CN113709194A - Cloud resource access method, device and system and computing equipment - Google Patents

Cloud resource access method, device and system and computing equipment Download PDF

Info

Publication number
CN113709194A
CN113709194A CN202010430913.2A CN202010430913A CN113709194A CN 113709194 A CN113709194 A CN 113709194A CN 202010430913 A CN202010430913 A CN 202010430913A CN 113709194 A CN113709194 A CN 113709194A
Authority
CN
China
Prior art keywords
work order
tic
cloud
enterprise
government
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010430913.2A
Other languages
Chinese (zh)
Other versions
CN113709194B (en
Inventor
朱益佳
吕昶
徐詹超
吴越
王延长
张卷卷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Zhejiang Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Zhejiang Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Zhejiang Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202010430913.2A priority Critical patent/CN113709194B/en
Publication of CN113709194A publication Critical patent/CN113709194A/en
Application granted granted Critical
Publication of CN113709194B publication Critical patent/CN113709194B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06316Sequencing of tasks or work
    • G06Q50/40
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Abstract

The embodiment of the invention relates to the technical field of communication, and discloses a method, a device, a system and a computing device for accessing cloud resources, wherein the method comprises the following steps: acquiring service ordering information of client equipment; generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service ordering information; calling an EOMS system according to the network opening work order so that the EOMS system establishes communication connection between the client equipment and a private network of the government enterprise according to the network opening work order; calling a cloud management platform according to the TIC configuration work order so that the cloud management platform generates vCPE, and configuring the TIC and the government cloud according to the TIC configuration work order so that the TIC is in communication connection with the government cloud; and calling the SDN controller according to the SDN configuration work order so that the SDN controller establishes a vxlan tunnel from the client equipment to the vCPE based on the government-enterprise private network according to the SDN configuration work order, and connecting the client equipment with the vCPE so as to realize that the client equipment accesses TIC-connected administrative enterprise cloud resources. Through the mode, the embodiment of the invention realizes high-efficiency cloud resource access.

Description

Cloud resource access method, device and system and computing equipment
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a method, a device and a system for cloud resource access and computing equipment.
Background
With the continuous rise of medium and small enterprises, the access requirements among enterprise branches and between enterprise administrative enterprises and clouds are increasing day by day, and the current data private line mainly adopts the MPLS VPN private line.
The MPLS VPN private line relies on a carrier network, a virtual network is constructed through an MPLS label switching technology, enterprises can access enterprise branches or resources in a government enterprise cloud through the virtual private line, and meanwhile different enterprise users are isolated through the VPN technology, so that safe and reliable network access is provided.
The access requirements among enterprises and between the enterprises and the administrative enterprises and clouds are realized by adopting a MPLS VPN private line mode, and each enterprise user is required to establish a VPN and manually perform the related configuration of the VPN on client equipment, so that the cloud resource access efficiency is low.
Disclosure of Invention
In view of the above problems, embodiments of the present invention provide a method, an apparatus, a system and a computing device for cloud resource access, which are used to solve the problem in the prior art that the cloud resource access efficiency is low.
According to an aspect of an embodiment of the present invention, there is provided a method for cloud resource access, the method including:
acquiring service ordering information of client equipment;
generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service ordering information;
calling an EOMS system according to the network opening work order so that the EOMS system establishes communication connection between the client equipment and a private network of a government enterprise according to the network opening work order;
calling a cloud management platform according to the TIC configuration work order so that the cloud management platform generates vCPE, and configuring the TIC and the government-enterprise cloud according to the TIC configuration work order by the cloud management platform so that the TIC is in communication connection with the government-enterprise cloud;
and calling an SDN controller according to the SDN configuration work order so that the SDN controller establishes a vxlan tunnel from the client equipment to the vCPE based on the government-enterprise private network according to the SDN configuration work order, and the client equipment is connected with the vCPE so as to realize that the client equipment accesses the government-enterprise cloud resources connected with the TIC.
In an optional manner, the invoking a cloud management platform according to the TIC configuration work order to configure the TIC and the government-enterprise cloud according to the TIC configuration work order, so that the TIC is communicatively connected to the government-enterprise cloud, includes:
and the cloud management platform establishes communication connection between a first core switch of the TIC and a second core switch of the administrative enterprise cloud according to the TIC configuration work order.
In an optional manner, after the cloud management platform establishes a communication connection between a first core switch of the TIC and a second core switch of the enterprise cloud according to the TIC configuration work order, the method further includes:
the cloud management platform establishes a VRF for the customer equipment on the vCPE and a second core switch of the administrative enterprise cloud to identify the customer equipment.
In an optional manner, the method for establishing a communication connection between the client device and the private network of the government enterprise by using the EOMS system according to the network provisioning work order includes:
and the EOMS system establishes communication connection between the client equipment and the MCE according to the network opening work order, and the client equipment is communicated with the MCE through the MPLS VPN private line.
In an optional manner, the SDN configuration work order includes a network address of the client device, and the invoking an SDN controller according to the SDN configuration work order causes the SDN controller to establish a vxlan tunnel from the client device to the vCPE based on the political enterprise network according to the SDN configuration work order, so that the client device is connected to the vCPE to enable the client device to access the TIC-connected political enterprise cloud resources includes:
the SDN controller takes the network address of the client device as a vxlan tunnel address, and establishes a vxlan tunnel between the client device and the vCPE;
the SDN controller establishes a VSI on the vCPE to identify the customer equipment, and the VSI is in one-to-one correspondence with the network address of the customer equipment.
According to another aspect of the embodiments of the present invention, there is provided an apparatus for cloud resource access, the apparatus including:
the acquisition module is used for acquiring the service ordering information of the client equipment;
the generating module is used for generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service ordering information;
the first calling module is used for calling an EOMS system according to the network opening work order so that the EOMS system establishes communication connection between the client equipment and a private network of a government enterprise according to the network opening work order;
the second calling module is used for calling a cloud management platform according to the TIC configuration work order so that the cloud management platform can generate vCPE, and the cloud management platform can configure TIC and the government and enterprise cloud according to the TIC configuration work order so that the TIC is in communication connection with the government and enterprise cloud;
a third calling module, configured to call an SDN controller according to the SDN configuration work order, so that the SDN controller establishes a vxlan tunnel from the client device to the vCPE based on the government-enterprise private network according to the SDN configuration work order, and connects the client device with the vCPE, so that the client device accesses a TIC-connected government-enterprise cloud resource.
According to still another aspect of an embodiment of the present invention, there is provided a computing device including: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the cloud resource access method.
According to still another aspect of the embodiments of the present invention, there is provided a cloud resource access system, including: the system comprises an arrangement center, an EOMS system, a cloud management platform and an SDN controller;
the orchestration center is in communication connection with the EOMS system, the cloud management platform, and the SDN controller;
the arrangement center is used for acquiring service ordering information of client equipment and generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service ordering information;
the orchestration center calls the EOMS system according to the network opening work order, calls the cloud management platform according to the TIC configuration work order, and calls the SDN controller according to the SDN configuration work order;
the EOMS system establishes communication connection between the client equipment and a private network of a government enterprise according to the network opening work order;
the cloud management platform generates vCPE, and configures the TIC and the government-enterprise cloud according to the TIC configuration work order, so that the TIC is in communication connection with the government-enterprise cloud;
and the SDN controller establishes a vxlan tunnel from the client equipment to the vCPE based on the government-enterprise private network according to the SDN configuration work order, so that the client equipment is connected with the vCPE, and the client equipment can access the government-enterprise cloud resources connected with the TIC.
In an optional manner, the cloud pipe platform comprises a first core switch, and the administrative enterprise cloud comprises a second core switch; the cloud management platform establishes communication connection between the first core switch and the second core switch, so that the TIC is in communication connection with the administrative enterprise cloud.
In an optional mode, the private government-enterprise network comprises an MCE and an MPLS VPN private line, and the client device and the MCE are communicated through the MPLS VPN private line. .
The arrangement center in the embodiment of the invention generates a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service order information of the client, and each work order respectively executes corresponding functions, so that the client can access the cloud resources of the administrative enterprise. According to the embodiment of the invention, when a client accesses, the cloud resource access process from the client to the cloud end of the government enterprise is carried out through the arranging center, so that the complex process of manually configuring the VPN in the prior art is avoided, and the cloud resource access efficiency is improved.
The foregoing description is only an overview of the technical solutions of the embodiments of the present invention, and the embodiments of the present invention can be implemented according to the content of the description in order to make the technical means of the embodiments of the present invention more clearly understood, and the detailed description of the present invention is provided below in order to make the foregoing and other objects, features, and advantages of the embodiments of the present invention more clearly understandable.
Drawings
The drawings are only for purposes of illustrating embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart illustrating a method for cloud resource access according to an embodiment of the present invention;
fig. 2 shows a functional block diagram of a cloud resource access apparatus according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram illustrating a cloud resource access system according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computing device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein.
Fig. 1 shows a flowchart of a method for accessing cloud resources according to an embodiment of the present invention. As shown in fig. 1, the method comprises the steps of:
step 110: service subscription information of the client device is obtained.
In the step, the customer orders the business through an e-commerce self-service interface in the customer equipment and generates business ordering information. The client in the embodiment of the invention is a government-enterprise client, and the business in the embodiment of the invention is a government-enterprise cloud resource ordering business, namely, a business for opening and accessing government-enterprise cloud resources by the government-enterprise client. The service ordering information comprises information such as an IP address, a cloud resource address, required bandwidth and opening time of the client equipment. And after the self-service interface of the client generates service ordering information, the ordering information is sent to an arrangement center for service processing. The arranging center acquires service ordering information of the client equipment.
It should be understood that the premise of service subscription in the e-commerce self-service interface is that a customer is a registered customer of the e-commerce self-service interface, and if the customer is not registered in the e-commerce self-service interface, the customer needs to be registered before service subscription can be performed.
Step 120: and generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service ordering information.
In this step, after receiving the service subscription information, the orchestration center automatically allocates a multi-vpn-instance user boundary equipment (MCE) downlink address to the client device from an address resource pool maintained by the orchestration center, so that the client device accesses the private network of the government and enterprise through the downlink address. And the arrangement center extracts information related to the field construction part from the order information to form a network opening work order. In a specific embodiment, the network provisioning work order includes an MCE downlink address, an IP address and port resources of the client, and the like. And extracting information related to virtual client provider edge (vCPE) creation and internal network opening in the ordering information to form a TIC configuration work order. In a specific embodiment, the TIC configuration work order includes: the MCE is used for receiving the IP address of the client device, and the cloud resource address is used for receiving the IP address of the client device. Extracting information related to a Software Defined Network (SDN) in the order information to form an SDN configuration worksheet. In a specific embodiment, the SDN configuration work order includes an IP address of the client device, a cloud resource address, and the like.
Step 130: and calling the EOMS system according to the network opening work order so that the EOMS system establishes communication connection between the client equipment and the private network of the government enterprise according to the network opening work order.
The Electronic Operation and Maintenance System (EOMS) acquires a network opening work order and informs EOMS operation and maintenance personnel to carry out offline construction according to the network opening work order, so that communication connection between customer equipment and a private network of a government enterprise is established. The EOMS system informs EOMS operation and maintenance personnel to establish an MPLS VPN private line between the client equipment and the MCE according to a network opening work order so that the client equipment can communicate with the MCE in the government and enterprise private network through the MPLS VPN private line.
Step 140: and calling the cloud management platform according to the TIC configuration work order so that the cloud management platform generates vCPE, and configuring the TIC and the government cloud according to the TIC configuration work order so that the TIC is in communication connection with the government cloud.
In this step, the cloud pipe platform includes a TIC, and the TIC in the embodiment of the present invention is an edge TIC. After the cloud management platform is called in the programming center, the cloud management platform calls a virtualized core network element (VNFM) and a Virtualized Infrastructure Manager (VIM) to generate a virtual client device (vCPE). vcpes, also known as cloud CPEs, use software-based functionality instead of proprietary hardware, and may be firewalls, border gateways, routers, VPNs, etc. The vCPE is used as a gateway of the customer equipment, is unique to different customer equipment, and can realize the mutual access among different customer equipment through the vCPE, thereby realizing the intercommunication among enterprises. The vCPE in the TIC is a core network element, has 4 interfaces, is respectively an interconnection interface with a client side, an access public network interface, an access government enterprise cloud interface and a management network interface, and is used as a network control point, and has the following capabilities:
(1) the gateway of the user has DHCP and NAT capabilities;
(2) bandwidth control point: the method has the advantages that the speed limit of site-to-DC and site-to-site is realized based on the interface;
(3) network connection points: realizing the special cloud line services such as site-to-DC, site-to-site and the like; when the bandwidth needs to be adjusted, the SDN controller sends a bandwidth adjustment instruction through a preset protocol to modify Qos configuration parameters on a MCE downlink port and a port of a cloud GW (gateway) connected with a cloud PE (provider edge), so that the bandwidth is dynamically adjusted.
On the MCE, the vCPE network segment route in the TIC is externally issued through the MPLS VPN, and the network SDN controller address is externally issued through the MPLS VPN, so that the routing among the customer equipment, the vCPE and the network SDN controller can be reached.
And an SDN network is adopted in the TIC for networking, the SDN network is designed by an Ethernet VPN technology, and a standard spine-leaf architecture is adopted. The TIC comprises a first core switch, the administrative enterprise cloud comprises a second core switch, and the first core switch is in communication connection with the second core switch, so that the MCE equipment in the TIC is connected to the administrative enterprise cloud. In the government-enterprise cloud, the MCE equipment and the second core switch are three-layer interconnected. And each vCPE is connected with an interface of the administrative enterprise cloud and is configured with a two-layer network.
Step 150: and calling the SDN controller according to the SDN configuration work order so that the SDN controller establishes a vxlan tunnel from the client equipment to the vCPE based on the government-enterprise private network according to the SDN configuration work order, and connecting the client equipment with the vCPE so as to realize that the client equipment accesses TIC-connected administrative enterprise cloud resources.
In the step, the customer equipment and the TIC are communicated through a special MPLS VPN line, and the SDN controller creates a vxlan tunnel from the customer to the vCPE in the TIC on the basis of the special MPLS VPN line according to the SDN configuration work order, so that the customer can access the vCPE in the TIC. A communication network is established between the vCPE and the administrative enterprise cloud, so that after a customer accesses the vCPE in the TIC, the administrative enterprise cloud can be accessed. When a vxlan tunnel between a client and a TIC is created, the SDN controller takes a network address of the client device contained in the SDN configuration work order as an address of the vxlan tunnel, and identifies the client device on a vCPE through a Virtual Switch Interface (VSI). The VSI corresponds to the network address of the client device one by one, and different clients can be distinguished through the VSI.
The arrangement center in the embodiment of the invention generates a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service order information of the client, and each work order respectively executes corresponding functions, so that the client can access the cloud resources of the administrative enterprise. According to the embodiment of the invention, when a client accesses, the cloud resource access process from the client to the cloud end of the government enterprise is carried out through the arranging center, so that the complex process of manually configuring the VPN in the prior art is avoided, and the cloud resource access efficiency is improved.
In some embodiments, the cloud management platform establishes a VRF for the customer equipment on the vCPE and a second core switch of the enterprise cloud, enabling the vCPE to connect to the enterprise cloud to access resources of the enterprise cloud. The VRF is unique for different customer equipment, so that the VRF can uniquely identify the vCPE, and isolation among different customer equipment is realized.
In some embodiments, after the customer accesses the TIC connected government cloud, the cloud management platform creates a Virtual Private Cloud (VPC) corresponding to the customer in the government cloud. When a client accesses the TIC-connected government enterprise cloud, the VPC resource in the government enterprise cloud is accessed, and therefore information security is achieved.
In some embodiments, the orchestration center receives cloud resource access results returned by the EOMS system, the cloud management platform, and the SDN controller, and if each result shows that the provisioning is successful, it is determined that the service ordering of the customer is successful. And the arrangement center sends feedback information of successful cloud resource access to the user terminal.
Fig. 2 shows a functional block diagram of an apparatus for cloud resource access according to another embodiment of the present invention. As shown in fig. 2, the apparatus includes: an obtaining module 210, a generating module 220, a first calling module 230, a second calling module 240, and a third calling module 250. The obtaining module 210 is configured to obtain service subscription information of the client device. The generating module 220 is configured to generate a network provisioning work order, a TIC configuration work order, and an SDN configuration work order according to the service ordering information. The first invoking module 230 is configured to invoke the EOMS system according to the network provisioning work order, so that the EOMS system establishes a communication connection between the client device and the private network of the government enterprise according to the network provisioning work order. The second calling module 240 is configured to call a cloud management platform according to the TIC configuration work order, so that the cloud management platform generates a vCPE, and the cloud management platform configures the TIC and the government and enterprise cloud according to the TIC configuration work order, so that the TIC is in communication connection with the government and enterprise cloud. The third invoking module 250 is configured to invoke an SDN controller according to the SDN configuration work order, so that the SDN controller establishes a vxlan tunnel from the client device to the vCPE based on the government-enterprise private network according to the SDN configuration work order, and connects the client device with the vCPE, so as to enable the client device to access a TIC-connected government-enterprise cloud resource.
In an optional manner, the cloud management platform establishes a communication connection between a first core switch of the TIC and a second core switch of the administrative enterprise cloud according to the TIC configuration work order.
In an optional manner, the cloud management platform establishes a VRF for the customer equipment on the vCPE and a second core switch of the enterprise cloud to identify the customer equipment.
In an optional mode, the private network of the government and enterprise includes a private line of an MPLS VPN, the EOMS system establishes a communication connection between the client device and the MCE according to a work order opened by the network, and the client device and the MCE are connected through the private line of the MPLS VPN.
In an optional manner, the SDN configuration work order includes a network address of a client device, and the SDN controller establishes a vxlan tunnel between the client device and the vCPE by using the network address of the client device as a vxlan tunnel address; the SDN controller establishes a VSI on the vCPE to identify the customer equipment, and the VSI is in one-to-one correspondence with the network address of the customer equipment.
The arrangement center in the embodiment of the invention generates a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service order information of the client, and each work order respectively executes corresponding functions, so that the client can access the cloud resources of the administrative enterprise. According to the embodiment of the invention, when a client accesses, the cloud resource access process from the client to the cloud end of the government enterprise is carried out through the arranging center, so that the complex process of manually configuring the VPN in the prior art is avoided, and the cloud resource access efficiency is improved.
Fig. 3 is a schematic structural diagram of a cloud resource access system according to another embodiment of the present invention. As shown in fig. 2, the system includes orchestration center 200, EOMS system 300, cloud management platform 400, and SDN controller 500. The orchestration center 200 is in communication with the EOMS system 300, the cloud management platform 400, and the SDN controller 500; the arrangement center 200 is configured to obtain service order information of the client device, and generate a network provisioning work order, a TIC configuration work order, and an SDN configuration work order according to the service order information; the orchestration center 200 calls the EOMS system 300 according to the network provisioning work order, calls the cloud management platform 400 according to the TIC configuration work order, and calls the SDN controller 500 according to the SDN configuration work order; the EOMS system 300 establishes communication connection between the client equipment and a private network of a government enterprise according to the network opening work order; and the cloud management platform 400 generates vCPE, and the cloud management platform 400 configures the TIC and the government and enterprise cloud according to the TIC configuration work order, so that the TIC is in communication connection with the government and enterprise cloud. In TIC, the cloud management platform 400 calls VNFM and VIM to generate vCPE, supports the flexible expansion and contraction capacity of NFV resources, and implements applications such as generation, monitoring, closing, and resource recovery of vCPE as needed. The SDN controller 500 establishes a vxlan tunnel from the client device to the vCPE based on the government-enterprise private network according to the SDN configuration work order, so that the client device is connected with the vCPE, and the client device can access the government-enterprise cloud resources connected with the TIC.
The orchestration center 200 is equivalent to the brain of the whole business system, and is used for performing end-to-end business orchestration between a client and a cloud of government enterprises on the business opened by the client. Specifically, parameter information of cloud resource access is issued, and functions of elastic expansion of Network Function Virtualization (NFV) resources and distribution of network resources in a TIC (communication function virtualization) basic component of a telecom cloud are achieved.
The cloud management platform 400 configures the TIC and the government-enterprise cloud according to the TIC configuration work order, and establishes communication connection between a first core switch of the TIC and a second core switch of the government-enterprise cloud, so that the TIC is in communication connection with the government-enterprise cloud.
In some embodiments, after cloud management platform 400 establishes a communication connection between a first core switch of the TIC and a second core switch of the enterprise cloud according to the TIC configuration work order, cloud management platform 400 establishes a VRF for the customer device on the vCPE and the second core switch of the enterprise cloud to identify the different customer devices.
In the embodiment of the present invention, the private network of the government enterprise includes MCE and MPLS VPN private line, and the EOMS system 300 establishes the communication connection between the client device and the MCE according to the network release work order, thereby implementing the communication connection from the client device to the private network of the government enterprise. The client equipment and the MCE are connected through the MPLS VPN private line. And (3) distributing the vCPE network segment route to the outside through the MPLS VPN on the MCE. The address of the SDN controller 500 is also externally issued through the MPLS VPN, so that the IP routing among the client device, the cloud management platform, and the network SDN controller is reachable.
The SDN configuration work order includes a network address of the client device, and the SDN controller 500 establishes a vxlan tunnel between the client device and the vCPE by using the network address of the client device as a vxlan tunnel address; the SDN controller establishes a VSI on the vCPE so as to identify the customer equipment, and the VSI is in one-to-one correspondence with the network address of the customer equipment. The vxlan tunnel created by the SDN controller 500 is a vxlan two-layer tunnel, the starting point of the vxlan is the client device, and the ending point is the vCPE in the TIC.
Fig. 4 is a schematic structural diagram of a computing device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the computing device. The computing device provided by the embodiment of the invention can be applied to any component of the cloud resource access system.
As shown in fig. 4, the computing device may include: a processor (processor)402, a Communications Interface 404, a memory 406, and a Communications bus 408.
Wherein: the processor 402, communication interface 404, and memory 406 communicate with each other via a communication bus 408. A communication interface 404 for communicating with network elements of other devices, such as clients or other servers. The processor 402 is configured to execute the program 410, and may specifically perform the relevant steps in the embodiment of the cloud resource access method described above.
In particular, program 410 may include program code comprising computer-executable instructions.
The processor 402 may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured to implement embodiments of the present invention. The computing device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 406 for storing a program 410. Memory 406 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
Program 410 may be specifically invoked by processor 402 to cause a computing device to perform steps 110 through 170 of fig. 1.
An embodiment of the present invention provides a computer-readable storage medium, where the storage medium stores at least one executable instruction, and when the executable instruction is executed on a computing device/apparatus, the computing device/apparatus is caused to execute a method for cloud resource access in any of the above method embodiments.
Embodiments of the present invention provide a computer program, where the computer program can be called by a processor to enable a computing device to execute a method for cloud resource access in any of the above method embodiments.
Embodiments of the present invention provide a computer program product, where the computer program product includes a computer program stored on a computer-readable storage medium, and the computer program includes program instructions, when the program instructions are run on a computer, cause the computer to execute a method for cloud resource access in any of the above method embodiments.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the invention and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specified otherwise.

Claims (10)

1. A method for cloud resource access, the method comprising:
acquiring service ordering information of client equipment;
generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service ordering information;
calling an EOMS system according to the network opening work order so that the EOMS system establishes communication connection between the client equipment and a private network of a government enterprise according to the network opening work order;
calling a cloud management platform according to the TIC configuration work order so that the cloud management platform generates vCPE inside the TIC, and configuring the TIC and the administrative enterprise cloud by the cloud management platform according to the TIC configuration work order so that the TIC is in communication connection with the administrative enterprise cloud;
and calling an SDN controller according to the SDN configuration work order so that the SDN controller establishes a vxlan tunnel from the client equipment to the vCPE based on the government-enterprise private network according to the SDN configuration work order, and the client equipment is connected with the vCPE so as to realize that the client equipment accesses the government-enterprise cloud resources connected with the TIC.
2. The method of claim 1, wherein the invoking a cloud management platform according to the TIC configuration work order to cause the cloud management platform to configure the TIC and the government-enterprise cloud according to the TIC configuration work order so that the TIC is communicatively connected with the government-enterprise cloud comprises:
and the cloud management platform establishes communication connection between a first core switch of the TIC and a second core switch of the administrative enterprise cloud according to the TIC configuration work order.
3. The method of claim 2, wherein after the cloud management platform establishes the communication connection between the first core switch of the TIC and the second core switch of the administrative enterprise cloud according to the TIC configuration work order, the method further comprises:
the cloud management platform establishes a VRF for the customer equipment on the vCPE and a second core switch of the administrative enterprise cloud to identify the customer equipment.
4. The method as claimed in claim 1, wherein the private network of government and enterprise includes MCE and MPLS VPN private line, and the invoking of the EOMS system according to the network provisioning work order to enable the EOMS system to establish the communication connection between the client device and the private network of government and enterprise according to the network provisioning work order comprises:
and the EOMS system establishes communication connection between the client equipment and the MCE according to the network opening work order, and the client equipment is communicated with the MCE through the MPLS VPN private line.
5. The method of claim 1, wherein the SDN configuration work order comprises a network address of the client device, and wherein invoking an SDN controller according to the SDN configuration work order causes the SDN controller to establish a vxlan tunnel from the client device to the vCPE over the political enterprise private network according to the SDN configuration work order, and to connect the client device with the vCPE to enable the client device to access the TIC-connected political enterprise cloud resources comprises:
the SDN controller takes the network address of the client device as a vxlan tunnel address, and establishes a vxlan tunnel between the client device and the vCPE;
the SDN controller establishes a VSI on the vCPE to identify the customer equipment, and the VSI is in one-to-one correspondence with the network address of the customer equipment.
6. An apparatus for cloud resource access, the apparatus comprising:
the acquisition module is used for acquiring the service ordering information of the client equipment;
the generating module is used for generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service ordering information;
the first calling module is used for calling an EOMS system according to the network opening work order so that the EOMS system establishes communication connection between the client equipment and a private network of a government enterprise according to the network opening work order;
the second calling module is used for calling a cloud management platform according to the TIC configuration work order so that the cloud management platform can generate vCPE, and the cloud management platform can configure TIC and the government and enterprise cloud according to the TIC configuration work order so that the TIC is in communication connection with the government and enterprise cloud;
a third calling module, configured to call an SDN controller according to the SDN configuration work order, so that the SDN controller establishes a vxlan tunnel from the client device to the vCPE based on the government-enterprise private network according to the SDN configuration work order, and connects the client device with the vCPE, so that the client device accesses a TIC-connected government-enterprise cloud resource.
7. A computing device, wherein the computing device comprises: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the corresponding operation of the method for accessing the cloud resource according to any one of claims 1-5.
8. A cloud resource access system, the system comprising: the system comprises an arrangement center, an EOMS system, a cloud management platform and an SDN controller;
the orchestration center is in communication connection with the EOMS system, the cloud management platform, and the SDN controller;
the arrangement center is used for acquiring service ordering information of client equipment and generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service ordering information;
the orchestration center calls the EOMS system according to the network opening work order, calls the cloud management platform according to the TIC configuration work order, and calls the SDN controller according to the SDN configuration work order;
the EOMS system establishes communication connection between the client equipment and a private network of a government enterprise according to the network opening work order;
the cloud management platform generates vCPE, and configures the TIC and the government-enterprise cloud according to the TIC configuration work order, so that the TIC is in communication connection with the government-enterprise cloud;
and the SDN controller establishes a vxlan tunnel from the client equipment to the vCPE based on the government-enterprise private network according to the SDN configuration work order, so that the client equipment is connected with the vCPE, and the client equipment can access the government-enterprise cloud resources connected with the TIC.
9. The system of claim 8, wherein the cloud pipe platform comprises a first core switch, the enterprise cloud comprises a second core switch; the cloud management platform establishes communication connection between the first core switch and the second core switch, so that the TIC is in communication connection with the administrative enterprise cloud.
10. The system of claim 8, wherein the private government-enterprise network includes an MCE and a MPLS VPN private line, and wherein the customer equipment and the MCE communicate through the MPLS VPN private line.
CN202010430913.2A 2020-05-20 2020-05-20 Cloud resource access method, device, system and computing equipment Active CN113709194B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010430913.2A CN113709194B (en) 2020-05-20 2020-05-20 Cloud resource access method, device, system and computing equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010430913.2A CN113709194B (en) 2020-05-20 2020-05-20 Cloud resource access method, device, system and computing equipment

Publications (2)

Publication Number Publication Date
CN113709194A true CN113709194A (en) 2021-11-26
CN113709194B CN113709194B (en) 2023-07-14

Family

ID=78645611

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010430913.2A Active CN113709194B (en) 2020-05-20 2020-05-20 Cloud resource access method, device, system and computing equipment

Country Status (1)

Country Link
CN (1) CN113709194B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884810A (en) * 2022-03-25 2022-08-09 阿里云计算有限公司 Network data transmission method, access method and storage medium based on SDN
CN115776441A (en) * 2023-02-13 2023-03-10 北京天弛网络有限公司 SDN-based virtual private line service issuing method, device, medium and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107580065A (en) * 2017-09-15 2018-01-12 中国联合网络通信集团有限公司 A kind of private clound cut-in method and equipment
CN109617906A (en) * 2019-01-03 2019-04-12 中国联合网络通信集团有限公司 A kind of cut-in method and device of mixed cloud
CN111106991A (en) * 2018-10-29 2020-05-05 中国移动通信集团浙江有限公司 Cloud special line system and service issuing and opening method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107580065A (en) * 2017-09-15 2018-01-12 中国联合网络通信集团有限公司 A kind of private clound cut-in method and equipment
CN111106991A (en) * 2018-10-29 2020-05-05 中国移动通信集团浙江有限公司 Cloud special line system and service issuing and opening method thereof
CN109617906A (en) * 2019-01-03 2019-04-12 中国联合网络通信集团有限公司 A kind of cut-in method and device of mixed cloud

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884810A (en) * 2022-03-25 2022-08-09 阿里云计算有限公司 Network data transmission method, access method and storage medium based on SDN
CN115776441A (en) * 2023-02-13 2023-03-10 北京天弛网络有限公司 SDN-based virtual private line service issuing method, device, medium and electronic equipment
CN115776441B (en) * 2023-02-13 2023-04-28 北京天弛网络有限公司 SDN-based virtual private line service issuing method and device, medium and electronic equipment

Also Published As

Publication number Publication date
CN113709194B (en) 2023-07-14

Similar Documents

Publication Publication Date Title
US20200177543A1 (en) Default gateway extension
US20190253274A1 (en) Network interconnection service
US9203784B2 (en) Distributed virtual switch architecture for a hybrid cloud
US11070396B2 (en) Virtual cloud exchange system and method
US7574495B1 (en) System and method for managing interworking communications protocols
CN111866053B (en) Software defined network controller, method and computer readable storage medium
US10728327B2 (en) External injection of cloud based network functions into network services
US20160254968A1 (en) Dynamic troubleshooting workspaces for cloud and network management systems
US20170063614A1 (en) Provisioning network ports and virtual links
CN109788041B (en) SDN cloud network integrated system based on UTN network
US20210377185A1 (en) Tenant-driven dynamic resource allocation for virtual network functions
CN113709194B (en) Cloud resource access method, device, system and computing equipment
CN112602292B (en) Inter-slice sharing in a 5G core network
US20220350637A1 (en) Virtual machine deployment method and related apparatus
KR20180104377A (en) Method for inter-cloud virtual networking over packet optical transport network
CN113141266A (en) Network management system and method based on software defined network
US9794146B2 (en) Methods and systems for a monitoring device to execute commands on an attached switch
CN112187489B (en) Network management system and method based on software defined network
Ventre et al. Sdn-based ip and layer 2 services with an open networking operating system in the geant service provider network
EP3703314B1 (en) Method of deploying a network configuration in a datacenter having a point of presence
CN115002029A (en) Traffic forwarding method, device, equipment and storage medium
CN116208483A (en) Method for realizing high-availability bare metal service, related device and storage medium
Puthalath et al. Negotiating on-demand connectivity between clouds and wide area networks
WO2024099200A1 (en) Cloud service access method, and platform, device and storage medium
Xiong et al. Architecture Design of SDN Operating System Based on Linux Kernel

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant