CN111585917B - Bare metal server network system and implementation method thereof - Google Patents
Bare metal server network system and implementation method thereof Download PDFInfo
- Publication number
- CN111585917B CN111585917B CN202010523573.8A CN202010523573A CN111585917B CN 111585917 B CN111585917 B CN 111585917B CN 202010523573 A CN202010523573 A CN 202010523573A CN 111585917 B CN111585917 B CN 111585917B
- Authority
- CN
- China
- Prior art keywords
- network
- bare metal
- metal server
- virtual switch
- servers
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/70—Virtual switches
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a bare metal server network system, which comprises a plurality of groups of bare metal servers, a TOR switch and network nodes, wherein each group of bare metal servers is provided with the network nodes, the TOR switch and the network nodes are used for data interaction, and the network nodes establish a mapping relation with the bare metal servers so as to check and control the bare metal servers.
Description
Technical Field
The invention belongs to the technical field of server network deployment, and particularly relates to a bare metal server network system and an implementation method thereof.
Background
The bare metal server is an upgrading version of a traditional physical server, has the excellent performance of the traditional physical server, has a portable management platform as a cloud host, brings excellent computing performance for users, can meet the requirements of a core application scene on high performance and stability, is a computing service with both the elasticity of a virtual machine and the performance of the physical machine, and can be flexibly applied by tenants and used as required. The bare metal server is controlled by a cloud network like a cloud host, and the cloud network provides functions of DHCP address allocation, metadata service, VPC network isolation, security group, ACL and the like for the bare metal server.
In a traditional method for realizing a bare metal server network, the traffic of the bare metal server and the traffic accessed among different tenants are pulled to a bare metal server gateway, and the bare metal server gateway manages and controls the network of the bare metal server. Another implementation manner is to use a hardware SDN switch, where the bare metal server is accessed to the SDN switch, and the SDN controller issues a flow table rule to the switch to manage and control the network of the bare metal server.
Disclosure of Invention
In order to solve the above problems, a first objective of the present invention is to provide a bare metal server network system, which solves the single-point problem caused by a centralized bare metal server gateway, and simultaneously reduces the cost of network construction and improves the work efficiency.
In order to achieve the purpose, the invention is realized according to the following technical scheme:
a bare metal server network system comprises a plurality of groups of bare metal servers, TOR switches and network nodes; each group of bare metal servers is provided with the network node, each group of bare metal servers carries out data interaction with the network node through the TOR switch, and the network node establishes a mapping relation with the bare metal servers so as to check and control the bare metal servers.
Further, each group of bare metal servers comprises two or more bare metal servers.
Further, the number of the network nodes is two or more, and the network nodes include a virtual switch and a network controller.
Furthermore, the bare metal servers under each group of bare metal servers are respectively distributed with a unique VLAN, and the bare metal servers can communicate with each other after the VLAN is removed through the network node. Further, the TOR switch is provided with a port mode accessed by the bare metal server and a port mode accessed by the network node; the port mode accessed by the bare metal server is an Access mode; and the port mode accessed by the network node is a Trunk mode.
Further, an initialization program of the bare metal server is established, the initialization program constructs a self-defined network packet, and the network packet comprises the VLAN of the bare metal server and the MAC address of the bare metal server;
the network node sets an access registration program of the bare metal server, the network packet is sent to the network node through the TOR switch, the access registration program extracts the network packet on a service network card, the network node creates a corresponding VLAN sub-interface of the service network card according to a VLAN and an MAC address of the network packet, the corresponding VLAN sub-interface is connected with the virtual switch, and the network controller registers the sub-interface and port information corresponding to the virtual switch;
the network controller issues a mapping rule flow table to the virtual switch, the mapping rule flow table matches port information corresponding to the virtual switch with the MAC address, and the virtual switch completes information execution and information transmission according to a matching result.
Further, when the matching result shows that the matching is successful, the virtual switch executes an execution action corresponding to the mapping rule flow table;
or the like, or, alternatively,
and when the matching result shows that the matching is unsuccessful, the network packet corresponding to the MAC address is discarded by the virtual switch.
Further, when the virtual switch finds that the mapping rule flow table successfully matched with the network packet does not have executable action corresponding to the mapping rule flow table, the virtual switch sends the network packet to the network controller, the network controller generates the executable action of the mapping rule flow table by using the network information of the network packet as a matching item, and issues the mapping rule flow table containing the executable action to the virtual switch.
Further, the matching item of the execution action includes network information of the network packet, where the network information includes a source MAC address, a destination MAC address, a source IP address, a destination IP address, a network protocol number, and a destination port number of the packet.
The second objective of the present invention is to provide a method for implementing a bare metal server network, which implements network initialization of the bare metal server, and solves the security problem caused by a tenant tampering an address of the bare metal server.
In order to achieve the purpose, the invention is realized according to the following technical scheme:
a bare metal server network implemented method, comprising the steps of:
s1, deploying multiple groups of bare metal servers, network nodes corresponding to each group of bare metal servers and TOR switches;
s2, carrying out data interaction on the bare metal server and the network node through the TOR switch;
s3, establishing a mapping relation between the network node and the bare metal server, and verifying and controlling the bare metal server by using the mapping relation.
Further, each group of bare metal servers comprises two or more bare metal servers.
Further, the number of the network nodes is two or more, and the network nodes include a virtual switch and a network controller.
Furthermore, the bare metal servers under each group of bare metal servers are respectively distributed with a unique VLAN, and the bare metal servers can communicate with each other after the VLAN is removed through the network node. Further, the TOR switch is provided with a port mode accessed by the bare metal server and a port mode accessed by the network node; the port mode accessed by the bare metal server is an Access mode; and the port mode accessed by the network node is a Trunk mode.
Further, an initialization program of the bare metal server is established, the initialization program constructs a self-defined network packet, and the network packet comprises the VLAN of the bare metal server and the MAC address of the bare metal server;
the network node sets an access registration program of the bare metal server, the network packet is sent to the network node through the TOR switch, the access registration program extracts the network packet on a service network card, the network node creates a corresponding VLAN sub-interface of the service network card according to a VLAN and an MAC address of the network packet, the corresponding VLAN sub-interface is connected with the virtual switch, and the network controller registers the sub-interface and port information corresponding to the virtual switch;
the network controller issues a mapping rule flow table to the virtual switch, the mapping rule flow table matches port information corresponding to the virtual switch with the MAC address, and the virtual switch completes information execution and information transmission according to a matching result.
Further, when the matching result shows that the matching is successful, the virtual switch executes an execution action corresponding to the mapping rule flow table;
or the like, or, alternatively,
and when the matching result shows that the matching is unsuccessful, the network packet corresponding to the MAC address is discarded by the virtual switch.
Further, when the virtual switch finds that the mapping rule flow table successfully matched with the network packet does not have executable action corresponding to the mapping rule flow table, the virtual switch sends the network packet to the network controller, the network controller generates the executable action of the mapping rule flow table by using the network information of the network packet as a matching item, and issues the mapping rule flow table containing the executable action to the virtual switch.
Further, the matching item of the execution action includes network information of the network packet, where the network information includes a source MAC address, a destination MAC address, a source IP address, a destination IP address, a network protocol number, and a destination port number of the packet.
Compared with the prior art, the invention has the following beneficial technical effects:
the invention provides a bare metal server network system which comprises a plurality of groups of bare metal servers, a TOR switch and network nodes, wherein each group of bare metal servers is provided with the network node, the TOR switch is communicated with the network node for data interaction, and the network nodes establish a mapping relation with the bare metal servers to verify and control the bare metal servers, so that the single-point problem caused by a centralized bare metal server gateway is solved, the network construction cost is reduced, and the working efficiency is improved.
The invention provides a bare metal server network implementation method, which comprises the steps of firstly deploying a plurality of groups of bare metal servers, wherein each group of bare metal servers corresponds to a network node and a TOR switch; carrying out data interaction on a bare metal server and the network node through the TOR switch; and finally, establishing a mapping relation between the network node and the bare metal server, and verifying and controlling the bare metal server by using the mapping relation, thereby realizing network initialization of the bare metal server and solving the security problem caused by tampering the address of the bare metal server by a tenant.
Drawings
Fig. 1 is a schematic diagram of a deployment structure of a bare metal server network system according to embodiment 1 of the present invention.
Fig. 2 is a schematic structural diagram of a bare metal server and a network node establishing a mapping relationship in embodiment 1 of the present invention.
Fig. 3 shows a network packet format according to embodiment 1 of the present invention.
Fig. 4 is a schematic step diagram of a bare metal server network implementation method described in embodiment 2 of the present invention.
Detailed Description
In order to fully understand the objects, features and effects of the present invention, the concept, specific steps and technical effects of the present invention will be further described with reference to the accompanying drawings and the detailed description.
Example 1
As shown in fig. 1, the present invention discloses a bare metal server network system, which includes multiple groups of bare metal servers, TOR switches, and network nodes; each group of bare metal servers is provided with a network node, each group of bare metal servers performs data interaction with the network node through a TOR switch, and the network node establishes a mapping relation with the bare metal servers to verify and control the bare metal servers.
Specifically, in this embodiment, a plurality of groups of bare metal servers are arranged under a central switch, a network node and a TOR switch are arranged under each group of bare metal servers, the network node is distributed and deployed according to a cabinet of each group of bare metal servers, network traffic of the bare metal servers is pulled to the network node through the TOR switch, data interaction is performed between the network node and the network node, a mapping relationship between addresses of the bare metal servers and the network node is registered through automatic access, and the network node performs verification, check and control on the bare metal servers according to the mapping relationship. Through the arrangement, the single point problem caused by a centralized bare metal server gateway is solved, the problem that the fault of a network node affects bare metal server networks of different cabinets is avoided, and meanwhile, the safety problem caused by the fact that a tenant changes the address of the bare metal server into the address of the bare metal server of another tenant is also avoided.
Preferably, each group of bare metal servers includes two or more bare metal servers.
Specifically, in this embodiment, each group of bare metal servers is disposed under one cabinet, each cabinet includes two or more bare metal servers, and the network architecture of multiple bare metal servers can provide the requirements of high efficiency and high performance.
Preferably, the number of the network nodes is two or more, and the network nodes include a virtual switch and a network controller.
Specifically in this embodiment, each group of bare metal servers is correspondingly provided with two or more network nodes, so that the bare metal servers of each cabinet can be managed and controlled, and meanwhile, distributed deployment under different cabinets is adopted, so that the problem that the network node of one cabinet fails and the bare metal server network of another cabinet cannot be influenced is solved.
Preferably, the bare metal servers under each group of bare metal servers are respectively allocated with a unique VLAN, and the bare metal servers between each group of bare metal servers can communicate with each other after the VLAN is removed through the network node.
Specifically, in this embodiment, a unique VLAN is pre-assigned to each bare metal server under each cabinet, where the VLAN is a virtual local area network, and a physical local area network is logically divided into multiple broadcast domains, and hosts in the VLAN can directly communicate with each other, but the VLANs cannot directly communicate with each other, so that broadcast packets are limited to one VLAN, network traffic of the bare metal servers is all pulled to a network node, and the network node can perform communication with each other after removing the VLAN. Preferably, the TOR switch is provided with a port mode for accessing the bare metal server and a port mode for accessing the network node; the port mode accessed by the bare metal server is an Access mode; the port mode accessed by the network node is Trunk mode.
Specifically, in this embodiment, a port mode accessed by a bare metal server is set as an Access mode on a TOR switch of each cabinet, multiple VLANs are allowed to pass through, multiple VLAN messages can be received and sent, the port mode can be used for inter-switch connection and also used for connecting a user computer, a PVID is a VLAN pre-assigned by the bare metal server, and the PVID represents a port-based VLAN ID in network communication. The port mode accessed by the network node is set to be a Trunk mode, a plurality of VLANs are allowed to pass through, and a plurality of messages can be received and sent, and the method is generally used for interfaces related to the switch and the switch. When the Access mode and the Trunk mode receive data, the processing method is the same, but when the data is sent, the Access mode can allow messages of a plurality of VLANs not to be labeled, and the Trunk mode only allows a default VLAN (namely the VLAN default to the system) not to be labeled.
Preferably, an initialization program of the bare metal server is established, the initialization program constructs a self-defined network packet, and the network packet comprises the VLAN of the bare metal server and the MAC address of the bare metal server;
the network node sets an access registration program of the bare metal server, the access registration program extracts a network packet on the service network card, the network packet is sent to the network node through the TOR switch, the network node creates a corresponding VLAN subinterface of the service network card according to the VLAN and the MAC address of the network packet, the corresponding VLAN subinterface is connected with the virtual switch, and the network controller registers the subinterface and port information corresponding to the virtual switch;
and the network controller issues a mapping rule flow table to the virtual switch, the mapping rule flow table matches port information and MAC addresses corresponding to the virtual switch, and the virtual switch completes information execution and information transmission according to a matching result.
Specifically, in this embodiment, as shown in fig. 2, a bare metal server initialization U disk including a special system image is prefabricated, the special system image includes a Linux kernel file and a file system file, a bare metal server initialization program is embedded in the file system file, and after the bare metal server is inserted into the U disk and started, since the uninitialized bare metal hard disk does not have a guidable partition, the bare metal server initialization program will be guided to enter a customized operating system of the U disk and started. Meanwhile, a self-defined network packet is constructed by utilizing a bare metal server initialization program, the format of the network packet is shown in FIG. 3, and the destination address is FF, and indicates that the network packet is an Ethernet broadcast packet; the source address is a MAC address on each physical network card on the bare metal server, and the type uses 0xFFFF, which indicates that the packet is a network packet of a custom type.
The network node presets an admission registration program of the bare metal server, the admission registration program captures a self-defined network packet on the service network card, VLAN and MAC address of the bare metal server are obtained through the network packet, meanwhile, the network node creates a sub-interface of the service network card, the sub-interface is connected with the port of the virtual switch, the bare metal server initiates network access, the access message is pulled to the sub-interface of the business network card corresponding to the network node through the TOR switch, the virtual switch matches the information carried by the message with a mapping rule flow table issued by a network controller, and completes information execution and information transmission according to the obtained matching result, so that potential safety hazards caused by tampering the MAC address of the bare metal server by the tenant into the MAC address of the bare metal server of another tenant are avoided.
Preferably, when the matching result shows success, the virtual switch executes an execution action corresponding to the mapping rule flow table;
or the like, or, alternatively,
and when the matching result shows that the matching is unsuccessful, the network packet corresponding to the MAC address is discarded by the virtual switch.
Specifically, in this embodiment, the virtual switch matches the port information and the MAC address corresponding to the virtual switch according to the mapping rule flow table, and if the matching is successful, leaves the network packet corresponding to the MAC address in the virtual switch, and executes the corresponding execution action in the mapping rule flow table, and if the matching is unsuccessful, the network packet corresponding to the MAC address is discarded.
Preferably, when the virtual switch finds that the mapping rule flow table successfully matched with the network packet does not have the executable action corresponding to the network packet, the virtual switch sends the network packet to the network controller, the network controller generates the executable action of the mapping rule flow table by using the network information of the network packet as a matching item, and issues the mapping rule flow table containing the executable action to the virtual switch.
Specifically, in this embodiment, the bare metal server initiates a network access, an accessed network packet message is pulled to a service network card sub-interface corresponding to a network node through a TOR switch, and then enters a virtual switch of the network node, a network controller issues a mapping rule flow table to the virtual switch, the virtual switch matches the network information of the network packet message with the mapping rule flow table, after matching is successful, the virtual switch executes a rule action in the mapping rule flow table corresponding to the successfully matched network packet, for a network packet that is not successfully matched, the network packet is sent to the network controller by the virtual switch, the network controller uses the network information in the network packet as a matching item to generate a rule action of the mapping rule flow table, and issues the mapping rule flow table containing the rule action to the virtual switch, thereby achieving verification and control of the bare metal server, avoiding errors.
Preferably, the matching item for executing the action includes network information of the network packet, and the network information includes a source MAC address, a destination MAC address, a source IP address, a destination IP address, a network protocol number, and a destination port number of the packet.
Specifically, in this embodiment, a source MAC address, a target MAC address, a source IP address, a target IP address, a network protocol number, and a target port number in network packet message information sent by the virtual switch to the network controller are used as matching items of an execution rule flow table corresponding to the network packet, a rule action is generated according to the cloud network management and control logic, and a mapping rule flow table corresponding to the rule action is issued to the virtual switch.
Example 2
The invention discloses a bare metal server network implementation method, which comprises the following steps:
s1, deploying multiple groups of bare metal servers, network nodes corresponding to each group of bare metal servers and TOR switches;
s2, carrying out data interaction on the bare metal server and the network node through the TOR switch;
s3, establishing a mapping relation between the network node and the bare metal server, and verifying and controlling the bare metal server by using the mapping relation.
Specifically, in this embodiment, as shown in fig. 4, multiple groups of bare metal servers are deployed according to a cabinet, a corresponding network node and a TOR switch are deployed below each group of bare metal servers, network traffic of the bare metal servers is led to the network node below the cabinet through the TOR switch, data interaction between the network node and the bare metal servers is performed, and a mapping relationship between the bare metal servers and the network node is registered through automatic admission, so that verification, check, control and management of the bare metal server network are performed.
Preferably, each group of bare metal servers includes two or more bare metal servers.
Specifically, in this embodiment, each group of bare metal servers is disposed under one cabinet, each cabinet includes two or more bare metal servers, and the network architecture of multiple bare metal servers can provide the requirements of high efficiency and high performance.
Preferably, the number of the network nodes is two or more, and the network nodes include a virtual switch and a network controller.
Specifically in this embodiment, each group of bare metal servers is correspondingly provided with two or more network nodes, so that the bare metal servers of each cabinet can be managed and controlled, and meanwhile, distributed deployment under different cabinets is adopted, so that the problem that the network node of one cabinet fails and the bare metal server network of another cabinet cannot be influenced is solved.
Preferably, the bare metal servers under each group of bare metal servers are respectively allocated with a unique VLAN, and the bare metal servers between each group of bare metal servers can communicate with each other after the VLAN is removed through the network node. Specifically, in this embodiment, a unique VLAN is pre-assigned to each bare metal server under each cabinet, where the VLAN is a virtual local area network, and a physical local area network is logically divided into multiple broadcast domains, and hosts in the VLAN can directly communicate with each other, but the VLANs cannot directly communicate with each other, so that broadcast packets are limited to one VLAN, network traffic of the bare metal servers is all pulled to a network node, and the network node performs mutual communication after removing the VLAN.
Preferably, the TOR switch is provided with a port mode for accessing the bare metal server and a port mode for accessing the network node; the port mode accessed by the bare metal server is an Access mode; the port mode accessed by the network node is Trunk mode.
Specifically, in this embodiment, a port mode accessed by a bare metal server is set as an Access mode on a TOR switch of each cabinet, multiple VLANs are allowed to pass through, multiple VLAN messages can be received and sent, the port mode can be used for inter-switch connection and also used for connecting a user computer, a PVID is a VLAN pre-assigned by the bare metal server, and the PVID represents a port-based VLAN ID in network communication. The port mode accessed by the network node is set to be a Trunk mode, a plurality of VLANs are allowed to pass through, and a plurality of messages can be received and sent, and the method is generally used for interfaces related to the switch and the switch. When the Access mode and the Trunk mode receive data, the processing method is the same, but when the data is sent, the Access mode can allow messages of a plurality of VLANs not to be labeled, and the Trunk mode only allows a default VLAN (namely the VLAN default to the system) not to be labeled.
Preferably, an initialization program of the bare metal server is established, the initialization program constructs a self-defined network packet, and the network packet comprises the VLAN of the bare metal server and the MAC address of the bare metal server;
the network node sets an access registration program of the bare metal server, the access registration program extracts a network packet on the service network card, the network packet is sent to the network node through the TOR switch, the network node creates a corresponding VLAN subinterface of the service network card, the corresponding VLAN subinterface is connected with the virtual switch, and the network controller registers the subinterface and port information corresponding to the virtual switch;
and the network controller issues a mapping rule flow table to the virtual switch, the mapping rule flow table matches port information and MAC addresses corresponding to the virtual switch, and the virtual switch completes information execution and information transmission according to a matching result.
Specifically, in this embodiment, as shown in fig. 2, a bare metal server initialization U disk including a special system image is prefabricated, the special system image includes a Linux kernel file and a file system file, a bare metal server initialization program is embedded in the file system file, and after the bare metal server is inserted into the U disk and started, since the uninitialized bare metal hard disk does not have a guidable partition, the bare metal server initialization program will be guided to enter a customized operating system of the U disk and started. Meanwhile, a self-defined network packet is constructed by utilizing a bare metal server initialization program, the format of the network packet is shown in FIG. 3, and the destination address is FF, and indicates that the network packet is an Ethernet broadcast packet; the source address is a MAC address on each physical network card on the bare metal server, and the type uses 0xFFFF, which indicates that the packet is a network packet of a custom type.
The network node presets an admission registration program of the bare metal server, the admission registration program captures a self-defined network packet on the service network card, VLAN and MAC address of the bare metal server are obtained through the network packet, meanwhile, the network node creates a sub-interface of the service network card, the sub-interface is connected with the port of the virtual switch, the bare metal server initiates network access, the access message is pulled to the sub-interface of the business network card corresponding to the network node through the TOR switch, the virtual switch matches the information carried by the message with a mapping rule flow table issued by a network controller, and completes information execution and information transmission according to the obtained matching result, so that potential safety hazards caused by tampering the MAC address of the bare metal server by the tenant into the MAC address of the bare metal server of another tenant are avoided.
Preferably, when the matching result shows success, the virtual switch executes an execution action corresponding to the mapping rule flow table;
or the like, or, alternatively,
and when the matching result shows that the matching is unsuccessful, the network packet corresponding to the MAC address is sent to the network controller by the virtual switch.
Specifically, in this embodiment, the virtual switch matches the port information and the MAC address corresponding to the virtual switch according to the mapping rule flow table, and if the matching is successful, leaves the network packet corresponding to the MAC address in the virtual switch, and executes the corresponding execution action in the mapping rule flow table, and if the matching is unsuccessful, the network packet corresponding to the MAC address is discarded.
Preferably, when the virtual switch finds that the mapping rule flow table successfully matched with the network packet does not have the executable action corresponding to the network packet, the virtual switch sends the network packet to the network controller, the network controller generates the executable action of the mapping rule flow table by using the network information of the network packet as a matching item, and issues the mapping rule flow table containing the executable action to the virtual switch.
Specifically, in this embodiment, the bare metal server initiates a network access, an accessed network packet message is pulled to a service network card sub-interface corresponding to a network node through a TOR switch, and then enters a virtual switch of the network node, a network controller issues a mapping rule flow table to the virtual switch, the virtual switch matches the network information of the network packet message with the mapping rule flow table, after matching is successful, the virtual switch executes a rule action in the mapping rule flow table corresponding to the successfully matched network packet, for a network packet that is not successfully matched, the network packet is sent to the network controller by the virtual switch, the network controller uses the network information in the network packet as a matching item to generate a rule action of the mapping rule flow table, and issues the mapping rule flow table containing the rule action to the virtual switch, thereby achieving verification and control of the bare metal server, avoiding errors.
Preferably, the matching item for executing the action includes network information of the network packet, and the network information includes a source MAC address, a destination MAC address, a source IP address, a destination IP address, a network protocol number, and a destination port number of the packet.
Specifically, in this embodiment, a source MAC address, a target MAC address, a source IP address, a target IP address, a network protocol number, and a target port number in network packet message information sent by the virtual switch to the network controller are used as matching items of an execution rule flow table corresponding to the network packet, a rule action is generated according to the cloud network management and control logic, and a mapping rule flow table corresponding to the rule action is issued to the virtual switch.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-viewable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
While the preferred embodiments of the present invention have been illustrated and described in detail, it should be understood that modifications and variations can be effected by one skilled in the art in light of the above teachings without undue experimentation. Therefore, the technical solutions available to those skilled in the art through logic analysis, reasoning or limited experiments based on the present invention concept should be within the scope of protection defined by the claims.
Claims (6)
1. A bare metal server network system is characterized by comprising a plurality of groups of bare metal servers, TOR switches and network nodes;
each group of bare metal servers is provided with the network node, each group of bare metal servers performs data interaction with the network node through the TOR switch, and the network node establishes a mapping relation with the bare metal servers so as to check and control the bare metal servers; the number of the network nodes is two or more, and the network nodes comprise virtual switches and network controllers;
the bare metal servers under each group of bare metal servers are respectively distributed with a unique VLAN, and the bare metal servers can communicate with each other after the VLAN is removed through the network node;
the TOR switch is provided with a port mode accessed by the bare metal server and a port mode accessed by the network node;
the port mode accessed by the bare metal server is an Access mode;
the port mode accessed by the network node is a Trunk mode;
establishing an initialization program of the bare metal server, wherein the initialization program constructs a self-defined network packet, and the network packet comprises a VLAN (virtual local area network) of the bare metal server and an MAC (media access control) address of the bare metal server;
the network node sets an access registration program of the bare metal server, the network packet is sent to the network node through the TOR switch, the access registration program extracts the network packet on a service network card, the network node creates a corresponding VLAN sub-interface of the service network card according to a VLAN and an MAC address of the network packet, the corresponding VLAN sub-interface is connected with the virtual switch, and the network controller registers the sub-interface and port information corresponding to the virtual switch;
the network controller issues a mapping rule flow table to the virtual switch, the mapping rule flow table matches port information corresponding to the virtual switch with the MAC address, and the virtual switch completes information execution and information transmission according to a matching result.
2. The bare metal server network system according to claim 1, wherein each group of bare metal servers comprises two or more bare metal servers.
3. The bare metal server network system according to claim 1,
when the matching result is successfully displayed, the virtual switch executes an execution action corresponding to the mapping rule flow table;
or the like, or, alternatively,
and when the matching result shows that the matching is unsuccessful, the network packet corresponding to the MAC address is discarded by the virtual switch.
4. The bare metal server network system according to claim 3, wherein when the virtual switch finds that the mapping rule flow table successfully matched with the network packet has no corresponding execution action to be executed, the virtual switch sends the network packet to the network controller, the network controller generates an execution action of the mapping rule flow table by using network information of the network packet as a matching item, and issues the mapping rule flow table containing the execution action to the virtual switch.
5. The bare metal server network system according to claim 4,
the matching item of the execution action comprises network information of the network packet, and the network information comprises a source MAC address, a target MAC address, a source IP address, a target IP address, a network protocol number and a target port number of the message.
6. The method of any of claims 1-5 for implementing a bare metal server network system, comprising the steps of:
s1, deploying multiple groups of bare metal servers, network nodes corresponding to each group of bare metal servers and TOR switches;
s2, carrying out data interaction on the bare metal server and the network node through the TOR switch;
s3, establishing a mapping relation between the network node and the bare metal server, and verifying and controlling the bare metal server by using the mapping relation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010523573.8A CN111585917B (en) | 2020-06-10 | 2020-06-10 | Bare metal server network system and implementation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010523573.8A CN111585917B (en) | 2020-06-10 | 2020-06-10 | Bare metal server network system and implementation method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111585917A CN111585917A (en) | 2020-08-25 |
| CN111585917B true CN111585917B (en) | 2021-03-30 |
Family
ID=72125725
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010523573.8A Active CN111585917B (en) | 2020-06-10 | 2020-06-10 | Bare metal server network system and implementation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111585917B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113708954B (en) * | 2021-07-23 | 2023-04-25 | 苏州浪潮智能科技有限公司 | Network switching method and device, electronic equipment and storage medium |
| CN113852491A (en) * | 2021-08-20 | 2021-12-28 | 紫光云(南京)数字技术有限公司 | Method for realizing bare metal safety group |
| CN113746673B (en) * | 2021-08-24 | 2023-03-24 | 济南浪潮数据技术有限公司 | Method, device, equipment and medium for deploying bare metal server ipxe |
| CN114500171B (en) * | 2021-12-29 | 2023-05-26 | 曙光云计算集团有限公司 | Network system and message transmission method |
| CN114024799B (en) * | 2022-01-06 | 2022-04-01 | 杭州优云科技有限公司 | Method and device for interconnecting bare metal server and virtualization network |
| CN116155635A (en) * | 2022-12-30 | 2023-05-23 | 天翼云科技有限公司 | Public cloud multicast system, method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104767649A (en) * | 2015-04-30 | 2015-07-08 | 杭州华三通信技术有限公司 | Bare metal server deployment method and device |
| CN109495405A (en) * | 2018-12-12 | 2019-03-19 | 平安科技(深圳)有限公司 | A kind of method and interchanger of bare metal server and cloud mainframe network intercommunication |
| CN109905251A (en) * | 2017-12-07 | 2019-06-18 | 北京金山云网络技术有限公司 | Network management, device, electronic equipment and storage medium |
| US20190260825A1 (en) * | 2016-10-28 | 2019-08-22 | International Business Machines Corporation | Provisioning a bare-metal server |
| CN111200628A (en) * | 2018-11-16 | 2020-05-26 | 瞻博网络公司 | Network controller sub-cluster for distributed computing deployment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9860116B1 (en) * | 2013-06-18 | 2018-01-02 | Cisco Technology, Inc. | Physical network orchestration for data centers |
| CN110213148B (en) * | 2019-05-22 | 2021-10-15 | 腾讯科技(深圳)有限公司 | Data transmission method, system and device |
-
2020
- 2020-06-10 CN CN202010523573.8A patent/CN111585917B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104767649A (en) * | 2015-04-30 | 2015-07-08 | 杭州华三通信技术有限公司 | Bare metal server deployment method and device |
| US20190260825A1 (en) * | 2016-10-28 | 2019-08-22 | International Business Machines Corporation | Provisioning a bare-metal server |
| CN109905251A (en) * | 2017-12-07 | 2019-06-18 | 北京金山云网络技术有限公司 | Network management, device, electronic equipment and storage medium |
| CN111200628A (en) * | 2018-11-16 | 2020-05-26 | 瞻博网络公司 | Network controller sub-cluster for distributed computing deployment |
| CN109495405A (en) * | 2018-12-12 | 2019-03-19 | 平安科技(深圳)有限公司 | A kind of method and interchanger of bare metal server and cloud mainframe network intercommunication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111585917A (en) | 2020-08-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111585917B (en) | Bare metal server network system and implementation method thereof | |
| US11375016B2 (en) | Routing messages between cloud service providers | |
| US10091274B2 (en) | Method, device, and system for controlling network device auto-provisioning | |
| CN103580980B (en) | The method and device thereof that virtual network finds and automatically configures automatically | |
| CN108293019B (en) | Flow table processing method and device | |
| CN107070691B (en) | Cross-host communication method and system of Docker container | |
| CN111711557B (en) | Remote access system and method for network target range users | |
| EP3905598B1 (en) | Message processing method and apparatus, control plane device, and computer storage medium | |
| EP2724497B1 (en) | Private virtual local area network isolation | |
| EP2525532A1 (en) | Method and apparatus of connectivity discovery between network switch and server based on vlan identifiers | |
| CN112737690B (en) | Optical line terminal OLT equipment virtualization method and related equipment | |
| EP2736191B1 (en) | Virtual router system and virtual router implementation method | |
| US9832136B1 (en) | Streaming software to multiple virtual machines in different subnets | |
| CN107135134A (en) | Private network cut-in method and system based on virtual switch and SDN technologies | |
| CN107666419B (en) | Virtual broadband access method, controller and system | |
| CN114070723B (en) | Virtual network configuration method and system of bare metal server and intelligent network card | |
| US10530643B2 (en) | Automatic management network provisioning | |
| CN104133776B (en) | Storage array automatic configuration method, device and storage system | |
| CN101800658A (en) | Apparatus and method for managing subscription requests for a network interface component | |
| CN109474443A (en) | A kind of configuration method, device, system and the communication equipment of newly-increased server | |
| CN106878480B (en) | DHCP service process sharing method and device | |
| CN105071945A (en) | Network terminal address bulk binding method based on interchanger technology | |
| CN104618522B (en) | The method and Ethernet access equipment that IP address of terminal automatically updates | |
| CN108965165A (en) | The distribution method of VLAN resource, system and server-side under SDN framework | |
| US8908708B2 (en) | Secure method and apparatus for enabling the provisioning of a shared service in a utility computing environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |