CN111147450A - Container network isolation method based on macvlan mode - Google Patents
Container network isolation method based on macvlan mode Download PDFInfo
- Publication number
- CN111147450A CN111147450A CN201911249911.7A CN201911249911A CN111147450A CN 111147450 A CN111147450 A CN 111147450A CN 201911249911 A CN201911249911 A CN 201911249911A CN 111147450 A CN111147450 A CN 111147450A
- Authority
- CN
- China
- Prior art keywords
- container
- network
- containers
- isolation
- macvlan
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a container network isolation method based on a macvlan mode, which introduces a macvlan network driving mode, and obtains namespaces corresponding to containers respectively based on the mode, so that isolation measures are set for the containers by combining real-time inlet and outlet flows of the containers, the isolation measures for the containers are realized through a kernel module TC of a host, more comprehensive network resource isolation is realized for the containers, the network isolation performance of the containers is improved, the utilization rate of network resources in a cluster is improved, the monitoring on the utilization rate of a container network is enhanced, and more convenient and rich alarm rule setting is provided for the containers.
Description
Technical Field
The invention relates to a container network isolation method based on a macvlan mode, and belongs to the technical field of containers.
Background
The container technology is a container technology, and is used for effectively dividing resources of a single operating system into isolated groups so as to better balance conflicting resource use requirements among the isolated groups, but network isolation operation in the existing container completely depends on a network mode based on construction, and the container constructed in the existing network mode cannot realize more comprehensive network resource isolation aiming at the container, and has poor actual isolation effect.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a container network isolation method based on a macvlan mode, and by introducing a macvlan network driving mode, more comprehensive network resource isolation can be realized aiming at containers, and the working efficiency of actual network isolation is improved.
The invention adopts the following technical scheme for solving the technical problems: the invention designs a container network isolation method based on a macvlan mode, which is based on a server and a client deployed on a host machine and aims at realizing network isolation for each container on the host machine, wherein a macvlan network driver is applied on the host machine to generate a virtual MAC address and a virtual IP address corresponding to each container on the host machine, and the container network isolation method comprises the following steps:
step A, a client acquires network information and host information of a host, stores the network information and the host information into a local configuration file, pushes the local configuration file to a server, and then enters step B;
b, starting a corresponding number of containers on the host according to a preset service requirement, respectively mounting local configuration files when each container is started, simultaneously registering a virtual MAC address and a virtual IP address which correspond to each container based on macvlan network driving to a server by the client, and then entering the step C;
step C, the server side issues an instruction to the client side according to the virtual MAC address and the virtual IP address respectively corresponding to each container, obtains namespace respectively corresponding to each container through the client side, and then enters step D;
d, starting threads with the number equal to that of the containers by the client, monitoring the inlet and outlet flows of the containers by the threads in a one-to-one correspondence mode, uploading the obtained inlet and outlet flows to the server in real time, and then entering the step E;
and E, the server side sets isolation measures for the containers according to the real-time inlet and outlet flow of the containers and by combining the namespaces corresponding to the containers respectively, sends the isolation measures to the client side, and the client side performs isolation operation on the containers according to the isolation measures of the containers.
As a preferred technical scheme of the invention: in the step E, the server sets flow alarm conditions for each container according to the real-time inlet/outlet flow of each container in combination with the namespaces corresponding to each container, and sends the flow alarm conditions to the client, and the client sets a container flow threshold for each container according to the flow alarm conditions of each container, so as to prevent overflow of flow usage.
As a preferred technical scheme of the invention: in the step E, the server side sets isolation measures aiming at the containers respectively according to the real-time inlet and outlet flow of the containers and by combining the namespaces corresponding to the containers respectively, and sends the isolation measures to the client side; the client sets a flow in-out queue for each container through a kernel module TC according to an isolation measure from a server side, creates a port restriction strategy of the flow in-out queue, sets the flow of the port restriction strategy as the configured flow in the isolation measure, and applies the port restriction strategy to the corresponding port flow of the container, thereby realizing the network isolation of the container.
As a preferred technical scheme of the invention: the network information in the step A comprises an IP address and network card performance parameters.
As a preferred technical scheme of the invention: the host information in the step A comprises CPU core number, memory capacity and disk capacity information.
As a preferred technical scheme of the invention: the namespace corresponding to the container comprises Cgroup root of the process, interprocess communication, network, file system mount point, process ID, user and group and host name domain name.
As a preferred technical scheme of the invention: in the step D, the server side collects and displays the real-time inlet and outlet flows of the containers while acquiring the real-time inlet and outlet flows of the containers.
Compared with the prior art, the container network isolation method based on the macvlan mode has the following technical effects:
the container network isolation method based on the macvlan mode introduces the macvlan network driving mode, and obtains the namespaces corresponding to the containers respectively based on the mode, so that the isolation measures are set for the containers by combining the real-time inlet and outlet flows of the containers, the isolation measures for the containers are realized through the kernel module TC of the host, more comprehensive network resource isolation is realized for the containers, the network isolation performance of the containers is improved, the utilization rate of network resources in a cluster is improved, the monitoring on the container network utilization rate is enhanced, and more convenient and rich alarm rule setting is provided for the containers.
Drawings
Fig. 1 is a schematic architecture diagram of a container network isolation method based on a macvlan model according to the present invention.
Detailed Description
The following description will explain embodiments of the present invention in further detail with reference to the accompanying drawings.
The macvlan is a network card virtualization technology, which can virtualize a physical network card into a plurality of virtual network cards, and in Docker, the macvlan is one of numerous network models of Docker, is a network model across hosts, and has been used as a default enable of a network driver.
On a machine driven by a macvlan network, a virtual macvlan-type main interface is generated on a physical network card interface of a host by default, and then a container started on the host generates a separate sub-interface connection on the main interface, and the generated sub-interfaces have completely independent MAC addresses and IP addresses and share one broadcast domain. Through different sub-interfaces, the macvlan can judge which virtual sub-interface the packet needs to be handed to according to the destination MAC address of the received packet, and the virtual sub-interface then hands the packet to an upper protocol stack for processing.
macvlan supports four modes of communication: private, vepa (virtual ethernet portal gregator) mode, bridge mode, and passhru mode. The most widely applicable aspect is bridge mode, in which the MAC address of each subinterface is known, and the subinterfaces can communicate directly.
The invention designs a container network isolation method based on a macvlan mode, which is based on a server and a client deployed on a host machine and realizes network isolation for each container on the host machine, wherein a macvlan network driver is applied on the host machine to generate a virtual MAC address and a virtual IP address corresponding to each container on the host machine, and in practical application, as shown in FIG. 1, the container network isolation method comprises the following steps.
And step A, the client acquires the network information and the host information of the host, stores the network information and the host information into a local configuration file, pushes the local configuration file to the server, and then enters step B.
In practical application, the network information includes IP address and network card performance parameter; the host information includes CPU core number, memory capacity, and disk capacity information.
And step B, starting a corresponding number of containers on the host machine according to the preset service requirement, respectively mounting local configuration files when each container is started, simultaneously registering the virtual MAC address and the virtual IP address which respectively correspond to each container based on the macvlan network drive to the server by the client, and then entering the step C.
And C, the server side issues an instruction to the client side according to the virtual MAC address and the virtual IP address respectively corresponding to each container, obtains the namespace respectively corresponding to each container through the client side, and then enters the step D.
In practical application, in the step C, the server issues an instruction to the client, for example, according to the following example code, and the client obtains namespaces corresponding to the containers.
NAMESPACE=$(ls -1 /var/run/docker/netns/)
NAMESPACE_FILE=$(docker inspect -f "{{.NetworkSettings.SandboxKey}}" $NAMESPACE 2>/dev/null)
IFINDEX=$(nsenter --net=${NAMESPACE_FILE} $@)
if [[ -z $IFINDEX]]; then
for namespace in $($DOCKER_NETNS_SCRIPT); do
$DOCKER_NETNS_SCRIPT $namespace ip -c -o link
done
else
for namespace in $($DOCKER_NETNS_SCRIPT); do
if $DOCKER_NETNS_SCRIPT $namespace ip -c -o link | grep -Pq "^$IFINDEX: "; then
$DOCKER_NETNS_SCRIPT $namespace ip -c -o link | grep -P "^$IFINDEX: ";
fi
done
fi
And D, starting threads with the number equal to that of the containers by the client, monitoring the inlet and outlet flows of the containers by the threads in a one-to-one correspondence mode, uploading the obtained inlet and outlet flows to the server in real time, and then entering the step E.
And E, the server side sets isolation measures for the containers according to the real-time inlet and outlet flow of the containers and by combining the namespaces corresponding to the containers respectively, sends the isolation measures to the client side, and the client side performs isolation operation on the containers according to the isolation measures of the containers. The isolation measures here are, for example, a continuous 5 minute flow at the outlet of the vessel exceeding 30MB/s, a temporary limit of the flow at the outlet of the vessel being set to 20MB/s for a duration of 1 minute.
In practical application, regarding the isolation measures in step E, two types are used in practical application, one of which is that the server end sets flow alarm conditions for each container according to real-time inlet and outlet flows of each container in combination with namespaces respectively corresponding to each container, and sends the flow alarm conditions to the client end, and the client end sets a container flow threshold value for each container according to the flow alarm conditions of each container, so as to prevent overflow of flow usage.
Secondly, the server side sets isolation measures aiming at each container according to the real-time inlet and outlet flow of each container and by combining the namespaces corresponding to each container respectively, and sends the isolation measures to the client side; the client sets a flow in-out queue for each container through a kernel module TC (traffic control tool in Linux) according to isolation measures from the server, the kernel module TC (so as to control namespace network resources of the container), creates a port restriction strategy for the flow in-out queue, sets the flow of the port restriction strategy as the flow size configured in the isolation measures, and applies the port restriction strategy to the corresponding port flow of the container, thereby realizing network isolation of the container.
In practical applications of the two cases, such as designing an entrance restriction policy or an exit restriction policy, the implementation is specifically performed according to the following codes.
# create htb queue, unclassified egress traffic defaults to sub-classification 10
ip netns exec ns2 tc qdisc add dev veth2 root handle 1: htb default 10
Creates a root classification strategy to ensure that the sum of the root classification and the sub-classification thereof has 50mbit bandwidth and burst flow is 5MB
ip netns exec ns2 tc class add dev veth2 parent 1: classid 1:1 htb rate50mbit ceil 50mbit burst 5m
Creating a sub-classification strategy to ensure that the sub-classification 10 has 10mbit bandwidth and 1MB burst flow
ip netns exec ns2 tc class add dev veth2 parent 1:1 classid 1:10 htbrate 10mbit ceil 10mbit burst 1m
Creates a sub-classification strategy to ensure that the sub-classification 11 has 20MB bandwidth and burst flow is 4MB
ip netns exec ns2 tc class add dev veth2 parent 1:1 classid 1:11 htbrate 20mbit ceil 20mbit burst 4m
# create Filter, destination IP 172.16.10.1 Container Outlet traffic leave sort policy 11
ip netns exec ns2 tc filter add dev veth2 protocol ip parent 1:0 prio 1u32 match ip dst 172.16.10.1 flowid 1:11
# start iperf server side
ip netns exec ns2 iperf -s -i 1 -w 416k
After the alarm rule or the isolation measure is finished aiming at the container, the flow rate limit is automatically recovered, the server end is informed that the isolation measure is closed, and the server end sends a recovery notice to the user.
According to the container network isolation method based on the macvlan mode, the macvlan network driving mode is introduced, and based on the mode, the namespaces corresponding to the containers are obtained, so that the real-time inlet and outlet flows of the containers are combined, isolation measures are set for the containers, the isolation measures for the containers are realized through the kernel module TC of the host, more comprehensive network resource isolation is realized for the containers, the network isolation performance of the containers is improved, the utilization rate of network resources in a cluster is improved, monitoring of the container network utilization rate is enhanced, and more convenient and rich alarm rule setting is provided for the containers.
The embodiments of the present invention have been described in detail with reference to the drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.
Claims (7)
1. A container network isolation method based on a macvlan mode is characterized in that: based on a server and a client deployed on a host, network isolation is realized for each container on the host, wherein a macvlan network driver is applied on the host to generate a virtual MAC address and a virtual IP address corresponding to each container on the host, and the container network isolation method comprises the following steps:
step A, a client acquires network information and host information of a host, stores the network information and the host information into a local configuration file, pushes the local configuration file to a server, and then enters step B;
b, starting a corresponding number of containers on the host according to a preset service requirement, respectively mounting local configuration files when each container is started, simultaneously registering a virtual MAC address and a virtual IP address which correspond to each container based on macvlan network driving to a server by the client, and then entering the step C;
step C, the server side issues an instruction to the client side according to the virtual MAC address and the virtual IP address respectively corresponding to each container, obtains namespace respectively corresponding to each container through the client side, and then enters step D;
d, starting threads with the number equal to that of the containers by the client, monitoring the inlet and outlet flows of the containers by the threads in a one-to-one correspondence mode, uploading the obtained inlet and outlet flows to the server in real time, and then entering the step E;
and E, the server side sets isolation measures for the containers according to the real-time inlet and outlet flow of the containers and by combining the namespaces corresponding to the containers respectively, sends the isolation measures to the client side, and the client side performs isolation operation on the containers according to the isolation measures of the containers.
2. The container network isolation method based on macvlan mode as claimed in claim 1, wherein: in one embodiment, in the step E, the server sets a flow alarm condition for each container according to the real-time ingress/egress flow of each container in combination with the namespace corresponding to each container, and sends the flow alarm condition to the client, and the client sets a container flow threshold for each container according to the flow alarm condition of each container, so as to prevent overflow of flow usage.
3. The container network isolation method based on macvlan mode as claimed in claim 1, wherein: in one embodiment, in the step E, the server sets isolation measures for each container according to the real-time inlet/outlet flow of each container and in combination with namespaces corresponding to each container, and sends the isolation measures to the client; the client sets a flow in-out queue for each container through a kernel module TC according to an isolation measure from a server side, creates a port restriction strategy of the flow in-out queue, sets the flow of the port restriction strategy as the configured flow in the isolation measure, and applies the port restriction strategy to the corresponding port flow of the container, thereby realizing the network isolation of the container.
4. The container network isolation method based on macvlan mode as claimed in claim 1, wherein: in one embodiment, the network information in step a includes an IP address and a network card performance parameter.
5. The container network isolation method based on macvlan mode as claimed in claim 1, wherein: in one embodiment, the host information in step a includes CPU core number, memory capacity, and disk capacity information.
6. The container network isolation method based on macvlan mode as claimed in claim 1, wherein: in one embodiment, the namespace corresponding to the container includes Cgroup root of the process, interprocess communication, network, file system mount point, process ID, user and group, hostname domain name.
7. The container network isolation method based on macvlan mode as claimed in claim 1, wherein: in an embodiment, in the step D, the server side collects and displays the real-time import/export traffic of each container while obtaining the real-time import/export traffic of each container.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911249911.7A CN111147450B (en) | 2019-12-09 | 2019-12-09 | Container network isolation method based on macvlan mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911249911.7A CN111147450B (en) | 2019-12-09 | 2019-12-09 | Container network isolation method based on macvlan mode |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111147450A true CN111147450A (en) | 2020-05-12 |
| CN111147450B CN111147450B (en) | 2022-07-08 |
Family
ID=70517793
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911249911.7A Active CN111147450B (en) | 2019-12-09 | 2019-12-09 | Container network isolation method based on macvlan mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111147450B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112104597A (en) * | 2020-07-23 | 2020-12-18 | 广西电网有限责任公司电力科学研究院 | Terminal data isolation method and device for one-end multi-network environment |
| CN114615109A (en) * | 2020-11-23 | 2022-06-10 | 北京达佳互联信息技术有限公司 | Container network creating method and device, electronic equipment and storage medium |
| CN114629744A (en) * | 2022-01-25 | 2022-06-14 | 浙江大华技术股份有限公司 | Data access method, system and related device based on macvlan host computer network |
| CN114629844A (en) * | 2022-02-28 | 2022-06-14 | 浙江大华技术股份有限公司 | Message forwarding method and device and electronic equipment |
| CN115189948A (en) * | 2022-07-11 | 2022-10-14 | 北京志凌海纳科技有限公司 | Method and system for realizing container network plug-in CaaS platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108616419A (en) * | 2018-03-30 | 2018-10-02 | 武汉虹旭信息技术有限责任公司 | A kind of packet capture analysis system and its method based on Docker |
| US20190081955A1 (en) * | 2017-09-08 | 2019-03-14 | Verizon Patent And Licensing Inc. | Isolating containers on a host |
| CN109561108A (en) * | 2019-01-07 | 2019-04-02 | 中国人民解放军国防科技大学 | Policy-based container network resource isolation control method |
| CN110266679A (en) * | 2019-06-14 | 2019-09-20 | 腾讯科技(成都)有限公司 | Capacitor network partition method and device |
-
2019
- 2019-12-09 CN CN201911249911.7A patent/CN111147450B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190081955A1 (en) * | 2017-09-08 | 2019-03-14 | Verizon Patent And Licensing Inc. | Isolating containers on a host |
| CN108616419A (en) * | 2018-03-30 | 2018-10-02 | 武汉虹旭信息技术有限责任公司 | A kind of packet capture analysis system and its method based on Docker |
| CN109561108A (en) * | 2019-01-07 | 2019-04-02 | 中国人民解放军国防科技大学 | Policy-based container network resource isolation control method |
| CN110266679A (en) * | 2019-06-14 | 2019-09-20 | 腾讯科技(成都)有限公司 | Capacitor network partition method and device |
Non-Patent Citations (2)
| Title |
|---|
| 冯明振: "基于macvlan的Docker容器网络系统的设计与实现", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 * |
| 王宝生等: "面向大规模容器集群的网络控制技术", 《国防科技大学学报》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112104597A (en) * | 2020-07-23 | 2020-12-18 | 广西电网有限责任公司电力科学研究院 | Terminal data isolation method and device for one-end multi-network environment |
| CN114615109A (en) * | 2020-11-23 | 2022-06-10 | 北京达佳互联信息技术有限公司 | Container network creating method and device, electronic equipment and storage medium |
| CN114615109B (en) * | 2020-11-23 | 2024-03-01 | 北京达佳互联信息技术有限公司 | Container network creation method, device, electronic equipment and storage medium |
| CN114629744A (en) * | 2022-01-25 | 2022-06-14 | 浙江大华技术股份有限公司 | Data access method, system and related device based on macvlan host computer network |
| CN114629744B (en) * | 2022-01-25 | 2024-01-16 | 浙江大华技术股份有限公司 | Data access method, system and related device based on macvlan host network |
| CN114629844A (en) * | 2022-02-28 | 2022-06-14 | 浙江大华技术股份有限公司 | Message forwarding method and device and electronic equipment |
| CN114629844B (en) * | 2022-02-28 | 2024-04-05 | 浙江大华技术股份有限公司 | Message forwarding method and device and electronic equipment |
| CN115189948A (en) * | 2022-07-11 | 2022-10-14 | 北京志凌海纳科技有限公司 | Method and system for realizing container network plug-in CaaS platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111147450B (en) | 2022-07-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111147450B (en) | Container network isolation method based on macvlan mode | |
| CN109561108B (en) | Policy-based container network resource isolation control method | |
| EP2845350B1 (en) | Method and apparatus for providing tenant information for network flows | |
| US7782869B1 (en) | Network traffic control for virtual device interfaces | |
| EP3048764B1 (en) | Method and system for implementing 802.1p-supporting openvswitch switch | |
| US9426095B2 (en) | Apparatus and method of switching packets between virtual ports | |
| US20110035494A1 (en) | Network virtualization for a virtualized server data center environment | |
| EP2204948B1 (en) | Apparatus, system and method for managing subscription requests for configuring a network interface component | |
| WO2014063463A1 (en) | Method, device and physical host for managing physical network card | |
| US20150113114A1 (en) | Network interface adapter registration method, driver, and server | |
| CN103379010A (en) | Virtual network achieving method and system | |
| US8413143B2 (en) | Dynamic network adapter queue pair allocation | |
| CN104158764B (en) | Message processing method and device | |
| CN114024880B (en) | Network target range probe acquisition method and system based on proxy IP and flow table | |
| WO2014086193A1 (en) | Data flow affinity for heterogenous virtual machines | |
| Tripathi et al. | Crossbow: from hardware virtualized nics to virtualized networks | |
| CN103260190B (en) | Based on the method for auditing safely of LTE long evolving system network | |
| CN105847179B (en) | The method and device that Data Concurrent reports in a kind of DPI system | |
| CN103248700A (en) | Method for limiting speeds of internal and external networks of virtual machine on cloud platform in different levels | |
| JP2017507374A (en) | Network service processing method and network service processing apparatus | |
| CN113595905A (en) | Distributed routing method, device, equipment and storage medium | |
| EP2624519A1 (en) | Method and apparatus for network dialing | |
| KR101343595B1 (en) | Method for forwarding path virtualization for router | |
| CN103873338A (en) | Method for realizing network virtualization by utilizing binding and VLANs (Virtual Local Area Networks) | |
| TW200913573A (en) | Method, apparatus, and computer program product for implementing bandwidth capping at logical port level for shared ethernet port |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 211100 floor 5, block a, China Merchants high speed rail Plaza project, No. 9, Jiangnan Road, Jiangning District, Nanjing, Jiangsu (South Station area) Applicant after: JIANGSU AIJIA HOUSEHOLD PRODUCTS Co.,Ltd. Address before: 211100 No. 18 Zhilan Road, Science Park, Jiangning District, Nanjing City, Jiangsu Province Applicant before: JIANGSU AIJIA HOUSEHOLD PRODUCTS Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |