CN111031091B - Automatic adaptation method and device for cloud platform virtual diversion technology - Google Patents

Automatic adaptation method and device for cloud platform virtual diversion technology Download PDF

Info

Publication number
CN111031091B
CN111031091B CN201911043718.8A CN201911043718A CN111031091B CN 111031091 B CN111031091 B CN 111031091B CN 201911043718 A CN201911043718 A CN 201911043718A CN 111031091 B CN111031091 B CN 111031091B
Authority
CN
China
Prior art keywords
interface
virtual
diversion
network
cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911043718.8A
Other languages
Chinese (zh)
Other versions
CN111031091A (en
Inventor
肖仕刚
李松
肖新光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Antiy Technology Group Co Ltd
Original Assignee
Antiy Technology Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Antiy Technology Group Co Ltd filed Critical Antiy Technology Group Co Ltd
Priority to CN201911043718.8A priority Critical patent/CN111031091B/en
Publication of CN111031091A publication Critical patent/CN111031091A/en
Application granted granted Critical
Publication of CN111031091B publication Critical patent/CN111031091B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Automation & Control Theory (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides an automatic adaptation method, an automatic adaptation device, electronic equipment and a storage medium for a cloud platform virtual diversion technology, wherein the method comprises the following steps: collecting reported service information, and combining a pre-stored standard specification knowledge base to generate a virtual flow guide specification with preferential adaptability; aiming at the virtual flow guide specification, an interface feature knowledge base is combined, an open standard interface in a network environment is found in an active identification mode, and an interface availability evaluation report is obtained; according to the interface availability evaluation report, performing coverage analysis and processing on the existing virtual diversion scheme, outputting an adaptive cloud platform virtual diversion scheme, and outputting interface docking specifications according to the cloud platform virtual diversion scheme and a pre-stored interface feature knowledge base; and carrying out automatic adaptation of interface docking according to the interface docking specification. The method aims at the complex and various open interfaces of the cloud platform, can realize automatic adaptation and provides operation and maintenance efficiency.

Description

Automatic adaptation method and device for cloud platform virtual diversion technology
Technical Field
The invention relates to the technical field of virtual diversion, in particular to an automatic adaptation method and device of a cloud platform virtual diversion technology, electronic equipment and a storage medium.
Background
With the development of security protection technologies on clouds such as SDS (software defined security), by constructing a security resource pool, traffic of a user virtual machine and an application system is pulled to a resource pool security device for protection, which becomes a main trend of security protection of services on the cloud. The flow traction mode based on virtual diversion can be well compatible with the characteristics of dynamic scheduling, elastic expansion and the like of a cloud computing platform, is the core of a cloud security protection system, however, in the face of the problems of complex cloud computing environment, various technologies, different requirements and the like, the traditional diversion adaptation and traction mode still has many difficulties:
1. the cloud platform bottom layer virtualization technology is different from a flow scheduling mechanism
Due to factors such as environment, application, technical capability, capital and the like, virtualization technologies adopted by the bottom layer of the cloud platform are different, traffic management and scheduling mechanisms on the cloud are also different, and manufacturers with a single virtual diversion solution on the cloud cannot adapt to all cloud platform network environments well.
2. The cloud platform is different aiming at virtual flow guide specifications and has difficult interface adaptation
Aiming at the influence of the cloud platform virtual diversion standard, the method mainly comprises compliance regulations, technical limits, service requirements, authority division and the like, cloud security manufacturers need to give adaptive schemes by comprehensively considering various factors, and on one hand, the existing schemes are difficult to adapt to customer specifications; on the other hand, the adaptability change aiming at the existing scheme causes part of performance sacrifice and operation and maintenance difficulty, and the adaptability is poor.
3. The cloud platform open interface is complicated and various, and the prior art can not realize automatic adaptation
The cloud platform has various traffic scheduling modes including proxy, micro-proxy, policy routing, API, SDN and the like, and a management mode of a single virtual flow guiding technology is inconsistent with an interface opening condition, so that a single product cannot be well docked with traffic scheduling engines on various clouds, and automatic identification and automatic adaptation of interfaces cannot be realized.
Disclosure of Invention
In view of the above, the present invention provides an automatic adaptation method and apparatus for a cloud platform virtual diversion technology, an electronic device, and a storage medium, so as to solve or partially solve the above technical problems.
According to an aspect of the present invention, there is provided an automated adaptation method for a cloud platform virtual flow guide technology, the method including:
collecting reported service information, and combining a pre-stored standard specification knowledge base to generate a virtual flow guide specification with preferential adaptability;
aiming at the virtual flow guide specification, an interface feature knowledge base is combined, an open standard interface in a network environment is found in an active identification mode, and an interface availability evaluation report is obtained;
according to the interface availability evaluation report, performing coverage analysis and processing on the existing virtual diversion scheme, outputting an adaptive cloud platform virtual diversion scheme, and outputting an interface docking standard according to the cloud platform virtual diversion scheme and a pre-stored interface feature knowledge base;
carrying out automatic adaptation of interface docking according to the interface docking specification;
wherein the content of the first and second substances,
the virtual diversion specification defines a diversion scheme adapted to a user environment;
the pre-stored standard specification knowledge base records adopt a standard technology list which is required to be included by a cloud architecture, and simultaneously include the incidence relation between the standard technology specification and the virtual flow guide specification;
the interface feature knowledge base comprises an open API corresponding list;
the pre-stored interface characteristic knowledge base comprises all cloud open interface information;
the interface docking specification marks the interface and the passed parameters that should be called for the determined flow guide specification.
Optionally, the service information includes service requirements, platform virtualization technology, network control and scheduling mechanism,
wherein, the service requirements mainly comprise compliance specification, confidentiality requirement and authority division, the platform virtualization technology comprises mainstream cloud platform virtualization technical characteristics, the network virtualization technology comprises Virtio, vhost-Net, PCI Path-Through and SR-IOV, the network control and scheduling mechanism comprises cloud virtual network technology and control technology,
and/or the presence of a gas in the atmosphere,
the interfaces opened in the network environment comprise a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface and a firewall configuration interface.
Optionally, the automatic adaptation for interface docking may adopt any one or more of a cloud network device configuration management interface, a virtual machine configuration management interface, an NFV management interface, an SDN network management interface, and a cloud management platform interface.
Optionally, the traffic scheduling policy includes network topology, resource distribution analysis, network device, security device management, service chain policy knowledge base, network flow scheduling decision, and traffic scheduling instruction generation.
According to another aspect of the present invention, there is provided an automatic adaptation apparatus for a cloud platform virtual diversion technology, the apparatus including:
the information acquisition module is used for acquiring the reported service information, and combining a pre-stored standard specification knowledge base to generate a virtual flow guide specification with preferential adaptability;
an interface availability evaluation report acquisition module, configured to discover, in an active identification manner, a standard interface that is open in a network environment in accordance with the virtual diversion specification in combination with an interface feature knowledge base, and acquire an interface availability evaluation report;
the interface docking standard output module is used for performing coverage analysis and processing on the existing virtual diversion scheme according to the interface availability evaluation report, outputting an adaptive cloud platform virtual diversion scheme, and outputting an interface docking standard according to the cloud platform virtual diversion scheme and a prestored interface feature knowledge base;
the interface automatic adaptation module is used for carrying out automatic adaptation of interface docking according to the interface docking specification;
wherein the content of the first and second substances,
the virtual diversion specification defines a diversion scheme adapted to a user environment;
the pre-stored standard specification knowledge base records adopt a standard technology list which is required to be included by a cloud architecture, and simultaneously include the incidence relation between the standard technology specification and the virtual flow guide specification;
the interface feature knowledge base comprises an open API corresponding list;
the pre-stored interface characteristic knowledge base comprises all cloud open interface information;
the interface docking specification marks the interface to be called and the transferred parameters aiming at the determined flow guide specification.
Optionally, the service information includes service requirements, platform virtualization technology, network control and scheduling mechanism,
wherein, the service requirements mainly comprise compliance specifications, confidentiality requirements and authority and responsibility division, the platform virtualization technology comprises mainstream cloud platform virtualization technical characteristics, the network virtualization technology comprises Virtio, vhost-Net, PCI Path-Through and SR-IOV, the network control and scheduling mechanism comprises a cloud virtual network technology and a control technology,
and/or the presence of a gas in the atmosphere,
the open interfaces in the network environment comprise a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface and a firewall configuration interface.
Optionally, the automatic adaptation for interface docking adopts any one or more of a cloud network device configuration management interface, a virtual machine configuration management interface, an NFV management interface, an SDN network management interface, and a cloud management platform interface.
Optionally, the traffic scheduling policy includes network topology, resource distribution analysis, network device, security device management, service chain policy knowledge base, network flow scheduling decision, and traffic scheduling instruction generation.
According to still another aspect of the present invention, there is provided an electronic apparatus including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing the automatic adaptation method of the cloud platform virtual flow guide technology.
According to yet another aspect of the present invention, a computer-readable storage medium is provided, which stores one or more programs, which are executable by one or more processors to implement the foregoing automated adaptation method for cloud platform virtual flow guidance.
Drawings
Fig. 1 is a flowchart of an automated adaptation method for a cloud platform virtual diversion technology according to an embodiment of the present invention;
fig. 2 is a flowchart of a scheduling method of a cloud platform virtual diversion technology according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of collected service information;
fig. 4 is a diagram of an automatic adaptation apparatus for a cloud platform virtual diversion technology according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an embodiment of an electronic device according to the present invention.
Detailed Description
The following describes specific embodiments of an automated adaptation method, an automated adaptation device, an electronic device, and a storage medium for a cloud platform virtual diversion technology according to embodiments of the present invention with reference to drawings of the specification.
Fig. 1 is a flowchart of an automated adaptation method for a cloud platform virtual flow technology according to an embodiment of the present invention, and as shown in fig. 1, the method includes the following steps:
step S11: acquiring service information adopted by the existing environment of the cloud platform, and determining a virtual flow guide standard of the cloud platform according to the service information;
step S12: identifying an open interface in a network environment according to the cloud platform virtual flow guide specification, and obtaining an interface availability evaluation report by combining a pre-stored standard characteristic knowledge base;
step S13: according to the interface availability evaluation report, performing coverage analysis and processing on the existing virtual diversion scheme, outputting an adaptive cloud platform virtual diversion scheme, and outputting an interface docking specification according to the cloud platform virtual diversion scheme and a pre-stored interface specification knowledge base;
step S14: and carrying out automatic adaptation of interface docking according to the interface docking specification.
The method is based on various virtual diversion technologies, can automatically generate an adaptive diversion scheme according to different cloud platform technologies and mechanisms, and can automatically identify a cloud management interface and a network control interface by combining a characteristic knowledge base to realize automatic docking.
In some embodiments of the invention, the service information includes service requirements, platform virtualization technologies, network control and scheduling mechanisms,
wherein, the service requirements mainly comprise compliance specifications, confidentiality requirements and authority division, the platform virtualization technology comprises mainstream cloud platform virtualization technical characteristics, the network virtualization technology comprises Virtio, vhost-Net, PCI Path-Through, SR-IOV (Intel VT-x/VT-D, QEMU/KAM, IGB/IXGBE), the network control and scheduling mechanism comprises cloud virtual network technology and control technology,
in some embodiments of the present invention, the interfaces opened in the network environment include a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface, and a firewall configuration interface.
In some embodiments of the present invention, the automatic adaptation for interface docking may be performed by using any one or more of a cloud network device configuration management interface, a virtual machine configuration management interface, an NFV management interface, an SDN network management interface, and a cloud management platform interface.
In some embodiments of the present invention, the traffic scheduling policy includes network topology, resource distribution analysis, network device, security device management, service chaining policy knowledge base, network flow scheduling decision, and traffic scheduling instruction generation.
Fig. 2 is a flowchart of a scheduling method of a cloud platform virtual flow technology according to an embodiment of the present invention, and as shown in fig. 2, the method includes the following steps:
s21: and acquiring service information adopted by the existing environment of the cloud platform.
The virtual diversion system needs to firstly combine with a specific service environment of a client to collect service information, which mainly includes contents such as service requirements, a platform virtualization technology, a network control and scheduling mechanism, and the like, as shown in fig. 3, fig. 3 is a schematic diagram of collected service information, wherein the service requirements mainly include contents such as compliance specifications, privacy requirements, authority and responsibility division, and the like; the platform virtualization technology comprises mainstream cloud platform virtualization technical characteristics including Openstack, azuree, vmware and the like; the network virtualization technology mainly describes a cloud virtual machine network card simulation technology and comprises the technical characteristics of Virtio, vhost-Net, PCI Path-Through, SR-IOV (Intel VT-x/VT-D, QEMU/KAM, IGB/IXGBE) and the like; the network control and scheduling mechanism comprises a cloud virtual network technology and a control technology, and comprises network management schemes such as an SDN (software defined network), a policy routing scheme, a built-in API (application program interface) and the like. The collected data standard conforms to a service information characteristic parameter standard system. The data acquisition mode comprises the forms of options, numbers, labels and the like, a user can customize feature items, and format and range verification can be performed on the acquired data.
S22: and determining a cloud platform virtual diversion specification.
The method comprises the steps that a cloud platform virtualization technology, a network control and scheduling mechanism and a cloud platform flow traction standard of a user requirement adopted by a cloud computing existing environment are collected, a virtual flow guide standard of the cloud platform of the user is determined through analysis, the virtual flow guide standard defines a flow guide scheme suitable for the user environment, for example, the user should adopt a heterogeneous cloud computing framework, so that part of the flow guide scheme supports an API flow guide mode, part of the flow guide scheme supports a policy routing mode, so that the flow guide scheme needs to be dynamically adjusted, and the API and the policy routing are combined; for another example, the user adopts an API drainage mode, but a part of the virtual machines does not obtain API authorization, and an agent drainage mode needs to be adopted.
Specifically, reported service information is collected, corresponding is carried out according to a service information characteristic parameter system, the currently adopted technology is labeled, a pre-stored standard specification knowledge base is combined, a standard technology list which is required to be contained by a certain cloud architecture (such as Openstack) is recorded in the knowledge base, the association relation between the standard technology specification and the virtual diversion specification is contained, association analysis of a service characteristic index and the standard specification is realized, an association result passes through an adaptive rating function, the function calculates an index coverage ratio, the ratio of an actual characteristic index number and a standard characteristic index number is obtained, feasible standard adaptive rating is carried out, a virtual diversion specification with preferential adaptability is produced, and if the virtual diversion specification is sorted according to an adaptive numerical value, TOPN is obtained.
S23: an interface availability assessment report is obtained.
In the process, aiming at the virtual diversion specification generated in the step S22, an open standard interface in the network environment is discovered in an active identification mode by combining an interface characteristic knowledge base, wherein the open standard interface in the network environment comprises the following steps: the system comprises a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface, a firewall configuration interface and the like, and meanwhile interface availability evaluation is carried out according to the identification result to generate an interface availability evaluation report.
The interface feature knowledge base comprises an open API corresponding list; the active identification means that an API which is open to the outside of the cloud platform is actively docked, and the API validity is evaluated; the interface availability evaluation means that whether an interface is effective is evaluated through interface calling; the interface availability assessment report includes a flag whether an interface is available.
S24: and outputting the interface docking specification.
The process analyzes the coverage of the existing virtual diversion scheme according to the interface availability evaluation report generated in the step S23. The virtual diversion scheme is an ideal diversion scheme, and is generated according to user requirements and environmental conditions. The actual interface open state of a user affects the actual landing of the scheme, so that feasibility assessment needs to be performed on each flow guiding scheme according to an interface availability report, mainly for key interface availability and overall interface coverage, and meanwhile, technology extension and replacement are performed on the condition that an interface is unavailable, for example, when a policy routing cannot cover east-west traffic, a policy routing + API and other modes are adopted to perform extension on the basis of a standard scheme, wherein the standard scheme comprises policy routing, API drainage, a micro-proxy, a proxy and an SDN, a virtual flow guiding scheme adapted to the existing network environment and the interface open condition is output, and a pre-stored interface feature knowledge base is also output, wherein the pre-stored interface feature knowledge base contains all cloud open interface information including interface attributes, parameter lists and the like, and meanwhile, a standard interface docking specification is output, wherein the interface docking specification marks information and the like on which interfaces should be called and how to transfer parameters and the like for a determined flow guiding specification.
S25: automated adaptation for interface docking
According to the interface docking standard, the adaptation of the diversion interface and the installation configuration of the traction agent engine are carried out in the modes of automatic docking deployment and manual auxiliary maintenance.
The process mainly aims at the interface docking specification output in the step S24, and automatic docking adaptation with the cloud management platform is achieved. The butt joint mode mainly includes:
the method comprises the steps that a cloud network device is provided with a management interface, the management interface is adapted to mainly support a virtual diversion mode based on a strategy route, configuration of network devices such as a firewall, a switch and a router is achieved through the network device management interface, and network flow is redirected through a network node;
the virtual machine is provided with a management interface, the adaptation of the management interface mainly supports a virtual diversion mode based on a micro-agent, a virtual diversion agent software installation package is issued to the virtual machine by calling a LibVirt control interface, the automatic installation configuration is completed, and meanwhile, a scheduling control center strategy is received to realize flow traction;
the management interface is mainly adapted to support an agent-based virtual diversion mode, management and maintenance of a virtual diversion mirror image are realized by realizing butt joint with an NFV system, and flexible deployment and dynamic scheduling of diversion virtualization are realized according to requirements.
The SDN network management interface mainly supports a mode of carrying out flow guiding control based on the SDN, realizes separation of a control layer and a data layer, has the capacity of arranging a safety service chain, and realizes flow arrangement and traction by carrying out network control on a northbound interface.
The adaptive support of the management interface is mainly based on an API (application programming interface) drainage mode, a cloud platform bottom technical module provides a self-contained flow acquisition and scheduling module, programmable protocol/rule customization is supported, and flow transverse traction is realized by butting the management API.
The automatic interface docking is realized (according to interface docking specifications, parameters are organized, and an API is called), the system can be customized according to the interface API, and the change synchronization and the system stability are maintained by combining automatic identification and manual identification according to the situations of interface instability, interface change and the like.
S26: performing diversion dispatching
The flow guide scheduling mainly comprises two parts of flow monitoring and flow scheduling. The flow monitoring captures network flow by adopting a core switch bypass deployment mode, combines NetFlow session information acquisition and network layer protocol analysis, presents information such as flow direction, relation, load, content and the like, and realizes whole network flow visualization. And finally, the flow scheduling module is packaged into a safety service chain data packet through an XML format and is issued to a specified flow guide engine.
Network topology and resource distribution analysis need to master the distribution, load condition, node distribution and relationship of the whole network flow and support scheduling decision; the network device/security device management is used as a forwarding and target node of flow, and is used for managing and controlling the network device and the security device in the network; the service chain strategy knowledge base is a network node sequence required to pass through in the flow scheduling process; a network flow scheduling decision analyzes a service quantity strategy; the traffic scheduling instruction generation is to generate a traffic forwarding instruction issued to the network device.
And a flow traction strategy is issued through a flow monitoring and scheduling center, so that the unified configuration and management of a flow guide interface are realized, and the analysis and execution of a dynamic scheduling strategy are realized by combining with the safety service requirement.
S27: flow guiding engine
And according to the scheduling strategy, realizing user traffic redirection and scheduling the client traffic to the designated safety equipment.
The method comprises the following specific steps: the process mainly aims at the flow scheduling strategy issued by S26, the safety service chain information arranged by a user is expressed by a strategy analyzer through the analysis and identification of a strategy analyzer, the strategy content is XML, the safety service chain information comprises information such as a strategy executor, a data stream meeting specific attributes, a strategy execution authority and a strategy priority, a flow guide engine executes network flow redirection operation according to the safety service chain information in a mode of scheduling self modules or external equipment configuration, and the network flow is pulled to sequentially pass through a safety equipment ordered sequence corresponding to the service chain.
The application example of the scheduling method of the cloud platform virtual diversion technology provided by the invention is as follows:
in the process of carrying out virtual diversion adaptation aiming at a user cloud platform, a user inputs service requirements, a platform virtualization technology, a network virtualization technology and a network control and scheduling mechanism through an interface. The system analyzes data reported by a user and generates a virtual diversion specification by analyzing the data, actively scans and identifies a cloud platform management interface and a network control interface through a characteristic knowledge base, and outputs an adaptive diversion scheme (based on policy routing, micro-proxy, API (application program interface) diversion and SDN (software defined network) technical extension) and an interface docking specification. The system performs adaptation of the diversion interface and automatic installation and deployment of the traction agent through modes of automatic deployment, control authority docking and the like according to the diversion scheme and the interface docking specification. The user can issue the virtual diversion strategy through the flow monitoring and dispatching center to realize uniform flow configuration and management, or can select a self-adaptive mode, and the flow dispatching engine analyzes the strategy and realizes flow redirection to forward the flow to the appointed network equipment.
The invention solves the following technical problems:
1. aiming at the fact that the bottom layer virtualization technology of the cloud platform is different from a flow scheduling mechanism, the method is suitable for various cloud security technical environments.
2. Aiming at the problems of inconsistent traffic traction standards of cloud platforms and difficult interface adaptation, the virtual diversion scheme is determined by collecting the existing cloud virtualization technology, network control and scheduling mechanism and user service requirement filling, and the standard definition is analyzed and generated.
3. Aiming at the problems that the open interfaces of the cloud platform are complex and various, and the automatic adaptation cannot be realized in the prior art, the invention automatically identifies and acquires the relevant management control interface and the network control interface of the cloud platform through the knowledge base according to the virtual diversion standard, outputs the adaptive docking standard by combining the specific environment, and automatically adapts.
The invention provides a solution for the problem that a diversion scheme is difficult to fall to the ground due to the diversity of cloud platform virtual technologies, network complexity and the like, based on various virtual diversion technologies, an adaptive diversion scheme can be automatically generated according to the difference of the cloud platform technologies and mechanisms, meanwhile, a cloud management interface and a network control interface can be automatically identified by combining a characteristic knowledge base, and the organic combination of the virtual diversion platform and the cloud management platform is realized by the automatic interface identification and adaptation technologies, so that the automatic butt joint is realized. The flow of the platform can be monitored and managed in a unified mode, manual strategy issuing and hosting self-adaptation are achieved, the characteristics of dynamic scheduling and elastic expansion of the cloud platform are compatible, flow directional traction to designated safety equipment is achieved according to business requirements, operation and maintenance efficiency is improved, and operation and maintenance difficulty is reduced.
Fig. 4 is a diagram of an automatic adaptation apparatus for a cloud platform virtual flow guiding technology according to an embodiment of the present invention, as shown in fig. 4, the apparatus includes:
the information acquisition module 401 is configured to acquire service information adopted by the existing environment of the cloud platform, and determine a virtual diversion specification of the cloud platform according to the service information;
an interface availability evaluation report acquisition module 402, configured to identify an open interface in a network environment according to a cloud platform virtual diversion specification, and obtain an interface availability evaluation report by combining with a pre-stored standard feature knowledge base;
an interface docking specification output module 403, configured to perform coverage analysis and processing on an existing virtual diversion scheme according to an interface availability evaluation report, output an adaptive cloud platform virtual diversion scheme, and output an interface docking specification according to the cloud platform virtual diversion scheme and a pre-stored interface specification knowledge base;
and an interface automatic adaptation module 404, configured to perform automatic adaptation of interface docking according to the interface docking specification.
In some embodiments of the invention, the service information includes service requirements, platform virtualization technologies, network control and scheduling mechanisms,
wherein, the service requirements mainly comprise compliance specifications, privacy requirements and authority and responsibility division, the platform virtualization technology comprises mainstream cloud platform virtualization technical characteristics, the network virtualization technology comprises Virtio, vhost-Net, PCI Path-Through, SR-IOV (Intel VT-x/VT-D, QEMU/KAM, IGB/IXGBE), the network control and scheduling mechanism comprises cloud virtual network technology and control technology,
in some embodiments of the present invention, the interfaces opened in the network environment include a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface, and a firewall configuration interface.
In some embodiments of the present invention, the automatic adaptation for interface docking may be performed by using any one or more of a cloud network device configuration management interface, a virtual machine configuration management interface, an NFV management interface, an SDN network management interface, and a cloud management platform interface.
In some embodiments of the invention, the traffic scheduling policy includes network topology, resource distribution analysis, network device, security device management, service chaining policy knowledge base, network flow scheduling decision, and traffic scheduling instruction generation.
An embodiment of the present invention further provides an electronic device, fig. 5 is a schematic structural diagram of an embodiment of the electronic device of the present invention, and a flow of the embodiment shown in fig. 1-2 of the present invention may be implemented, as shown in fig. 5, where the electronic device may include: the device comprises a shell 51, a processor 52, a memory 55, a circuit board 54 and a power circuit 55, wherein the circuit board 54 is arranged inside a space enclosed by the shell 51, and the processor 52 and the memory 55 are arranged on the circuit board 54; a power supply circuit 55 for supplying power to each circuit or device of the electronic apparatus; the memory 55 is used to store executable program code; the processor 52 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 55, so as to execute the program starting method according to any one of the foregoing embodiments.
The specific execution process of the above steps by the processor 52 and the steps further executed by the processor 52 by running the executable program code may refer to the description of the embodiment shown in fig. 1-2 of the present invention, and are not described herein again.
The electronic device exists in a variety of forms, including but not limited to:
(1) A mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice, data communications. Such terminals include: smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) Ultra mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has mobile internet access characteristics. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.
(3) A portable entertainment device: such devices can display and play multimedia content. This kind of equipment includes: audio, video players (e.g., ipods), handheld game consoles, electronic books, and smart toys and portable car navigation devices.
(4) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service.
(5) And other electronic equipment with a data interaction function.
Embodiments of the present invention also provide a computer-readable storage medium storing one or more programs, which are executable by one or more processors to implement the aforementioned program startup method.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The invention has the following technical effects:
in summary, the invention provides a solution to the problem that a diversion scheme is difficult to fall to the ground due to diversity of cloud platform virtual technologies, network complexity and the like, based on various virtual diversion technologies, an adaptive diversion scheme can be automatically generated according to different cloud platform technologies and mechanisms, a cloud management interface and a network control interface can be automatically identified by combining a feature knowledge base, and organic combination of a virtual diversion platform and a cloud management platform is realized through automatic interface identification and adaptation technologies, so that automatic docking is realized. The flow of the platform can be monitored and managed in a unified mode, manual strategy issuing and hosting self-adaptation are achieved, the characteristics of dynamic scheduling and elastic expansion of the cloud platform are compatible, flow directional traction to designated safety equipment is achieved according to business requirements, operation and maintenance efficiency is improved, and operation and maintenance difficulty is reduced.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are also within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. An automatic adaptation method for a cloud platform virtual diversion technology is characterized by comprising the following steps:
collecting reported service information, combining with a prestored standard specification knowledge base, and generating a virtual flow guide specification with preferential adaptability;
aiming at the virtual diversion specification, an interface characteristic knowledge base is combined, an open standard interface in a network environment is discovered in an active identification mode, and an interface availability evaluation report is obtained;
according to the interface availability evaluation report, performing coverage analysis and processing on the existing virtual diversion scheme, outputting an adaptive cloud platform virtual diversion scheme, and outputting an interface docking standard according to the cloud platform virtual diversion scheme and a pre-stored interface feature knowledge base;
carrying out automatic adaptation of interface docking according to the interface docking specification;
wherein, the first and the second end of the pipe are connected with each other,
the virtual diversion specification defines a diversion scheme adapted to a user environment;
the pre-stored standard specification knowledge base records adopt a standard technology list which is required to be included by a cloud architecture, and simultaneously include the incidence relation between the standard technology specification and the virtual flow guide specification;
the interface feature knowledge base comprises an open API corresponding list;
the pre-stored interface characteristic knowledge base comprises all cloud open interface information;
the interface docking specification marks the interface and the passed parameters that should be called for the determined flow guide specification.
2. The method of claim 1, wherein the service information comprises service requirements, platform virtualization technologies, network control and scheduling mechanisms,
the service requirements mainly comprise compliance specifications, confidentiality requirements and authority and responsibility division, the platform virtualization technology comprises mainstream cloud platform virtualization technical characteristics, the network virtualization technology comprises Virtio, vhost-Net, PCI Path-Through and SR-IOV, and the network control and scheduling mechanism comprises a cloud virtual network technology and a control technology;
and/or the presence of a gas in the gas,
the interfaces opened in the network environment comprise a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface and a firewall configuration interface.
3. The method of claim 1, wherein the interfaces opened in the network environment comprise a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface, a firewall configuration interface.
4. The method of claim 1, wherein the automated adaptation to interface interfacing employs any one or more of a cloud network device configuration management interface, a virtual machine configuration management interface, a NFV management interface, a SDN network management interface, and a cloud management platform interface.
5. An automated adaptation apparatus of a cloud platform virtual diversion technology, the apparatus comprising:
the information acquisition module is used for acquiring the reported service information, and combining a pre-stored standard specification knowledge base to generate a virtual flow guide specification with preferential adaptability;
an interface availability evaluation report acquisition module, configured to discover, in an active identification manner, a standard interface that is open in a network environment in accordance with the virtual diversion specification in combination with an interface feature knowledge base, and acquire an interface availability evaluation report;
the interface docking standard output module is used for performing coverage analysis and processing on the existing virtual diversion scheme according to the interface availability evaluation report, outputting an adaptive cloud platform virtual diversion scheme, and outputting an interface docking standard according to the cloud platform virtual diversion scheme and a prestored interface feature knowledge base;
the interface automatic adaptation module is used for carrying out automatic adaptation of interface docking according to the interface docking specification;
wherein the content of the first and second substances,
the virtual diversion specification defines a diversion scheme adapted to a user environment;
the pre-stored standard specification knowledge base records adopt a standard technology list which is required to be included by a cloud architecture, and simultaneously include the incidence relation between the standard technology specification and the virtual flow guide specification;
the interface feature knowledge base comprises an open API corresponding list;
the pre-stored interface characteristic knowledge base comprises all cloud open interface information;
the interface docking specification marks the interface to be called and the transferred parameters aiming at the determined flow guide specification.
6. The apparatus of claim 5, wherein the service information comprises service requirements, platform virtualization technologies, network control and scheduling mechanisms,
the service requirements mainly comprise compliance specifications, confidentiality requirements and authority and responsibility division, the platform virtualization technology comprises mainstream cloud platform virtualization technical characteristics, the network virtualization technology comprises Virtio, vhost-Net, PCI Path-Through and SR-IOV, and the network control and scheduling mechanism comprises a cloud virtual network technology and a control technology;
and/or the presence of a gas in the atmosphere,
the open interfaces in the network environment comprise a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface and a firewall configuration interface.
7. The apparatus of claim 5, wherein the interfaces opened in the network environment comprise a virtual machine management interface, an NFV interface, a LibVirt virtual software management interface, a network controller interface, a firewall configuration interface.
8. The apparatus of claim 5, wherein the automated adapting for interfacing employs any one or more of a cloud network device configuration management interface, a virtual machine configuration management interface, a NFV management interface, a SDN network management interface, and a cloud management platform interface.
9. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing the automatic adaptation method of the cloud platform virtual flow guide technology of any one of the preceding claims 1 to 4.
10. A computer readable storage medium, storing one or more programs, the one or more programs being executable by one or more processors for implementing the method of any one of claims 1 to 4 for automatically adapting the virtual flow technology of the cloud platform.
CN201911043718.8A 2019-10-30 2019-10-30 Automatic adaptation method and device for cloud platform virtual diversion technology Active CN111031091B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911043718.8A CN111031091B (en) 2019-10-30 2019-10-30 Automatic adaptation method and device for cloud platform virtual diversion technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911043718.8A CN111031091B (en) 2019-10-30 2019-10-30 Automatic adaptation method and device for cloud platform virtual diversion technology

Publications (2)

Publication Number Publication Date
CN111031091A CN111031091A (en) 2020-04-17
CN111031091B true CN111031091B (en) 2022-10-21

Family

ID=70204720

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911043718.8A Active CN111031091B (en) 2019-10-30 2019-10-30 Automatic adaptation method and device for cloud platform virtual diversion technology

Country Status (1)

Country Link
CN (1) CN111031091B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973676A (en) * 2014-04-21 2014-08-06 蓝盾信息安全技术股份有限公司 Cloud computing safety protection system and method based on SDN
CN105827629A (en) * 2016-05-04 2016-08-03 王燕清 Software definition safety guiding device under cloud computing environment and implementation method thereof
CN107346259A (en) * 2017-05-10 2017-11-14 国家计算机网络与信息安全管理中心 A kind of implementation method of Dynamical Deployment security capabilities
CN108965000A (en) * 2018-07-12 2018-12-07 成都安恒信息技术有限公司 A kind of private clound SDN drainage implementation method
CN109547437A (en) * 2018-11-23 2019-03-29 北京奇安信科技有限公司 A kind of drainage processing method and processing device in secure resources pond
CN109922021A (en) * 2017-12-12 2019-06-21 中国电信股份有限公司 Security protection system and safety protecting method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10324585B2 (en) * 2015-06-04 2019-06-18 Oracle International Corporation System and method for providing completeness indicators for an integration flow in a cloud-based integration platform

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973676A (en) * 2014-04-21 2014-08-06 蓝盾信息安全技术股份有限公司 Cloud computing safety protection system and method based on SDN
CN105827629A (en) * 2016-05-04 2016-08-03 王燕清 Software definition safety guiding device under cloud computing environment and implementation method thereof
CN107346259A (en) * 2017-05-10 2017-11-14 国家计算机网络与信息安全管理中心 A kind of implementation method of Dynamical Deployment security capabilities
CN109922021A (en) * 2017-12-12 2019-06-21 中国电信股份有限公司 Security protection system and safety protecting method
CN108965000A (en) * 2018-07-12 2018-12-07 成都安恒信息技术有限公司 A kind of private clound SDN drainage implementation method
CN109547437A (en) * 2018-11-23 2019-03-29 北京奇安信科技有限公司 A kind of drainage processing method and processing device in secure resources pond

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《Network-Programmable Operational Flow Profiling》;Alexander Clemm;《 IEEE Communications Magazine》;20190719;第72-77页 *
《基于安全资源池的云安全解决方案》;乔延臣;《信息技术与标准化》;20180930(第9期);第57-62页 *

Also Published As

Publication number Publication date
CN111031091A (en) 2020-04-17

Similar Documents

Publication Publication Date Title
Pujolle Software Networks: Virtualization, SDN, 5G, and Security
US10356007B2 (en) Dynamic service orchestration within PAAS platforms
Muhammad Revolutionizing Network Control: Exploring the Landscape of Software-Defined Networking (SDN)
CN106301829B (en) A kind of method and apparatus of network service dilatation
Bernardos et al. Network virtualization research challenges
CN107222324B (en) Service configuration method and device of network service
Zhang Network Function Virtualization: Concepts and Applicability in 5G Networks
US20170337077A1 (en) End-to-End Validation of Virtual Machines
CN108257590A (en) Voice interactive method, device, electronic equipment, storage medium
CN107635027A (en) A kind of domain name analytic method, medium, device and computing device
Cerrato et al. Toward dynamic virtualized network services in telecom operator networks
CN106293765A (en) A kind of layout updates method and device
US11722371B2 (en) Utilizing unstructured data in self-organized networks
CN111026525B (en) Scheduling method and device for cloud platform virtual diversion technology
Sabella et al. Edge computing: from standard to actual infrastructure deployment and software development
CN109731334A (en) Switching method and apparatus, storage medium, the electronic device of state
CN109495309A (en) The intelligent detecting method and device of cloud platform virtual network state
CN114489701A (en) Configuration method and device of artificial intelligence software deployment environment and electronic equipment
CN111031091B (en) Automatic adaptation method and device for cloud platform virtual diversion technology
WO2012043899A1 (en) Vehicle-specific application store service system and method thereof
CN110275701A (en) Data processing method, device, medium and calculating equipment
CN115297024A (en) Performance test method and device of network security equipment and electronic equipment
CN108512688A (en) Network node configuration method and terminal
Kaur et al. Towards an open-source NFV management and orchestration framework
CN113064583A (en) Multi-level page routing skip method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road)

Applicant after: Antan Technology Group Co.,Ltd.

Address before: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Harbin, Heilongjiang Province (No. 838, Shikun Road)

Applicant before: Harbin Antian Science and Technology Group Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant