CN111371591B - Configuration method and system for rapidly deploying SDN networking in dual-machine virtualization - Google Patents
Configuration method and system for rapidly deploying SDN networking in dual-machine virtualization Download PDFInfo
- Publication number
- CN111371591B CN111371591B CN202010094796.7A CN202010094796A CN111371591B CN 111371591 B CN111371591 B CN 111371591B CN 202010094796 A CN202010094796 A CN 202010094796A CN 111371591 B CN111371591 B CN 111371591B
- Authority
- CN
- China
- Prior art keywords
- management node
- configuring
- sdn
- overlay
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006855 networking Effects 0.000 title claims abstract description 31
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012360 testing method Methods 0.000 claims abstract description 61
- 238000006243 chemical reaction Methods 0.000 claims description 30
- 101000652292 Homo sapiens Serotonin N-acetyltransferase Proteins 0.000 claims description 22
- 102100030547 Serotonin N-acetyltransferase Human genes 0.000 claims description 22
- 238000013519 translation Methods 0.000 claims description 12
- 238000001514 detection method Methods 0.000 claims description 7
- 230000007246 mechanism Effects 0.000 claims description 7
- 230000005012 migration Effects 0.000 claims description 7
- 238000013508 migration Methods 0.000 claims description 7
- 238000001914 filtration Methods 0.000 claims description 6
- 238000013507 mapping Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000006467 substitution reaction Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
- H04L41/0663—Performing the actions predefined by failover planning, e.g. switching to standby network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2521—Translation architectures other than single NAT servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/563—Data redirection of data network streams
Abstract
The invention provides a configuration method and a system for rapidly deploying SDN networking in dual-machine virtualization, wherein the method comprises the following steps: s1, establishing an overlay virtual network, configuring a test script on an overlay virtualization platform, and initializing an SDN network; s2, configuring a test script through SDN API (software defined network application programming interface) to manage and issue the configuration test script, and issuing the management data to a database of an overlay virtualization platform; s3, setting a management node of an SDN API running on an overlay virtualization platform, configuring the management node, adopting dual-machine virtualization deployment, and setting data synchronization of a main machine and a standby machine; and S4, configuring a neutron-server component to obtain management data issued by an SDN API to an overlay virtualization platform database, and performing operation of adding switches, networks and subnets to complete configuration of the SND networking.
Description
Technical Field
The invention belongs to the technical field of virtualization software deployment, and particularly relates to a configuration method and a configuration system for rapidly deploying SDN networking in dual-machine virtualization.
Background
The SDN technology is used as an innovative network architecture, and the method has the main idea that the control layer and the data layer of network equipment are separated, logic is centralized in the control layer, global network information is mastered, an open software interface is provided for the outside, a novel network capable of facing service is provided for a user, technical details of bottom equipment do not need to be concerned, flexible control over network flow is achieved, and operation cost is reduced. However, the current SDN scheme is time-consuming to deploy and does not support virtualized dual-machine deployment, and when a node in an environment fails, the entire environment network is therefore unavailable.
Therefore, it is very necessary to provide a configuration method and system for fast deploying SDN networking in dual-machine virtualization in order to overcome the above-mentioned drawbacks in the prior art.
Disclosure of Invention
The invention provides a configuration method and a configuration system for rapidly deploying an SDN networking in a two-machine virtualization mode, aiming at the defects that the existing SDN scheme in the prior art is time-consuming to deploy, does not support virtualized two-machine deployment, and when a node in an environment fails, the whole environment network is unavailable.
In a first aspect, the present invention provides a configuration method for fast deploying an SDN networking in a dual-machine virtualization, including the following steps:
s1, establishing an overlay virtual network, configuring a test script on an overlay virtualization platform, and initializing an SDN network;
s2, configuring a test script through SDN API (software defined network application programming interface) to manage and issue the configuration test script, and issuing the management data to a database of an overlay virtualization platform;
s3, setting a management node of an SDN API (software defined network API) running on an overlay virtualization platform, configuring the management node to adopt dual-machine virtualization deployment, setting a master machine and a slave machine of the management node to be used as computing nodes at the same time, and synchronizing data of the master machine and the slave machine of the management node;
and S4, configuring a neutron-server component to obtain management data issued by an SDN API to an overlay virtualization platform database, and performing operation of adding switches, networks and subnets to complete configuration of the SND networking.
Further, the step S1 includes the following steps:
s11, creating an overlay virtual network, selecting a tunnel address for the overlay virtual network, and bridging switches through the tunnel address;
s12, configuring a test script on the overlay virtualization platform;
and S13, configuring a test script to perform SDN initialization, and automatically adding a security group, a distributed router, a distributed NET gateway and a distributed firewall. The automatic initialization SND adopts an overlay virtual network to realize dynamic deployment, and manual configuration addition from an interface step by step is not needed.
Further, step S13 is as follows:
s131, configuring a test script to perform SDN initialization, automatically adding a security group, setting security access control of a virtual port of a security group virtual machine, limiting flow receiving and sending of the security group virtual machine, and setting the security group virtual machine to adopt an OpenFlow protocol;
s132, configuring a test script to automatically increase distributed routers, setting the distributed routers to run among the computing nodes of the virtual machines, performing three-layer forwarding, and setting data traffic among different subnets of an overlay virtual network to be forwarded through the distributed routers; setting a distributed router to realize the access of a virtual machine to an external network through source data conversion SNAT configuration;
s133, configuring a test script to automatically add a distributed NET gateway, and setting the distributed NET gateway to realize the access of an external network to an internal network virtual machine by adopting source data conversion SNAT and destination address conversion DNAT configuration;
s134, configuring the test script to automatically add the distributed firewall, and respectively filtering data access among the external network, the internal network and the sub-network according to the firewall rules.
Further, in step S132, the distributed router is set to implement access of the virtual machine to the external network through source data conversion SNAT configuration; the method specifically comprises the following steps:
setting virtual machines of different computing nodes in an overlay virtualization platform to access an external network by using source data conversion (SNAT) configuration, and setting an external access computing node to centralize external access flow;
when the virtual machines of different subnets of the same computing node in the overlay virtualization platform are partially mutually accessed, the flow is forwarded in the computing node.
Further, in step S133, the distributed NET gateway is set to implement access of the external network to the intranet virtual machine by using source data conversion SNAT and destination address conversion DNAT configuration; the method comprises the following specific steps:
establishing one-to-one mapping between an external network IP and a virtual machine IP;
when the external network accesses the virtual machine, the network translation address NAT bound by the external network direct access virtual machine is set, and the virtual machine is directly accessed from the computing node to which the virtual machine belongs through the network translation address NAT.
Further, the step S3 specifically includes the following steps:
s31, setting a management node of an SDN API running on an overlay virtualization platform;
s32, configuring a management node of the overlay virtualization platform by adopting dual-machine virtualization deployment, and configuring a main management node and a standby management node;
s33, configuring a main management node and a standby management node, wherein all the main management node and the standby management node are deployed in an alinone manner, and the main management node and the standby management node are set to support the function of a computing node;
and S34, setting a heartbeat detection mechanism between the main management node and the standby management node to perform data synchronization, and starting distributed block data migration when the main management node and the standby management node are switched. an allonone deployment mode, namely a management node is also a computing node; the Heartbeat detection mechanism is realized by utilizing a Heartbeat technology, if a main management node and a standby management node need to detect that the Heartbeat service of the opposite side is abnormal, the main management node and the standby management node are considered to run normally, otherwise, main and standby switching is triggered, the other node can take over all services at once, the data of the main management node and the standby management node can be synchronized in real time by utilizing a distributed block data migration DRBD technology, and when the main management node and the standby management node are switched, the bound network strategy is synchronously migrated, so that the continuous stability of the services is ensured.
In a second aspect, the present invention provides a configuration system for fast deploying SDN networking in dual-machine virtualization, including:
the SDN initialization module is used for creating an overlay virtual network, configuring a test script on an overlay virtualization platform and initializing an SDN networking;
the management data issuing module is used for configuring the test script to manage and issue the configuration data through the SDN API and issuing the management data to a database of the overlay virtualization platform;
the management node configuration module is used for setting a management node of an SDN API (software defined network application program interface) running on an overlay virtualization platform, simultaneously configuring the management node to adopt dual-machine virtualization deployment, setting a main machine and a standby machine of the management node to be simultaneously used as computing nodes, and synchronizing data of the main machine and the standby machine of the management node;
and the SDN networking configuration module is used for configuring a neutron-server component to acquire management data issued by an SDN API to an overlay virtualization platform database, and performing operation of adding switches, networks and subnets to complete configuration of SND networking.
Further, the SDN initialization module includes:
an Overlay virtual network creating unit, configured to create an Overlay virtual network, select a tunnel address for the Overlay virtual network, and bridge a switch through the tunnel address;
the test script configuration unit is used for configuring a test script on the overlay virtualization platform;
and the SDN initialization unit is used for configuring a test script to perform SDN initialization and automatically adding a security group, a distributed router, a distributed NET gateway and a distributed firewall.
Further, the SDN initialization unit includes:
the security group adding subunit is used for configuring a test script to perform SDN initialization, automatically adding a security group, setting security access control of a virtual port of a security group virtual machine, limiting flow receiving and sending of the security group virtual machine, and setting the security group virtual machine to adopt an OpenFlow protocol;
the distributed router adding subunit is used for configuring a test script to automatically add the distributed router, setting the distributed router to run among the computing nodes of each virtual machine, performing three-layer forwarding, and setting data traffic among different subnets of the overlay virtual network to be forwarded through the distributed router; setting a distributed router to realize the access of a virtual machine to an external network through source data conversion SNAT configuration;
the distributed NET gateway adding subunit is used for configuring a test script to automatically add the distributed NET gateway, and the distributed NET gateway is set to realize the access of an external network to an intranet virtual machine by adopting source data conversion SNAT and destination address conversion DNAT configuration;
and the distributed firewall adding subunit is used for configuring the test script to automatically add the distributed firewall and respectively filtering data access among the external network, the internal network and the sub-network according to the firewall rules.
Further, the management node matching module comprises:
the SDN API operation setting unit is used for setting the SDN API to operate in a management node of the overlay virtualization platform;
the system comprises a double-computer virtualization configuration unit, a main management node and a standby management node, wherein the double-computer virtualization configuration unit is used for configuring a management node of an overlay virtualization platform to adopt double-computer virtualization deployment and configure the main management node and the standby management node;
the management node deployment unit is used for configuring the main management node and the standby management node to adopt an alinone deployment mode, and setting the main management node and the standby management node to support the function of the computing node;
and the data synchronization unit is used for setting a heartbeat detection mechanism between the main management node and the standby management node to perform data synchronization and starting distributed block data migration when the main management node and the standby management node are switched.
The beneficial effect of the invention is that,
the configuration method and the system for the SDN networking rapidly deployed through the double-machine virtualization provided by the invention have the advantages that the unified deployment of all network resources of the SDN on a virtualization management platform is realized, and the service requirements of east-west access, south-north access and multi-azimuth security control of network flow can be met; the deployment is simple and flexible, the distributed mode is supported, and the decoupling of the service application and the position is realized; the method has the advantages that the full-automatic issuing of the service process and the automatic issuing of the configuration are realized, the service deployment is shortened from several days to a minute level, and no additional requirement exists in the operation of a virtualization platform; the management nodes are deployed by adopting double-machine virtualization equipment, when one node fails, the other node can take over all services at once, and normal operation of the SDN service is guaranteed.
In addition, the invention has reliable design principle, simple structure and very wide application prospect.
Therefore, compared with the prior art, the invention has prominent substantive features and remarkable progress, and the beneficial effects of the implementation are also obvious.
Drawings
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present invention, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
FIG. 1 is a first schematic flow chart of the method of the present invention;
FIG. 2 is a second schematic flow chart of the method of the present invention;
FIG. 3 is a schematic diagram of the system of the present invention;
in the figure, 1-SDN initialization module; 1.1-Overlay virtual network creating unit; 1.2-test script configuration unit; 1.3-SDN initialization unit; 2-management data issuing module; 3-a management node configuration module; 3.1-SDN API operation setting unit; 3.2-a dual-machine virtualization configuration unit; 3.3-management node deployment unit; 3.4-data synchronization unit; and 4-SDN networking configuration module.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the drawings in the embodiment of the present invention, and it is obvious that the described embodiment is only a part of the embodiment of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The overlay is realized by virtualizing a virtual network on a traditional network, and the traditional network does not need any adaptation, so that a physical layer network only corresponds to the calculation of a physical layer, and a virtual network only corresponds to the virtual calculation.
SDN API, SDN programmable interface, network programmable interface.
OpenFlow, a network communication protocol, belongs to a data link layer, and is capable of controlling a forwarding plane (forwarding plane) of an on-network switch or router, so as to change a network path taken by a network packet.
NAT is Network Address Translation, which is a process of translating an IP Address in an IP data packet header to another IP Address, and has three implementation manners, i.e., static Translation, dynamic Translation, and port multiplexing.
SNAT is source NAT, source address translation, DNAT is destination NAT, and target address translation are both address translation functions, and private addresses are translated into public network addresses.
Neutron-server, neutron has only one main service process Neutron-server, which operates at the network control node to provide a restful api as an entry to access Neutron. The user HTTP request received by Neutron-server is ultimately fulfilled by various agents located throughout the compute nodes and network nodes.
Example 1:
as shown in fig. 1, the present invention provides a configuration method for fast deploying an SDN networking in a dual-machine virtualization, which includes the following steps:
s1, establishing an overlay virtual network, configuring a test script on an overlay virtualization platform, and initializing an SDN network;
s2, configuring a test script through SDN API (software defined network application programming interface) to manage and issue the configuration test script, and issuing the management data to a database of an overlay virtualization platform;
s3, setting a management node of an SDN API (software defined network API) running on an overlay virtualization platform, configuring the management node to adopt dual-machine virtualization deployment, setting a master machine and a slave machine of the management node to be used as computing nodes at the same time, and synchronizing data of the master machine and the slave machine of the management node;
and S4, configuring a neutron-server component to obtain management data issued by an SDN API to an overlay virtualization platform database, and performing operation of adding switches, networks and subnets to complete configuration of the SND networking.
Example 2:
as shown in fig. 2, the present invention provides a configuration method for fast deploying SDN networking in dual-machine virtualization, which includes the following steps:
s1, establishing an overlay virtual network, configuring a test script on an overlay virtualization platform, and initializing an SDN network; the method comprises the following specific steps:
s11, creating an overlay virtual network, selecting a tunnel address for the overlay virtual network, and bridging switches through the tunnel address;
s12, configuring a test script on an overlay virtualization platform;
s13, configuring a test script to perform SDN initialization, and automatically adding a security group, a distributed router, a distributed NET gateway and a distributed firewall; the method comprises the following specific steps:
s131, configuring a test script to perform SDN initialization, automatically adding a security group, setting security access control of a virtual port of a security group virtual machine, limiting flow receiving and sending of the security group virtual machine, and setting the security group virtual machine to adopt an OpenFlow protocol;
s132, configuring a test script to automatically increase distributed routers, setting the distributed routers to run among the computing nodes of the virtual machines, performing three-layer forwarding, and setting data traffic among different subnets of an overlay virtual network to be forwarded through the distributed routers; setting a distributed router to realize the access of a virtual machine to an external network through source data conversion SNAT configuration;
s133, configuring a test script to automatically increase a distributed NET gateway, and setting the distributed NET gateway to realize the access of an external network to an intranet virtual machine by adopting source data conversion SNAT and destination address conversion DNAT configuration;
s134, configuring a test script to automatically increase a distributed firewall, and filtering data access among an external network, an internal network and a subnet according to firewall rules;
s2, configuring a test script through SDN API (software defined network application programming interface) to manage and issue the configuration test script, and issuing the management data to a database of an overlay virtualization platform;
s3, setting a management node of an SDN API (software defined network application program interface) running on an overlay virtualization platform, simultaneously configuring the management node to adopt dual-machine virtualization deployment, setting a main machine and a standby machine of the management node to be simultaneously used as computing nodes, and synchronizing data of the main machine and the standby machine of the management node; the method comprises the following specific steps:
s31, setting a management node of an SDN API running on an overlay virtualization platform;
s32, configuring a management node of the overlay virtualization platform by adopting dual-machine virtualization deployment, and configuring a main management node and a standby management node;
s33, configuring a main management node and a standby management node in an alinone deployment mode, and setting the main management node and the standby management node to support the function of a computing node;
s34, setting a heartbeat detection mechanism between a main management node and a standby management node to carry out data synchronization, and starting distributed block data migration when the main management node and the standby management node are switched;
and S4, configuring a neutron-server component to obtain management data issued by an SDN API to an overlay virtualization platform database, and performing operation of adding switches, networks and subnets to complete configuration of the SND networking.
In the foregoing embodiment 2, in step S132, the distributed router is set to implement access of the virtual machine to the external network through source data conversion SNAT configuration; the method specifically comprises the following steps:
setting virtual machines of different computing nodes in an overlay virtualization platform to access an external network by using source data conversion SNAT configuration, and setting an external access computing node to centralize external access flow;
when virtual machine parts of different subnets of the same computing node in an overlay virtualization platform are mutually accessed, the flow is forwarded in the computing node;
in step S133, a distributed NET gateway is set to realize the access of an external network to an intranet virtual machine by adopting source data conversion SNAT and destination address conversion DNAT configuration; the method comprises the following specific steps:
establishing one-to-one mapping between an external network IP and a virtual machine IP;
when the external network accesses the virtual machine, the network translation address NAT bound by the external network direct access virtual machine is set, and the virtual machine is directly accessed from the computing node to which the virtual machine belongs through the network translation address NAT.
Example 3:
as shown in fig. 3, the present invention provides a configuration system for fast deploying SDN networking in dual-machine virtualization, including:
the SDN initialization module 1 is used for creating an overlay virtual network, configuring a test script on an overlay virtualization platform and initializing an SDN networking; the SDN initialization module 1 includes:
an Overlay virtual network creating unit 1.1, configured to create an Overlay virtual network, select a tunnel address for the Overlay virtual network, and bridge a switch through the tunnel address;
the test script configuration unit 1.2 is used for configuring a test script on an overlay virtualization platform;
the SDN initialization unit 1.3 is used for configuring a test script to perform SDN initialization, and automatically adding a security group, a distributed router, a distributed NET gateway and a distributed firewall; the SDN initialization unit 1.3 comprises:
the security group adding subunit is used for configuring a test script to perform SDN initialization, automatically adding a security group, setting security access control of a virtual port of a security group virtual machine, limiting flow receiving and sending of the security group virtual machine, and setting the security group virtual machine to adopt an OpenFlow protocol;
the distributed router adding subunit is used for configuring a test script to automatically add the distributed router, setting the distributed router to run among the computing nodes of each virtual machine, performing three-layer forwarding, and setting data traffic among different subnets of the overlay virtual network to be forwarded through the distributed router; setting a distributed router to realize the access of a virtual machine to an external network through source data conversion SNAT configuration;
the distributed NET gateway adding subunit is used for configuring a test script to automatically add the distributed NET gateway, and the distributed NET gateway is set to realize the access of an external network to an intranet virtual machine by adopting source data conversion SNAT and destination address conversion DNAT configuration;
the distributed firewall adding subunit is used for configuring a test script to automatically add the distributed firewall and respectively filtering data access among the external network, the internal network and the sub-network according to firewall rules;
the management data issuing module 2 is used for configuring the test script to manage and issue the data through the SDN API, and issuing the management data to a database of the overlay virtualization platform;
a management node configuration module 3, configured to set a management node of an SDN API running on an overlay virtualization platform, configure the management node to adopt dual-machine virtualization deployment, set both a master and a slave of the management node as computing nodes, and synchronize data of the master and the slave of the management node; the management node matching configuration module 3 includes:
the SDN API operation setting unit 3.1 is used for setting the SDN API to operate in a management node of the overlay virtualization platform;
a dual-machine virtualization configuration unit 3.2, configured to configure a management node of the overlay virtualization platform to adopt dual-machine virtualization deployment, and configure a main management node and a standby management node;
the management node deployment unit 3.3 is used for configuring the main management node and the standby management node to both adopt an alinone deployment mode, and setting the main management node and the standby management node to both support the function of the computing node;
the data synchronization unit 3.4 is used for setting a heartbeat detection mechanism between the main management node and the standby management node to carry out data synchronization and starting distributed block data migration when the main management node and the standby management node are switched;
and the SDN networking configuration module 4 is used for configuring a neutron-server component to acquire management data issued by an SDN API to an overlay virtualization platform database, and performing operation of adding a switch, a network and a subnet to complete configuration of SND networking.
Although the present invention has been described in detail in connection with the preferred embodiments with reference to the accompanying drawings, the present invention is not limited thereto. Various equivalent modifications or substitutions can be made on the embodiments of the present invention by those skilled in the art without departing from the spirit and scope of the present invention, and these modifications or substitutions should be within the scope of the present invention/any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present disclosure and the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (4)
1. A configuration method for rapidly deploying SDN networking in dual-machine virtualization is characterized by comprising the following steps:
s1, establishing an overlay virtual network, configuring a test script on an overlay virtualization platform, and initializing an SDN network; the step S1 comprises the following specific steps:
s11, creating an overlay virtual network, selecting a tunnel address for the overlay virtual network, and bridging switches through the tunnel address;
s12, configuring a test script on an overlay virtualization platform;
s13, configuring a test script to perform SDN initialization, and automatically adding a security group, a distributed router, a distributed NET gateway and a distributed firewall; the step S13 comprises the following specific steps:
s131, configuring a test script to perform SDN initialization, automatically adding a security group, setting security access control of a virtual port of a security group virtual machine, limiting flow receiving and sending of the security group virtual machine, and setting the security group virtual machine to adopt an OpenFlow protocol;
s132, configuring a test script to automatically increase distributed routers, setting the distributed routers to run among the computing nodes of the virtual machines, performing three-layer forwarding, and setting data traffic among different subnets of an overlay virtual network to be forwarded through the distributed routers; setting a distributed router to realize the access of a virtual machine to an external network through source data conversion SNAT configuration;
s133, configuring a test script to automatically add a distributed NET gateway, and setting the distributed NET gateway to realize the access of an external network to an internal network virtual machine by adopting source data conversion SNAT and destination address conversion DNAT configuration;
s134, configuring a test script to automatically add a distributed firewall, and respectively filtering data access among an external network, an internal network and a subnet according to firewall rules;
s2, configuring a test script through SDN API (software defined network application programming interface) to manage and issue the configuration test script, and issuing the management data to a database of an overlay virtualization platform;
s3, setting a management node of an SDN API (software defined network API) running on an overlay virtualization platform, configuring the management node to adopt dual-machine virtualization deployment, setting a master machine and a slave machine of the management node to be used as computing nodes at the same time, and synchronizing data of the master machine and the slave machine of the management node; the step S3 comprises the following steps:
s31, setting a management node of an SDN API running on an overlay virtualization platform;
s32, configuring management nodes of an overlay virtualization platform by adopting double-machine virtualization deployment, and configuring a main management node and a standby management node;
s33, configuring a main management node and a standby management node in an alinone deployment mode, and setting the main management node and the standby management node to support the function of a computing node;
s34, setting a heartbeat detection mechanism between a main management node and a standby management node to perform data synchronization, and starting distributed block data migration when the main management node and the standby management node are switched;
and S4, configuring a neutron-server component to obtain management data issued by an SDN API to an overlay virtualization platform database, and performing operation of adding switches, networks and subnets to complete configuration of the SND networking.
2. The configuration method for rapid deployment of SDN networking according to claim 1, wherein in step S132, the distributed router is configured to implement access of the virtual machine to the external network through source data conversion, SNAT, configuration; the method specifically comprises the following steps:
setting virtual machines of different computing nodes in an overlay virtualization platform to access an external network by using source data conversion SNAT configuration, and setting an external access computing node to centralize external access flow;
when the virtual machines of different subnets of the same computing node in the overlay virtualization platform are partially mutually accessed, the flow is forwarded inside the computing node.
3. The configuration method for rapid deployment of SDN networking in dual-machine virtualization of claim 1, wherein in step S133, a distributed NET gateway is configured to implement access of an external network to an internal network virtual machine by using source data conversion SNAT and destination address conversion DNAT configuration; the method comprises the following specific steps:
establishing one-to-one mapping between an external network IP and a virtual machine IP;
when the external network accesses the virtual machine, the network translation address NAT bound by the external network direct access virtual machine is set, and the virtual machine is directly accessed from the computing node to which the virtual machine belongs through the network translation address NAT.
4. A configuration system for deploying SDN networking rapidly by double-machine virtualization is characterized by comprising:
the SDN initialization module (1) is used for creating an overlay virtual network, configuring a test script on an overlay virtualization platform and initializing an SDN networking; the SDN initialization module (1) comprises:
an Overlay virtual network creating unit (1.1) for creating an Overlay virtual network, selecting a tunnel address for the Overlay virtual network, and bridging the switch through the tunnel address;
the test script configuration unit (1.2) is used for configuring a test script on the overlay virtualization platform;
the SDN initialization unit (1.3) is used for configuring a test script to perform SDN initialization and automatically adding a security group, a distributed router, a distributed NET gateway and a distributed firewall; the SDN initialization unit (1.3) comprises:
the security group adding subunit is used for configuring a test script to perform SDN initialization, automatically adding a security group, setting security access control of a virtual port of a security group virtual machine, limiting flow receiving and sending of the security group virtual machine, and setting the security group virtual machine to adopt an OpenFlow protocol;
the distributed router adding subunit is used for configuring a test script to automatically add the distributed router, setting the distributed router to run among the computing nodes of each virtual machine, performing three-layer forwarding, and setting data traffic among different subnets of the overlay virtual network to be forwarded through the distributed router; setting a distributed router to realize the access of a virtual machine to an external network through source data conversion SNAT configuration;
the distributed NET gateway adding subunit is used for configuring a test script to automatically add the distributed NET gateway, and the distributed NET gateway is set to realize the access of an external network to an intranet virtual machine by adopting source data conversion SNAT and destination address conversion DNAT configuration;
the distributed firewall adding subunit is used for configuring the test script to automatically add the distributed firewall and respectively filtering data access among the external network, the internal network and the sub-network according to a firewall rule;
the management data issuing module (2) is used for configuring a test script to manage and issue data through an SDN API (software defined network application program interface), and issuing the management data to a database of the overlay virtualization platform;
the management node configuration module (3) is used for setting a management node of an SDN API (software defined network application program interface) running on an overlay virtualization platform, simultaneously configuring the management node to adopt dual-machine virtualization deployment, setting a master machine and a standby machine of the management node to be simultaneously used as computing nodes, and synchronizing data of the master machine and the standby machine of the management node; the management node configuration module (3) comprises:
the SDN API operation setting unit (3.1) is used for setting the SDN API to operate in a management node of an overlay virtualization platform;
the double-machine virtualization configuration unit (3.2) is used for configuring the management node of the overlay virtualization platform to adopt double-machine virtualization deployment and configure a main management node and a standby management node;
the management node deployment unit (3.3) is used for configuring the main management node and the standby management node to adopt an alinone deployment mode, and setting the main management node and the standby management node to support the function of the computing node;
the data synchronization unit (3.4) is used for setting data synchronization between the main management node and the standby management node by adopting a heartbeat detection mechanism and starting distributed block data migration when the main management node and the standby management node are switched;
and the SDN networking configuration module (4) is used for configuring the neutron-server component to acquire management data issued by the SDN API to the overlay virtualization platform database, performing operation of adding switches, networks and subnets, and completing configuration of the SND networking.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010094796.7A CN111371591B (en) | 2020-02-16 | 2020-02-16 | Configuration method and system for rapidly deploying SDN networking in dual-machine virtualization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010094796.7A CN111371591B (en) | 2020-02-16 | 2020-02-16 | Configuration method and system for rapidly deploying SDN networking in dual-machine virtualization |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111371591A CN111371591A (en) | 2020-07-03 |
| CN111371591B true CN111371591B (en) | 2022-12-20 |
Family
ID=71210376
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010094796.7A Active CN111371591B (en) | 2020-02-16 | 2020-02-16 | Configuration method and system for rapidly deploying SDN networking in dual-machine virtualization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111371591B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112019595B (en) * | 2020-07-17 | 2022-06-21 | 苏州浪潮智能科技有限公司 | Method and system for interconnecting multiple data centers in virtual environment |
| CN113923118A (en) * | 2021-09-06 | 2022-01-11 | 锐捷网络股份有限公司 | Virtual switch batch deployment method, server, switch and data center |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103746997A (en) * | 2014-01-10 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | Network security solution for cloud computing center |
| CN106027626A (en) * | 2016-05-12 | 2016-10-12 | 赛特斯信息科技股份有限公司 | SDN-based system for realizing virtualization data center |
| CN108683523A (en) * | 2018-04-24 | 2018-10-19 | 国家电网公司信息通信分公司 | A kind of SDN frameworks based on network virtualization |
| CN109218053A (en) * | 2017-07-03 | 2019-01-15 | 中兴通讯股份有限公司 | Implementation method, system and the storage medium of virtual data center |
-
2020
- 2020-02-16 CN CN202010094796.7A patent/CN111371591B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103746997A (en) * | 2014-01-10 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | Network security solution for cloud computing center |
| CN106027626A (en) * | 2016-05-12 | 2016-10-12 | 赛特斯信息科技股份有限公司 | SDN-based system for realizing virtualization data center |
| CN109218053A (en) * | 2017-07-03 | 2019-01-15 | 中兴通讯股份有限公司 | Implementation method, system and the storage medium of virtual data center |
| CN108683523A (en) * | 2018-04-24 | 2018-10-19 | 国家电网公司信息通信分公司 | A kind of SDN frameworks based on network virtualization |
Non-Patent Citations (1)
| Title |
|---|
| 云数据中心SDN/NFV组网方案、测试及问题分析;顾戎等;《电信科学》;20160120(第01期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111371591A (en) | 2020-07-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112840333B (en) | Host route overlay with deterministic host learning and localized integrated routing and bridging | |
| US20190196921A1 (en) | High availability and failovers | |
| US9225636B2 (en) | Method and apparatus for exchanging IP packets among network layer 2 peers | |
| CN111130981B (en) | Proxy response method and device for MAC address | |
| US10673736B2 (en) | Traffic reduction in data center fabrics | |
| EP3691185B1 (en) | Method for processing message, device, and system | |
| US10250552B1 (en) | L3VPN service with single IGP/BGP session from a multi-homed CE with fast convergence using EVPN | |
| CN107948041B (en) | Method and equipment for constructing VXLAN centralized multi-active gateway | |
| CN111614541A (en) | Method for adding public cloud network physical host into VPC | |
| CN111371591B (en) | Configuration method and system for rapidly deploying SDN networking in dual-machine virtualization | |
| EP2584742B1 (en) | Method and switch for sending packet | |
| CN111447146B (en) | Method, device, equipment and storage medium for dynamically updating physical routing information | |
| CN113381936B (en) | Network information processing method and device and network equipment | |
| CN107276846B (en) | Gateway disaster tolerance method, device and storage medium | |
| CN110191042B (en) | Message forwarding method and device | |
| CN111404821A (en) | IPv4 and IPv6 interconnection system based on SDN | |
| US20230171223A1 (en) | Communication Method, CP Device, and NAT Device | |
| CN115987778A (en) | Container communication method based on Kubernetes cluster | |
| US20130151679A1 (en) | Hybrid virtual computing environments | |
| Cisco | Configuring DECnet | |
| Cisco | Configuring DECnet | |
| Cisco | Configuring DECnet | |
| Cisco | Configuring DECnet | |
| CN104135434A (en) | Method and device for path switching in Ethernet virtualized interconnect (EVI) network | |
| Dumba et al. | Experience in implementing & deploying a non-ip routing protocol viro in geni |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |