CN113438170A - Method, storage medium and system for libvirt to manage flow table rules of OVS - Google Patents
Method, storage medium and system for libvirt to manage flow table rules of OVS Download PDFInfo
- Publication number
- CN113438170A CN113438170A CN202111000105.3A CN202111000105A CN113438170A CN 113438170 A CN113438170 A CN 113438170A CN 202111000105 A CN202111000105 A CN 202111000105A CN 113438170 A CN113438170 A CN 113438170A
- Authority
- CN
- China
- Prior art keywords
- flow table
- ovs
- libvirt
- filtering
- virtual machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method, a computer readable storage medium and a system for libvirt to manage flow table rules of OVS, wherein the method comprises the following steps: A. according to the input of a user, creating a corresponding nwfilter filtering rule; B. converting the nwfilter filtering rule into a flow table rule according to network card information of a virtual machine needing network flow filtering; C. and adding the flow table rule into the OVS virtual switch so that the OVS virtual switch can use the flow table rule to filter the network flow of the virtual machine. The method realizes that the libvirt is used for managing the flow table rule of the OVS on the basis of applying the OVS to perform virtual network management, the flow table rule of the OVS is not required to be managed by specially using the OVS, the virtual machine is uniformly managed by the libvirt, the network flow of the virtual machine is filtered, and uniform management is facilitated.
Description
Technical Field
The present invention relates to the field of virtualization technologies, and in particular, to a method, a storage medium, and a system for libvirt to manage flow table rules of an OVS.
Background
Libvirt is an open source management tool for managing a virtualization platform, and can be applied to various virtualization technologies, such as KVM, Xen, VMware ESX, and the like. Libvirt provides not only management functions for virtual machines, but also management of virtualized networks. Most users currently use libvirt to manage virtual machines. The key point of the virtualized network management is network traffic filtering management, and the libvirt adopts nwfilter to realize the data packet filtering management of the virtual machine network card.
The OpenvSwitch (OVS for short) is a virtual switch software used for constructing a virtual switch and supporting various virtualization technologies such as Xen/XenServer, KVM and VirtualBox. Currently, the mainstream network solutions in virtualization are all implemented based on OVS. Unlike libvirt, OVS uses openflow to implement packet forwarding and filtering, specifically, OVS virtual switches include multiple flow tables (flow tables), each of which includes multiple flow table rules (flow rules, i.e., network traffic filtering rules) that specify processing behaviors for packets, such as passing or blocking. If a data packet enters/exits, the OVS virtual switch matches the corresponding flow table rule in sequence according to the flow table priority, so that the data packet is correspondingly processed, and the purpose of filtering the data packet is achieved.
Libvirt is more prominent in the management function of a virtual machine, but the network management function of Libvirt is inferior to that of OVS, so that when some virtualization providers construct a virtualization cluster, Libvirt is used for managing the virtual machine, OVS is used for managing the virtualization network, ibvirt and OVS need to be respectively called by management nodes of the virtualization cluster to manage the virtual machine and the virtualization network, and the calling process is troublesome.
Disclosure of Invention
The technical problem to be solved by the invention is how to conveniently and uniformly manage the virtual machines and the network flow filtration of the virtual machines under the condition that libvirt is adopted to manage the virtual machines and OVS is adopted to manage the virtual network.
In order to solve the above technical problem, a method for libvirt to manage flow table rules of OVSs of the present invention comprises the following steps:
A. according to the input of a user, creating a corresponding nwfilter filtering rule;
B. converting the nwfilter filtering rule into a flow table rule according to network card information of a virtual machine needing network flow filtering;
C. and adding the flow table rule into the OVS virtual switch so that the OVS virtual switch can use the flow table rule to filter the network flow of the virtual machine.
Optionally, the network card information includes a mac address and/or a port name.
Optionally, in the step a, a corresponding nwfilter filtering rule is specifically created according to the filtering items and the filtering behaviors configured by the user.
Optionally, the filtering behavior comprises dropping or allowing, and/or the filtering entries comprise one or more of a network protocol type, a source IP address, a destination IP address, a source port name, and a destination port name.
Optionally, if a new virtual machine is created and the created nwfilter filtering rule needs to be applied to filter the network traffic of the virtual machine, the step B and the step C are performed on the virtual machine.
Optionally, the step C is specifically to add the flow table rule to a flow table of the OVS virtual switch.
Optionally, in the step C, the flow table rule is specifically added to the flow table of the OVS virtual switch by an OVS-ofctl command.
A computer readable storage medium having stored thereon an executable computer program which, when executed, implements a method of libvirt managing flow table rules of an OVS as described above.
A virtualization management system comprises a virtualization management platform and a host machine in communication connection with the virtualization management platform, wherein the host machine runs a virtual machine and comprises a computer readable storage medium as described above.
The method realizes that the libvirt is used for managing the flow table rule of the OVS on the basis of applying the OVS to perform virtual network management, the flow table rule of the OVS is not required to be managed by specially using the OVS, the virtual machine is uniformly managed by the libvirt, the network flow of the virtual machine is filtered, and uniform management is facilitated.
Drawings
FIG. 1 is a logical block diagram of a virtualization management system.
Detailed Description
The invention is described in further detail below with reference to specific embodiments.
The virtualization management system is shown in fig. 1 and includes a virtualization management platform, a host, and a virtual machine and an OVS virtual switch running on the host. The virtualization management platform is in communication connection with the host machine. The host machine includes a processor and a computer-readable storage medium having stored therein an executable computer program that is executed by the processor to implement the functions of libvirt. The libvirt can manage not only the virtual machine but also the flow table rule of the OVS. The process by which libvirt manages flow table rules for OVSs is described below by way of example:
example one
Assuming that the host runs the virtual machine a, the present embodiment allows all devices to access the virtual machine a in the initial state by default. Assuming that the user finds 192.168.1.0/24 to belong to malicious IP and wants to prohibit the user from accessing the virtual machine A, the user logs in a web interface of the virtualization management platform, configures a filtering item in the web interface of the virtualization management platform as a source IP address 192.168.1.0/24, and configures filtering behavior as discarding. In this embodiment, the filtering item is set as the source IP address, and the user may change the filtering item to one or more of the network protocol type, the source IP address, the destination IP address, the source port, and the destination port according to the requirement. After the user configures the filtering items and the filtering behaviors, the virtual machine A is selected as a virtual machine which needs to filter network traffic according to the filtering items and the filtering behaviors, so that the virtualization management platform calls a libvirt interface of a host machine and sends the filtering items, the filtering behaviors and the information of the virtual machine A configured by the user to the libvirt, and the libvirt executes the flow table rule generating process as follows:
according to the filtering item 'source IP address 192.168.1.0/24' and the filtering behavior 'discard' configured by the user, libvirt creates a corresponding nwfilter filtering rule (r) as follows:
<rule action='drop' direction='in' priority='600'>
// Filter behavior is discard, Direction is inbound, and priority is 600
<ipsrcipaddr='192.168.1.0' srcipmask='24'/>
// the specified source IP address is 192.168.1.0/24
</rule>
// function name.
Libvirt stores the nwfilter filter rule (r) in a rule base. In this embodiment, the mac address of the network card is used as the network card information, Libvirt obtains the mac address 52:54:00:11:22:33 of the network card of the virtual machine a, and accordingly converts the nwfilter filtering rule (r) into the flow table rule a1 as follows:
priority=600,ip,dl_dst=52:54:00:11:22:33,nw_src=192.168.1.0/24 actions=drop
the// priority is 600, the virtual machine network card mac address is 52:54:00:11:22:33, the source IP address is 192.168.1.0/24, and the filtering action is discard.
The Libvirt call OVS-ofctl command then causes the OVS virtual switch to add the flow table rule a1 to the flow table so that the OVS virtual switch can use the flow table rule a1 to filter network traffic for virtual machine a. The OVS virtual switch acquires a network protocol, a source IP address, a destination IP address, a source port name, a destination port name, a source mac address and a destination mac address of a data packet each time the OVS virtual switch receives the data packet. Assuming that the current packet is sent to the virtual machine a by the virtual machine with the IP address of 192.168.1.0/24, the source IP address of the packet is the malicious IP address 192.168.1.0/24, the destination mac address is the network card mac address of the virtual machine a, the OVS virtual switch queries the flow table rule in the flow table according to the packet source IP address, finds the flow table rule a1, the network card mac address of the virtual machine is the same as the destination mac address of the packet, and the specified source IP address is the same as the source IP address of the packet, that is, the flow table rule a1 matches the packet, so the packet is discarded according to the filtering action of the flow table rule a1, and thus the virtual machine with the IP address of 192.168.1.0/24 is prohibited from accessing the virtual machine a. Assuming that the next data packet is sent to virtual machine a by the virtual machine with an IP address of 192.168.1.1/23 (not the malicious IP address), the source IP address is 192.168.1.1/23, and the destination mac address is the network card mac address of virtual machine a. The OVS virtual switch queries the flow table rule in the flow table based on this, and although the destination mac address of the packet is the same as the virtual machine network card mac address of the flow table rule a1, the source IP address of the packet is not the specified source IP address 192.168.1.0/24 of the flow table rule a1, and therefore the packet does not match the flow table rule a1, and if no flow table rule that can be matched is found, the packet is forwarded to the virtual machine a, and the virtual machine with the IP address of 192.168.1.1/23 is allowed to access the virtual machine a.
Due to business requirements, a user creates a new virtual machine B, and 192.168.1.0/24 access to the virtual machine B is forbidden, namely nwfilter filtering rules are applied to filter network traffic of the virtual machine B. Therefore, the flow table rule generation flow executed by the user through the libvirt interface called by the virtualization management platform is as follows:
libvirt takes nwfilter filtering rule (r) out of the rule base, then obtains mac address 52:54:00:11:22:34 of network card of virtual machine B, and converts nwfilter filtering rule (r) into flow table rule B as follows according to the mac address:
priority=600,ip,dl_dst=52:54:00:11:22:34,nw_src=192.168.1.0/24 actions=drop
the// priority is 600, the virtual machine network card mac address is 52:54:00:11:22:34, the source IP address is 192.168.1.0/24, and the filtering action is discard.
Libvirt then invokes the OVS-ofctl command to cause the OVS virtual switch to add this flow table rule b to the flow table. The OVS virtual switch acquires a network protocol, a source IP address, a destination IP address, a source port name, a destination port name, a source mac address and a destination mac address of a data packet each time the OVS virtual switch receives the data packet. Assuming that the current packet is sent to the virtual machine B by the virtual machine with the IP address of 192.168.1.0/24, the source IP address of the packet is 192.168.1.0/24, the destination mac address is the network card mac address of the virtual machine B, the OVS virtual switch queries the flow table rule in the flow table according to the above, finds the flow table rule B, the network card mac address of the virtual machine is the same as the destination mac address of the packet, and the specified source IP address is the same as the source IP address of the packet, that is, the flow table rule B matches the packet, so that the packet is discarded according to the filtering action of the flow table rule B, and thus the virtual machine with the IP address of 192.168.1.0/24 is prohibited from accessing the virtual machine B.
Example two
Assuming that a user wants to prohibit the virtual machine A from accessing the malicious IP address 192.168.1.0/24, the filtering item is configured as the destination IP address 192.168.1.0/24 in the web interface of the virtualization management platform, and the filtering action is configured to be discarded. After the user configures the filtering items and the filtering behaviors, the virtual machine A is selected as a virtual machine which needs to filter network traffic according to the filtering items and the filtering behaviors, the virtualization management platform calls a libvirt interface of a host machine, and the filtering items, the filtering behaviors and the virtual machine A information configured by the user are sent to the libvirt, so that the libvirt executes a rule flow table generating process as follows:
according to a filtering item 'destination IP address 192.168.1.0/24' configured by a user and a filtering behavior 'discard', libvirt creates a corresponding nwfilter filtering rule (II) as follows:
<rule action='drop' direction='out' priority='700'>
// the filtering behavior is discard, direction is outbound, and priority is 700
<ipdstipaddr='192.168.1.0' dstipmask='24'/>
// destination IP Address is 192.168.1.0/24
</rule>
// function name.
Libvirt stores the nwfilter filtering rule (II) in a rule base. In this embodiment, the network card port name is used as the network card information to obtain the network card port name vnet4 of the virtual machine a, and accordingly, the nwfilter filtering rule is converted into the flow table rule a2 as follows:
priority=700,ip,in_port=vnet4,nw_dst=192.168.1.0/24 actions=drop
the// priority is 700, the port name of the virtual machine network card is vnet4, the destination IP address is 192.168.1.0/24, and the filtering action is discard.
The Libvirt call OVS-ofctl command then causes the OVS virtual switch to add this flow table rule a2 to the flow table. When the OVS virtual switch receives a data packet, the protocol, the source IP address, the destination IP address, the source port name, the destination port name, the source mac address and the destination mac address of the data packet are obtained. Assuming that the packet is sent by the virtual machine a to the virtual machine with an IP address of 192.168.1.0/24, the destination IP address of the packet is 192.168.1.0/24, the source port name is the network card port name of the virtual machine a, the OVS virtual switch queries the flow table rule in the flow table accordingly, finds the flow table rule a2, the port name of the virtual machine network card is the same as the source port name of the packet, the specified destination IP address is the same as the destination IP address of the packet, that is, the flow table rule a1 matches the packet, so that the packet is discarded according to the filtering action of the flow table rule a2, and thus the access of the virtual machine a to the virtual machine with an IP address of 192.168.1.0/24 is intercepted.
EXAMPLE III
In the embodiment, all devices are prohibited from accessing the virtual machine a in the default initial state, and when a user wants to allow 192.168.1.1/23 access to the virtual machine a, the user logs in the web interface of the virtualization management platform, configures the filtering item as the source IP address 192.168.1.1/23 in the web interface of the virtualization management platform, and configures the filtering behavior as passing. Then after the user configures the filtering item and the filtering behavior, selecting the virtual machine a as a virtual machine which needs to filter the network traffic according to the filtering item and the filtering behavior, so that the virtualization management platform calls a libvirt interface of the host machine and sends the filtering item, the filtering behavior and the virtual machine a information configured by the user to the libvirt, thereby enabling the libvirt to execute a flow table rule generation flow as follows:
according to the filtering item 'source IP address 192.168.1.1/23' and the filtering behavior 'release' configured by the user, libvirt creates a corresponding nwfilter filtering rule (c) as follows:
<rule action=' accept ' direction='in' priority='600'>
// Filter behavior is clear, Direction is inbound, priority is 600
<ipsrcipaddr='192.168.1.1' srcipmask='23'/>
// the specified source IP address is 192.168.1.1/23
</rule>
// function name.
Libvirt stores the nwfilter filtering rule (c) in a rule base. In this embodiment, the mac address of the network card is used as the network card information, Libvirt obtains the mac address 52:54:00:11:22:33 of the network card of the virtual machine a, and accordingly converts the nwfilter filtering rule 3 into the flow table rule a3 as follows:
priority=600,ip,dl_dst=52:54:00:11:22:33,nw_src=192.168.1.1/23 actions= normal
the// priority is 600, the virtual machine network card mac address is 52:54:00:11:22:33, the source IP address is 192.168.1.1/23, and the filtering behavior is pass.
The Libvirt call OVS-ofctl command then causes the OVS virtual switch to add this flow table rule a3 to the flow table. The OVS virtual switch acquires a network protocol, a source IP address, a destination IP address, a source port name, a destination port name, a source mac address and a destination mac address of a data packet each time the OVS virtual switch receives the data packet. Assuming that the current packet is sent to the virtual machine a by the virtual machine with the IP address of 192.168.1.1/23, the source IP address of the packet is 192.168.1.1/23, the destination mac address is the network card mac address of the virtual machine a, the OVS virtual switch queries the flow table rule in the flow table according to the above, finds the flow table rule a3, the network card mac address of the virtual machine is the same as the destination mac address of the packet, and the specified source IP address is the same as the source IP address of the packet, that is, the flow table rule a3 matches the packet, so that the packet is forwarded to the virtual machine a according to the filtering action of the flow table rule a3, and thus the virtual machine with the IP address of 192.168.1.1/23 is allowed to access the virtual machine a. Assuming that the data packet is sent to the virtual machine a by the virtual machine with the IP address of 192.168.1.0/24, the source IP address is 192.168.1.0/24, and the destination mac address is the network card mac address of the virtual machine a. The OVS virtual switch queries the flow table rule in the flow table based on this, and although the destination mac address of the packet is the same as the virtual machine network card mac address of the flow table rule a3, the source IP address of the packet is not the specified source IP address of the flow table rule a3, the packet does not match the flow table rule a3, and if no flow table rule that can be matched is found, the packet is discarded, so that the virtual machine with the IP address 192.168.1.0/24 is prohibited from accessing the virtual machine a.
The above description is only the embodiments of the present invention, and the scope of protection is not limited thereto. The insubstantial changes or substitutions will now be made by those skilled in the art based on the teachings of the present invention, which fall within the scope of the claims.
Claims (9)
1. A method for managing flow table rules of OVS by libvirt is characterized by comprising the following steps:
A. according to the input of a user, creating a corresponding nwfilter filtering rule;
B. converting the nwfilter filtering rule into a flow table rule according to network card information of a virtual machine needing network flow filtering;
C. and adding the flow table rule into the OVS virtual switch so that the OVS virtual switch can use the flow table rule to filter the network flow of the virtual machine.
2. The method of libvirt to manage flow table rules of OVSs as claimed in claim 1 wherein: the network card information includes a mac address and/or a port name.
3. The method of libvirt to manage flow table rules of OVSs as claimed in claim 1 wherein: in the step a, a corresponding nwfilter filtering rule is specifically created according to the filtering items and filtering behaviors configured by the user.
4. The method of libvirt to manage flow table rules of OVSs as claimed in claim 3 wherein: the filtering behavior comprises dropping or allowing and/or the filtering entries comprise one or more of a network protocol type, a source IP address, a destination IP address, a source port name, and a destination port name.
5. The method of libvirt to manage flow table rules of OVSs as claimed in claim 1 wherein: and if a new virtual machine is created and the created nwfilter filtering rule needs to be applied to filter the network traffic of the virtual machine, executing the step B and the step C on the virtual machine.
6. The method of libvirt to manage flow table rules of OVSs as claimed in claim 1 wherein: and step C is specifically to add the flow table rule to the flow table of the OVS virtual switch.
7. The method of libvirt to manage flow table rules for OVSs as claimed in claim 6 wherein: the step C is specifically to add the flow table rule to the flow table of the OVS virtual switch by an OVS-ofctl command.
8. A computer-readable storage medium having stored thereon an executable computer program, characterized by: the computer program when executed implements a method of libvirt managing flow table rules of an OVS as claimed in any one of claims 1 to 7.
9. A virtualization management system comprises a virtualization management platform and a host machine in communication connection with the virtualization management platform, wherein a virtual machine runs on the host machine, and the virtualization management system is characterized in that: the host machine comprising the computer-readable storage medium of claim 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111000105.3A CN113438170A (en) | 2021-08-30 | 2021-08-30 | Method, storage medium and system for libvirt to manage flow table rules of OVS |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111000105.3A CN113438170A (en) | 2021-08-30 | 2021-08-30 | Method, storage medium and system for libvirt to manage flow table rules of OVS |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113438170A true CN113438170A (en) | 2021-09-24 |
Family
ID=77798285
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111000105.3A Pending CN113438170A (en) | 2021-08-30 | 2021-08-30 | Method, storage medium and system for libvirt to manage flow table rules of OVS |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113438170A (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108322467A (en) * | 2018-02-02 | 2018-07-24 | 云宏信息科技股份有限公司 | Virtual firewall configuration method, electronic equipment and storage medium based on OVS |
CN112052076A (en) * | 2020-10-10 | 2020-12-08 | 苏州浪潮智能科技有限公司 | Method and device for managing dpdk vhostter network card based on libvirt |
-
2021
- 2021-08-30 CN CN202111000105.3A patent/CN113438170A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108322467A (en) * | 2018-02-02 | 2018-07-24 | 云宏信息科技股份有限公司 | Virtual firewall configuration method, electronic equipment and storage medium based on OVS |
CN112052076A (en) * | 2020-10-10 | 2020-12-08 | 苏州浪潮智能科技有限公司 | Method and device for managing dpdk vhostter network card based on libvirt |
Non-Patent Citations (1)
Title |
---|
赵欢欢: ""虚拟机流量安全防护策略的设计与实现"", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10452422B2 (en) | Method and apparatus for deploying virtual machine instance, and device | |
US11025647B2 (en) | Providing a virtual security appliance architecture to a virtual cloud infrastructure | |
US11533340B2 (en) | On-demand security policy provisioning | |
US10411951B2 (en) | Network policy conflict detection and resolution | |
CN105100026B (en) | A kind of safe retransmission method of message and device | |
US7826393B2 (en) | Management computer and computer system for setting port configuration information | |
CN110784400B (en) | N: 1 method, system and standby service gateway for redundancy of stateful application gateway | |
EP3337097A1 (en) | Network element upgrading method and device | |
CN112130957B (en) | Method and system for using intelligent network card for breaking through virtualization isolation of container | |
WO2023056722A1 (en) | Distributed firewall definition method and system | |
JP7101308B2 (en) | High-speed transfer table creation | |
US10243799B2 (en) | Method, apparatus and system for virtualizing a policy and charging rules function | |
WO2020151482A1 (en) | Information query method, apparatus, device, and storage medium | |
CN112600903B (en) | Elastic virtual network card migration method | |
CN111371608B (en) | Method, device and medium for deploying SFC service chain | |
CN112491789A (en) | OpenStack framework-based virtual firewall construction method and storage medium | |
CN104168200A (en) | Open vSwitch-based method and system for realizing ACL function | |
EP3461083B1 (en) | Data processing method and device | |
CN113438170A (en) | Method, storage medium and system for libvirt to manage flow table rules of OVS | |
CN113472812B (en) | Message data processing method and device and computer readable storage medium | |
JP5958639B2 (en) | Switches and programs | |
CN111371683B (en) | Network connection path judgment method, equipment and communication system | |
KR20180041976A (en) | SDN for preventing malicious application and Determination apparatus comprising the same | |
CN113225267A (en) | Intelligent flow distribution method and device | |
KR20010047997A (en) | Method for keeping directory enabled network security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210924 |
|
RJ01 | Rejection of invention patent application after publication |