CN110290045B - Network target range software and hardware combination model construction method under cloud architecture - Google Patents

Network target range software and hardware combination model construction method under cloud architecture Download PDF

Info

Publication number
CN110290045B
CN110290045B CN201910639169.4A CN201910639169A CN110290045B CN 110290045 B CN110290045 B CN 110290045B CN 201910639169 A CN201910639169 A CN 201910639169A CN 110290045 B CN110290045 B CN 110290045B
Authority
CN
China
Prior art keywords
network
virtual switch
virtual
int
tun
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910639169.4A
Other languages
Chinese (zh)
Other versions
CN110290045A (en
Inventor
杨亦松
魏宝
单联强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201910639169.4A priority Critical patent/CN110290045B/en
Publication of CN110290045A publication Critical patent/CN110290045A/en
Application granted granted Critical
Publication of CN110290045B publication Critical patent/CN110290045B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/4645Details on frame tagging
    • H04L12/4666Operational details on the addition or the stripping of a tag in a frame, e.g. at a provider edge node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention relates to a method for constructing a network shooting range soft-hard combination model under a cloud architecture, and relates to the technical field of information security. The VXLAN subnet is constructed based on the OpenStack cloud platform, and the virtual equipment network and the physical equipment network are isolated from each other. By establishing the central network node, the physical equipment and the virtual equipment pass through the central network node and rely on the software defined network technology to carry out information interaction, so that the software and hardware combination is realized, the network shooting range can carry out data communication with external physical equipment efficiently, and the practicability of the network shooting range is improved. The method realizes the expansion of a two-layer network in a three-layer network by depending on VXLAN technology, constructs a subnet based on VXLAN, and effectively isolates the data flooding between an external network and an internal network, thereby reducing the network flow flooding and improving the network transmission efficiency and the safety of a network target range.

Description

Network target range software and hardware combination model construction method under cloud architecture
Technical Field
The invention relates to the technical field of information security, in particular to a method for constructing a network shooting range software and hardware combined model under a cloud architecture.
Background
The network shooting range is used as an important infrastructure for coping with network security threats, network countermeasure technical equipment tests, network attack and defense tactic drills and cultivation and generation of network attack and defense countermeasures, and is applied to numerous network security departments. At present, a plurality of open source cloud computing platforms based on OpenStack are constructed for a network target range.
In practical applications of network shooting ranges, information interaction between a virtual device and a physical device inevitably exists. This information interaction process is referred to as "soft-hard combining". For example, virtual machines and information interactions with PCs, routers, firewalls, and the like. Because the network target range has the characteristics of complexity, heterogeneity, comprehensiveness and the like, the software-defined network technology is used in a single flat network to realize software and hardware combination, and the problems of low efficiency and low safety exist. Therefore, how to realize the soft and hard combination of the network shooting range efficiently and safely becomes a problem which needs to be solved urgently.
Disclosure of Invention
Technical problem to be solved
The technical problem to be solved by the invention is as follows: how to realize a method for constructing a network shooting range soft-hard combination model under a cloud architecture so as to improve the network transmission efficiency and the security of the network shooting range.
(II) technical scheme
In order to solve the technical problem, the invention provides a method for constructing a network shooting range soft-hard combined model under a cloud architecture, which comprises the following steps:
the method comprises the following steps that firstly, a cloud platform computing node is constructed to serve as a VXLAN subnet, the cloud platform computing node is used for forwarding network data according to a flow table rule in a software defined network OPENVWITCHE, and the cloud platform computing node comprises virtual equipment, a first virtual switch br-int, a first virtual switch br-tun and a DHCP server; connecting the virtual equipment to a first br-int virtual switch, wherein the first br-int virtual switch is used for dividing a VXLAN network in a host machine so as to isolate different virtual machines; the first br-tun virtual switch is used for establishing a VETH tunnel required by VXLAN network transmission, and a patch-tun port on the first virtual switch br-int is connected with a patch-int port on the first br-tun virtual switch; the DHCP server is connected with the first br-int virtual switch and used for providing IP address distribution service for the virtual equipment;
step two, a cloud platform central network node is constructed, wherein the cloud platform central network node comprises a three-layer network proxy server, a virtual router, a second br-tun virtual switch, a second br-int virtual switch and a br-provider virtual switch; the virtual router is used for realizing communication between VXLAN subnets, and different host machines realize data transmission through an overlay network; the three-layer network proxy server is used for managing the virtual router and connecting the virtual router to the second br-int virtual switch; the patch-tun port of the second br-int virtual switch is connected with the patch-int port on the second br-tun virtual switch; the int-br-provider port of the second br-int virtual switch is mutually connected with the phy-br-provider port on the br-provider virtual switch; the second br-tun virtual switch is used for establishing a VETH tunnel required by VXLAN network transmission; the br-provider virtual switch is bound with a physical network port in a cloud platform central network node and is used for realizing network data transmission with a physical environment, so that network data transmission with physical equipment is realized;
the virtual equipment and all the virtual switches are operated in a Linux operating system of the host machine.
Preferably, step one and step two are exchanged in sequence.
Preferably, step one and step two are performed simultaneously.
Preferably, three services, namely an Open vSwitch agent, a Metadata agent and a DHCP agent, are started in all nodes in the network target range soft and hard combination model.
Preferably, the cloud platform central network node also starts an L3 agent service, which is responsible for three-layer data exchange.
Preferably, the physical network and the physical device are connected through a physical switch.
Preferably, the cloud platform is an OpenStack cloud platform.
The data transmission method in the network target range soft and hard combination model constructed according to any one of the above methods is characterized in that,
the data flow process in the cloud platform computing node is as follows:
1.1 virtual device network interface (1) forwards data packet to one port (2) of Linux operation system internal security group bridge of host machine through TH tunnel;
1.2 a security group rules server (3) on the security group bridge tracks connections and sets firewalls;
1.3 another port (4) of the security group bridge forwards the data packet to the port (5) of the first br-int virtual switch connecting the virtual device through the VETH tunnel;
1.4 adding an internal VLAN ID for data by a first br-int virtual switch;
1.5 the first br-int virtual switch converts the internal VLAN ID into an internal transmission tunnel address;
1.6 the first br-int virtual switch sends data to the patch-int port (7) of the first br-tun virtual switch through the patch-tun port (6);
1.7 the first br-tun virtual switch marks the packet VXLAN packet at port (8);
1.8 underlying physical interface (9) of overlay network, sending data packet to cloud platform central network node through overlay network (10).
The invention also provides a data transmission method in the network target range soft and hard combination model constructed by the method, and the data flow direction in the cloud platform central network node is as follows:
2.1 the underlying physical interface (11) of the overlay network forwards the data packet to a second br-tun virtual switch (12);
2.2 the second br-tun virtual switch decapsulates the packet and adds an internal tunnel address thereto;
2.3 the second br-tun virtual switch translates the internal tunnel address to an internal Vlan ID;
2.4 the second br-tun virtual switch sends the data packet to the patch-tun port (14) of the second br-tun virtual switch through the patch-int port (13);
2.5 the second br-int virtual exchange internal machine network segment interface (15) receives the data packet, deletes the VLAN ID in the data packet, and then sends the data packet to the naming space where the virtual router is located, and reaches the interface (16);
2.6 the virtual router carries out SNAT conversion to the received data packet, changes the source IP address into the external network segment IP address connected with the virtual router, and sends the data to the second br-int virtual switch (18) through the external network segment interface (17);
2.7 the second br-int virtual switch adds an internal VLAN ID to the data packet;
2.8 the second br-int virtual switch sends the data packet to the phy-br-provider port (20) of the br-provider virtual switch through the int-br-provider port (19);
2.9br-provider virtual switch removes the internal VLAN ID in the data packet;
2.10br-provider virtual switch forwards data packets to the physical network interface (22) of the host through the external network interface (21);
2.11 the physical network interface (22) of the host sends the data packet to the external physical device.
Preferably, in the data transmission method, when the physical device sends data to the virtual device, only the network data flow direction is changed, and the passed virtual network device is not changed.
(III) advantageous effects
The VXLAN subnet is constructed based on the OpenStack cloud platform, and the virtual equipment network and the physical equipment network are isolated from each other. Through establishing the central network node, the physical equipment and the virtual equipment perform information interaction through the central network node by means of a software defined network technology (OPENVWITCH), so that soft and hard combination is realized, the network shooting range can perform data communication with external physical equipment efficiently, and the practicability of the network shooting range is improved. The method realizes the expansion of a two-layer network in a three-layer network by depending on VXLAN technology, constructs a subnet based on VXLAN, and effectively isolates the data flooding between an external network and an internal network, thereby reducing the network flow flooding and improving the network transmission efficiency and the safety of a network target range.
Drawings
FIG. 1 is an overall architecture diagram of a network shooting range soft and hard combination model under a cloud architecture;
FIG. 2 is a pictorial illustration of a network service configuration in a cloud platform centric network node and a cloud platform computing node;
fig. 3 is a network data flow diagram of communications between a physical device and a virtual device.
Detailed Description
In order to make the objects, contents, and advantages of the present invention clearer, the following detailed description of the embodiments of the present invention will be made in conjunction with the accompanying drawings and examples.
Fig. 1 is a general architecture diagram of a network shooting range soft and hard combination model under a cloud architecture, and the network shooting range soft and hard combination model building method under the cloud architecture provided by the invention comprises the following steps:
the method comprises the following steps that firstly, a cloud platform computing node is constructed to serve as a VXLAN subnet, the cloud platform computing node is used for forwarding network data according to a flow table rule in a software defined network OPENVWITCHE, and the cloud platform computing node comprises virtual equipment (or called as a virtual machine), a first br-int virtual switch, a first br-tun virtual switch and a DHCP server; connecting the virtual equipment to a first br-int virtual switch, wherein the first br-int virtual switch is used for dividing a VXLAN network in a host machine so as to isolate different virtual machines; the first br-tun virtual switch is used for establishing a tunnel required by VXLAN network transmission, and a patch-tun port on the first br-tun virtual switch is connected with a patch-int port on the first br-tun virtual switch; the DHCP server is connected with the first br-int virtual switch and used for providing IP address distribution service for the virtual equipment;
step two, a cloud platform central network node is constructed, wherein the cloud platform central network node comprises a three-layer network proxy server, a virtual router, a second br-tun virtual switch, a second br-int virtual switch and a br-provider virtual switch; the virtual router is used for realizing communication between VXLAN subnets, and different host machines realize data transmission through an Overlay network (Overlay network); the three-layer network proxy server is used for managing the virtual router and connecting the virtual router to the second br-int virtual switch; the patch-tun port of the second br-int virtual switch is interconnected with the patch-int port on the second br-tun virtual switch. The int-br-provider port of the second br-int virtual switch is connected with the phy-br-provider port on the br-provider virtual switch. The second br-tun virtual switch is used to establish the VETH tunnel required for VXLAN network transport. The br-provider virtual switch is bound with a physical network port in a cloud platform central network node and is used for realizing network data transmission with a physical environment, so that network data transmission with physical equipment is realized.
The virtual equipment and all the virtual switches are operated in a Linux operating system of the host machine.
The virtual switches are named according to the functions and the corresponding networks, and the ports of the virtual switches are named according to the port functions and the corresponding networks. The four ports of the patch-int, the patch-tun, the int-br-provider and the y-br-provider appear in pairs and are responsible for connecting the virtual switches in which the ports are respectively positioned with each other.
The first step and the second step can be performed in the same order or simultaneously.
Fig. 2 is a network service configuration list in a cloud platform central network node and a cloud platform computing node, which specifically includes:
(1) in fig. 2, the master node is a cloud platform central network node, and slave1, slave2 and slave3 are cloud platform computing nodes;
(2) all nodes in fig. 2 start three services, namely Open vSwitch agent, Metadata agent and DHCP agent. The cloud platform center network node master starts the L3 agent service and is responsible for three-layer data exchange.
Fig. 3 is a network data flow diagram of communication between a physical device and a virtual device, and in a network target range soft-hard combination model constructed by using the construction method, a data transmission method is as follows:
(1) the data flow process in the cloud platform computing node is as follows:
1.1 virtual device network interface 1 forwards the data packet to one port 2 of the Linux operating system internal security group network bridge of the host machine through the VELH tunnel;
1.2 a security group rule server 3 on the security group bridge tracks the connection and sets a firewall;
1.3 another port of the security group bridge, i.e. the OVS port 4 forwards the data packet to the port 5 of the first br-int virtual switch (i.e. the port 2 of the first br-int virtual switch in fig. 1) connected with the virtual device through the VETH tunnel;
1.4 adding an internal VLAN ID for data by a first br-int virtual switch;
1.5 the first br-int virtual switch converts the internal VLAN ID into an internal transmission tunnel address;
1.6 the first br-int virtual switch sends data to the patch-int port 7 of the first br-tun virtual switch through the patch-tun port 6;
1.7 the first br-tun virtual switch performs VXLAN packet marking on the data packet at port 8;
1.8 underlying physical interface 9 of overlay network, sending data packet to cloud platform central network node through overlay network 10.
(2) The data flow direction in the cloud platform central network node is as follows:
2.1 the underlying physical interface 11 of the overlay network forwards the data packet to the second br-tun virtual switch 12;
2.2 the second br-tun virtual switch decapsulates the packet and adds an internal tunnel address thereto;
2.3 the second br-tun virtual switch translates the internal tunnel address to an internal Vlan ID;
2.4 the second br-tun virtual switch sends the data packet to the patch-tun port 14 of the second br-int virtual switch through the patch-int port 13;
2.5 the second br-int virtual exchange internal machine network segment interface 15 receives the data packet, deletes the VLAN ID in the data packet, and then sends the data packet to the naming space where the virtual router is located, and reaches the interface 16;
2.6 the virtual router carries out SNAT conversion to the received data packet, changes the source IP address into the external network segment IP address connected with the virtual router, and sends the data to the second br-int virtual switch 18 through the external network segment interface 17.
2.7 the second br-int virtual switch adds an internal VLAN ID to the data packet;
2.8 the second br-int virtual switch sends the data packet to the phy-br-provider port 20 of the br-provider virtual switch through the int-br-provider port 19;
2.9br-provider virtual switch removes the internal VLAN ID in the data packet;
2.10br-provider virtual switch forwards the data packet to the host machine physical network interface 22 through the external network interface 21;
2.11 host physical network interface 22 sends data packets to external physical devices over the underlying network.
In the data transmission method, when the physical device sends data to the virtual device, only the network data flow direction is changed, and the passed virtual network device is not changed.
The invention has the beneficial effects that: the invention provides a soft and hard combination construction method of a network shooting range under a cloud architecture, so that the network shooting range can efficiently carry out data communication with external physical equipment, and the practicability of the network shooting range is improved. By establishing the central network node and establishing the sub-network based on VXLAN, the data flooding between the external network and the internal network is effectively isolated, and the safety of the network shooting range is improved.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.

Claims (9)

1. A network shooting range soft-hard combination model building method under a cloud architecture is characterized by comprising the following steps:
the method comprises the following steps that firstly, a cloud platform computing node is constructed to serve as a VXLAN subnet, the cloud platform computing node is used for forwarding network data according to a flow table rule in a software defined network OPENVWITCHE, and the cloud platform computing node comprises a virtual device, a first br-int virtual switch, a first br-tun virtual switch and a DHCP server; connecting the virtual equipment to a first br-int virtual switch, wherein the first br-int virtual switch is used for dividing a VXLAN network in a host machine so as to isolate different virtual machines; the first br-tun virtual switch is used for establishing a VETH tunnel required by VXLAN network transmission, and a patch-tun port on the first br-tun virtual switch is connected with a patch-int port on the first br-tun virtual switch; the DHCP server is connected with the first br-int virtual switch and used for providing IP address distribution service for the virtual equipment;
step two, a cloud platform central network node is constructed, wherein the cloud platform central network node comprises a three-layer network proxy server, a virtual router, a second br-tun virtual switch, a second br-int virtual switch and a br-provider virtual switch; the virtual router is used for realizing communication between VXLAN subnets, and different host machines realize data transmission through an overlay network; the three-layer network proxy server is used for managing the virtual router and connecting the virtual router to the second br-int virtual switch; the patch-tun port of the second br-int virtual switch is connected with the patch-int port on the second br-tun virtual switch; the int-br-provider port of the second br-int virtual switch is mutually connected with the phy-br-provider port on the br-provider virtual switch; the second br-tun virtual switch is used for establishing a VETH tunnel required by VXLAN network transmission; the br-provider virtual switch is bound with a physical network port in a cloud platform central network node and is used for realizing network data transmission with a physical environment, so that network data transmission with physical equipment is realized;
the virtual equipment and all the virtual switches are operated in a Linux operating system of the host machine.
2. The method of claim 1, wherein steps one and two are swapped in order.
3. The method of claim 1, wherein step one and step two are performed simultaneously.
4. The method of claim 1, wherein three services of Open vSwitch agent, Metadata agent and DHCP agent are activated in all nodes in the network target site soft and hard combination model.
5. The method of claim 1, wherein the cloud platform central network node further initiates an L3 agent service responsible for three-tier data exchange.
6. The method of any one of claims 1 to 5, wherein the cloud platform is an OpenStack cloud platform.
7. A data transmission method in a network target range soft-hard combination model constructed by the method of any one of claims 1 to 6,
the data flow process in the cloud platform computing node is as follows:
1.1 virtual device network interface (1) forwards data packet to one port (2) of Linux operation system internal security group bridge of host machine through TH tunnel;
1.2 a security group rules server (3) on the security group bridge tracks connections and sets firewalls;
1.3 another port (4) of the security group bridge forwards the data packet to the port (5) of the first br-int virtual switch connecting the virtual device through the VETH tunnel;
1.4 adding an internal VLAN ID for data by a first br-int virtual switch;
1.5 the first br-int virtual switch converts the internal VLAN ID into an internal transmission tunnel address;
1.6 the first br-int virtual switch sends data to the patch-int port (7) of the first br-tun virtual switch through the patch-tun port (6);
1.7 the first br-tun virtual switch marks the packet VXLAN packet at port (8);
1.8 underlying physical interface (9) of overlay network, sending data packet to cloud platform central network node through overlay network (10).
8. A data transmission method in the network target range soft-hard combination model constructed by the method of claim 7,
the data flow direction in the cloud platform central network node is as follows:
2.1 the underlying physical interface (11) of the overlay network forwards the data packet to a second br-tun virtual switch (12);
2.2 the second br-tun virtual switch decapsulates the packet and adds an internal tunnel address thereto;
2.3 the second br-tun virtual switch translates the internal tunnel address to an internal Vlan ID;
2.4 the second br-tun virtual switch sends the data packet to the patch-tun port (14) of the second br-tun virtual switch through the patch-int port (13);
2.5 the second br-int virtual exchange internal machine network segment interface (15) receives the data packet, deletes the VLAN ID in the data packet, and then sends the data packet to the naming space where the virtual router is located, and reaches the interface (16);
2.6 the virtual router carries out SNAT conversion to the received data packet, changes the source IP address into the external network segment IP address connected with the virtual router, and sends the data to the second br-int virtual switch (18) through the external network segment interface (17);
2.7 the second br-int virtual switch adds an internal VLAN ID to the data packet;
2.8 the second br-int virtual switch sends the data packet to the phy-br-provider port (20) of the br-provider virtual switch through the int-br-provider port (19);
2.9br-provider virtual switch removes the internal VLAN ID in the data packet;
2.10br-provider virtual switch forwards data packets to the physical network interface (22) of the host through the external network interface (21);
2.11 the physical network interface (22) of the host sends the data packet to the external physical device.
9. The method of claim 8, wherein in the data transmission method, when the physical device transmits data to the virtual device, only the network data flow direction is changed, and the virtual network device passed through is not changed.
CN201910639169.4A 2019-07-16 2019-07-16 Network target range software and hardware combination model construction method under cloud architecture Active CN110290045B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910639169.4A CN110290045B (en) 2019-07-16 2019-07-16 Network target range software and hardware combination model construction method under cloud architecture

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910639169.4A CN110290045B (en) 2019-07-16 2019-07-16 Network target range software and hardware combination model construction method under cloud architecture

Publications (2)

Publication Number Publication Date
CN110290045A CN110290045A (en) 2019-09-27
CN110290045B true CN110290045B (en) 2021-03-05

Family

ID=68023002

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910639169.4A Active CN110290045B (en) 2019-07-16 2019-07-16 Network target range software and hardware combination model construction method under cloud architecture

Country Status (1)

Country Link
CN (1) CN110290045B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111711536B (en) * 2020-06-05 2023-06-06 北京计算机技术及应用研究所 Firewall test environment construction method under cloud architecture
CN111600913B (en) * 2020-07-22 2020-11-24 南京赛宁信息技术有限公司 Self-adaptive access method and system for real equipment in attack and defense scene of network shooting range
CN111970199A (en) * 2020-08-24 2020-11-20 浪潮云信息技术股份公司 Implementation method for improving virtual machine network performance in openstack dvr mode
CN112202624B (en) * 2020-12-07 2021-03-12 南京赛宁信息技术有限公司 Real equipment fast access system and method for network target range scene arrangement
CN114039798B (en) * 2021-11-30 2023-11-03 绿盟科技集团股份有限公司 Data transmission method and device and electronic equipment
CN114422196B (en) * 2021-12-24 2022-12-02 北京永信至诚科技股份有限公司 Network target range safety management and control system and method
CN114500110B (en) * 2022-04-07 2022-08-09 南京赛宁信息技术有限公司 Network shooting range concurrent flow dynamic generation system and method
CN115225513B (en) * 2022-05-27 2024-01-30 湖南大佳数据科技有限公司 Network space actual combat training platform system and implementation method
CN114915603B (en) * 2022-07-18 2022-10-18 南京赛宁信息技术有限公司 Method and system for simulating three-layer switch based on OpenStack

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104486192A (en) * 2014-12-05 2015-04-01 国云科技股份有限公司 VLAN (Virtual Local Area Network) isolation method
CN106685787A (en) * 2017-01-03 2017-05-17 华胜信泰信息产业发展有限公司 Power VM virtualized network management method and device based on Open Stack
CN107547278A (en) * 2017-09-05 2018-01-05 郑州云海信息技术有限公司 A kind of device and method for docking OpenStack with enterprise virtual environment
CN108123818A (en) * 2016-11-30 2018-06-05 江南大学 A kind of emulation mode of the expansible fusion of actual situation network agile
CN109379239A (en) * 2018-12-25 2019-02-22 杭州迪普科技股份有限公司 The method and device of access switch is configured in a kind of OpenStack environment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10841274B2 (en) * 2016-02-08 2020-11-17 Hewlett Packard Enterprise Development Lp Federated virtual datacenter apparatus

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104486192A (en) * 2014-12-05 2015-04-01 国云科技股份有限公司 VLAN (Virtual Local Area Network) isolation method
CN108123818A (en) * 2016-11-30 2018-06-05 江南大学 A kind of emulation mode of the expansible fusion of actual situation network agile
CN106685787A (en) * 2017-01-03 2017-05-17 华胜信泰信息产业发展有限公司 Power VM virtualized network management method and device based on Open Stack
CN107547278A (en) * 2017-09-05 2018-01-05 郑州云海信息技术有限公司 A kind of device and method for docking OpenStack with enterprise virtual environment
CN109379239A (en) * 2018-12-25 2019-02-22 杭州迪普科技股份有限公司 The method and device of access switch is configured in a kind of OpenStack environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《基于openstack的网络资源管理技术研究》;李敬伟;《中国知网硕士学位论文电子期刊》;20190131;全文 *

Also Published As

Publication number Publication date
CN110290045A (en) 2019-09-27

Similar Documents

Publication Publication Date Title
CN110290045B (en) Network target range software and hardware combination model construction method under cloud architecture
CN101764709B (en) Network physical topology discovering method and network management server based on SNMP
CN108293019B (en) Flow table processing method and device
CN108574616A (en) A kind of method, equipment and the system of processing routing
KR100859529B1 (en) Virtual broadcast network for inter-domain communications
US11038834B2 (en) Selecting an external link of a plurality of external links
CN106953788B (en) virtual network controller and control method
EP3125476B1 (en) Service function chaining processing method and device
CN109474627B (en) Virtual tenant network isolation method and system based on SDN
CN112671628B (en) Business service providing method and system
EP2099180B1 (en) Switching device and method for Layer-2 forwarding of OAM frames with multicast Layer-3 addresses
CN103650424A (en) Implementation method and server of home gateway service function
CN109450905B (en) Method, device and system for transmitting data
CN112671938B (en) Business service providing method and system and remote acceleration gateway
CN101499965B (en) Method for network packet routing forwarding and address converting based on IPSec security association
CN102447703B (en) A kind of heat backup method and system, CGN equipment
CN113300871B (en) Networking method and device of simulation network
WO2019157476A1 (en) Binding osi layer 3 ip connections to osi layer 2 for mesh networks
CN114006909A (en) Method and system for point-to-point unidirectional dynamic private line connection between private cloud tenants
EP3817306B1 (en) Method, apparatus, and device for transmitting message, and storage medium
US10944665B1 (en) Auto-discovery and provisioning of IP fabric underlay networks for data centers
CN103227822A (en) Method for establishing P2P communication connection and equipment
WO2019165235A1 (en) Secure encrypted network tunnels using osi layer 2 protocol
CN114205152B (en) Method for deploying backtracking heterogeneous resources and planning optimal path
WO2018028592A1 (en) Method and device for receiving and sending messages

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant