CN113419812B - Port forwarding test method, device, equipment and medium in virtualization environment - Google Patents
Port forwarding test method, device, equipment and medium in virtualization environment Download PDFInfo
- Publication number
- CN113419812B CN113419812B CN202110554257.1A CN202110554257A CN113419812B CN 113419812 B CN113419812 B CN 113419812B CN 202110554257 A CN202110554257 A CN 202110554257A CN 113419812 B CN113419812 B CN 113419812B
- Authority
- CN
- China
- Prior art keywords
- port
- virtual machine
- network
- under
- connection request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000010998 test method Methods 0.000 title claims abstract description 15
- 238000012360 testing method Methods 0.000 claims abstract description 28
- 238000000034 method Methods 0.000 claims abstract description 26
- 230000004044 response Effects 0.000 claims abstract description 23
- 230000000977 initiatory effect Effects 0.000 claims abstract description 10
- 230000006870 function Effects 0.000 claims description 16
- 238000004088 simulation Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 11
- 230000002159 abnormal effect Effects 0.000 claims description 6
- 238000012544 monitoring process Methods 0.000 claims description 5
- 238000012790 confirmation Methods 0.000 claims description 3
- 101000652292 Homo sapiens Serotonin N-acetyltransferase Proteins 0.000 claims 2
- 102100030547 Serotonin N-acetyltransferase Human genes 0.000 claims 2
- 238000010200 validation analysis Methods 0.000 claims 1
- 230000005540 biological transmission Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45591—Monitoring or debugging support
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a port forwarding test method, a device, equipment and a medium in a virtualization environment. The method comprises the following steps: configuring a network of virtual machines under an internal network to enable the virtual machines to communicate with a host under an external network; running a script on a virtual machine under an internal network to create a simulated TCP service for a custom port; adding a forwarding rule for the user-defined port on a host where a virtual machine under an internal network is located; initiating a connection request to the self-defined port through the simulated TCP service by utilizing a host under an external network; and acquiring a response result of the virtual machine under the internal network to the connection request, and determining whether the user-defined port is normal or not based on the response result. The scheme of the invention realizes the simulated TCP service of any self-defined port by running the script, can also detect the safety of the port, and can greatly save the time of testers, improve the testing efficiency and save human resources.
Description
Technical Field
The present invention relates to the field of virtual machine port testing, and in particular, to a method, an apparatus, a device, and a medium for port forwarding testing in a virtualization environment.
Background
In a virtualization environment, the virtual machine can access an external network through a SNAT (source network address) address set by a router or a floating IP, the external network can access an internal virtual machine in a port forwarding mode, and the port forwarding can map a plurality of services provided by a plurality of virtual machines in an intranet or a plurality of services provided by one virtual machine to the external network, so that the IP of the external network is saved. There are sixty-thousand ports per virtual machine, each of which may be used, thus inevitably requiring testing of the ports.
Referring to fig. 1, a conventional testing method for port forwarding in a conventional virtualization environment is as follows: the virtual machine under the internal network runs ssh service, the host of the external network sends ssh request to the virtual machine (virtual IP: mapping port), if the connection is successfully established, the port is represented to be successfully forwarded. The testing method can only test the existing service in the virtual machine and the port used by the service, and only deploy the service in the virtual machine to enable the service to use the port to be tested when the function of other ports is required to be tested, for example, whether a certain port which is not used by any service can be normally forwarded or not. However, the conventional testing method for port forwarding in the conventional virtualization environment has the following defects: each port needs to be individually deployed with service for testing, and the time for deploying the port needs several hours or even more, which consumes time and manpower and has very low efficiency, so the traditional testing method for port forwarding in the traditional virtualization environment needs to be improved urgently.
Disclosure of Invention
In view of the above, there is a need to provide a port forwarding test method, device, apparatus and medium in a virtualized environment to solve the problems of time and labor consumption and low efficiency of the conventional test method.
According to a first aspect of the present invention, there is provided a port forwarding test method in a virtualization environment, the method including:
configuring a network of virtual machines under an internal network to enable the virtual machines to communicate with a host under an external network;
running a script on a virtual machine under an internal network to create a simulated TCP service for a custom port;
adding a forwarding rule for the user-defined port on a host where a virtual machine under an internal network is located;
initiating a connection request to the self-defined port through the simulated TCP service by utilizing a host under an external network;
and acquiring a response result of the virtual machine under the internal network to the connection request, and determining whether the user-defined port is normal or not based on the response result.
In one embodiment, the step of configuring the network of virtual machines under the internal network to enable the virtual machines to communicate with the host machine under the external network includes:
creating an SDN advanced network subnet in a virtual machine, configuring the virtual machine to use the SDN advanced network subnet, and checking whether the IP of DHCP is normal or not through a virtual machine console;
creating a distributed NAT gateway in the virtual machine, configuring an NAT gateway IP as a real physical gateway address, and configuring an accurate gateway Segment id value to ensure that data can be forwarded through a physical switch;
creating a distributed router in a virtual machine, setting a gateway, starting an SNAT (network node identifier), and associating SDN (software defined network) advanced network subnets used by the virtual machine;
and ping the external address of the same network segment with the physical gateway on the virtual machine.
In one embodiment, the method further comprises:
testing whether the virtual machine under the internal network can communicate with the host under the external network;
and if the virtual machine and the host machine cannot communicate, confirming that the network of the virtual machine under the internal network is configured so that the communication step between the virtual machine and the host machine under the external network is abnormal.
In one embodiment, the step of running a script on a virtual machine under the internal network to create the simulated TCP service for the custom port comprises:
a socket module is led in a python script, a service end of a parameter simulation TCP protocol is configured, a self-defined IP address and a self-defined port number are bound to obtain the self-defined port, and monitoring is started at the bound self-defined port;
setting an infinite loop to wait for the connection of the client, and when the client sends a connection request, the server receives the connection request and establishes a stable connection with the client;
obtaining the address port information of the client, sending information to the client to feed back the request connection establishment of the client, printing and outputting the address port information of the client and the received data information at the server
The client end disconnects after receiving the data, and one-time connection is finished;
and the server side continues to circularly wait for the connection request of the next client side, when the interruption occurs, the whole infinite loop is ended, and the simulation of the server side is ended.
In one embodiment, the step of adding the forwarding rule for the custom port to the host where the virtual machine under the internal network is located includes:
forwarding through an added port of a distributed NAT gateway function page in the virtual machine, configuring the virtual IP in the popup window as SNAT or floating IP, and configuring a port forwarded for the purpose as a port used by the virtual machine service;
and adding port forwarding in the virtual machine, and logging in a background to check forwarding rules after the port forwarding is successfully added.
In one embodiment, the step of initiating a connection request to the custom port through the simulated TCP service by a host under an external network includes:
and sending a connection request to the virtual IP corresponding to the user-defined port through a console of the host or a command prompt, wherein the connection request comprises address port information of the host under an external network.
In one embodiment, the step of obtaining a response result of the virtual machine under the internal network to the connection request, and determining whether the custom port is normal based on the response result includes:
responding to the connection request received by the user-defined port, confirming that the forwarding function of the user-defined port is normal, and outputting the address port information of the host under the external network on the virtual machine;
and responding to the situation that the custom port does not receive the connection request, and confirming that the forwarding function of the custom port is abnormal.
According to a second aspect of the present invention, there is provided a port forwarding test apparatus in a virtualized environment, the apparatus comprising:
the network configuration module is used for configuring a network of the virtual machine under the internal network so as to enable the virtual machine to communicate with the host under the external network;
the simulation TCP service module is used for running a script on a virtual machine under an internal network to create simulation TCP service for the user-defined port;
the forwarding rule adding module is used for adding a forwarding rule for the user-defined port on a host where a virtual machine under an internal network is located;
the connection request module is used for initiating a connection request to the self-defined port through the simulated TCP service by utilizing a host under an external network;
and the result confirmation module is used for acquiring a response result of the virtual machine under the internal network to the connection request and determining whether the custom port is normal or not based on the response result.
According to a third aspect of the present invention, there is also provided a computer apparatus comprising:
at least one processor; and
and the memory is used for storing a computer program which can run on the processor, and the processor executes the port forwarding test method under the virtualization environment when executing the program.
According to a fourth aspect of the present invention, there is also provided a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, executes the port forwarding testing method in the virtualization environment.
According to the port forwarding test method under the virtualization environment, the script is operated in the virtual machine, TCP service can be simulated at the self-defined port, the step that the service is deployed to use the port in the traditional test method is replaced, simulated TCP service of any self-defined port is achieved by operating the python script, the port forwarding of common service can be rapidly tested, other ports which are not common can also be tested, the safety of the port can also be detected, the time of testers can be greatly saved, the test efficiency is improved, and manpower resources are saved.
In addition, the invention also provides a port forwarding test device, a computer device and a computer readable storage medium under the virtualization environment, which can also achieve the technical effects, and are not repeated herein.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by using the drawings without creative efforts.
FIG. 1 is a diagram illustrating a conventional testing method for port forwarding in a conventional virtualization environment;
fig. 2 is a schematic flowchart of a port forwarding test method in a virtualization environment according to an embodiment of the present invention;
FIG. 3 is a comparison of the improvement of the method of the present invention over the conventional method provided by one embodiment of the present invention;
FIG. 4 is a schematic diagram of a simulated TCP service flow according to another embodiment of the present invention;
FIG. 5A is a schematic diagram of a sliding serial port used for simulating TCP services according to an embodiment of the present invention;
FIG. 5B is a diagram illustrating the principle of packet conservation employed by the simulated TCP service in accordance with an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a port forwarding test apparatus in a virtualization environment according to another embodiment of the present invention;
fig. 7 is an internal structural view of a computer device according to another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
In an embodiment, referring to fig. 2 and fig. 3, the present invention provides a port forwarding test method in a virtualization environment, where the method includes:
s100, configuring a network of virtual machines under an internal network to enable the virtual machines to communicate with a host under an external network;
s200, running a script on a virtual machine under an internal network to create a simulated TCP service for a custom port; where the script may be written in Python language, C language, or other machine language, it is preferably written in Python language, which enables the intended functionality to be achieved using less code.
S300, adding a forwarding rule for the user-defined port on a host where a virtual machine under an internal network is located;
s400, initiating a connection request to the user-defined port through the simulated TCP service by using a host under an external network;
s500, obtaining a response result of the virtual machine under the internal network to the connection request, and determining whether the user-defined port is normal or not based on the response result.
According to the port forwarding test method under the virtualization environment, the script is operated in the virtual machine, TCP service can be simulated at the self-defined port, the step that the service is deployed to use the port in the traditional test method is replaced, the simulated TCP service of any self-defined port is realized by operating the script, the port forwarding of common service can be tested quickly, other ports which are not common can also be tested, the safety of the port can also be detected, the time of a tester can be greatly saved, the test efficiency is improved, and the manpower resource is saved.
In another embodiment, the foregoing step S100 specifically includes the following sub-steps:
s110, creating an SDN advanced network subnet in a virtual machine, configuring the SDN advanced network subnet for the virtual machine to use, and checking whether the IP of DHCP is normal through a virtual machine console; the DHCP is generally referred to as Dynamic Host Configuration Protocol, and the chinese meaning is "Dynamic Host Configuration Protocol," and is generally applied to a large-scale local area network environment, and mainly used for centrally managing and allocating IP addresses, so that a Host in the network environment dynamically obtains information such as IP addresses, Gateway addresses, DNS server addresses, and the like, and the utilization rate of the addresses can be improved.
S120, a distributed NAT gateway is created in the virtual machine, an NAT gateway IP is configured to be a real physical gateway address, and an accurate gateway Segment id value is configured to ensure that data can be forwarded through a physical switch; among them, a NAT Gateway (NAT Gateway) is a network cloud service supporting IP address translation, and can provide high-performance Internet access service for resources in the Tencent cloud.
S130, creating a distributed router in the virtual machine, setting a gateway, starting an SNAT (network node identifier), and associating the SDN high-level network subnet used by the virtual machine; SNAT: and the source address conversion solves the problem that an intranet user surfs the internet by using the same public network address.
And S140, ping an external address of the same network segment with the physical gateway on the virtual machine.
Preferably, the method further comprises:
s150, testing whether the virtual machine under the internal network can communicate with the host under the external network;
s160, if the two can not communicate, it is confirmed that the network of the virtual machine in the internal network is configured to enable the virtual machine to communicate with the host in the external network, and if the communication is not possible, please check whether the operations of the above steps S110 to S140 are correct.
In another embodiment, referring to fig. 4, the step S200 specifically includes the following sub-steps:
s210, a socket module is led into a python script, a service end of a parameter simulation TCP protocol is configured, a self-defined IP address and a self-defined port number are bound to obtain a self-defined port, and monitoring is started at the bound self-defined port;
s220, setting an infinite loop to wait for the connection of the client, and when the client sends a connection request, the server receives the connection request and establishes a stable connection with the client;
s230, obtaining the address port information of the client, sending information to the client to feed back the request connection establishment of the client to be successful, and printing and outputting the address port information of the client and the received data information at the server
S240, the client disconnects after receiving the data, and one connection is finished;
and S250, the server continues to circularly wait for the connection request of the next client, and when an interruption occurs, the whole infinite loop is ended, and the server simulation is ended.
The above implementation needs to use a socket module in python to simulate TCP service, where a socket is an interface between an application layer and a transport layer (TCP/UDP protocol), is an encapsulation to TCP/IP, and is a communication mechanism of an operating system. And the application program transmits the network data through the socket. The Python provides a socket module, simplifying the development of network services. In addition, the self-defined port can be configured, namely any port number can be bound, so that the use of the corresponding port by independently deploying service is avoided, and the method has better universality.
In another embodiment, the foregoing step S300 specifically includes the following sub-steps:
s310, forwarding is carried out in the virtual machine through an added port of a distributed NAT gateway function page, a virtual IP in a popup window is configured to be an SNAT or a floating IP, and a port forwarded in a target mode is configured to be a port used by the virtual machine service;
and S320, adding port forwarding in the virtual machine, and logging in a background to check forwarding rules after the port forwarding is successfully added.
In yet another embodiment, the implementation of the foregoing step S400 is as follows: and sending a connection request to the virtual IP corresponding to the user-defined port through a console of the host or a command prompt, wherein the connection request comprises address port information of the host under an external network.
In another embodiment, on the basis of the foregoing embodiment, the foregoing step S500 specifically includes the following sub-steps:
s510, responding to the connection request received by the user-defined port, confirming that the forwarding function of the user-defined port is normal, and outputting address port information of a host under an external network on a virtual machine;
s520, responding to the situation that the custom port does not receive the connection request, and confirming that the forwarding function of the custom port is abnormal.
In another embodiment, referring to fig. 3 again, the method of the present invention is described as a specific embodiment, and the method comprises the following steps:
step one, configuring virtual machine function under the intranet and host communication of the external network, and the basic operation steps are as follows:
(a) creating an overlay type high-level network subnet on a virtualization platform, reconfiguring a virtual machine to use the high-level network subnet, opening a virtual machine console, restarting network service by the system restart network, and viewing IP information by IP a;
(b) creating a distributed NAT gateway on the virtualization platform, configuring the gateway IP as a real physical gateway address, such as 100.7.47.254; meanwhile, the Segment id required to configure the gateway is the same as the Segment id allowed to pass through by the physical switch used by the cluster, for example, if the Segment id allowed to pass through by the physical switch is 0, the Segment id required to configure the gateway is also 0;
(c) creating a distributed router on a virtualization platform, setting a gateway of the router as the distributed NAT gateway created in the previous step, and selecting an unused external network address as a SNAT address, such as 100.7.33.59; associating the advanced network subnet used by the virtual machine;
(d) opening a virtual machine console, ping an external network address, such as ping 100.7.8.78, and enabling the virtual machine terminal to have data to return and to communicate with the external network;
step two, running python script in the virtual machine to simulate TCP service, wherein the realization of the script is combined with the steps shown in the figure 4 as follows:
(a) importing a required python module, a socket module and a time module;
import socket
import time
(b) simulating a service end of the TCP in the main function, binding a self-defined address and a port and starting monitoring;
def main():
defining a service end based on a TCP protocol, defining a socket.AF _ INET socket based on a network type, and defining stable data transmission facing connection, namely the TCP protocol;
tcp_server_socket=socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
binding a self-defined address and a port by using a bind () function in a socket, and inputting an IP address port of a host needing to be monitored, wherein the address represents the current host when the address is not filled, and the port can input any unoccupied port in the range of 1-65535, such as 5678; the listen () function opens the snoop;
addr=("",5678)
tcp_server_socket.bind(addr)
tcp_server_socket.listen(128)
(c) setting an infinite loop to wait for a connection request of a client, and displaying connection information by printing output content at a server and the client after connection is established to show details of port forwarding;
while True:
the server receives the request and acquires the socket channel and IP address port information of the client, and the time module acquires the current system time and sends the current system time to the client to feed back the successful establishment of the connection;
client_socket,client_addr=tcp_server_socket.accept()
client_socket.send("Hello,the time is%s"%time.ctime())
the address port information of the connected client and the received 2048 bytes of data information are output at the server, the client connection is closed finally, and one-time connection is finished;
print("client address is%s"%str(client_addr))
rec_data=client_socket.recv(2048)
print(rec_data)
client_socket.close()
the server side continues to wait for the connection request of the client side until the ctrl + c and other interrupts occur, the whole cycle is ended, and the simulation is ended;
tcp_server_socket.close()
if__name__=='__main__':
main()
(d) after the script is completed, the script is run to listen to the custom 5678 port by executing the command python + script name py at the terminal.
It is worth noting that the scheme simulates services based on a TCP protocol in a virtual machine, and creates reliable and stable data transmission by utilizing a sliding window and a packet conservation principle of the TCP.
TCP introduces a sliding window to solve the problem of reliable transmission and packet misordering as shown in fig. 5A. In the transmission process, the client and the server negotiate a receiving window rwnd, and then a sliding window swnd is calculated by combining a congestion control window cwnd. In the Linux kernel implementation, the congestion control window cwnd is calculated in units of packets according to the formula swnd — min (rwnd, cwnd mss), where mss is the maximum segment size, as shown in fig. 5A.
The principle of packet conservation refers to that TCP maintains a transmission window, estimates the number of data packets that can be accommodated on the current network link, hopefully sends out a data packet when an acknowledgement packet comes back in case of data can be sent out, and always keeps the transmission window so many packets flow in the network, as shown in fig. 5B,
And step three, adding a port forwarding rule that the destination port is 5678. Adding a port forwarding rule on a virtualization platform, selecting a configured SNAT address 100.7.33.59 by a virtual IP, inputting a self-defined port such as 222 by an external port, and selecting a 5678 port by a destination virtual machine port; after the addition is successful, all rule lists can be viewed in the center background through a command ovn-nbctl list load-balance.
And step four, using the host computer of the external network to send a connection request for verification. At 100.7.8.78 host terminal, input command curl http://100.7.33.59:222, host terminal has time to return to system, output host address port information in virtual machine, port forwarding is successful.
And step five, determining a port test result according to a response result of the virtual machine host to the connection request. If the address port information of the external host is output from the virtual machine terminal, the connection is successfully established, and the port forwarding is successful; if the address port information of the external host is not output on the virtual machine terminal, the connection failure is indicated, and the port forwarding is failed. In addition, whether the port has malicious connection of an external address can be judged according to client address port information output by the server.
The method at least has the following beneficial technical effects:
firstly, a python script is operated in a virtual machine to simulate a TCP service, a self-defined port is monitored, and the tedious operation of deploying related services in the virtual machine is replaced. (ii) a
Secondly, the port forwarding in the virtualization environment is tested by the method, and all commonly used ports or ports which can be used by a client can be tested quickly;
thirdly, the safety of the ports is detected through the address port information of all connected clients output by the server, so that the time of testers is greatly saved, the testing efficiency and accuracy are improved, and the human resources are saved.
In another embodiment, please refer to fig. 6, the present invention further provides a port forwarding testing apparatus 60 in a virtualized environment, where the apparatus includes the following structures:
a network configuration module 61, configured to configure a network of virtual machines in an internal network so that the virtual machines communicate with hosts in an external network;
an analog TCP service module 62, configured to run a script on a virtual machine under the internal network to create an analog TCP service for the custom port;
a forwarding rule adding module 63, configured to add a forwarding rule for the custom port to a host where a virtual machine in an internal network is located;
a connection request module 64, configured to initiate a connection request to the custom port through the simulated TCP service by using a host in an external network;
and the result confirmation module 64 is configured to obtain a response result of the virtual machine in the internal network to the connection request, and determine whether the custom port is normal based on the response result.
It should be noted that, for specific limitations of the port forwarding test apparatus in the virtualization environment, reference may be made to the above limitations of the port forwarding test method in the virtualization environment, and details are not described here again. All or part of each module in the port forwarding test device in the virtualization environment can be implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
According to another aspect of the present invention, a computer device is provided, and the computer device may be a server, and its internal structure is shown in fig. 7. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing data. The network interface of the computer device is used for communicating with an external terminal through a network connection. When executed by a processor, the computer program implements the above-mentioned method for testing port forwarding in a virtualized environment, and specifically, the method includes the following steps:
configuring a network of virtual machines under an internal network to enable the virtual machines to communicate with a host under an external network;
running a script on a virtual machine under an internal network to create a simulated TCP service for a custom port;
adding a forwarding rule for the user-defined port on a host where a virtual machine under an internal network is located;
initiating a connection request to the self-defined port through the simulated TCP service by utilizing a host under an external network;
and acquiring a response result of the virtual machine under the internal network to the connection request, and determining whether the user-defined port is normal or not based on the response result.
According to another aspect of the present invention, there is also provided a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the method for port forwarding test in a virtualized environment is performed, and specifically, the method includes the following steps:
configuring a network of virtual machines under an internal network to enable the virtual machines to communicate with a host under an external network;
running a script on a virtual machine under an internal network to create a simulated TCP service for a custom port;
adding a forwarding rule for the user-defined port on a host where a virtual machine under an internal network is located;
initiating a connection request to the self-defined port through the simulated TCP service by utilizing a host under an external network;
and acquiring a response result of the virtual machine under the internal network to the connection request, and determining whether the user-defined port is normal or not based on the response result.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (8)
1. A port forwarding test method in a virtualization environment is characterized by comprising the following steps:
configuring a network of virtual machines under an internal network to enable the virtual machines to communicate with a host under an external network;
running a script on a virtual machine under an internal network to create a simulated TCP service for a custom port;
adding a forwarding rule for the user-defined port on a host where a virtual machine under an internal network is located;
initiating a connection request to the self-defined port through the simulated TCP service by utilizing a host under an external network;
acquiring a response result of the virtual machine under the internal network to the connection request, and determining whether the user-defined port is normal or not based on the response result;
the step of running a script on a virtual machine under the internal network to create a simulated TCP service to the custom port comprises:
a socket module is led in a python script, a service end of a parameter simulation TCP protocol is configured, a self-defined IP address and a self-defined port number are bound to obtain the self-defined port, and monitoring is started at the bound self-defined port;
setting an infinite loop to wait for the connection of the client, and when the client sends a connection request, the server receives the connection request and establishes a stable connection with the client;
acquiring address port information of a client, sending information to the client to feed back the request connection establishment success of the client, and printing and outputting the address port information of the client and received data information at a server;
the client end disconnects after receiving the data, and one-time connection is finished;
the server side continues to circularly wait for the connection request of the next client side, when an interruption occurs, the whole infinite loop is finished, and the simulation of the server side is finished;
the step of obtaining a response result of the virtual machine under the internal network to the connection request and determining whether the user-defined port is normal based on the response result comprises:
responding to the connection request received by the user-defined port, confirming that the forwarding function of the user-defined port is normal, and outputting the address port information of the host under the external network on the virtual machine;
and responding to the situation that the custom port does not receive the connection request, and confirming that the forwarding function of the custom port is abnormal.
2. The method of claim 1, wherein configuring the network of virtual machines under the internal network to communicate the virtual machines with hosts under the external network comprises:
creating an SDN advanced network subnet in a virtual machine, configuring the virtual machine to use the SDN advanced network subnet, and checking whether the IP of DHCP is normal or not through a virtual machine console;
creating a distributed NAT gateway in the virtual machine, configuring an NAT gateway IP as a real physical gateway address, and configuring an accurate gateway Segment id value to ensure that data can be forwarded through a physical switch;
creating a distributed router in a virtual machine, setting a gateway, starting an SNAT (network node identifier), and associating SDN (software defined network) advanced network subnets used by the virtual machine;
and ping the external address of the same network segment with the physical gateway on the virtual machine.
3. The method of claim 2, further comprising:
testing whether the virtual machine under the internal network can communicate with the host under the external network;
and if the virtual machine and the host machine cannot communicate, confirming that the step of configuring the network of the virtual machine under the internal network so as to enable the virtual machine to communicate with the host machine under the external network is abnormal.
4. The method according to claim 1, wherein the step of adding the forwarding rule for the custom port to the host where the virtual machine under the internal network is located comprises:
forwarding through an added port of a distributed NAT gateway function page in the virtual machine, configuring the virtual IP in the popup window as SNAT or floating IP, and configuring a port forwarded by a destination as a user-defined port used by the virtual machine service;
and adding port forwarding in the virtual machine, and logging in a background to check forwarding rules after the port forwarding is successfully added.
5. The method according to claim 4, wherein the step of initiating a connection request to the custom port through the emulated TCP service using a host under an external network comprises:
and sending a connection request to the virtual IP corresponding to the user-defined port through a console of the host or a command prompt, wherein the connection request comprises address port information of the host under an external network.
6. An apparatus for port forwarding testing in a virtualized environment, the apparatus comprising:
the network configuration module is used for configuring a network of the virtual machine under the internal network so as to enable the virtual machine to communicate with the host under the external network;
the simulation TCP service module is used for running a script on a virtual machine under an internal network to create simulation TCP service for the user-defined port;
the forwarding rule adding module is used for adding a forwarding rule for the user-defined port on a host where a virtual machine under an internal network is located;
the connection request module is used for initiating a connection request to the self-defined port through the simulated TCP service by utilizing a host under an external network;
the result confirmation module is used for acquiring a response result of the virtual machine under the internal network to the connection request and determining whether the user-defined port is normal or not based on the response result;
the analog TCP services module is further configured to:
the step of running a script on a virtual machine under the internal network to create a simulated TCP service to the custom port comprises:
a socket module is led in a python script, a service end of a parameter simulation TCP protocol is configured, a self-defined IP address and a self-defined port number are bound to obtain the self-defined port, and monitoring is started at the bound self-defined port;
setting an infinite loop to wait for the connection of the client, and when the client sends a connection request, the server receives the connection request and establishes a stable connection with the client;
acquiring address port information of a client, sending information to the client to feed back the request connection establishment success of the client, and printing and outputting the address port information of the client and received data information at a server;
the client end disconnects after receiving the data, and one-time connection is finished;
the server side continues to circularly wait for the connection request of the next client side, when an interruption occurs, the whole infinite loop is finished, and the simulation of the server side is finished;
the result validation module is further configured to:
responding to the connection request received by the user-defined port, confirming that the forwarding function of the user-defined port is normal, and outputting the address port information of the host under the external network on the virtual machine;
and responding to the situation that the custom port does not receive the connection request, and confirming that the forwarding function of the custom port is abnormal.
7. A computer device, comprising:
at least one processor; and
a memory storing a computer program operable in the processor, the processor when executing the program performing the method of any of claims 1-5.
8. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, is adapted to carry out the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110554257.1A CN113419812B (en) | 2021-05-20 | 2021-05-20 | Port forwarding test method, device, equipment and medium in virtualization environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110554257.1A CN113419812B (en) | 2021-05-20 | 2021-05-20 | Port forwarding test method, device, equipment and medium in virtualization environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113419812A CN113419812A (en) | 2021-09-21 |
| CN113419812B true CN113419812B (en) | 2022-03-11 |
Family
ID=77712631
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110554257.1A Active CN113419812B (en) | 2021-05-20 | 2021-05-20 | Port forwarding test method, device, equipment and medium in virtualization environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113419812B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114726757B (en) * | 2022-03-24 | 2024-05-03 | 深圳市领创星通科技有限公司 | Equipment networking test method, device, computer equipment and storage medium |
| CN114745445B (en) * | 2022-04-27 | 2024-05-28 | 深圳绿米联创科技有限公司 | Control method, control device, electronic equipment and storage medium |
| CN115277349B (en) * | 2022-07-18 | 2024-01-02 | 天翼云科技有限公司 | Method for configuring distributed gateway, open virtual network and storage medium |
| CN114944992B (en) * | 2022-07-26 | 2022-10-18 | 南京赛宁信息技术有限公司 | Active defense gateway configuration detection method, device and system |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104158701A (en) * | 2014-08-18 | 2014-11-19 | 中国联合网络通信集团有限公司 | Gateway function testing method and device |
| CN105227690A (en) * | 2015-09-06 | 2016-01-06 | 上海斐讯数据通信技术有限公司 | The concurrent DHCP of a kind of multiport obtains the method for address |
| CN106375142A (en) * | 2016-08-26 | 2017-02-01 | 腾讯科技(深圳)有限公司 | Application program test method and apparatus |
| CN107040429A (en) * | 2017-03-13 | 2017-08-11 | 上海斐讯数据通信技术有限公司 | A kind of method of testing and system of port forwarding performance |
| CN107911313A (en) * | 2017-11-15 | 2018-04-13 | 北京易讯通信息技术股份有限公司 | A kind of method that virtual machine port flow moves outside in private clound |
| CN110891285A (en) * | 2019-12-03 | 2020-03-17 | 锐捷网络股份有限公司 | Transmitting equipment, reflecting equipment, network performance testing method and system |
| CN111371636A (en) * | 2020-02-16 | 2020-07-03 | 苏州浪潮智能科技有限公司 | Port forwarding function testing method and system based on cloud platform |
| CN111669300A (en) * | 2020-04-24 | 2020-09-15 | 平安科技(深圳)有限公司 | Gateway testing method and device based on direct connection testing network and computer equipment |
| CN112217690A (en) * | 2020-09-18 | 2021-01-12 | 苏州浪潮智能科技有限公司 | Concurrent testing method and system for local area network availability between computing nodes |
| CN112637244A (en) * | 2021-01-08 | 2021-04-09 | 江苏天翼安全技术有限公司 | Threat detection method for common and industrial control protocols and ports |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8954544B2 (en) * | 2010-09-30 | 2015-02-10 | Axcient, Inc. | Cloud-based virtual machines and offices |
-
2021
- 2021-05-20 CN CN202110554257.1A patent/CN113419812B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104158701A (en) * | 2014-08-18 | 2014-11-19 | 中国联合网络通信集团有限公司 | Gateway function testing method and device |
| CN105227690A (en) * | 2015-09-06 | 2016-01-06 | 上海斐讯数据通信技术有限公司 | The concurrent DHCP of a kind of multiport obtains the method for address |
| CN106375142A (en) * | 2016-08-26 | 2017-02-01 | 腾讯科技(深圳)有限公司 | Application program test method and apparatus |
| CN107040429A (en) * | 2017-03-13 | 2017-08-11 | 上海斐讯数据通信技术有限公司 | A kind of method of testing and system of port forwarding performance |
| CN107911313A (en) * | 2017-11-15 | 2018-04-13 | 北京易讯通信息技术股份有限公司 | A kind of method that virtual machine port flow moves outside in private clound |
| CN110891285A (en) * | 2019-12-03 | 2020-03-17 | 锐捷网络股份有限公司 | Transmitting equipment, reflecting equipment, network performance testing method and system |
| CN111371636A (en) * | 2020-02-16 | 2020-07-03 | 苏州浪潮智能科技有限公司 | Port forwarding function testing method and system based on cloud platform |
| CN111669300A (en) * | 2020-04-24 | 2020-09-15 | 平安科技(深圳)有限公司 | Gateway testing method and device based on direct connection testing network and computer equipment |
| CN112217690A (en) * | 2020-09-18 | 2021-01-12 | 苏州浪潮智能科技有限公司 | Concurrent testing method and system for local area network availability between computing nodes |
| CN112637244A (en) * | 2021-01-08 | 2021-04-09 | 江苏天翼安全技术有限公司 | Threat detection method for common and industrial control protocols and ports |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113419812A (en) | 2021-09-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113419812B (en) | Port forwarding test method, device, equipment and medium in virtualization environment | |
| US9146826B2 (en) | Method and apparatus for scaling network simulation | |
| CN106790758B (en) | Method and device for accessing network object in NAT network | |
| CN109951325B (en) | Network cable connection checking method and device | |
| CN110557290B (en) | Processing method and device for network acceleration service | |
| CN109728962B (en) | Method and equipment for sending message | |
| US20130136131A1 (en) | Relay device and activation method of electronic device | |
| CN107613037B (en) | Domain name redirection method and system | |
| CN110266761B (en) | Load balancing application creation method and device, computer equipment and storage medium | |
| US11595306B2 (en) | Executing workloads across multiple cloud service providers | |
| EP3780885A1 (en) | Method, apparatus and system for establishing subflows of multipath connection | |
| US10855546B2 (en) | Systems and methods for non-intrusive network performance monitoring | |
| CN111447302B (en) | Method and system for simulating multi-client to test DHCP (dynamic host configuration protocol) by using raw socket | |
| CN114070723A (en) | Virtual network configuration method and system of bare metal server and intelligent network card | |
| CN108234194B (en) | Network topology structure discovery method and device based on SDN and storage medium | |
| JP2015510744A (en) | Processing method and processing apparatus for automatically setting Internet access mode | |
| JP2011015095A (en) | Communication apparatus, address setting method, and address setting program | |
| US8443094B2 (en) | Computer system comprising a communication device | |
| CN112073553A (en) | Method, device, equipment and storage medium for detecting network address conversion type | |
| CN113347287B (en) | Host discovery and addition method, device, equipment and medium in data center | |
| CN113596119B (en) | Edge capability distribution method, system, device and computer readable storage medium | |
| WO2022222479A1 (en) | Network detection method and apparatus, and device and storage medium | |
| CN103167546A (en) | Mobile G net wireless service testing system with data acquisition server and method | |
| CN110545240B (en) | Method for establishing label forwarding table and forwarding message based on distributed aggregation system | |
| Comer et al. | WIST: Wi-SUN FAN Protocol Emulation Testbed |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |