CN112769829B - Deployment method of cloud physical machine, related equipment and readable storage medium - Google Patents

Deployment method of cloud physical machine, related equipment and readable storage medium Download PDF

Info

Publication number
CN112769829B
CN112769829B CN202110033249.2A CN202110033249A CN112769829B CN 112769829 B CN112769829 B CN 112769829B CN 202110033249 A CN202110033249 A CN 202110033249A CN 112769829 B CN112769829 B CN 112769829B
Authority
CN
China
Prior art keywords
physical machine
cloud physical
flow table
ovn
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110033249.2A
Other languages
Chinese (zh)
Other versions
CN112769829A (en
Inventor
舒银东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
iFlytek Co Ltd
Original Assignee
iFlytek Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by iFlytek Co Ltd filed Critical iFlytek Co Ltd
Priority to CN202110033249.2A priority Critical patent/CN112769829B/en
Publication of CN112769829A publication Critical patent/CN112769829A/en
Application granted granted Critical
Publication of CN112769829B publication Critical patent/CN112769829B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a deployment method of a cloud physical machine, related equipment and a readable storage medium. In an SDN architecture, a protocol for communication between a controller and network equipment mostly adopts an OpenFlow protocol, and after a cloud physical machine to be deployed is determined, an IP address of the cloud physical machine and a firewall rule of the cloud physical machine are determined; generating a first OpenFlow flow table based on the IP address of the cloud physical machine, and generating a second OpenFlow flow table based on the firewall rule of the cloud physical machine, wherein the first OpenFlow flow table comprises the IP address of the cloud physical machine and the MAC address of the cloud physical machine; the second OpenFlow flow table includes an IP address of the cloud physical machine and a firewall rule of the cloud physical machine. In the scheme, the IP addresses can be distributed to the cloud physical machine based on the OpenFlow flow table, the firewall is arranged for the cloud physical machine, and the resource consumption and the construction cost of the cloud platform can be reduced.

Description

Deployment method of cloud physical machine, related equipment and readable storage medium
Technical Field
The application relates to the technical field of SDN architectures, in particular to a deployment method of a cloud physical machine, related equipment and a readable storage medium.
Background
An SDN (Software Defined Network) architecture is relatively suitable for building a cloud platform due to characteristics of control forwarding separation, logic centralized control, an Application Programming Interface (API), and the like. The cloud physical machine is a real physical server created in the cloud platform by a user. The deployment mode of the cloud physical machine comprises the following steps: and the cloud platform allocates an IP address for the cloud physical machine and sets a firewall for the cloud physical machine.
At present, a cloud platform built by an SDN architecture realizes the dhcp-server of each cloud physical machine in a neutron-dhcp-agent namespace manner, allocates an IP address to each cloud physical machine, sets a hardware firewall on an exit switch of each cloud physical machine, and screens the flow of the cloud physical machine by the hardware firewall.
However, as the number of cloud physical machines in the cloud platform increases, the number of the dhcp-servers of each cloud physical machine is realized in a neutron-dhcp-agent namespace mode, so that more resources of the cloud platform are consumed, the performance of the cloud platform is affected, and the construction cost of the cloud platform is increased by setting a hardware firewall on an exit switch of each cloud physical machine.
Therefore, how to optimize the deployment mode of the cloud physical machine in the cloud platform built by the SDN architecture becomes a technical problem to be solved urgently by technical personnel in the field.
Disclosure of Invention
In view of the foregoing problems, the present application provides a deployment method of a cloud physical machine, a related device, and a readable storage medium. The specific scheme is as follows:
a deployment method of a cloud physical machine is applied to an SDN framework and comprises the following steps:
determining a cloud physical machine to be deployed;
determining the IP address of the cloud physical machine and the firewall rule of the cloud physical machine;
generating a first OpenFlow flow table based on the IP address of the cloud physical machine, and generating a second OpenFlow flow table based on the firewall rule of the cloud physical machine, wherein the first OpenFlow flow table comprises the IP address of the cloud physical machine and the MAC address of the cloud physical machine; the second OpenFlow flow table comprises the IP address of the cloud physical machine and the firewall rule of the cloud physical machine.
Optionally, if the SDN architecture includes a network node, the network node includes an OVS switch, and the OVS switch includes an OVS centralized bridge, after generating a first OpenFlow flow table based on an IP address of the cloud physical machine and generating a second OpenFlow flow table based on a firewall rule of the cloud physical machine, the method further includes:
storing the first OpenFlow flow table and the second OpenFlow flow table onto the OVS centralized bridge.
Optionally, the SDN architecture further includes a control node, where the control node includes an application layer interface, and the determining a cloud physical machine to be deployed includes:
the application layer interface acquires a deployment request of the cloud physical machine;
and the application layer interface determines the cloud physical machine to be deployed according to the deployment request of the cloud physical machine.
Optionally, the SDN architecture further includes OVN a centralized controller, where the determining an IP address of the cloud physical machine and the firewall rules of the cloud physical machine include:
the application layer interface determines the IP address of the cloud physical machine and the firewall rule of the cloud physical machine;
and the application layer interface sends the IP address of the cloud physical machine and the firewall rule of the cloud physical machine to the OVN centralized controller.
Optionally, after the OVN centralized controller includes OVN northbound database service, OVN northd service, and OVN southbound database service, the OVN northbound database service includes OVN northbound database, and the OVN southbound database service includes OVN southbound database, the application layer interface sends the IP address of the cloud physical machine and the firewall rule of the cloud physical machine to the OVN centralized controller, the method further includes:
the OVN northbound database service verifies the IP address of the cloud physical machine and the firewall rule of the cloud physical machine, and sends the IP address of the cloud physical machine and the firewall rule of the cloud physical machine to the OVN notthd service after the verification is passed;
the OVN northd service generates a first logical flow table according to the IP address of the cloud physical machine, sends the first logical flow table to OVN southward database service, and stores the first logical flow table to OVN southward database by OVN southward database service, wherein the first logical flow table comprises the IP address of the cloud physical machine and the MAC address of the cloud physical machine;
the OVN northd service generates a second logic flow table according to the firewall rules of the cloud physical machine, sends the second logic flow table to the OVN southbound database service, stores the second logic flow table to the OVN southbound database by the OVN southbound database service, and the second logic flow table comprises the IP address of the cloud physical machine and the firewall rules of the cloud physical machine.
Optionally, if the network node includes a OVN local controller, generating a first OpenFlow flow table and a second OpenFlow flow table includes:
the OVN local controller obtains the first logical flow table and the second logical flow table from the OVN southbound database and sends the first logical flow table and the second logical flow table to the OVS centralized bridge;
the OVS centralized bridge converts the first logical flow table into the first OpenFlow flow table and converts the second logical flow table into the second OpenFlow flow table.
Optionally, after generating a first OpenFlow flow table based on the IP address of the cloud physical machine and generating a second OpenFlow flow table based on the firewall rule of the cloud physical machine, the method further includes:
the cloud physical machine communicates with an external network based on the IP address in the first OpenFlow flow table, and achieves flow screening based on the firewall rule in the second OpenFlow flow table.
A deployment device of a cloud physical machine is applied to an SDN framework, and comprises:
the system comprises a first determining unit, a second determining unit and a control unit, wherein the first determining unit is used for determining a cloud physical machine to be deployed;
the second determining unit is used for determining the IP address of the cloud physical machine and the firewall rule of the cloud physical machine;
an OpenFlow flow table generating unit, configured to generate a first OpenFlow flow table based on the IP address of the cloud physical machine, and generate a second OpenFlow flow table based on a firewall rule of the cloud physical machine, where the first OpenFlow flow table includes the IP address of the cloud physical machine and the MAC address of the cloud physical machine; the second OpenFlow flow table comprises the IP address of the cloud physical machine and the firewall rule of the cloud physical machine.
Optionally, the SDN architecture includes a network node, the network node includes an OVS switch, and the OVS switch includes an OVS centralized bridge, the apparatus further includes:
the storage unit is used for generating a first OpenFlow flow table based on the IP address of the cloud physical machine, and storing the first OpenFlow flow table and a second OpenFlow flow table to the OVS centralized bridge after generating the second OpenFlow flow table based on the firewall rule of the cloud physical machine.
Optionally, the SDN architecture further includes a control node, where the control node includes an application layer interface, and the first determining unit includes:
the deployment request acquisition unit is used for acquiring a deployment request of the cloud physical machine by the application layer interface;
and the cloud physical machine determining unit is used for determining the cloud physical machine to be deployed by the application layer interface according to the deployment request of the cloud physical machine.
Optionally, the SDN architecture further includes OVN a centralized controller, where the second determining unit is specifically configured to:
determining, by the application layer interface, an IP address of the cloud physical machine, and a firewall rule of the cloud physical machine; and sending the IP address of the cloud physical machine and the firewall rule of the cloud physical machine to the OVN centralized controller.
Optionally, the OVN centralized controller includes OVN northbound database service, OVN northd service and OVN southbound database service, the OVN northbound database service includes OVN northbound database, the OVN southbound database service includes OVN southbound database, and then the apparatus further includes:
the verification unit is used for verifying the IP address of the cloud physical machine and the firewall rule of the cloud physical machine by OVN northbound database service after the IP address of the cloud physical machine and the firewall rule of the cloud physical machine are sent to the OVN centralized controller by the application layer interface, and sending the IP address of the cloud physical machine and the firewall rule of the cloud physical machine to the OVN notthd service after the verification is passed;
a logical flow table generating unit, configured to generate, by the OVN northd service, a first logical flow table according to the IP address of the cloud physical machine, send the first logical flow table to the OVN southbound database service, store, by the OVN southbound database service, the first logical flow table to the OVN southbound database, where the first logical flow table includes the IP address of the cloud physical machine and the MAC address of the cloud physical machine; and generating a second logic flow table by the OVN northd service according to the firewall rule of the cloud physical machine, sending the second logic flow table to the OVN southbound database service, storing the second logic flow table to the OVN southbound database by the OVN southbound database service, wherein the second logic flow table comprises the IP address of the cloud physical machine and the firewall rule of the cloud physical machine.
Optionally, the network node includes a OVN local controller, and the OpenFlow flow table generating unit includes:
a logical flow table sending unit, configured to obtain, by the OVN local controller, the first logical flow table and the second logical flow table from the OVN southbound database, and send the first logical flow table and the second logical flow table to the OVS centralized bridge;
a conversion unit, configured to convert, by the OVS centralized bridge, the first logical flow table into the first OpenFlow flow table, and convert the second logical flow table into the second OpenFlow flow table.
Optionally, the apparatus further comprises:
the communication unit is used for generating a first OpenFlow flow table based on an IP address of the cloud physical machine, generating a second OpenFlow flow table based on a firewall rule of the cloud physical machine, communicating with an external network based on the IP address in the first OpenFlow flow table by the cloud physical machine, and realizing flow screening based on the firewall rule in the second OpenFlow flow table.
A deployment device of a cloud physical machine comprises a memory and a processor;
the memory is used for storing programs;
the processor is configured to execute the program to implement the steps of the deployment method of the cloud physical machine.
A readable storage medium, on which a computer program is stored, which, when executed by a processor, carries out the steps of the method for deployment of a cloud physical machine as described above.
By means of the technical scheme, the application discloses a deployment method of a cloud physical machine, related equipment and a readable storage medium. In an SDN architecture, a protocol for communication between a controller and network equipment mostly adopts an OpenFlow protocol, and after a cloud physical machine to be deployed is determined, an IP address of the cloud physical machine and a firewall rule of the cloud physical machine are determined; generating a first OpenFlow flow table based on the IP address of the cloud physical machine, and generating a second OpenFlow flow table based on the firewall rule of the cloud physical machine, wherein the first OpenFlow flow table comprises the IP address of the cloud physical machine and the MAC address of the cloud physical machine; the second OpenFlow flow table includes an IP address of the cloud physical machine and a firewall rule of the cloud physical machine. In the scheme, the IP addresses can be distributed to the cloud physical machine based on the OpenFlow flow table, the firewall is arranged for the cloud physical machine, and the resource consumption and the construction cost of the cloud platform can be reduced.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the application. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic diagram of an SDN architecture disclosed in an embodiment of the present application;
FIG. 2 is a schematic flow chart diagram of a method for deploying a cloud physical system, disclosed in an embodiment of the present application;
FIG. 3 is a schematic diagram of a working flow of a OVN centralized controller disclosed in the embodiments of the present application;
fig. 4 is a schematic structural diagram of a deployment apparatus of a cloud physical machine disclosed in an embodiment of the present application;
fig. 5 is a hardware structure block diagram of a deployment device of a cloud physical machine disclosed in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In an SDN architecture, a protocol for communication between a controller and a network device (e.g., a switch) mostly adopts an Openflow protocol, and therefore, the inventor of the present application has studied and proposed an idea that can optimize a deployment mode of a cloud physical machine based on the Openflow protocol.
Based on the above thought, the inventor of the present invention has conducted intensive research, and finally provides a deployment method of a cloud physical machine.
Currently, in an SDN architecture, a commonly used SDN controller is an OVN (Open Virtual Network) controller, and an SDN switch is an OVS (OpenvSwitch) switch. For ease of understanding, the SDN architecture based on a OVN controller and OVS switch implementation is first introduced in this application. Referring to fig. 1, fig. 1 is a schematic diagram of an SDN architecture implemented based on a OVN controller and an OVS switch disclosed in an embodiment of the present application. As shown in fig. 1, the SDN architecture includes control nodes and network nodes.
It should be noted that the OVN controllers include OVN centralized controller and OVN local controller. OVN centralized controller is arranged in the control node, and the OVN centralized controller comprises OVN northbound database service, OVN northd service and OVN southbound database service. The control node also comprises an application layer interface. The OVS switch is provided in a network node. In the network node, the OVS switch comprises an OVS centralized bridge, the OVS centralized bridge is bound with a physical network card, and the physical network card can be connected with a cloud physical machine, receives data of the cloud physical machine and forwards the data to an external network through the OVS centralized bridge.
Based on the SDN architecture, the present inventors propose a cloud physical deployment method, and then, the cloud physical deployment method provided in the present application is introduced through the following embodiments.
Referring to fig. 2, fig. 2 is a schematic flow chart of a cloud physical system deployment method disclosed in an embodiment of the present application, where the method may include:
step S201: and determining the cloud physical machine to be deployed.
In the application, the cloud physical machine to be deployed may be a newly-built cloud physical machine based on Ironic (OpenStack bare metal service project) for any user.
Since the SDN architecture includes the control node, where the control node includes the application layer interface, in this application, a user may submit a deployment request of a cloud physical machine through the application layer interface after a cloud physical machine is newly built based on Ironic (OpenStack bare metal service project), and after the application layer interface receives the deployment request of the cloud physical machine, the cloud physical machine to be deployed is determined according to the deployment request of the cloud physical machine.
Step S202: and determining the IP address of the cloud physical machine and the firewall rule of the cloud physical machine.
In this application, the application layer interface may create a cloud physical port type to be a barexel based on neutron-server (network management component), so as to determine the IP address of the cloud physical machine and the firewall rule of the cloud physical machine, and send the IP address of the cloud physical machine and the firewall rule of the cloud physical machine to the OVN centralized controller.
It should be noted that, in the present application, the IP address of the cloud physical machine may be determined based on a DHCP (Dynamic Host Configuration Protocol).
Step S203: and generating a first OpenFlow flow table based on the IP address of the cloud physical machine, and generating a second OpenFlow flow table based on the firewall rule of the cloud physical machine.
In this application, the first OpenFlow flow table includes an IP address of the cloud physical machine and a MAC address of the cloud physical machine; the second OpenFlow flow table comprises the IP address of the cloud physical machine and the firewall rule of the cloud physical machine.
The embodiment discloses a deployment method of a cloud physical machine. In an SDN architecture, a communication protocol between a controller and network equipment mostly adopts an OpenFlow protocol, and after a cloud physical machine to be deployed is determined, an IP address of the cloud physical machine and a firewall rule of the cloud physical machine are determined; generating a first OpenFlow flow table based on the IP address of the cloud physical machine, and generating a second OpenFlow flow table based on the firewall rule of the cloud physical machine, wherein the first OpenFlow flow table comprises the IP address of the cloud physical machine and the MAC address of the cloud physical machine; the second OpenFlow flow table includes an IP address of the cloud physical machine and a firewall rule of the cloud physical machine. In the method, the IP addresses can be distributed to the cloud physical machine based on the OpenFlow flow table, the firewall is set for the cloud physical machine, and the resource consumption and the construction cost of the cloud platform can be reduced.
It should be noted that, because the OVS centralized bridge is bound with the physical network card, the physical network card may be connected to the cloud physical machine, receive data of the cloud physical machine, and forward the data to the external network through the OVS centralized bridge, in this application, after generating the first OpenFlow flow table based on the IP address of the cloud physical machine and generating the second OpenFlow flow table based on the firewall rule of the cloud physical machine, the first OpenFlow flow table and the second OpenFlow flow table may be stored in the OVS centralized bridge, so that it may be ensured that the OVS centralized bridge may determine the IP address of the cloud physical machine according to the first OpenFlow table, further determine the IP address corresponding to the data, determine the firewall rule of the cloud physical machine according to the second OpenFlow table, and determine whether to allow the data to be sent to the external network based on the firewall rule.
In this application, since the OVN centralized controller includes OVN northbound database service, OVN northd service and OVN southbound database service, the OVN northbound database service includes OVN northbound database, and the OVN southbound database service includes OVN southbound database, in this application, the application layer interface further introduces the IP address of the cloud physical machine and the work flow of the OVN centralized controller after the firewall rule of the cloud physical machine is sent to the OVN centralized controller, and with reference to fig. 3, fig. 3 is a work flow diagram of the OVN centralized controller disclosed in this embodiment of the present application, which may specifically include the following steps:
step S301: OVN northbound database service verifies the IP address of the cloud physical machine and the firewall rule of the cloud physical machine, and after the verification is passed, the IP address of the cloud physical machine and the firewall rule of the cloud physical machine are sent to OVN northd service.
Step S302: the OVN northd service generates a first logical flow table according to the IP address of the cloud physical machine, sends the first logical flow table to OVN southbound database service, and stores the first logical flow table to OVN southbound database by OVN southbound database service.
In this application, the first logical flow table includes an IP address of the cloud physical machine and a MAC address of the cloud physical machine;
step S303: the OVN northd service generates a second logic flow table according to the firewall rule of the cloud physical machine, sends the second logic flow table to OVN southbound database service, and stores the second logic flow table to OVN southbound database by OVN southbound database service.
In this application, the second logical flow table includes an IP address of the cloud physical machine and a firewall rule of the cloud physical machine.
In this application, since the network node includes OVN local controllers, in this application, a specific manner for the OVN local controller to generate the first OpenFlow flow table and the second OpenFlow flow table is also described, which includes:
OVN local controller obtains the first logical flow table and the second logical flow table from OVN southbound database and sends the first logical flow table and the second logical flow table to OVS centralized bridge;
and the OVS centralized bridge converts the first logic flow table into the first OpenFlow flow table and converts the second logic flow table into the second OpenFlow flow table.
It should be noted that, after a first OpenFlow flow table is generated based on the IP address of the cloud physical machine and a second OpenFlow flow table is generated based on the firewall rule of the cloud physical machine, the cloud physical machine communicates with an external network based on the IP address in the first OpenFlow flow table and realizes flow screening based on the firewall rule in the second OpenFlow flow table, so as to block or release the flow of the cloud physical machine out of the external network.
The following describes a deployment apparatus of a cloud physical machine disclosed in an embodiment of the present application, and the deployment apparatus of the cloud physical machine described below and the deployment method of the cloud physical machine described above may be referred to in a corresponding manner.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a deployment apparatus of a cloud physical machine disclosed in an embodiment of the present application. As shown in fig. 4, the deployment apparatus of the cloud physical machine may include:
a first determining unit 11, configured to determine a cloud physical machine to be deployed;
a second determining unit 12, configured to determine an IP address of the cloud physical machine and a firewall rule of the cloud physical machine;
an OpenFlow flow table generating unit 13 configured to generate a first OpenFlow flow table based on the IP address of the cloud physical machine, and generate a second OpenFlow flow table based on the firewall rule of the cloud physical machine, where the first OpenFlow flow table includes the IP address of the cloud physical machine and the MAC address of the cloud physical machine; the second OpenFlow flow table comprises the IP address of the cloud physical machine and the firewall rule of the cloud physical machine.
Optionally, if the SDN architecture includes a network node, the network node includes an OVS switch, and the OVS switch includes an OVS centralized bridge, the apparatus further includes:
the storage unit is used for generating a first OpenFlow flow table based on the IP address of the cloud physical machine, and storing the first OpenFlow flow table and a second OpenFlow flow table to the OVS centralized bridge after generating the second OpenFlow flow table based on the firewall rule of the cloud physical machine.
Optionally, the SDN architecture further includes a control node, where the control node includes an application layer interface, and the first determining unit includes:
the deployment request acquisition unit is used for acquiring a deployment request of the cloud physical machine by the application layer interface;
and the cloud physical machine determining unit is used for determining the cloud physical machine to be deployed by the application layer interface according to the deployment request of the cloud physical machine.
Optionally, the SDN architecture further includes OVN a centralized controller, where the second determining unit is specifically configured to:
determining, by the application layer interface, an IP address of the cloud physical machine, and a firewall rule of the cloud physical machine; and sending the IP address of the cloud physical machine and the firewall rule of the cloud physical machine to the OVN centralized controller.
Optionally, the OVN centralized controller includes OVN northbound database service, OVN northd service, and OVN southbound database service, the OVN northbound database service includes OVN northbound database, the OVN southbound database service includes OVN southbound database, and the apparatus further includes:
the verification unit is used for verifying the IP address of the cloud physical machine and the firewall rule of the cloud physical machine by OVN northbound database service after the IP address of the cloud physical machine and the firewall rule of the cloud physical machine are sent to the OVN centralized controller by the application layer interface, and sending the IP address of the cloud physical machine and the firewall rule of the cloud physical machine to the OVN notthd service after the verification is passed;
a logical flow table generating unit, configured to generate, by the OVN northd service, a first logical flow table according to the IP address of the cloud physical machine, send the first logical flow table to the OVN southbound database service, store, by the OVN southbound database service, the first logical flow table to the OVN southbound database, where the first logical flow table includes the IP address of the cloud physical machine and the MAC address of the cloud physical machine; and generating a second logic flow table by the OVN northd service according to the firewall rule of the cloud physical machine, sending the second logic flow table to the OVN southbound database service, storing the second logic flow table to the OVN southbound database by the OVN southbound database service, wherein the second logic flow table comprises the IP address of the cloud physical machine and the firewall rule of the cloud physical machine.
Optionally, the network node includes a OVN local controller, and the OpenFlow flow table generating unit includes:
a logical flow table sending unit, configured to obtain, by the OVN local controller, the first logical flow table and the second logical flow table from the OVN southbound database, and send the first logical flow table and the second logical flow table to the OVS centralized bridge;
a conversion unit, configured to convert the first logical flow table into the first OpenFlow flow table and convert the second logical flow table into the second OpenFlow flow table by the OVS centralized bridge.
Optionally, the apparatus further comprises:
and the communication unit is used for generating a first OpenFlow flow table based on the IP address of the cloud physical machine and generating a second OpenFlow flow table based on the firewall rule of the cloud physical machine, then the cloud physical machine communicates with an external network based on the IP address in the first OpenFlow flow table and realizes flow screening based on the firewall rule in the second OpenFlow flow table.
Referring to fig. 5, fig. 5 is a block diagram of a hardware structure of a deployment device of a cloud physical machine according to an embodiment of the present application, and referring to fig. 5, the hardware structure of the deployment device of the cloud physical machine may include: at least one processor 1, at least one communication interface 2, at least one memory 3 and at least one communication bus 4;
in the embodiment of the application, the number of the processor 1, the communication interface 2, the memory 3 and the communication bus 4 is at least one, and the processor 1, the communication interface 2 and the memory 3 complete mutual communication through the communication bus 4;
the processor 1 may be a central processing unit CPU, or an Application Specific Integrated Circuit ASIC (Application Specific Integrated Circuit), or one or more Integrated circuits configured to implement embodiments of the present invention, etc.;
the memory 3 may include a high-speed RAM memory, and may further include a non-volatile memory (non-volatile memory) or the like, such as at least one disk memory;
wherein the memory stores a program and the processor can call the program stored in the memory, the program for:
determining a cloud physical machine to be deployed;
determining the IP address of the cloud physical machine and the firewall rule of the cloud physical machine;
generating a first OpenFlow flow table based on the IP address of the cloud physical machine, and generating a second OpenFlow flow table based on the firewall rule of the cloud physical machine, wherein the first OpenFlow flow table comprises the IP address of the cloud physical machine and the MAC address of the cloud physical machine; the second OpenFlow flow table comprises the IP address of the cloud physical machine and the firewall rule of the cloud physical machine.
Alternatively, the detailed function and the extended function of the program may refer to the above description.
Embodiments of the present application further provide a readable storage medium, where a program suitable for being executed by a processor may be stored, where the program is configured to:
determining a cloud physical machine to be deployed;
determining the IP address of the cloud physical machine and the firewall rule of the cloud physical machine;
generating a first OpenFlow flow table based on the IP address of the cloud physical machine, and generating a second OpenFlow flow table based on the firewall rule of the cloud physical machine, wherein the first OpenFlow flow table comprises the IP address of the cloud physical machine and the MAC address of the cloud physical machine; the second OpenFlow flow table comprises the IP address of the cloud physical machine and the firewall rule of the cloud physical machine.
Alternatively, the detailed function and the extended function of the program may be as described above.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A deployment method of a cloud physical machine is applied to an SDN architecture and comprises the following steps:
determining a cloud physical machine to be deployed;
determining the IP address of the cloud physical machine and the firewall rule of the cloud physical machine;
generating a first OpenFlow flow table based on the IP address of the cloud physical machine, generating a second OpenFlow flow table based on the firewall rule of the cloud physical machine, and storing the first OpenFlow flow table and the second OpenFlow flow table to an OVS centralized bridge used for forwarding data of the cloud physical machine to an external network, wherein the first OpenFlow flow table comprises the IP address of the cloud physical machine and the MAC address of the cloud physical machine; the second OpenFlow flow table comprises the IP address of the cloud physical machine and the firewall rule of the cloud physical machine.
2. The method of claim 1, wherein the SDN architecture comprises a network node comprising an OVS switch comprising an OVS centralized bridge, and wherein after generating a first OpenFlow flow table based on an IP address of the cloud physical machine and a second OpenFlow flow table based on a firewall rule of the cloud physical machine, the method further comprises:
storing the first OpenFlow flow table and the second OpenFlow flow table onto the OVS centralized bridge.
3. The method of claim 1, wherein the SDN architecture further comprises a control node, wherein the control node comprises an application layer interface, and wherein the determining the cloud physical machine to be deployed comprises:
the application layer interface acquires a deployment request of the cloud physical machine;
and the application layer interface determines the cloud physical machine to be deployed according to the deployment request of the cloud physical machine.
4. The method of claim 3, wherein the SDN architecture further comprises OVN centralized controller, and wherein the determining the IP address of the cloud physical machine and the firewall rules of the cloud physical machine comprises:
the application layer interface determines the IP address of the cloud physical machine and the firewall rule of the cloud physical machine;
and the application layer interface sends the IP address of the cloud physical machine and the firewall rule of the cloud physical machine to the OVN centralized controller.
5. The method of claim 4, wherein the OVN centralized controller comprises OVN northbound database service, OVN northd service, and OVN southbound database service, wherein the OVN northbound database service comprises OVN northbound database, and wherein the OVN southbound database service comprises OVN southbound database, then the application layer interface sends the IP address of the cloud physical machine, and the firewall rule of the cloud physical machine to the OVN centralized controller, and after the method further comprises:
the OVN northbound database service verifies the IP address of the cloud physical machine and the firewall rule of the cloud physical machine, and sends the IP address of the cloud physical machine and the firewall rule of the cloud physical machine to the OVN notthd service after the verification is passed;
the OVN northd service generates a first logical flow table according to the IP address of the cloud physical machine, sends the first logical flow table to OVN southward database service, and stores the first logical flow table to OVN southward database by OVN southward database service, wherein the first logical flow table comprises the IP address of the cloud physical machine and the MAC address of the cloud physical machine;
the OVN northd service generates a second logic flow table according to the firewall rule of the cloud physical machine, sends the second logic flow table to OVN southward database service, and stores the second logic flow table to OVN southward database by OVN southward database service, wherein the second logic flow table comprises the IP address of the cloud physical machine and the firewall rule of the cloud physical machine.
6. The method of claim 5, wherein the SDN architecture comprises a network node, wherein the network node comprises an OVS switch, wherein the OVS switch comprises an OVS centralized bridge, wherein the network node comprises a OVN local controller, and wherein generating the first OpenFlow flow table and the second OpenFlow flow table comprises:
the OVN local controller obtains the first logical flow table and the second logical flow table from the OVN southbound database and sends the first logical flow table and the second logical flow table to the OVS centralized bridge;
the OVS centralized bridge converts the first logical flow table into the first OpenFlow flow table and converts the second logical flow table into the second OpenFlow flow table.
7. The method of claim 1, wherein after generating a first OpenFlow flow table based on the IP address of the cloud physical machine and a second OpenFlow flow table based on the firewall rule of the cloud physical machine, the method further comprises:
the cloud physical machine communicates with an external network based on the IP address in the first OpenFlow flow table, and achieves flow screening based on the firewall rule in the second OpenFlow flow table.
8. A deployment device of a cloud physical machine is applied to an SDN framework, and comprises:
the system comprises a first determining unit, a second determining unit and a control unit, wherein the first determining unit is used for determining a cloud physical machine to be deployed;
a second determining unit, configured to determine an IP address of the cloud physical machine and a firewall rule of the cloud physical machine;
an OpenFlow flow table generating unit, configured to generate a first OpenFlow flow table based on an IP address of the cloud physical machine, generate a second OpenFlow flow table based on a firewall rule of the cloud physical machine, store the first OpenFlow table and the second OpenFlow table in an OVS centralized bridge for forwarding data of the cloud physical machine to an external network, where the first OpenFlow flow table includes the IP address of the cloud physical machine and a MAC address of the cloud physical machine; the second OpenFlow flow table comprises the IP address of the cloud physical machine and the firewall rule of the cloud physical machine.
9. A deployment device of a cloud physical machine is characterized by comprising a memory and a processor;
the memory is used for storing programs;
the processor is configured to execute the program to implement the steps of the deployment method of the cloud physical machine according to any one of claims 1 to 7.
10. A readable storage medium on which a computer program is stored, which, when executed by a processor, carries out the steps of the method for deploying a cloud physical machine according to any of claims 1 to 7.
CN202110033249.2A 2021-01-11 2021-01-11 Deployment method of cloud physical machine, related equipment and readable storage medium Active CN112769829B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110033249.2A CN112769829B (en) 2021-01-11 2021-01-11 Deployment method of cloud physical machine, related equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110033249.2A CN112769829B (en) 2021-01-11 2021-01-11 Deployment method of cloud physical machine, related equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN112769829A CN112769829A (en) 2021-05-07
CN112769829B true CN112769829B (en) 2022-10-04

Family

ID=75701562

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110033249.2A Active CN112769829B (en) 2021-01-11 2021-01-11 Deployment method of cloud physical machine, related equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN112769829B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113612807B (en) * 2021-10-09 2021-12-03 苏州浪潮智能科技有限公司 Distributed firewall definition method and system
CN115378868B (en) * 2022-08-18 2023-09-19 中电云数智科技有限公司 System and method for realizing message processing based on SNAT resource pool

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104104561A (en) * 2014-08-11 2014-10-15 武汉大学 SDN (self-defending network) firewall state detecting method and system based on OpenFlow protocol
CN108322467A (en) * 2018-02-02 2018-07-24 云宏信息科技股份有限公司 Virtual firewall configuration method, electronic equipment and storage medium based on OVS
CN108989352A (en) * 2018-09-03 2018-12-11 平安科技(深圳)有限公司 Method of realizing fireproof wall, device, computer equipment and storage medium
CN110381025A (en) * 2019-06-14 2019-10-25 浙江大学 A kind of implementation method of software definition firewall system

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10484334B1 (en) * 2013-02-26 2019-11-19 Zentera Systems, Inc. Distributed firewall security system that extends across different cloud computing networks
CN104079492B (en) * 2013-03-28 2017-10-10 华为技术有限公司 The methods, devices and systems that flow table is configured in a kind of OpenFlow networks
CN104219241A (en) * 2014-09-04 2014-12-17 国云科技股份有限公司 ARP (address resolution protocol) attack two-way protection method applicable to virtual machine
TWI543566B (en) * 2015-05-12 2016-07-21 財團法人工業技術研究院 Data center network system based on software-defined network and packet forwarding method, address resolution method, routing controller thereof
CN104935604B (en) * 2015-06-29 2018-10-30 南京邮电大学 A kind of SDN firewall systems and method based on OpenFlow agreements
US20180167282A1 (en) * 2016-12-09 2018-06-14 NoFutzNetworks Inc. Address Assignment by Port Enumeration in a Software-Defined Network
CN106911572A (en) * 2017-02-24 2017-06-30 郑州云海信息技术有限公司 A kind of message processing method and device of the virtual machine realized based on SDN frameworks
US10742607B2 (en) * 2018-02-06 2020-08-11 Juniper Networks, Inc. Application-aware firewall policy enforcement by data center controller
KR102160187B1 (en) * 2018-11-20 2020-09-25 광주과학기술원 Apparatus and method deploying firewall on SDN, and network using the same
CN110933043B (en) * 2019-11-07 2020-07-31 广州市品高软件股份有限公司 Virtual firewall optimization method and system based on software defined network
CN111654493B (en) * 2020-06-02 2022-04-12 浪潮云信息技术股份公司 Method, system, storage medium and electronic device for intercepting specified flow in Openstack

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104104561A (en) * 2014-08-11 2014-10-15 武汉大学 SDN (self-defending network) firewall state detecting method and system based on OpenFlow protocol
CN108322467A (en) * 2018-02-02 2018-07-24 云宏信息科技股份有限公司 Virtual firewall configuration method, electronic equipment and storage medium based on OVS
CN108989352A (en) * 2018-09-03 2018-12-11 平安科技(深圳)有限公司 Method of realizing fireproof wall, device, computer equipment and storage medium
CN110381025A (en) * 2019-06-14 2019-10-25 浙江大学 A kind of implementation method of software definition firewall system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于openflow的SDN技术;谢郎Kobe;《CSDN》;20201026;全文 *
基于SDN技术的分布式应用防火墙研究;刘坤灿;《中国新技术新产品》;20200325(第06期);全文 *

Also Published As

Publication number Publication date
CN112769829A (en) 2021-05-07

Similar Documents

Publication Publication Date Title
CN110113441B (en) Computer equipment, system and method for realizing load balance
US10999740B2 (en) Network slice management method, management unit, and system
US9999030B2 (en) Resource provisioning method
US20200081731A1 (en) Method, system and apparatus for creating virtual machine
EP3226132A1 (en) Virtual machine instance deployment method and apparatus and device
US11301303B2 (en) Resource pool processing to determine to create new virtual resource pools and storage devices based on currebt pools and devices not meeting SLA requirements
US11641308B2 (en) Software defined networking orchestration method and SDN controller
US10924966B2 (en) Management method, management unit, and system
CN108777640B (en) Server detection method, device, system and storage medium
JP2018530214A (en) Method and apparatus for deploying network services
CN112769829B (en) Deployment method of cloud physical machine, related equipment and readable storage medium
US20180176289A1 (en) Information processing device, information processing system, computer-readable recording medium, and information processing method
JP6378442B2 (en) Method and apparatus for deploying services in a virtualized network
CN110716787A (en) Container address setting method, apparatus, and computer-readable storage medium
CN107809495B (en) Address management method and device
JP2011505778A (en) Method and apparatus for discovering topology in parallel
CN105324968A (en) Method and apparatus for allocating reliability resource
CN112866019B (en) Method for limiting bandwidth of elastic IP address, related equipment and readable storage medium
CN115473780B (en) Network target range distributed flow generation method and device
CN108268300B (en) Virtual machine migration method and device
KR20190116512A (en) Network construction apparatus, network construction method, and program stored in computer readable recording medium
CN110661655A (en) Cluster deployment method and system, electronic device and storage medium
CN113900791A (en) Job processing method and related equipment
CN113746653B (en) Gateway configuration method, client, server and storage medium
CN116932143A (en) Virtual machine quantity adjusting method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant