CN112583949A - VPC (virtual private network) public network access method and VPC equipment - Google Patents
VPC (virtual private network) public network access method and VPC equipment Download PDFInfo
- Publication number
- CN112583949A CN112583949A CN202011343437.7A CN202011343437A CN112583949A CN 112583949 A CN112583949 A CN 112583949A CN 202011343437 A CN202011343437 A CN 202011343437A CN 112583949 A CN112583949 A CN 112583949A
- Authority
- CN
- China
- Prior art keywords
- vpc
- target
- network address
- public network
- private network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000012545 processing Methods 0.000 claims description 13
- 239000002184 metal Substances 0.000 claims description 8
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 101000652292 Homo sapiens Serotonin N-acetyltransferase Proteins 0.000 claims 2
- 102100030547 Serotonin N-acetyltransferase Human genes 0.000 claims 2
- 238000005516 engineering process Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2521—Translation architectures other than single NAT servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The specification provides a method for VPC to access a public network and VPC equipment, wherein the method comprises the following steps: obtaining a target egress group for the VPC, the target egress group comprising: and one or more VPC outlets determine a target public network address corresponding to the target outlet group, and enable VPC services associated with the target outlet group to access a public network through the target public network address. By the method, the using amount of public IP can be greatly saved.
Description
Technical Field
The disclosure relates to the field of cloud technologies, and in particular, to a method for a VPC to access a public network and a VPC device.
Background
VPC: (virtual private cloud) is a cloud computing service in which a public cloud provider isolates certain portions of its public cloud infrastructure for private use.
Virtual machines and the like in the VPC have a large amount of scenes of accessing public Network resources, but the public Network IP resources are few, the cost is high, the SNAT (Source Address Translation) technology is used at present, a private Network IP is mapped into a certain public Network IP Address and then data access is carried out, so that the consumption of the public Network IP can be greatly reduced, but under the condition that one VPC has a plurality of outlets, each outlet occupies the public Network IP, and under the condition that the quantity of the outlets is continuously increased, the quantity of the used public Network IPs can be correspondingly increased, and the use cost of a user is increased.
Disclosure of Invention
The description provides a method for VPC to access a public network and VPC equipment, which can greatly save the using quantity of public IP.
An embodiment of the present specification provides a method for a virtual private cloud VPC to access a public network, where the method includes:
obtaining a target egress group for the VPC, the target egress group comprising: one or more VPC outlets;
determining a target public network address corresponding to the target export group;
and enabling the VPC service associated with the target export group to access the public network through the target public network address.
Optionally, the VPC service includes: one or more of cloud host traffic, load balancing traffic, bare metal traffic.
Specifically, the method further comprises: and setting a private network address pool, wherein the private network address pool corresponds to the target public network address.
Specifically, the determining the target public network address corresponding to the target egress group specifically includes:
and acquiring a corresponding number of private network addresses from the private network address pool according to the number of VPC outlets in the target outlet group, and associating different private network addresses for each VPC outlet in the target outlet group so that VPC outlets with different private network addresses correspond to target public network addresses.
Specifically, the enabling, by the target public network address, the VPC service associated with the target egress group to access the public network specifically includes:
and according to the corresponding relation between the private network address pool and the target public network address, carrying out source address conversion SNAT on the VPC service carrying the private network address sent by each VPC outlet so as to enable the VPC service carrying the private network address to access the public network by using the target public network address.
Through the embodiment, the scheme can enable a plurality of VPC outlets to access the public network through one public network address, saves a large amount of public network address resources, and particularly meets the requirement that a plurality of VPC outlets of a user use a small amount of public network IP to access public network services under the condition that the public network IP resources are in shortage.
An embodiment of the present specification further provides a virtual private cloud VPC device, where the VPC device includes:
an obtaining unit, configured to obtain a target egress group of the VPC device, where the target egress group includes: one or more VPC outlets;
the first processing unit is used for determining a target public network address corresponding to the target outlet group;
and the second processing unit is used for enabling the VPC service associated with the target export group to access the public network through the target public network address.
Optionally, the VPC service includes: one or more of cloud host traffic, load balancing traffic, bare metal traffic.
Optionally, the apparatus further comprises: and the setting unit is used for setting a private network address pool, and the private network address pool corresponds to the target public network address.
Specifically, the first processing unit is specifically configured to obtain, according to the number of VPC outlets in the target outlet group, a corresponding number of private network addresses from the private network address pool, and associate different private network addresses for each VPC outlet in the target outlet group, so that VPC outlets with different private network addresses correspond to a target public network address.
Specifically, the second processing unit is configured to perform source address conversion SNAT on the VPC service carrying the private network address sent by each VPC outlet according to a corresponding relationship between the private network address pool and the target public network address, so that the VPC service carrying the private network address accesses the public network with the target public network address.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present specification and together with the description, serve to explain the principles of the specification.
Fig. 1 is a schematic diagram of a VPC network architecture according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of a method for a VPC to access a public network according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram of a VPC network architecture according to an embodiment of the disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
As shown in fig. 1, the VPC device includes an outlet 1, an outlet 2, and an outlet 3 for external data transmission. The VPC is internally provided with various service resources, such as a cloud host service, a load balancing service, a bare metal service (physical machine) and the like, wherein the resources can be called VPC services, and the various service resources can be configured with corresponding outlets according to requirements so as to realize data transmission of the various service resources through the corresponding outlets.
In order to implement the data communication between the service and the public network, when the outlets of the VPC devices are configured, different public network IP addresses are configured for each outlet, but as the cloud service grows, the outlets of the VPC devices are increasing, and if the public network IP addresses are configured for each VPC outlet, the public network IP address resources are deficient.
To solve the above technical problem, an embodiment of the present specification provides a method for a VPC to access a public network, where as shown in fig. 2, the method includes:
s101, acquiring a target outlet group of the VPC, wherein the target outlet group comprises: one or more VPC outlets;
s102, determining a target public network address corresponding to the target export group;
s103, the VPC service associated with the target export group accesses the public network through the target public network address.
In step S101, the target egress group of the VPC may include one or more VPC egress ports, and the administrator may implement the grouping operation through the configuration command, for example, in practical applications, if the number of the egress ports in the VPC device is small, all the egress ports may be set as a group; if the data volume of the outlets in the VPC equipment is large, equally dividing all the outlets, and setting a plurality of equally divided outlets as a group; still alternatively, the grouping may be based on traffic importance.
In step S102, in order to determine a target public network address corresponding to a target export group, a private network address pool may be set in the VPC device, where the private network address pool corresponds to the target public network address, and the target public network address may be one or more than one.
Specifically, the VPC device may obtain the number of VPC outlets in the target outlet group, obtain a private Network Address corresponding to the number of VPC outlets from the private Network Address pool, and associate the obtained different private Network addresses with the VPC outlet in the target outlet group, and because the VPC device has set a relationship corresponding to the private Network Address pool and the target public Network Address, the private Network Address carried in the data sent by the VPC outlet may be converted into the target public Network Address through SNAT (Source Address conversion), thereby implementing communication with the public Network.
In step S103, when a certain VPC egress acquires a private network address (set as a target egress group according to the above steps, and configured with an egress of the private network address), the source address of the service associated with the egress is converted into the private network address by the SNAT, and when data is sent through the egress, the private network address carried in the data is converted into the corresponding target public network address by the SNAT, so that the data carrying the target public network address is sent to the public network.
It can be seen from the above embodiments that, by configuring the VPC export group, acquiring the private network address from the private network address pool having a corresponding relationship with the public network address, and configuring the private network address for the export in the VPC export group, it is realized that a plurality of exports in the VPC can share the public network address, and the occurrence of the situation of shortage of public network address resources due to excessive VPC exports is avoided.
An embodiment of the present specification further provides a method for a virtual private cloud VPC to access a public network, as shown in fig. 3, a cloud host and a bare metal service are operated in the VPC device, and different cloud hosts and bare metal services respectively correspond to an outlet 1, an outlet 2, and an outlet 3.
The outlet 1, the outlet 2 and the outlet 3 are set as a VPC outlet group, and the outlet 1, the outlet 2 and the outlet 3 in the VPC outlet group are respectively associated (configured) with a private network address 1, a private network address 2 and a private network address 3, wherein the private network address 1, the private network address 2 and the private network address 3 are addresses in a private network address pool, and the private network address pool corresponds to a target public network address.
When the service corresponding to the outlet 1 (outlet 2, outlet 3 are the same), the private network address 1 associated with the outlet 1 is used as the source address of the service message (converted by the SNAT technology), and when the data is to enter the public network, the target public network address corresponding to the private network address 1 is used as the source address of the data by the SNAT technology, and the data is sent to the public network.
It can be seen from the above embodiments that, when a service in a VPC accesses a public network, source addresses of service data in different outlets can be converted into target public network addresses by using the SNAT technology, so that private cloud data can be reused for the public network addresses, and resources of the public network addresses are saved.
An embodiment of the present specification further provides a virtual private cloud VPC device, where the VPC device may be provided in a server or a router, or may be provided in an independent physical device, and the VPC device includes:
an obtaining unit, configured to obtain a target egress group of the VPC device, where the target egress group includes: one or more VPC outlets;
the first processing unit is used for determining a target public network address corresponding to the target outlet group;
and the second processing unit is used for enabling the VPC service associated with the target export group to access the public network through the target public network address.
Wherein, the VPC service comprises: one or more of cloud host traffic, load balancing traffic, bare metal traffic.
In order to implement multiplexing of public network addresses, in this embodiment, the VPC device further includes: a setting unit for setting the setting of the device,
the setting unit is used for setting a private network address pool, and the private network address pool corresponds to the target public network address.
The first processing unit is specifically configured to obtain a corresponding number of private network addresses from the private network address pool according to the number of VPC outlets in the target outlet group, and associate different private network addresses for each VPC outlet in the target outlet group, so that VPC outlets with different private network addresses correspond to target public network addresses.
The second processing unit is used for converting the source address of the VPC service carrying the private network address sent by each VPC outlet into the SNAT according to the corresponding relation between the private network address pool and the target public network address, so that the VPC service carrying the private network address accesses the public network by the target public network address.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Other embodiments of the present description will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It will be understood that the present description is not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (10)
1. A method for a Virtual Private Cloud (VPC) to access a public network is characterized by comprising the following steps:
obtaining a target egress group for the VPC, the target egress group comprising: one or more VPC outlets;
determining a target public network address corresponding to the target export group;
and enabling the VPC service associated with the target export group to access the public network through the target public network address.
2. The method of claim 1, wherein the VPC service comprises: one or more of cloud host traffic, load balancing traffic, bare metal traffic.
3. The method of claim 1, further comprising:
and setting a private network address pool, wherein the private network address pool corresponds to the target public network address.
4. The method according to claim 3, wherein the determining the target public network address corresponding to the target egress group specifically comprises:
and acquiring a corresponding number of private network addresses from the private network address pool according to the number of VPC outlets in the target outlet group, and associating different private network addresses for each VPC outlet in the target outlet group so that VPC outlets with different private network addresses correspond to target public network addresses.
5. The method of claim 4, wherein the enabling, by the target public network address, the VPC service associated with the target egress group to access a public network specifically comprises:
and according to the corresponding relation between the private network address pool and the target public network address, carrying out source address conversion SNAT on the VPC service carrying the private network address sent by each VPC outlet so as to enable the VPC service carrying the private network address to access the public network by using the target public network address.
6. A Virtual Private Cloud (VPC) device, the VPC device comprising:
an obtaining unit, configured to obtain a target egress group of the VPC device, where the target egress group includes: one or more VPC outlets;
the first processing unit is used for determining a target public network address corresponding to the target outlet group;
and the second processing unit is used for enabling the VPC service associated with the target export group to access the public network through the target public network address.
7. The apparatus of claim 6, wherein the VPC service comprises: one or more of cloud host traffic, load balancing traffic, bare metal traffic.
8. The apparatus of claim 6, further comprising: a setting unit for setting the setting of the device,
the setting unit is used for setting a private network address pool, and the private network address pool corresponds to the target public network address.
9. The apparatus of claim 8,
the first processing unit is specifically configured to obtain a corresponding number of private network addresses from the private network address pool according to the number of VPC outlets in the target outlet group, and associate different private network addresses for each VPC outlet in the target outlet group, so that VPC outlets with different private network addresses correspond to target public network addresses.
10. The apparatus of claim 9,
the second processing unit is used for converting the source address of the VPC service carrying the private network address sent by each VPC outlet into the SNAT according to the corresponding relation between the private network address pool and the target public network address, so that the VPC service carrying the private network address accesses the public network by the target public network address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011343437.7A CN112583949A (en) | 2020-11-26 | 2020-11-26 | VPC (virtual private network) public network access method and VPC equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011343437.7A CN112583949A (en) | 2020-11-26 | 2020-11-26 | VPC (virtual private network) public network access method and VPC equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112583949A true CN112583949A (en) | 2021-03-30 |
Family
ID=75123573
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011343437.7A Pending CN112583949A (en) | 2020-11-26 | 2020-11-26 | VPC (virtual private network) public network access method and VPC equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112583949A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114499935A (en) * | 2021-12-17 | 2022-05-13 | 阿里巴巴(中国)有限公司 | Cloud platform access method, device, equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103475750A (en) * | 2013-09-16 | 2013-12-25 | 杭州华三通信技术有限公司 | Address translation method and equipment suitable for multi-export network |
| CN106789367A (en) * | 2017-02-23 | 2017-05-31 | 郑州云海信息技术有限公司 | The construction method and device of a kind of network system |
| CN106878487A (en) * | 2017-03-29 | 2017-06-20 | 新华三技术有限公司 | Public network address distribution method and device |
| CN108540387A (en) * | 2018-06-06 | 2018-09-14 | 新华三云计算技术有限公司 | Method for network access control and device |
| CN109361764A (en) * | 2018-11-29 | 2019-02-19 | 杭州数梦工场科技有限公司 | The interior service access method across VPC, device, equipment and readable storage medium storing program for executing |
| CN109561171A (en) * | 2019-01-22 | 2019-04-02 | 北京百度网讯科技有限公司 | The configuration method and device of virtual private cloud service |
| CN111131544A (en) * | 2019-12-26 | 2020-05-08 | 杭州迪普科技股份有限公司 | Method for realizing NAT traversal |
| WO2020186925A1 (en) * | 2019-03-15 | 2020-09-24 | 华为技术有限公司 | Data transmission method and computer system |
-
2020
- 2020-11-26 CN CN202011343437.7A patent/CN112583949A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103475750A (en) * | 2013-09-16 | 2013-12-25 | 杭州华三通信技术有限公司 | Address translation method and equipment suitable for multi-export network |
| CN106789367A (en) * | 2017-02-23 | 2017-05-31 | 郑州云海信息技术有限公司 | The construction method and device of a kind of network system |
| CN106878487A (en) * | 2017-03-29 | 2017-06-20 | 新华三技术有限公司 | Public network address distribution method and device |
| CN108540387A (en) * | 2018-06-06 | 2018-09-14 | 新华三云计算技术有限公司 | Method for network access control and device |
| CN109361764A (en) * | 2018-11-29 | 2019-02-19 | 杭州数梦工场科技有限公司 | The interior service access method across VPC, device, equipment and readable storage medium storing program for executing |
| CN109561171A (en) * | 2019-01-22 | 2019-04-02 | 北京百度网讯科技有限公司 | The configuration method and device of virtual private cloud service |
| WO2020186925A1 (en) * | 2019-03-15 | 2020-09-24 | 华为技术有限公司 | Data transmission method and computer system |
| CN111131544A (en) * | 2019-12-26 | 2020-05-08 | 杭州迪普科技股份有限公司 | Method for realizing NAT traversal |
Non-Patent Citations (1)
| Title |
|---|
| 吴翰禺: ""基于OVN架构的云资源管控系统设计与实现"", 《中国优秀硕士论文全文数据库》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114499935A (en) * | 2021-12-17 | 2022-05-13 | 阿里巴巴(中国)有限公司 | Cloud platform access method, device, equipment and storage medium |
| CN114499935B (en) * | 2021-12-17 | 2023-08-29 | 阿里巴巴(中国)有限公司 | Cloud platform access method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11637906B2 (en) | Private service endpoints in isolated virtual networks | |
| US10652155B2 (en) | Universal cloud classification [UCC]as a service | |
| US10375015B2 (en) | Methods and system for allocating an IP address for an instance in a network function virtualization (NFV) system | |
| KR101912073B1 (en) | Virtualization gateway between virtualized and non-virtualized networks | |
| US10320738B2 (en) | Address allocation method, CGN device, and CGN dual-active system | |
| CN108924268B (en) | Container cloud service system and pod creation method and device | |
| US20210026692A1 (en) | Systems and methods providing serverless dns integration | |
| US20140108584A1 (en) | Method and Apparatus for Network Resource Virtual Partitioning | |
| US20150178117A1 (en) | Selecting cloud computing resource based on fault tolerance and network efficiency | |
| CN112965824A (en) | Message forwarding method and device, storage medium and electronic equipment | |
| CN114172905B (en) | Cluster network networking method, device, computer equipment and storage medium | |
| CN109617816B (en) | Data message transmission method and device | |
| Hu et al. | Towards" full containerization" in containerized network function virtualization | |
| JP2017224274A (en) | Virtualized rack management module | |
| US20160254958A1 (en) | Method, apparatus and system for virtualizing a policy and charging rules function | |
| US11785054B2 (en) | Deriving system architecture from security group relationships | |
| CN108737591B (en) | Service configuration method and device | |
| CN112583949A (en) | VPC (virtual private network) public network access method and VPC equipment | |
| CN113765801B (en) | Message processing method and device applied to data center, electronic equipment and medium | |
| CN108347465B (en) | Method and device for selecting network data center | |
| CN105357332B (en) | A kind of method for network address translation and device | |
| CN114157633B (en) | Message forwarding method and device | |
| CN112688917A (en) | Network access method, device, electronic equipment and storage medium | |
| Grigoryan et al. | Extending the control plane of container orchestrators for I/O virtualization | |
| CN114244695B (en) | Terminal online configuration method and device of isolated network and network management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210330 |
|
| RJ01 | Rejection of invention patent application after publication |