CN111262771B - Virtual private cloud communication system, system configuration method and controller - Google Patents
Virtual private cloud communication system, system configuration method and controller Download PDFInfo
- Publication number
- CN111262771B CN111262771B CN201811463985.6A CN201811463985A CN111262771B CN 111262771 B CN111262771 B CN 111262771B CN 201811463985 A CN201811463985 A CN 201811463985A CN 111262771 B CN111262771 B CN 111262771B
- Authority
- CN
- China
- Prior art keywords
- configuration information
- vpc
- resource
- switch
- isolation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006854 communication Effects 0.000 title claims abstract description 77
- 238000004891 communication Methods 0.000 title claims abstract description 76
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000002955 isolation Methods 0.000 claims description 82
- 238000012217 deletion Methods 0.000 claims description 21
- 230000037430 deletion Effects 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 11
- 238000011161 development Methods 0.000 abstract description 7
- 238000007726 management method Methods 0.000 description 26
- 238000012545 processing Methods 0.000 description 14
- 206010047289 Ventricular extrasystoles Diseases 0.000 description 11
- 238000005129 volume perturbation calorimetry Methods 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 5
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000005641 tunneling Effects 0.000 description 3
- PDICCECAPKBDBB-UHFFFAOYSA-N Thelephoric acid Chemical compound O1C2=CC(O)=C(O)C=C2C(C2=O)=C1C(=O)C1=C2OC2=C1C=C(O)C(O)=C2 PDICCECAPKBDBB-UHFFFAOYSA-N 0.000 description 2
- UMJFGLNAUQKBET-UHFFFAOYSA-N [2,4,5-triacetyloxy-3,6-bis(4-hydroxyphenyl)phenyl] acetate Chemical compound CC(=O)OC=1C(OC(C)=O)=C(C=2C=CC(O)=CC=2)C(OC(=O)C)=C(OC(C)=O)C=1C1=CC=C(O)C=C1 UMJFGLNAUQKBET-UHFFFAOYSA-N 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004064 recycling Methods 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a virtual private cloud communication system, a system configuration method and a controller, wherein the system comprises at least one Virtual Machine (VM) and a system gateway in communication connection with each VM; at least one physical machine PM and a switch communicatively connected to each PM; the system gateway is in communication connection with the switch; the system gateway and the switch are used for enabling communication between the VM and the PM which belong to the same virtual private cloud VPC based on preset configuration information. In the method, a physical machine area formed by a PM accesses a network through a switch, and a virtual machine area formed by a VM is connected with the switch corresponding to the physical machine area through a system gateway, so that connection between the PM of the physical machine area and the VM of the virtual machine area is established, and communication between the VM and the PM is realized; therefore, the communication connection established based on the gateway in the application is not limited by the upper limit value of the VLAN ID number, and the current service development requirement is met.
Description
Technical Field
The present application relates to the field of virtual private cloud technologies, and in particular, to a virtual private cloud communication system, a system configuration method, and a controller.
Background
Virtual Private Cloud (VPC) is a dynamically configured pool of public Cloud computing resources that requires the use of encryption protocols, tunneling protocols, and other security procedures to transport data between a Private enterprise and a Cloud service provider.
The VPC system is realized by using a tunnel or other similar network protocols, resources on the cloud are cut according to the granularity of tenants, and then the supply capacity of on-demand distribution is provided for different users, and meanwhile, the VPC system has high flexibility, isolation and safety. In the current Virtual private cloud, most of the computing resources provided by a cloud computing provider are delivered to users as Virtual Machines (VMs), and the implementation scheme is to abstract and divide an original physical Machine (VM host) into finer-grained individuals and place the individual individuals in VPCs divided by tenants by using virtualization technologies of each resource such as a CPU (Central Processing Unit), a Memory (Memory), a Disk (Disk), and the like.
The scheme can introduce the problem of the contention of each virtual resource to the original resource (such as CPU scheduling, I/O reading and writing and network bandwidth) of the physical machine when a plurality of VMs are virtualized on the physical machine. If one physical machine only virtualizes one VM, the performance of each aspect is improved compared with the VM, but the introduction of the virtualization technology still cannot achieve the original performance advantages of a pure physical machine, and cannot exert the overall resource performance to the maximum; moreover, due to the recent rise of artificial intelligence industry, the demand for a Graphics Processing Unit (GPU) is very large, and the gains brought by the resource virtualization of the GPU are not obvious.
Based on the above situation, at this time, GPU-consuming tasks such as image, sound, and video processing may be distributed to a Physical Machine (PM) for processing, and some control processing programs may be placed in the VM, and the PM and the VM perform balanced resource allocation.
At this time, communication in tenants and separation between tenants are particularly important in an ultra-large scale cloud environment, communication processing and isolation are performed by using a Virtual Local Area Network (VLAN), but because VLAN IDs (Virtual Local Area Network identification numbers) have number limitation, when VPCs to be built exceed an upper limit value of the number of VLAN IDs, more VPCs cannot be built. Therefore, in the field of cloud computing services, for a cloud computing provider, because the number of tenants is very large, the number of corresponding VPCs to be built is far greater than the upper limit value of the number of VLAN IDs, and therefore, a method for isolating tenants by using a VLAN ID in the prior art cannot meet the application environment of cloud computing.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a virtual private cloud communication system, a system configuration method, and a controller, so that communication connection established based on a gateway is not limited to an upper limit value of the number of VLAN IDs, and the number of VMs and PMs allocated to a user can be increased with the increase of users, thereby forming a large-scale cloud environment together and meeting current business development requirements.
In a first aspect, an embodiment of the present application provides a virtual private cloud communication system, including:
at least one virtual machine VM and communicatively coupled to each of the VMs;
at least one physical machine PM and a switch communicatively connected to each of the PMs;
the system gateway is in communication connection with the switch;
the system gateway and the switch are used for enabling communication between the VM and the PM which belong to the same virtual private cloud VPC based on preset configuration information.
With reference to the first aspect, an embodiment of the present application provides a first possible implementation manner of the first aspect, where the configuration information includes an isolation tag corresponding to the VPC;
the configuration information also comprises a forwarding table item of the resource included by the corresponding VPC;
the resources include: VM and/or PM.
With reference to the first aspect, an embodiment of the present application provides a second possible implementation manner of the first aspect, where the apparatus further includes a controller;
the controller is respectively in communication connection with the system gateway and the switch;
the controller is used for respectively carrying out information configuration on the system gateway and the switch, generating configuration information and respectively sending the configuration information to the system gateway and the switch.
With reference to the second possible implementation manner of the first aspect, an embodiment of the present application provides a third possible implementation manner of the first aspect, wherein the controller is further configured to:
generating an isolation tag corresponding to each Virtual Private Cloud (VPC) based on the VPC;
acquiring IP addresses of resources belonging to the same virtual private cloud VPC; the resources include VMs and/or PMs;
establishing a forwarding table item based on the IP address of the resource;
and generating configuration information corresponding to the VPC according to the forwarding table entry and the isolation label.
In combination with the third possible implementation manner of the first aspect, this application example provides a fourth possible implementation manner of the first aspect, where the controller is further configured to,
establishing a forwarding table entry for the VM based on the IP address of the VM, and/or
And establishing a forwarding table entry of the PM based on the IP address of the PM.
With reference to the second possible implementation manner of the first aspect, an embodiment of the present application provides a fifth possible implementation manner of the first aspect, wherein the controller is further configured to manage resources in the virtual private cloud VPC based on the configuration information; the resources include VMs and/or PMs; the management comprises the following steps: adding resources and/or deleting resources.
With reference to the fifth possible implementation manner of the first aspect, this application provides a sixth possible implementation manner of the first aspect, wherein the controller is further configured to:
receiving a management operation request for a resource in the VPC; the management operation request comprises an isolation label corresponding to a VPC to be managed;
and modifying configuration information corresponding to the VPC to be managed in the system gateway and the switch according to the isolation tag.
With reference to the sixth possible implementation manner of the first aspect, an embodiment of the present application provides a seventh possible implementation manner of the first aspect, wherein the controller is further configured to:
based on the resource increasing request, increasing a forwarding table entry corresponding to the resource IP address; and/or
Deleting a forwarding table entry corresponding to the resource IP address based on the resource partial deletion request; and/or
And deleting the configuration information corresponding to the VPC to be managed based on the resource all deletion request.
With reference to the first possible implementation manner of the first aspect, an embodiment of the present application provides an eighth possible implementation manner of the first aspect, where the system gateway is configured to:
receiving a first message of the VM; the first message comprises an isolation tag;
finding configuration information corresponding to the isolation label based on the isolation label in the first message, and forwarding the first message to a corresponding switch based on the found configuration information;
the system gateway is further configured to:
receiving a second message of the switch; wherein the second message comprises an isolation tag;
and finding the configuration information corresponding to the isolation label based on the isolation label in the second message, and forwarding the second message to a target VM based on the found configuration information.
With reference to the first possible implementation manner of the first aspect, an embodiment of the present application provides a ninth possible implementation manner of the first aspect, where the switch is configured to:
receiving a third message of the PM; the third message comprises an isolation tag;
finding configuration information corresponding to the isolation label based on the isolation label in the third message, and forwarding the third message to a corresponding system gateway based on the found configuration information;
the switch is further configured to:
receiving a fourth message of the system gateway; wherein the fourth packet includes an isolation label;
and finding configuration information corresponding to the isolation label based on the isolation label in the fourth message, and forwarding the fourth message to a target PM based on the found configuration information. The corresponding configuration information.
With reference to the first aspect and any one of its possible implementation manners, an embodiment of the present application provides a tenth possible implementation manner of the first aspect, where the system gateway is implemented by running corresponding software in a server.
In a second aspect, an embodiment of the present application further provides a system configuration method for a virtual private cloud communication system, which is applied to a controller in a system of the virtual private cloud communication system according to the first aspect and any possible implementation manner thereof, where the controller is in communication connection with the system gateway and the switch, respectively, and the method includes:
respectively carrying out information configuration on the system gateway and the switch to generate configuration information;
respectively sending the configuration information to the system gateway and the switch;
wherein the configuration information comprises an isolation tag corresponding to the VPC; the configuration information also comprises a forwarding table item of the resource included by the corresponding VPC; the resources include: VM and/or PM.
With reference to the second aspect, an embodiment of the present application provides a first possible implementation manner of the second aspect, where the step of generating configuration information includes:
generating an isolation tag corresponding to each Virtual Private Cloud (VPC) based on the VPC;
acquiring IP addresses of resources belonging to the same virtual private cloud VPC; the resources include VMs and/or PMs;
establishing a forwarding table item based on the IP address of the resource;
and generating configuration information corresponding to the VPC according to the forwarding table entry and the isolation label.
With reference to the first possible implementation manner of the second aspect, an embodiment of the present application provides a second possible implementation manner of the second aspect, where the step of establishing a forwarding table entry based on the IP address of the resource includes:
establishing a forwarding table entry for the VM based on the IP address of the VM, and/or
And establishing a forwarding table entry of the PM based on the IP address of the PM.
With reference to the second aspect, an embodiment of the present application provides a third possible implementation manner of the second aspect, where the method further includes:
managing resources within the Virtual Private Cloud (VPC) based on the configuration information; the resources include VMs and/or PMs; the management comprises the following steps: adding resources and/or deleting resources.
With reference to the third possible implementation manner of the second aspect, the present application provides a fourth possible implementation manner of the second aspect, where the method further includes:
receiving a management operation request for a resource in the VPC; the management operation request comprises an isolation label corresponding to a VPC to be managed;
and modifying configuration information corresponding to the VPC to be managed in the system gateway and the switch according to the isolation tag.
With reference to the fourth possible implementation manner of the second aspect, an embodiment of the present application provides a fifth possible implementation manner of the second aspect, where the management operation request includes one or more of a resource addition request, a resource partial deletion request, and a resource complete deletion request, and the method further includes:
based on the resource increasing request, increasing a forwarding table entry corresponding to the resource IP address; and/or
Deleting a forwarding table entry corresponding to the resource IP address based on the resource partial deletion request; and/or
And deleting the configuration information corresponding to the VPC to be managed based on the resource all deletion request.
In a third aspect, an embodiment of the present application further provides a controller, which includes a memory and a processor, where the memory stores a computer program that is executable on the processor, and the processor executes the computer program to implement the method described in the first aspect and any possible implementation manner thereof.
In a fourth aspect, the present application further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the method described above.
The embodiment of the application brings the following beneficial effects:
in an embodiment provided by the application, the virtual private cloud communication system comprises at least one virtual machine VM and a system gateway in communication connection with each VM; at least one physical machine PM and a switch communicatively connected to each PM; the system gateway is in communication connection with the switch; the system gateway and the switch are used for enabling communication between the VM and the PM which belong to the same virtual private cloud VPC based on preset configuration information. In the method, a physical machine area formed by a PM accesses a network through a switch, and a virtual machine area formed by a VM is connected with the switch corresponding to the physical machine area through a system gateway, so that connection between the PM of the physical machine area and the VM of the virtual machine area is established, and communication between the VM and the PM is realized; therefore, the communication connection established based on the gateway in the application is not limited by the upper limit value of the number of VLAN IDs, the number of VMs and PMs distributed to users can be increased along with the increase of the users, a large-scale cloud environment is formed, and the current business development requirement is met.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the detailed description of the present application or the technical solutions in the prior art, the drawings needed to be used in the detailed description of the present application or the prior art description will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic structural diagram of a virtual private cloud communication system according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of another virtual private cloud communication system provided in an embodiment of the present application;
fig. 3 is a communication connection diagram of a virtual private cloud communication system according to an embodiment of the present disclosure;
fig. 4 is a schematic flowchart of a system configuration method according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a controller according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions of the present application will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
At present, in the existing scheme, communication processing and isolation are performed by using a VLAN, but due to the number limitation of VLAN IDs and the limitation of a hardware structure of a switch, a VM and a PM allocated to a user cannot form a large-scale cloud environment, and thus, the current service development requirements cannot be met in the face of more and more users. Based on this, according to the virtual private cloud communication system, the system configuration method, and the controller provided in the embodiments of the present application, the communication connection between the VM and the PM is established based on the gateway, and there is no need to be limited by the upper limit value of the VLAN ID number, and the number of the VM and the PM allocated to the user can be increased with the increase of the user, so that a large-scale cloud environment is formed together, and the current service development requirement is satisfied
For the convenience of understanding the present embodiment, a detailed description is first given of a virtual private cloud communication system disclosed in the present embodiment.
Fig. 1 shows a schematic structural diagram of a virtual private cloud communication system provided in an embodiment of the present application. As shown in fig. 1, the virtual private cloud communication system includes at least one virtual machine VM 10 and a system gateway 12 communicatively connected to each VM; at least one physical machine PM 13 and a switch 14 communicatively connected to each PM; the system gateway is in communication connection with the switch, and the system gateway and the switch are used for enabling communication between the VM 10 and the PM 13 in the same virtual private cloud VPC based on preset configuration information.
The switch 12 is a three-layer switch that supports tunneling protocols for subsequent data transmission through the tunnel. The VM is created on a physical machine, implementing resource virtualization, which may be, but is not limited to, for storing control handlers. The PM (host machine where the non-VM is located) may be, but is not limited to, used to store GPU-consuming task information such as image, sound, video processing, and the like. And data exchange can be carried out between the virtual machine area formed by the VM corresponding to the same user and the physical machine area formed by the PM.
In a possible embodiment, the system gateway described above is implemented by running the corresponding software in a server (e.g., an X86 server). Since the virtual private cloud communication system may correspond to thousands of users, the system gateway is implemented by an X86 server cluster to form a system gateway cluster.
It should be noted that the specific number of VMs, PMs, system gateways, and switches is only exemplary in fig. 1, according to the actual situation.
In the method, a physical machine area formed by a PM accesses a network through a switch, and a virtual machine area formed by a VM is connected with the switch corresponding to the physical machine area through a system gateway, so that connection between the PM of the physical machine area and the VM of the virtual machine area is established, and communication between the VM and the PM is realized; therefore, the communication connection established based on the gateway in the application is not limited by the upper limit value of the number of VLAN IDs, the number of VMs and PMs distributed to users can be increased along with the increase of the users, a large-scale cloud environment is formed, and the current business development requirement is met.
Considering that different users may have an overlapping problem with the IP configured for the resources (including VMs and/or PMs) in their VPCs, after receiving a resource creation request from a user, a logical operation is performed to allocate isolation labels according to different VPCs of different users, so as to distinguish VMs and PMs in different VPCs from each other, so that the different VPCs are isolated from each other without mutual interference. Based on this, the configuration information includes an isolation tag corresponding to the VPC; in addition, the configuration information further includes a forwarding table entry of the resource included in the corresponding VPC, so that the system gateway and the switch can implement communication between the VM and the PM of the same VPC based on the forwarding table entry and the isolation tag.
For example: the IP of VM-A, PM-A of user A is 10.0.1.2/24 and 10.0.1.3/24, respectively, with the label being 100, and the IP of VM-B, PM-B of user B is also 10.0.1.2/24 and 10.0.1.3/24, with the label being 200. When the VMs of two users are correspondingly connected with the same host machine in the virtual machine area and the PMs of the two users are correspondingly connected with the same switch, the VMs-A, the PM-A, VM-B and the PM-B need to pass through the same host machine when communicating with each other, and then reach the same switch through the system gateway. In the two communication paths, the system gateway and the switch are shared in the communication process, and if the isolation technology is not adopted, path conflict may occur when the VMs and the PMs of the user a and the user B communicate with each other, so that communication abnormality may be caused.
Aiming at the problems, the isolation label is distributed to the VPC of each user, and then the isolation label and the forwarding table entries corresponding to the PM and the VM are simultaneously issued to each system gateway and each switch. When the VMs of the subsequent user a and the user B communicate with their respective PMs at the same time, the isolation of the communication path may be performed in a manner that the isolation tag is encapsulated in the forwarding table entry.
The virtual private cloud communication system is improved based on the virtual private cloud communication system shown in fig. 1 of the above embodiment, and referring to fig. 2, the present application further provides another virtual private cloud communication system, which further includes a controller 20, where the controller is communicatively connected to the system gateway and the switch, respectively, and performs information configuration on the system gateway and the switch, generates configuration information, and sends the configuration information to the system gateway and the switch, respectively, so as to facilitate subsequent data transmission.
In a possible embodiment, the controller is connected to a host where the VM is located and an out-of-band management system corresponding to the PM, and performs resource configuration and information configuration through the host and the out-of-band management system according to a user requirement, and obtains configuration information, where the specific process is as follows:
(a1) a resource creation request of a user is received.
For example, the user may directly call a corresponding API (Application Programming Interface) through a user terminal (which may be a mobile terminal or a computer), or call a corresponding API through a World Wide WEB (World Wide WEB) console. And filling corresponding requirement information such as the type of a required CPU, the size of a memory, the requirement of a network card and the like according to actual requirements, thereby generating a resource creation request and sending the resource creation request to the controller.
(a2) And allocating resources for the user according to the resource creation request, wherein the resources form the VPC of the user.
Wherein the resources of the VPC include VMs and/or PMs, i.e., the VMs and/or PMs constitute the VPC of the customer.
After receiving the resource creation request, performing logic calculation, determining required resources, and distributing available resources in a resource pool (hosts and PMs) through a management unit of the hosts and an out-of-band management system. If the resources meeting the requirements are determined, performing configuration operation, and allocating a corresponding quantity of VMs and/or PMs, wherein the VMs and/or PMs form the VPC corresponding to the user; if the resource which meets the requirement does not exist, the information such as insufficient resource information and the like is returned to the client.
(a3) And generating an isolation label corresponding to each virtual private cloud VPC based on the VPC.
Wherein, the isolation tag can be composed of corresponding numbers, letters and/or special symbols.
(a4) And acquiring the IP addresses of the resources belonging to the same virtual private cloud VPC.
Wherein, the resource comprises VM and/or PM, and the IP address comprises the IP address of the VM and the IP address of the PM.
Specifically, in the configuration process of the user terminal, the network segment where the PM and the VM are located may be customized. For example, by calling the corresponding API, the VM and PM in the VPC are IP configured and corresponding IP information is sent to the controller.
When a VM is communicatively coupled to a system gateway, the VM may automatically obtain its corresponding IP. When a PM communicates with the system gateway through a switch, the PM may also automatically obtain its corresponding IP. Specifically, the IP Configuration may be implemented by a Dynamic Host Configuration Protocol (DHCP) server in the system gateway, and when the VM and the PM are powered on, the VM and the PM interact with the DHCP server as a DHCP client, so as to obtain a corresponding IP.
(a5) And establishing a forwarding table item based on the IP address of the resource.
The process of establishing the forwarding table entry specifically includes: and establishing a forwarding table item of the VM based on the IP address of the VM, and/or establishing a forwarding table item of the PM based on the IP address of the PM.
Therefore, the corresponding forwarding table entry can be established, and data transmission can be directly carried out subsequently according to the forwarding table entry.
(a6) And generating configuration information corresponding to the VPC according to the forwarding table entry and the isolation label.
After obtaining the isolation label of the VPC of the user, and the forwarding table entry of the VM and/or the forwarding table entry of the PM in the VPC, configuration information is generated (the configuration information includes the forwarding table entry of the VM and/or the forwarding table entry of the PM, and information of the isolation label). After the controller generates the configuration information, the controller configures the configuration information to the system gateway and the switch so as to be used in data transmission (i.e. data packet forwarding).
In order to meet the diversified requirements of users, facilitate the control and management of VPCs by users, and improve user experience, in a possible embodiment, the controller is further configured to manage resources in the VPCs based on the configuration information. The management includes: adding resources and/or deleting resources. That is, the user can add or delete the VM or PM in the VPC through the controller.
In a specific implementation process, the controller is further configured to: (1) receiving a management operation request for resources in a VPC; the management operation request comprises an isolation label corresponding to a VPC to be managed; (2) and modifying the configuration information corresponding to the VPC to be managed in the system gateway and the switch according to the isolation label.
By modifying the configuration information, the resources in the VPC can be managed, and if the VPC resources need to be expanded, the configuration information corresponding to the expanded resources can be added to the system gateway and the switch, so that the expanded VM and BM can communicate with each other at a later stage.
In a possible embodiment, the management operation request may include, but is not limited to, a resource addition request, a resource partial deletion request, and a resource full deletion request. Based on the above, the controller is further configured to add a forwarding entry corresponding to the resource IP address based on the resource addition request; and/or deleting the forwarding table entry corresponding to the resource IP address based on the resource partial deletion request; and/or deleting the configuration information corresponding to the VPC to be managed based on the resource all deletion request.
For example, the specific processing procedure of the controller for the resource addition request includes:
(b1) and receiving a resource increasing request for the resources in the VPC, which is sent by a user.
Wherein the resource increasing request comprises an isolation tag corresponding to the VPC to be added.
For example, the user may directly call the corresponding API through a user terminal (which may be a mobile terminal or a computer), or call the corresponding API by logging in a WEB console. Through this API, a VM or PM to which VPC is added is selected.
(b2) And increasing the forwarding table entry corresponding to the resource IP address based on the resource increasing request.
That is, after adding resources (VM and/or PM) in the VPC to be added, a forwarding entry is established for the corresponding VM and/or PM, and the forwarding entry is added to the configuration information of the VPC to be added.
(b3) And sending the updated configuration information to a system gateway and a switch.
Specifically, the configuration information may be generated according to the steps of the above steps (a1) to (a 6).
The above-mentioned controller includes the following part of the resource deletion request:
referring to the step (b1) and the step (b3), the forwarding table entry corresponding to the resource to be deleted in the VPC is deleted in the existing configuration information, and then the updated configuration information is sent to the system gateway and the switch.
And for the request for deleting all the resources, the controller can directly control the system gateway and the switch to delete the configuration information of the VPC to be managed according to the isolation tag in the request for deleting all the resources.
In a possible embodiment, after receiving the request for deleting all or part of the resources, the controller changes the corresponding VM and PM from the configured state to the unconfigured state through the out-of-band management system corresponding to the host and the PM corresponding to the VM, so as to facilitate subsequent recycling.
Therefore, different VPCs of different users can be isolated by setting the isolation labels, interference is complemented, and safety strategy protection capability is provided for each VPC; meanwhile, when deleting operation and adding operation are carried out, the configuration information of the VPC corresponding to the operated user can be updated only without influencing the configuration information of other users, and the flexibility of adding and deleting the VM and the PM in the VPC by the user is improved.
In summary, in a specific application, during the transmission process of data between the VM and the PM, the system gateway functions as follows:
in the transmission process from the VM to the PM direction, the system gateway is configured to: receiving a first message of a VM; the first message comprises an isolation tag; and finding the configuration information corresponding to the isolation label based on the isolation label in the first message, and forwarding the first message to the corresponding switch based on the found configuration information.
In the transmission process from the PM to the VM, the system gateway is also used for receiving a second message of the switch; wherein the second message comprises an isolation tag; and finding the configuration information corresponding to the isolation label based on the isolation label in the second message, and forwarding the second message to the target VM based on the found configuration information.
The role of the switch is as follows:
the exchanger is used for receiving a third message of the PM in the transmission process from the PM to the VM; the third message comprises an isolation label; and finding the configuration information corresponding to the isolation label based on the isolation label in the third message, and forwarding the third message to the corresponding system gateway based on the found configuration information.
In the transmission process from the VM to the PM, the switch is further used for receiving a fourth message of the system gateway; wherein the fourth message comprises an isolation tag; and finding the configuration information corresponding to the isolation label based on the isolation label in the fourth message, and forwarding the fourth message to the target PM based on the found configuration information.
In order to facilitate obtaining the corresponding data from the public network, in another embodiment, the virtual private cloud communication system may further be connected to the public network, such as the Internet, and in a possible embodiment, referring to fig. 3, the VM in the virtual private cloud system is connected to the public network through the network gateway 30. And the PM in the virtual private cloud system is connected with the public network sequentially through the corresponding switch, system gateway and network gateway 30.
In the system described above, two parts are mainly involved: system gateway implementation and configuration management and configuration and management of the switches of the PM. However, in the virtual private cloud communication system in the present application, for example, the PM communicates with the PM, and the PM communicates with other network elements (including VM, Internet (Internet)), and plays a very important role in the network forwarding process. As the cloud environment scales up, the pressure between communication devices also increases linearly. The switch is a line-speed forwarding device, the pressure of the switch is mainly reflected on large-scale configuration and management, the system gateway is a gateway which runs on X86 and is realized by software, the performance of the system gateway is inferior to that of the switch, and the pressure of the system gateway is mainly reflected on network forwarding.
Management and configuration aspects of the switch: in a physical machine region formed by the PM, forwarding table entries on the switch are multiplied under a super-large-scale environment, and if flood control learning among the devices is relied on, a broadcast storm can be brought in the physical machine region, and corresponding bandwidth is consumed. At this time, if the switch only supports two-layer forwarding devices, that is, two-layer forwarding devices, in order to support cross-three-layer communication between PMs, all the gateways required by the PMs are implemented by a system gateway, that is, must pass through the system gateway, thereby bringing a large pressure to the system gateway. Based on this, in the virtual private cloud communication system, the switch is a three-layer switch supporting a tunnel protocol, supports three-layer forwarding, and synchronizes forwarding entries between switches in cooperation with the EVPN technology to transfer a gateway required by the PM from a system gateway to the switch, and thereafter, communication between PMs can be directly forwarded through the switch.
And in the aspect of forwarding performance of a system gateway: the forwarding performance of the system gateway completely depends on the implementation of a software architecture, and if Linux kernel forwarding is adopted, the Linux network protocol stack is huge and redundant, so that the Linux network gateway is not ideal in the aspect of processing network forwarding. The DPDK (Data Plane Development Kit) technology enables network forwarding logic to be implemented in a user space of a Linux system, bypasses a Linux network protocol stack, and enables a forwarding program of a system gateway to directly operate a network card to acquire and send Data packets, thereby greatly improving Data processing performance and throughput. Therefore, in the subsequent message forwarding process, the DPDK technology can be adopted.
The virtual private cloud system establishes a communication bridge for a physical machine area, a virtual machine area and a public network (such as Internet), so that resources in the virtual machine area and the physical machine area can form large-scale VPC without the need of limiting the upper limit value of VLAN ID number; meanwhile, the VPC can be provided with security policy protection capability, so that a user can flexibly allocate resources of a virtual machine and a physical machine according to business requirements.
On the basis of the foregoing system embodiment, an embodiment of the present application further provides a system configuration method for a virtual private cloud communication system, where the method is applied to a controller in the foregoing system embodiment, and as shown in fig. 4, the system configuration method for the virtual private cloud communication system specifically includes:
step S401, respectively configuring information of a system gateway and a switch to generate configuration information;
step S402, respectively sending the configuration information to a system gateway and a switch;
wherein the configuration information comprises an isolation tag corresponding to the VPC; the configuration information also comprises a forwarding table item of the resource included by the corresponding VPC; the resources include: VM and/or PM.
The step of generating the configuration information in step S402 includes: generating an isolation label corresponding to the VPC based on each virtual private cloud VPC; acquiring IP addresses of resources belonging to the same virtual private cloud VPC; establishing a forwarding table item based on the IP address of the resource; and generating configuration information corresponding to the VPC according to the forwarding table entry and the isolation label.
The step of establishing the forwarding table entry based on the IP address of the resource includes: and establishing a forwarding table entry of the VM based on the IP address of the VM, and/or establishing a forwarding table entry of the PM based on the IP address of the PM.
Further, the method further comprises: managing resources in the VPC based on the configuration information; the management includes: adding resources and/or deleting resources.
Further, the method further comprises: receiving a management operation request for resources in a VPC; the management operation request comprises an isolation label corresponding to a VPC to be managed; and modifying the configuration information corresponding to the VPC to be managed in the system gateway and the switch according to the isolation tag.
Further, the management operation request includes one or more of a resource addition request, a resource partial deletion request, and a resource complete deletion request, and the method further includes: based on the resource increasing request, increasing a forwarding table entry corresponding to the resource IP address; and/or deleting the forwarding table entry corresponding to the resource IP address based on the resource partial deletion request; and/or deleting the configuration information corresponding to the VPC to be managed based on the resource all deletion request.
Further, based on the description of the management and configuration aspect of the switch in the second embodiment, the switch of the virtual private cloud communication system is a three-layer switch, and supports a tunneling protocol; the virtual private cloud communication method further includes: and synchronizing forwarding table entries between the corresponding switches of the PMs by utilizing an EVPN technology so as to transfer the gateway required by the PMs from the system gateway to the switches, and then directly forwarding the communication between the PMs through the switches, thereby effectively reducing the forwarding pressure of the system gateway.
Referring to fig. 5, an embodiment of the present application further provides a controller 100, including: a processor 40, a memory 41, a bus 42 and a communication interface 43, wherein the processor 40, the communication interface 43 and the memory 41 are connected through the bus 42; the processor 40 is arranged to execute executable modules, such as computer programs, stored in the memory 41.
The Memory 41 may include a high-speed Random Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 43 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, etc. may be used.
The bus 42 may be an ISA bus, PCI bus, EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 5, but this does not indicate only one bus or one type of bus.
The memory 41 is used for storing a program, and the processor 40 executes the program after receiving an execution instruction, and the method executed by the apparatus defined by the flow process disclosed in any of the foregoing embodiments of the present application may be applied to the processor 40, or implemented by the processor 40.
The processor 40 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 40. The Processor 40 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field-Programmable Gate Array (FPGA), or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory 41, and the processor 40 reads the information in the memory 41 and completes the steps of the method in combination with the hardware thereof.
The system configuration method and the controller of the virtual private cloud communication system provided by the embodiment of the application have the same technical characteristics as the virtual private cloud communication system provided by the embodiment, so that the same technical problems can be solved, and the same technical effects can be achieved.
The computer program product for performing the system configuration method provided in the embodiment of the present application includes a computer-readable storage medium storing a nonvolatile program code executable by a processor, where instructions included in the program code may be used to execute the method described in the foregoing method embodiment, and specific implementation may refer to the method embodiment, which is not described herein again.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the method and the controller described above may refer to the corresponding processes in the foregoing system embodiments, and are not described herein again.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In the description of the present application, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present application. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. Unless specifically stated otherwise, the relative steps, numerical expressions, and values of the components and steps set forth in these embodiments do not limit the scope of the present application.
In the several embodiments provided in the present application, it should be understood that the disclosed system and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer-readable storage medium executable by a processor. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present application, and are used for illustrating the technical solutions of the present application, but not limiting the same, and the scope of the present application is not limited thereto, and although the present application is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope disclosed in the present application; such modifications, changes or substitutions do not depart from the spirit and scope of the exemplary embodiments of the present application, and are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (18)
1. A virtual private cloud communication system, comprising: the system comprises at least one virtual machine VM and a system gateway which is in communication connection with each VM;
at least one physical machine PM and a switch communicatively connected to each of the PMs;
the system gateway is in communication connection with the switch;
the system gateway and the switch are used for enabling communication between the VM and the PM which belong to the same Virtual Private Cloud (VPC) based on preset configuration information;
the configuration information comprises an isolation tag corresponding to the VPC; the configuration information also comprises a forwarding table item of the resource included by the corresponding VPC; the resources include: VM and/or PM;
and establishing a forwarding table item based on the IP address of the resource.
2. The system of claim 1, further comprising a controller;
the controller is respectively in communication connection with the system gateway and the switch;
the controller is used for respectively carrying out information configuration on the system gateway and the switch, generating configuration information and respectively sending the configuration information to the system gateway and the switch.
3. The system of claim 2, wherein the controller is further configured to:
generating an isolation tag corresponding to each Virtual Private Cloud (VPC) based on the VPC;
acquiring IP addresses of resources belonging to the same virtual private cloud VPC; the resources include VMs and/or PMs;
establishing a forwarding table item based on the IP address of the resource;
and generating configuration information corresponding to the VPC according to the forwarding table entry and the isolation label.
4. The system of claim 3, wherein the controller is further configured to,
establishing a forwarding table entry for the VM based on the IP address of the VM, and/or
And establishing a forwarding table entry of the PM based on the IP address of the PM.
5. The system of claim 2, wherein the controller is further configured to manage resources within the Virtual Private Cloud (VPC) based on the configuration information; the resources include VMs and/or PMs; the management comprises the following steps: adding resources and/or deleting resources.
6. The system of claim 5, wherein the controller is further configured to:
receiving a management operation request for a resource in the VPC; the management operation request comprises an isolation label corresponding to a VPC to be managed;
and modifying configuration information corresponding to the VPC to be managed in the system gateway and the switch according to the isolation tag.
7. The system of claim 6, wherein the controller is further configured to:
based on the resource increasing request, increasing a forwarding table entry corresponding to the resource IP address; and/or
Deleting a forwarding table entry corresponding to the resource IP address based on the resource partial deletion request; and/or
And deleting the configuration information corresponding to the VPC to be managed based on the resource all deletion request.
8. The system of claim 1, wherein the system gateway is configured to:
receiving a first message of the VM; the first message comprises an isolation tag;
finding configuration information corresponding to the isolation label based on the isolation label in the first message, and forwarding the first message to a corresponding switch based on the found configuration information;
the system gateway is further configured to:
receiving a second message of the switch; wherein the second message comprises an isolation tag;
and finding the configuration information corresponding to the isolation label based on the isolation label in the second message, and forwarding the second message to a target VM based on the found configuration information.
9. The system of claim 1, wherein the switch is configured to:
receiving a third message of the PM; the third message comprises an isolation tag;
finding configuration information corresponding to the isolation label based on the isolation label in the third message, and forwarding the third message to a corresponding system gateway based on the found configuration information;
the switch is further configured to:
receiving a fourth message of the system gateway; wherein the fourth packet includes an isolation label;
and finding configuration information corresponding to the isolation label based on the isolation label in the fourth message, and forwarding the fourth message to a target PM based on the found configuration information.
10. System according to any of claims 1-9, characterized in that the system gateway is implemented by running the corresponding software in a server.
11. A system configuration method of a virtual private cloud communication system, which is applied to a controller in the system according to any one of claims 1 to 10, wherein the controller is in communication connection with the system gateway and the switch respectively; the method comprises the following steps:
respectively carrying out information configuration on the system gateway and the switch to generate configuration information;
respectively sending the configuration information to the system gateway and the switch;
wherein the configuration information comprises an isolation tag corresponding to the VPC; the configuration information also comprises a forwarding table item of the resource included by the corresponding VPC; the resources include: VM and/or PM.
12. The method of claim 11, wherein the step of generating configuration information comprises:
generating an isolation tag corresponding to each Virtual Private Cloud (VPC) based on the VPC;
acquiring IP addresses of resources belonging to the same virtual private cloud VPC; the resources include VMs and/or PMs;
establishing a forwarding table item based on the IP address of the resource;
and generating configuration information corresponding to the VPC according to the forwarding table entry and the isolation label.
13. The method of claim 12, wherein the step of establishing a forwarding entry based on the IP address of the resource comprises:
establishing a forwarding table entry for the VM based on the IP address of the VM, and/or
And establishing a forwarding table entry of the PM based on the IP address of the PM.
14. The method of claim 11, further comprising:
managing resources within the Virtual Private Cloud (VPC) based on the configuration information; the resources include VMs and/or PMs; the management comprises the following steps: adding resources and/or deleting resources.
15. The method of claim 14, further comprising:
receiving a management operation request for a resource in the VPC; the management operation request comprises an isolation label corresponding to a VPC to be managed;
and modifying configuration information corresponding to the VPC to be managed in the system gateway and the switch according to the isolation tag.
16. The method of claim 15, wherein the management operation request comprises one or more of a resource addition request, a resource partial deletion request, and a resource full deletion request, and further comprising:
based on the resource increasing request, increasing a forwarding table entry corresponding to the resource IP address; and/or
Deleting a forwarding table entry corresponding to the resource IP address based on the resource partial deletion request; and/or
And deleting the configuration information corresponding to the VPC to be managed based on the resource all deletion request.
17. A controller comprising a memory, a processor, and a computer program stored on the memory and operable on the processor, wherein the processor implements the method of any of claims 11 to 16 when executing the computer program.
18. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method of any one of claims 11 to 16.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811463985.6A CN111262771B (en) | 2018-11-30 | 2018-11-30 | Virtual private cloud communication system, system configuration method and controller |
| SG11202105560WA SG11202105560WA (en) | 2018-11-30 | 2019-11-12 | Virtual private cloud communication system, system configuration method and controller |
| PCT/CN2019/117498 WO2020108292A1 (en) | 2018-11-30 | 2019-11-12 | Virtual private cloud communication system, system configuration method and controller |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811463985.6A CN111262771B (en) | 2018-11-30 | 2018-11-30 | Virtual private cloud communication system, system configuration method and controller |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111262771A CN111262771A (en) | 2020-06-09 |
| CN111262771B true CN111262771B (en) | 2021-06-22 |
Family
ID=70854280
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811463985.6A Active CN111262771B (en) | 2018-11-30 | 2018-11-30 | Virtual private cloud communication system, system configuration method and controller |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN111262771B (en) |
| SG (1) | SG11202105560WA (en) |
| WO (1) | WO2020108292A1 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113472745B (en) * | 2021-05-31 | 2023-04-07 | 山东英信计算机技术有限公司 | Openstack public cloud multi-tenant isolation method, system and terminal based on selinux |
| CN114615139B (en) * | 2022-03-17 | 2023-08-29 | 苏州浪潮智能科技有限公司 | Automatic configuration management method and device for switch, electronic equipment and storage medium |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103516733A (en) * | 2012-06-19 | 2014-01-15 | 华为技术有限公司 | Method and apparatus for processing virtual private cloud |
| CN103607430A (en) * | 2013-10-30 | 2014-02-26 | 中兴通讯股份有限公司 | Network processing method and system, and network control center |
| CN104115453A (en) * | 2013-12-31 | 2014-10-22 | 华为技术有限公司 | Method and device for achieving virtual machine communication |
| CN104283755A (en) * | 2013-07-01 | 2015-01-14 | 阿里巴巴集团控股有限公司 | Virtual private cloud accessing method and system thereof |
| CN104461683A (en) * | 2014-11-07 | 2015-03-25 | 华为技术有限公司 | Verification method, device and system for virtual machine illegal configuration |
| CN104954281A (en) * | 2014-03-31 | 2015-09-30 | 中国移动通信集团公司 | Communication method, system thereof, resource pool management system, switches, and control device |
| CN105354076A (en) * | 2015-10-23 | 2016-02-24 | 深圳前海达闼云端智能科技有限公司 | Application deployment method and device |
| CN105376303A (en) * | 2015-10-23 | 2016-03-02 | 深圳前海达闼云端智能科技有限公司 | Docker implementation system and communication method thereof |
| CN105429938A (en) * | 2015-10-23 | 2016-03-23 | 深圳前海达闼云端智能科技有限公司 | Resource allocation method and device |
| CN105591955A (en) * | 2015-10-30 | 2016-05-18 | 杭州华三通信技术有限公司 | Message transmission method and device |
| CN106375176A (en) * | 2016-08-29 | 2017-02-01 | 无锡华云数据技术服务有限公司 | Method for accessing physical machine to cloud platform |
| CN106559511A (en) * | 2016-10-18 | 2017-04-05 | 上海优刻得信息科技有限公司 | Cloud system, high in the clouds public service system and the exchanging visit method for cloud system |
| CN106789367A (en) * | 2017-02-23 | 2017-05-31 | 郑州云海信息技术有限公司 | The construction method and device of a kind of network system |
| CN106789667A (en) * | 2016-11-21 | 2017-05-31 | 华为技术有限公司 | A kind of data forwarding method, relevant device and system |
| CN107135134A (en) * | 2017-03-29 | 2017-09-05 | 广东网金控股股份有限公司 | Private network cut-in method and system based on virtual switch and SDN technologies |
| CN107465590A (en) * | 2016-06-02 | 2017-12-12 | 阿里巴巴集团控股有限公司 | Network infrastructure system, the method for route network traffic and computer-readable medium |
| CN108650182A (en) * | 2018-04-20 | 2018-10-12 | 腾讯科技(深圳)有限公司 | Network communication method, system, device, equipment and storage medium |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9459927B2 (en) * | 2008-05-22 | 2016-10-04 | Alcatel Lucent | Central office based virtual personal computer |
| US9331946B2 (en) * | 2013-01-08 | 2016-05-03 | Hitachi, Ltd. | Method and apparatus to distribute data center network traffic |
| CN103607308B (en) * | 2013-11-29 | 2016-09-21 | 杭州东信北邮信息技术有限公司 | Virtual machine multi-network management system under cloud computing environment and method |
| US10225207B2 (en) * | 2014-08-25 | 2019-03-05 | International Business Machines Corporation | Managing hybrid cloud placement policies |
| CN104580505A (en) * | 2015-01-26 | 2015-04-29 | 中国联合网络通信集团有限公司 | Tenant isolating method and system |
| US10367655B2 (en) * | 2016-01-25 | 2019-07-30 | Alibaba Group Holding Limited | Network system and method for connecting a private network with a virtual private network |
| WO2017214883A1 (en) * | 2016-06-15 | 2017-12-21 | Alibaba Group Holding Limited | Network system and method for cross region virtual private network peering |
| CN107770064A (en) * | 2016-08-19 | 2018-03-06 | 华为技术有限公司 | A kind of method of internetwork communication, equipment |
| CN108462594B (en) * | 2017-02-21 | 2022-03-04 | 阿里巴巴集团控股有限公司 | Virtual private network and rule table generation method, device and routing method |
-
2018
- 2018-11-30 CN CN201811463985.6A patent/CN111262771B/en active Active
-
2019
- 2019-11-12 WO PCT/CN2019/117498 patent/WO2020108292A1/en active Application Filing
- 2019-11-12 SG SG11202105560WA patent/SG11202105560WA/en unknown
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103516733A (en) * | 2012-06-19 | 2014-01-15 | 华为技术有限公司 | Method and apparatus for processing virtual private cloud |
| CN104283755A (en) * | 2013-07-01 | 2015-01-14 | 阿里巴巴集团控股有限公司 | Virtual private cloud accessing method and system thereof |
| CN103607430A (en) * | 2013-10-30 | 2014-02-26 | 中兴通讯股份有限公司 | Network processing method and system, and network control center |
| CN104115453A (en) * | 2013-12-31 | 2014-10-22 | 华为技术有限公司 | Method and device for achieving virtual machine communication |
| CN104954281A (en) * | 2014-03-31 | 2015-09-30 | 中国移动通信集团公司 | Communication method, system thereof, resource pool management system, switches, and control device |
| CN104461683A (en) * | 2014-11-07 | 2015-03-25 | 华为技术有限公司 | Verification method, device and system for virtual machine illegal configuration |
| CN105429938A (en) * | 2015-10-23 | 2016-03-23 | 深圳前海达闼云端智能科技有限公司 | Resource allocation method and device |
| CN105376303A (en) * | 2015-10-23 | 2016-03-02 | 深圳前海达闼云端智能科技有限公司 | Docker implementation system and communication method thereof |
| CN105354076A (en) * | 2015-10-23 | 2016-02-24 | 深圳前海达闼云端智能科技有限公司 | Application deployment method and device |
| CN105591955A (en) * | 2015-10-30 | 2016-05-18 | 杭州华三通信技术有限公司 | Message transmission method and device |
| CN107465590A (en) * | 2016-06-02 | 2017-12-12 | 阿里巴巴集团控股有限公司 | Network infrastructure system, the method for route network traffic and computer-readable medium |
| CN106375176A (en) * | 2016-08-29 | 2017-02-01 | 无锡华云数据技术服务有限公司 | Method for accessing physical machine to cloud platform |
| CN106559511A (en) * | 2016-10-18 | 2017-04-05 | 上海优刻得信息科技有限公司 | Cloud system, high in the clouds public service system and the exchanging visit method for cloud system |
| CN106789667A (en) * | 2016-11-21 | 2017-05-31 | 华为技术有限公司 | A kind of data forwarding method, relevant device and system |
| CN106789367A (en) * | 2017-02-23 | 2017-05-31 | 郑州云海信息技术有限公司 | The construction method and device of a kind of network system |
| CN107135134A (en) * | 2017-03-29 | 2017-09-05 | 广东网金控股股份有限公司 | Private network cut-in method and system based on virtual switch and SDN technologies |
| CN108650182A (en) * | 2018-04-20 | 2018-10-12 | 腾讯科技(深圳)有限公司 | Network communication method, system, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020108292A1 (en) | 2020-06-04 |
| SG11202105560WA (en) | 2021-06-29 |
| CN111262771A (en) | 2020-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11956207B2 (en) | Multi-tenant aware dynamic host configuration protocol (DHCP) mechanism for cloud networking | |
| US10320674B2 (en) | Independent network interfaces for virtual network environments | |
| CN107278359B (en) | Method, host and system for processing message in cloud computing system | |
| CN108293022B (en) | Method, device and system for transmitting message | |
| US9628290B2 (en) | Traffic migration acceleration for overlay virtual environments | |
| US9749145B2 (en) | Interoperability for distributed overlay virtual environment | |
| CN110099014B (en) | Message processing method and host in cloud computing system | |
| CN106533890B (en) | Message processing method, device and system | |
| CN107707622B (en) | Method and device for accessing desktop cloud virtual machine and desktop cloud controller | |
| US11095716B2 (en) | Data replication for a virtual networking system | |
| CN110063045B (en) | Message processing method and device in cloud computing system | |
| CN101924693A (en) | Be used for method and system in migrating processes between virtual machines | |
| CN114070723A (en) | Virtual network configuration method and system of bare metal server and intelligent network card | |
| CN108540408B (en) | Openstack-based distributed virtual switch management method and system | |
| CN112583655B (en) | Data transmission method and device, electronic equipment and readable storage medium | |
| CN108073423A (en) | A kind of accelerator loading method, system and accelerator loading device | |
| CN111262771B (en) | Virtual private cloud communication system, system configuration method and controller | |
| CN112905304A (en) | Communication method and device between virtual machines, physical host and medium | |
| EP3358795A1 (en) | Method and apparatus for allocating virtual resources in network functions virtualization (nfv) network | |
| CN110636149B (en) | Remote access method, device, router and storage medium | |
| CN112491794A (en) | Port forwarding method, device and related equipment | |
| CN114172753A (en) | Address reservation method, network equipment and system | |
| CN109067573B (en) | Traffic scheduling method and device | |
| CN108268300B (en) | Virtual machine migration method and device | |
| CN111698141B (en) | Message forwarding method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |