CN113438170A - Method, storage medium and system for libvirt to manage flow table rules of OVS - Google Patents

Method, storage medium and system for libvirt to manage flow table rules of OVS Download PDF

Info

Publication number
CN113438170A
CN113438170A CN202111000105.3A CN202111000105A CN113438170A CN 113438170 A CN113438170 A CN 113438170A CN 202111000105 A CN202111000105 A CN 202111000105A CN 113438170 A CN113438170 A CN 113438170A
Authority
CN
China
Prior art keywords
flow table
ovs
libvirt
filtering
virtual machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111000105.3A
Other languages
Chinese (zh)
Inventor
黎兵
刘建平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Winhong Information Technology Co ltd
Original Assignee
Winhong Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Winhong Information Technology Co ltd filed Critical Winhong Information Technology Co ltd
Priority to CN202111000105.3A priority Critical patent/CN113438170A/en
Publication of CN113438170A publication Critical patent/CN113438170A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method, a computer readable storage medium and a system for libvirt to manage flow table rules of OVS, wherein the method comprises the following steps: A. according to the input of a user, creating a corresponding nwfilter filtering rule; B. converting the nwfilter filtering rule into a flow table rule according to network card information of a virtual machine needing network flow filtering; C. and adding the flow table rule into the OVS virtual switch so that the OVS virtual switch can use the flow table rule to filter the network flow of the virtual machine. The method realizes that the libvirt is used for managing the flow table rule of the OVS on the basis of applying the OVS to perform virtual network management, the flow table rule of the OVS is not required to be managed by specially using the OVS, the virtual machine is uniformly managed by the libvirt, the network flow of the virtual machine is filtered, and uniform management is facilitated.

Description

Method, storage medium and system for libvirt to manage flow table rules of OVS
Technical Field
The present invention relates to the field of virtualization technologies, and in particular, to a method, a storage medium, and a system for libvirt to manage flow table rules of an OVS.
Background
Libvirt is an open source management tool for managing a virtualization platform, and can be applied to various virtualization technologies, such as KVM, Xen, VMware ESX, and the like. Libvirt provides not only management functions for virtual machines, but also management of virtualized networks. Most users currently use libvirt to manage virtual machines. The key point of the virtualized network management is network traffic filtering management, and the libvirt adopts nwfilter to realize the data packet filtering management of the virtual machine network card.
The OpenvSwitch (OVS for short) is a virtual switch software used for constructing a virtual switch and supporting various virtualization technologies such as Xen/XenServer, KVM and VirtualBox. Currently, the mainstream network solutions in virtualization are all implemented based on OVS. Unlike libvirt, OVS uses openflow to implement packet forwarding and filtering, specifically, OVS virtual switches include multiple flow tables (flow tables), each of which includes multiple flow table rules (flow rules, i.e., network traffic filtering rules) that specify processing behaviors for packets, such as passing or blocking. If a data packet enters/exits, the OVS virtual switch matches the corresponding flow table rule in sequence according to the flow table priority, so that the data packet is correspondingly processed, and the purpose of filtering the data packet is achieved.
Libvirt is more prominent in the management function of a virtual machine, but the network management function of Libvirt is inferior to that of OVS, so that when some virtualization providers construct a virtualization cluster, Libvirt is used for managing the virtual machine, OVS is used for managing the virtualization network, ibvirt and OVS need to be respectively called by management nodes of the virtualization cluster to manage the virtual machine and the virtualization network, and the calling process is troublesome.
Disclosure of Invention
The technical problem to be solved by the invention is how to conveniently and uniformly manage the virtual machines and the network flow filtration of the virtual machines under the condition that libvirt is adopted to manage the virtual machines and OVS is adopted to manage the virtual network.
In order to solve the above technical problem, a method for libvirt to manage flow table rules of OVSs of the present invention comprises the following steps:
A. according to the input of a user, creating a corresponding nwfilter filtering rule;
B. converting the nwfilter filtering rule into a flow table rule according to network card information of a virtual machine needing network flow filtering;
C. and adding the flow table rule into the OVS virtual switch so that the OVS virtual switch can use the flow table rule to filter the network flow of the virtual machine.
Optionally, the network card information includes a mac address and/or a port name.
Optionally, in the step a, a corresponding nwfilter filtering rule is specifically created according to the filtering items and the filtering behaviors configured by the user.
Optionally, the filtering behavior comprises dropping or allowing, and/or the filtering entries comprise one or more of a network protocol type, a source IP address, a destination IP address, a source port name, and a destination port name.
Optionally, if a new virtual machine is created and the created nwfilter filtering rule needs to be applied to filter the network traffic of the virtual machine, the step B and the step C are performed on the virtual machine.
Optionally, the step C is specifically to add the flow table rule to a flow table of the OVS virtual switch.
Optionally, in the step C, the flow table rule is specifically added to the flow table of the OVS virtual switch by an OVS-ofctl command.
A computer readable storage medium having stored thereon an executable computer program which, when executed, implements a method of libvirt managing flow table rules of an OVS as described above.
A virtualization management system comprises a virtualization management platform and a host machine in communication connection with the virtualization management platform, wherein the host machine runs a virtual machine and comprises a computer readable storage medium as described above.
The method realizes that the libvirt is used for managing the flow table rule of the OVS on the basis of applying the OVS to perform virtual network management, the flow table rule of the OVS is not required to be managed by specially using the OVS, the virtual machine is uniformly managed by the libvirt, the network flow of the virtual machine is filtered, and uniform management is facilitated.
Drawings
FIG. 1 is a logical block diagram of a virtualization management system.
Detailed Description
The invention is described in further detail below with reference to specific embodiments.
The virtualization management system is shown in fig. 1 and includes a virtualization management platform, a host, and a virtual machine and an OVS virtual switch running on the host. The virtualization management platform is in communication connection with the host machine. The host machine includes a processor and a computer-readable storage medium having stored therein an executable computer program that is executed by the processor to implement the functions of libvirt. The libvirt can manage not only the virtual machine but also the flow table rule of the OVS. The process by which libvirt manages flow table rules for OVSs is described below by way of example:
example one
Assuming that the host runs the virtual machine a, the present embodiment allows all devices to access the virtual machine a in the initial state by default. Assuming that the user finds 192.168.1.0/24 to belong to malicious IP and wants to prohibit the user from accessing the virtual machine A, the user logs in a web interface of the virtualization management platform, configures a filtering item in the web interface of the virtualization management platform as a source IP address 192.168.1.0/24, and configures filtering behavior as discarding. In this embodiment, the filtering item is set as the source IP address, and the user may change the filtering item to one or more of the network protocol type, the source IP address, the destination IP address, the source port, and the destination port according to the requirement. After the user configures the filtering items and the filtering behaviors, the virtual machine A is selected as a virtual machine which needs to filter network traffic according to the filtering items and the filtering behaviors, so that the virtualization management platform calls a libvirt interface of a host machine and sends the filtering items, the filtering behaviors and the information of the virtual machine A configured by the user to the libvirt, and the libvirt executes the flow table rule generating process as follows:
according to the filtering item 'source IP address 192.168.1.0/24' and the filtering behavior 'discard' configured by the user, libvirt creates a corresponding nwfilter filtering rule (r) as follows:
<rule action='drop' direction='in' priority='600'>
// Filter behavior is discard, Direction is inbound, and priority is 600
<ipsrcipaddr='192.168.1.0' srcipmask='24'/>
// the specified source IP address is 192.168.1.0/24
</rule>
// function name.
Libvirt stores the nwfilter filter rule (r) in a rule base. In this embodiment, the mac address of the network card is used as the network card information, Libvirt obtains the mac address 52:54:00:11:22:33 of the network card of the virtual machine a, and accordingly converts the nwfilter filtering rule (r) into the flow table rule a1 as follows:
priority=600,ip,dl_dst=52:54:00:11:22:33,nw_src=192.168.1.0/24 actions=drop
the// priority is 600, the virtual machine network card mac address is 52:54:00:11:22:33, the source IP address is 192.168.1.0/24, and the filtering action is discard.
The Libvirt call OVS-ofctl command then causes the OVS virtual switch to add the flow table rule a1 to the flow table so that the OVS virtual switch can use the flow table rule a1 to filter network traffic for virtual machine a. The OVS virtual switch acquires a network protocol, a source IP address, a destination IP address, a source port name, a destination port name, a source mac address and a destination mac address of a data packet each time the OVS virtual switch receives the data packet. Assuming that the current packet is sent to the virtual machine a by the virtual machine with the IP address of 192.168.1.0/24, the source IP address of the packet is the malicious IP address 192.168.1.0/24, the destination mac address is the network card mac address of the virtual machine a, the OVS virtual switch queries the flow table rule in the flow table according to the packet source IP address, finds the flow table rule a1, the network card mac address of the virtual machine is the same as the destination mac address of the packet, and the specified source IP address is the same as the source IP address of the packet, that is, the flow table rule a1 matches the packet, so the packet is discarded according to the filtering action of the flow table rule a1, and thus the virtual machine with the IP address of 192.168.1.0/24 is prohibited from accessing the virtual machine a. Assuming that the next data packet is sent to virtual machine a by the virtual machine with an IP address of 192.168.1.1/23 (not the malicious IP address), the source IP address is 192.168.1.1/23, and the destination mac address is the network card mac address of virtual machine a. The OVS virtual switch queries the flow table rule in the flow table based on this, and although the destination mac address of the packet is the same as the virtual machine network card mac address of the flow table rule a1, the source IP address of the packet is not the specified source IP address 192.168.1.0/24 of the flow table rule a1, and therefore the packet does not match the flow table rule a1, and if no flow table rule that can be matched is found, the packet is forwarded to the virtual machine a, and the virtual machine with the IP address of 192.168.1.1/23 is allowed to access the virtual machine a.
Due to business requirements, a user creates a new virtual machine B, and 192.168.1.0/24 access to the virtual machine B is forbidden, namely nwfilter filtering rules are applied to filter network traffic of the virtual machine B. Therefore, the flow table rule generation flow executed by the user through the libvirt interface called by the virtualization management platform is as follows:
libvirt takes nwfilter filtering rule (r) out of the rule base, then obtains mac address 52:54:00:11:22:34 of network card of virtual machine B, and converts nwfilter filtering rule (r) into flow table rule B as follows according to the mac address:
priority=600,ip,dl_dst=52:54:00:11:22:34,nw_src=192.168.1.0/24 actions=drop
the// priority is 600, the virtual machine network card mac address is 52:54:00:11:22:34, the source IP address is 192.168.1.0/24, and the filtering action is discard.
Libvirt then invokes the OVS-ofctl command to cause the OVS virtual switch to add this flow table rule b to the flow table. The OVS virtual switch acquires a network protocol, a source IP address, a destination IP address, a source port name, a destination port name, a source mac address and a destination mac address of a data packet each time the OVS virtual switch receives the data packet. Assuming that the current packet is sent to the virtual machine B by the virtual machine with the IP address of 192.168.1.0/24, the source IP address of the packet is 192.168.1.0/24, the destination mac address is the network card mac address of the virtual machine B, the OVS virtual switch queries the flow table rule in the flow table according to the above, finds the flow table rule B, the network card mac address of the virtual machine is the same as the destination mac address of the packet, and the specified source IP address is the same as the source IP address of the packet, that is, the flow table rule B matches the packet, so that the packet is discarded according to the filtering action of the flow table rule B, and thus the virtual machine with the IP address of 192.168.1.0/24 is prohibited from accessing the virtual machine B.
Example two
Assuming that a user wants to prohibit the virtual machine A from accessing the malicious IP address 192.168.1.0/24, the filtering item is configured as the destination IP address 192.168.1.0/24 in the web interface of the virtualization management platform, and the filtering action is configured to be discarded. After the user configures the filtering items and the filtering behaviors, the virtual machine A is selected as a virtual machine which needs to filter network traffic according to the filtering items and the filtering behaviors, the virtualization management platform calls a libvirt interface of a host machine, and the filtering items, the filtering behaviors and the virtual machine A information configured by the user are sent to the libvirt, so that the libvirt executes a rule flow table generating process as follows:
according to a filtering item 'destination IP address 192.168.1.0/24' configured by a user and a filtering behavior 'discard', libvirt creates a corresponding nwfilter filtering rule (II) as follows:
<rule action='drop' direction='out' priority='700'>
// the filtering behavior is discard, direction is outbound, and priority is 700
<ipdstipaddr='192.168.1.0' dstipmask='24'/>
// destination IP Address is 192.168.1.0/24
</rule>
// function name.
Libvirt stores the nwfilter filtering rule (II) in a rule base. In this embodiment, the network card port name is used as the network card information to obtain the network card port name vnet4 of the virtual machine a, and accordingly, the nwfilter filtering rule is converted into the flow table rule a2 as follows:
priority=700,ip,in_port=vnet4,nw_dst=192.168.1.0/24 actions=drop
the// priority is 700, the port name of the virtual machine network card is vnet4, the destination IP address is 192.168.1.0/24, and the filtering action is discard.
The Libvirt call OVS-ofctl command then causes the OVS virtual switch to add this flow table rule a2 to the flow table. When the OVS virtual switch receives a data packet, the protocol, the source IP address, the destination IP address, the source port name, the destination port name, the source mac address and the destination mac address of the data packet are obtained. Assuming that the packet is sent by the virtual machine a to the virtual machine with an IP address of 192.168.1.0/24, the destination IP address of the packet is 192.168.1.0/24, the source port name is the network card port name of the virtual machine a, the OVS virtual switch queries the flow table rule in the flow table accordingly, finds the flow table rule a2, the port name of the virtual machine network card is the same as the source port name of the packet, the specified destination IP address is the same as the destination IP address of the packet, that is, the flow table rule a1 matches the packet, so that the packet is discarded according to the filtering action of the flow table rule a2, and thus the access of the virtual machine a to the virtual machine with an IP address of 192.168.1.0/24 is intercepted.
EXAMPLE III
In the embodiment, all devices are prohibited from accessing the virtual machine a in the default initial state, and when a user wants to allow 192.168.1.1/23 access to the virtual machine a, the user logs in the web interface of the virtualization management platform, configures the filtering item as the source IP address 192.168.1.1/23 in the web interface of the virtualization management platform, and configures the filtering behavior as passing. Then after the user configures the filtering item and the filtering behavior, selecting the virtual machine a as a virtual machine which needs to filter the network traffic according to the filtering item and the filtering behavior, so that the virtualization management platform calls a libvirt interface of the host machine and sends the filtering item, the filtering behavior and the virtual machine a information configured by the user to the libvirt, thereby enabling the libvirt to execute a flow table rule generation flow as follows:
according to the filtering item 'source IP address 192.168.1.1/23' and the filtering behavior 'release' configured by the user, libvirt creates a corresponding nwfilter filtering rule (c) as follows:
<rule action=' accept ' direction='in' priority='600'>
// Filter behavior is clear, Direction is inbound, priority is 600
<ipsrcipaddr='192.168.1.1' srcipmask='23'/>
// the specified source IP address is 192.168.1.1/23
</rule>
// function name.
Libvirt stores the nwfilter filtering rule (c) in a rule base. In this embodiment, the mac address of the network card is used as the network card information, Libvirt obtains the mac address 52:54:00:11:22:33 of the network card of the virtual machine a, and accordingly converts the nwfilter filtering rule 3 into the flow table rule a3 as follows:
priority=600,ip,dl_dst=52:54:00:11:22:33,nw_src=192.168.1.1/23 actions= normal
the// priority is 600, the virtual machine network card mac address is 52:54:00:11:22:33, the source IP address is 192.168.1.1/23, and the filtering behavior is pass.
The Libvirt call OVS-ofctl command then causes the OVS virtual switch to add this flow table rule a3 to the flow table. The OVS virtual switch acquires a network protocol, a source IP address, a destination IP address, a source port name, a destination port name, a source mac address and a destination mac address of a data packet each time the OVS virtual switch receives the data packet. Assuming that the current packet is sent to the virtual machine a by the virtual machine with the IP address of 192.168.1.1/23, the source IP address of the packet is 192.168.1.1/23, the destination mac address is the network card mac address of the virtual machine a, the OVS virtual switch queries the flow table rule in the flow table according to the above, finds the flow table rule a3, the network card mac address of the virtual machine is the same as the destination mac address of the packet, and the specified source IP address is the same as the source IP address of the packet, that is, the flow table rule a3 matches the packet, so that the packet is forwarded to the virtual machine a according to the filtering action of the flow table rule a3, and thus the virtual machine with the IP address of 192.168.1.1/23 is allowed to access the virtual machine a. Assuming that the data packet is sent to the virtual machine a by the virtual machine with the IP address of 192.168.1.0/24, the source IP address is 192.168.1.0/24, and the destination mac address is the network card mac address of the virtual machine a. The OVS virtual switch queries the flow table rule in the flow table based on this, and although the destination mac address of the packet is the same as the virtual machine network card mac address of the flow table rule a3, the source IP address of the packet is not the specified source IP address of the flow table rule a3, the packet does not match the flow table rule a3, and if no flow table rule that can be matched is found, the packet is discarded, so that the virtual machine with the IP address 192.168.1.0/24 is prohibited from accessing the virtual machine a.
The above description is only the embodiments of the present invention, and the scope of protection is not limited thereto. The insubstantial changes or substitutions will now be made by those skilled in the art based on the teachings of the present invention, which fall within the scope of the claims.

Claims (9)

1. A method for managing flow table rules of OVS by libvirt is characterized by comprising the following steps:
A. according to the input of a user, creating a corresponding nwfilter filtering rule;
B. converting the nwfilter filtering rule into a flow table rule according to network card information of a virtual machine needing network flow filtering;
C. and adding the flow table rule into the OVS virtual switch so that the OVS virtual switch can use the flow table rule to filter the network flow of the virtual machine.
2. The method of libvirt to manage flow table rules of OVSs as claimed in claim 1 wherein: the network card information includes a mac address and/or a port name.
3. The method of libvirt to manage flow table rules of OVSs as claimed in claim 1 wherein: in the step a, a corresponding nwfilter filtering rule is specifically created according to the filtering items and filtering behaviors configured by the user.
4. The method of libvirt to manage flow table rules of OVSs as claimed in claim 3 wherein: the filtering behavior comprises dropping or allowing and/or the filtering entries comprise one or more of a network protocol type, a source IP address, a destination IP address, a source port name, and a destination port name.
5. The method of libvirt to manage flow table rules of OVSs as claimed in claim 1 wherein: and if a new virtual machine is created and the created nwfilter filtering rule needs to be applied to filter the network traffic of the virtual machine, executing the step B and the step C on the virtual machine.
6. The method of libvirt to manage flow table rules of OVSs as claimed in claim 1 wherein: and step C is specifically to add the flow table rule to the flow table of the OVS virtual switch.
7. The method of libvirt to manage flow table rules for OVSs as claimed in claim 6 wherein: the step C is specifically to add the flow table rule to the flow table of the OVS virtual switch by an OVS-ofctl command.
8. A computer-readable storage medium having stored thereon an executable computer program, characterized by: the computer program when executed implements a method of libvirt managing flow table rules of an OVS as claimed in any one of claims 1 to 7.
9. A virtualization management system comprises a virtualization management platform and a host machine in communication connection with the virtualization management platform, wherein a virtual machine runs on the host machine, and the virtualization management system is characterized in that: the host machine comprising the computer-readable storage medium of claim 8.
CN202111000105.3A 2021-08-30 2021-08-30 Method, storage medium and system for libvirt to manage flow table rules of OVS Pending CN113438170A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111000105.3A CN113438170A (en) 2021-08-30 2021-08-30 Method, storage medium and system for libvirt to manage flow table rules of OVS

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111000105.3A CN113438170A (en) 2021-08-30 2021-08-30 Method, storage medium and system for libvirt to manage flow table rules of OVS

Publications (1)

Publication Number Publication Date
CN113438170A true CN113438170A (en) 2021-09-24

Family

ID=77798285

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111000105.3A Pending CN113438170A (en) 2021-08-30 2021-08-30 Method, storage medium and system for libvirt to manage flow table rules of OVS

Country Status (1)

Country Link
CN (1) CN113438170A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108322467A (en) * 2018-02-02 2018-07-24 云宏信息科技股份有限公司 Virtual firewall configuration method, electronic equipment and storage medium based on OVS
CN112052076A (en) * 2020-10-10 2020-12-08 苏州浪潮智能科技有限公司 Method and device for managing dpdk vhostter network card based on libvirt

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108322467A (en) * 2018-02-02 2018-07-24 云宏信息科技股份有限公司 Virtual firewall configuration method, electronic equipment and storage medium based on OVS
CN112052076A (en) * 2020-10-10 2020-12-08 苏州浪潮智能科技有限公司 Method and device for managing dpdk vhostter network card based on libvirt

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
赵欢欢: ""虚拟机流量安全防护策略的设计与实现"", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 *

Similar Documents

Publication Publication Date Title
US10452422B2 (en) Method and apparatus for deploying virtual machine instance, and device
US11025647B2 (en) Providing a virtual security appliance architecture to a virtual cloud infrastructure
US11533340B2 (en) On-demand security policy provisioning
US10411951B2 (en) Network policy conflict detection and resolution
CN105100026B (en) A kind of safe retransmission method of message and device
US7826393B2 (en) Management computer and computer system for setting port configuration information
CN110784400B (en) N: 1 method, system and standby service gateway for redundancy of stateful application gateway
EP3337097A1 (en) Network element upgrading method and device
CN112130957B (en) Method and system for using intelligent network card for breaking through virtualization isolation of container
WO2023056722A1 (en) Distributed firewall definition method and system
JP7101308B2 (en) High-speed transfer table creation
US10243799B2 (en) Method, apparatus and system for virtualizing a policy and charging rules function
WO2020151482A1 (en) Information query method, apparatus, device, and storage medium
CN112600903B (en) Elastic virtual network card migration method
CN111371608B (en) Method, device and medium for deploying SFC service chain
CN112491789A (en) OpenStack framework-based virtual firewall construction method and storage medium
CN104168200A (en) Open vSwitch-based method and system for realizing ACL function
EP3461083B1 (en) Data processing method and device
CN113438170A (en) Method, storage medium and system for libvirt to manage flow table rules of OVS
CN113472812B (en) Message data processing method and device and computer readable storage medium
JP5958639B2 (en) Switches and programs
CN111371683B (en) Network connection path judgment method, equipment and communication system
KR20180041976A (en) SDN for preventing malicious application and Determination apparatus comprising the same
CN113225267A (en) Intelligent flow distribution method and device
KR20010047997A (en) Method for keeping directory enabled network security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210924

RJ01 Rejection of invention patent application after publication