmission method |
| CN110380947B (en) * | 2019-07-23 | 2021-10-22 | 深圳市启博科创有限公司 | P2P technology-based two-level network architecture and VPN networking method |
| CN110611607B (en) * | 2019-10-08 | 2021-10-19 | 深信服科技股份有限公司 | Tunnel connection method, control device, storage medium and apparatus |
| CN113472625B (en) * | 2021-06-29 | 2022-11-25 | 中国电信股份有限公司 | Transparent bridging method, system, equipment and storage medium based on mobile internet |
| CN113726634B (en) * | 2021-08-19 | 2023-03-21 | 宏图智能物流股份有限公司 | Voice transmission system and method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102387061A (en) * | 2011-10-21 | 2012-03-21 | 华为技术有限公司 | Method, device and system for accessing VPC (virtual private cloud) to VPN (virtual private network) |
| CN104205757A (en) * | 2012-04-24 | 2014-12-10 | 思科技术公司 | Distributed virtual switch architecture for a hybrid cloud |
| CN105591873A (en) * | 2015-10-27 | 2016-05-18 | 杭州华三通信技术有限公司 | Virtual machine isolation method and device |
| CN105610675A (en) * | 2016-01-28 | 2016-05-25 | 浪潮(北京)电子信息产业有限公司 | Creating method and device of virtual VPN gateway |
| CN105721306A (en) * | 2016-02-04 | 2016-06-29 | 杭州数梦工场科技有限公司 | Configuration information transmission method and device |
| CN106487695A (en) * | 2015-08-25 | 2017-03-08 | 华为技术有限公司 | A kind of data transmission method, virtual network managing device and data transmission system |
-
2017
- 2017-07-18 CN CN201710583327.XA patent/CN109274570B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102387061A (en) * | 2011-10-21 | 2012-03-21 | 华为技术有限公司 | Method, device and system for accessing VPC (virtual private cloud) to VPN (virtual private network) |
| CN104205757A (en) * | 2012-04-24 | 2014-12-10 | 思科技术公司 | Distributed virtual switch architecture for a hybrid cloud |
| CN106487695A (en) * | 2015-08-25 | 2017-03-08 | 华为技术有限公司 | A kind of data transmission method, virtual network managing device and data transmission system |
| CN105591873A (en) * | 2015-10-27 | 2016-05-18 | 杭州华三通信技术有限公司 | Virtual machine isolation method and device |
| CN105610675A (en) * | 2016-01-28 | 2016-05-25 | 浪潮(北京)电子信息产业有限公司 | Creating method and device of virtual VPN gateway |
| CN105721306A (en) * | 2016-02-04 | 2016-06-29 | 杭州数梦工场科技有限公司 | Configuration information transmission method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109274570A (en) | 2019-01-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109274570B (en) | VPN construction method and device and computer readable storage medium | |
| US10015046B2 (en) | Methods and apparatus for a self-organized layer-2 enterprise network architecture | |
| CN107911258B (en) | SDN network-based security resource pool implementation method and system | |
| CN107959654B (en) | Data transmission method and device and mixed cloud system | |
| US9800494B2 (en) | Method and media for a tunneled wired/wireless network | |
| Lasserre et al. | Framework for data center (DC) network virtualization | |
| US9935882B2 (en) | Configuration of network elements for automated policy-based routing | |
| US10263808B2 (en) | Deployment of virtual extensible local area network | |
| US10044608B2 (en) | Virtual machine migration | |
| EP2579544A1 (en) | Methods and apparatus for a scalable network with efficient link utilization | |
| US20140230044A1 (en) | Method and Related Apparatus for Authenticating Access of Virtual Private Cloud | |
| CN110290093A (en) | The SD-WAN network architecture and network-building method, message forwarding method | |
| CN105471596A (en) | Network management method and network management device | |
| JP7095102B2 (en) | Systems and methods for creating group networks between network devices | |
| JP5679343B2 (en) | Cloud system, gateway device, communication control method, and communication control program | |
| US20190215191A1 (en) | Deployment Of Virtual Extensible Local Area Network | |
| JP2016012909A (en) | Communication device, communication method and communication system | |
| US8675669B2 (en) | Policy homomorphic network extension | |
| CN112910791B (en) | Diversion system and method thereof | |
| EP4250649A1 (en) | Packet forwarding method and apparatus, and network system | |
| CN113014559A (en) | Message processing method and device | |
| US9185155B2 (en) | Internet presence for a home network | |
| CN214799524U (en) | Flow guiding system | |
| CN112702251A (en) | Message detection method, connectivity negotiation relationship establishment method and related equipment | |
| CN112910790B (en) | Diversion system and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |