CN113709194B - Cloud resource access method, device, system and computing equipment - Google Patents

Cloud resource access method, device, system and computing equipment Download PDF

Info

Publication number
CN113709194B
CN113709194B CN202010430913.2A CN202010430913A CN113709194B CN 113709194 B CN113709194 B CN 113709194B CN 202010430913 A CN202010430913 A CN 202010430913A CN 113709194 B CN113709194 B CN 113709194B
Authority
CN
China
Prior art keywords
cloud
tic
work order
network
vcpe
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010430913.2A
Other languages
Chinese (zh)
Other versions
CN113709194A (en
Inventor
朱益佳
吕昶
徐詹超
吴越
王延长
张卷卷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Zhejiang Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Zhejiang Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Zhejiang Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202010430913.2A priority Critical patent/CN113709194B/en
Publication of CN113709194A publication Critical patent/CN113709194A/en
Application granted granted Critical
Publication of CN113709194B publication Critical patent/CN113709194B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06316Sequencing of tasks or work
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/40Business processes related to the transportation industry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Marketing (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Physics & Mathematics (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Development Economics (AREA)
  • Educational Administration (AREA)
  • Computing Systems (AREA)
  • Game Theory and Decision Science (AREA)
  • Medical Informatics (AREA)
  • Computer Security & Cryptography (AREA)
  • Primary Health Care (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention relates to the technical field of communication, and discloses a cloud resource access method, a cloud resource access device, a cloud resource access system and a cloud resource access computing device, wherein the cloud resource access method comprises the following steps: acquiring service subscription information of client equipment; generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service subscription information; the EOMS system is singly used according to the network opening work order, so that the EOMS system establishes communication connection between the client equipment and the private network of the government enterprise according to the network opening work order; invoking the cloud management platform according to the TIC configuration work order to enable the cloud management platform to generate vCPE, and enabling the cloud management platform to configure the TIC and the government enterprise cloud according to the TIC configuration work order so that the TIC is in communication connection with the government enterprise cloud; and calling the SDN controller according to the SDN configuration worksheet, so that the SDN controller establishes a vxlan tunnel from the client device of the government enterprise private network to the vCPE according to the SDN configuration worksheet, and the client device is connected with the vCPE to realize that the client device accesses the government enterprise cloud resources connected with the TIC. Through the mode, the embodiment of the invention realizes high-efficiency cloud resource access.

Description

Cloud resource access method, device, system and computing equipment
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a cloud resource access method, device, system and computing equipment.
Background
With the continuous rise of small and medium enterprises, the access requirements between enterprise branches and enterprise administrative enterprises and clouds are increased, and the current data private line mainly adopts an MPLS VPN private line.
The MPLS VPN private line relies on the bearing network, and a virtual network is constructed through the MPLS label switching technology, so that enterprises can access resources in branches or government enterprises and clouds of the enterprises through the virtual private line, and different enterprise users are isolated by using the VPN technology, so that safe and reliable network access is provided.
And the access requirements between enterprises and administrative enterprises and clouds are realized by adopting an MPLS VPN private line mode, each enterprise user is accessed to establish a VPN and manually perform related configuration of the VPN on client equipment, and the cloud resource access efficiency is low.
Disclosure of Invention
In view of the above problems, embodiments of the present invention provide a method, an apparatus, a system, and a computing device for cloud resource access, which are used to solve the problem in the prior art that cloud resource access efficiency is low.
According to an aspect of an embodiment of the present invention, there is provided a method for cloud resource access, the method including:
acquiring service subscription information of client equipment;
generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service subscription information;
the EOMS system is singly used according to the network opening work order, so that the EOMS system establishes communication connection between the client equipment and the private network of the government and enterprise according to the network opening work order;
invoking a cloud management platform according to the TIC configuration work order to enable the cloud management platform to generate vCPE, and enabling the cloud management platform to configure TIC and the government enterprise cloud according to the TIC configuration work order to enable the TIC to be in communication connection with the government enterprise cloud;
and calling an SDN controller according to the SDN configuration work order, so that the SDN controller establishes a vxlan tunnel from the client device of the government enterprise private network to the vCPE according to the SDN configuration work order, and the client device is connected with the vCPE to realize that the client device accesses government enterprise cloud resources connected with the TIC.
In an optional manner, the calling a cloud management platform according to the TIC configuration work order, so that the cloud management platform configures the TIC and the government enterprise cloud according to the TIC configuration work order, so that the TIC is in communication connection with the government enterprise cloud, includes:
and the cloud management platform establishes communication connection between the first core switch of the TIC and the second core switch of the administrative cloud according to the TIC configuration work order.
In an optional manner, after the cloud management platform establishes a communication connection between the first core switch of the TIC and the second core switch of the administrative cloud according to the TIC configuration worksheet, the method further includes:
the cloud management platform establishes a VRF for the customer device on the vce and a second core switch of the government enterprise cloud to identify the customer device.
In an alternative manner, the private government enterprise network includes MCE and MPLS VPN private lines, and the enabling the EOMS system according to the network enabling job ticket to enable the EOMS system to establish a communication connection between the client device and the private government enterprise network according to the network enabling job ticket includes:
and the EOMS system establishes communication connection between the client equipment and the MCE according to the network opening worksheet, and the client equipment and the MCE are communicated through the MPLS VPN private line.
In an optional manner, the SDN configuration worksheet includes a network address of the client device, and the invoking the SDN controller according to the SDN configuration worksheet, so that the SDN controller establishes a vxlan tunnel from the client device to the vCPE based on the government-enterprise private network according to the SDN configuration worksheet, and connects the client device to the vCPE, so as to enable the client device to access the government-enterprise cloud resource connected by the TIC, including:
the SDN controller takes the network address of the client device as a vxlan tunnel address, and establishes a vxlan tunnel between the client device and the vCPE;
the SDN controller establishes a VSI on the vCPE to identify the client device, wherein the VSI corresponds to the network address of the client device one by one.
According to another aspect of the embodiment of the present invention, there is provided an apparatus for cloud resource access, including:
the acquisition module is used for acquiring service subscription information of the client equipment;
the generation module is used for generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service subscription information;
the first calling module is used for calling an EOMS system according to the network opening work order, so that the EOMS system establishes communication connection between the client equipment and the private network of the government enterprise according to the network opening work order;
the second calling module is used for calling a cloud management platform according to the TIC configuration work order to enable the cloud management platform to generate vCPE, and enabling the cloud management platform to configure the TIC and the government enterprise cloud according to the TIC configuration work order so that the TIC is in communication connection with the government enterprise cloud;
and the third calling module is used for calling the SDN controller according to the SDN configuration work order, so that the SDN controller establishes a vxlan tunnel from the client equipment of the government enterprise private network to the vCPE according to the SDN configuration work order, and the client equipment is connected with the vCPE to realize that the client equipment accesses TIC connected government enterprise cloud resources.
According to yet another aspect of an embodiment of the present invention, there is provided a computing device including: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is configured to store at least one executable instruction, where the executable instruction causes the processor to execute an operation corresponding to the cloud resource access method.
According to still another aspect of the embodiment of the present invention, there is provided a cloud resource access system, including: the system comprises an orchestration center, an EOMS system, a cloud management platform and an SDN controller;
the orchestration center is in communication connection with the EOMS system, the cloud management platform and the SDN controller;
the arrangement center is used for acquiring service order information of the client equipment and generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service order information;
the arrangement center calls the EOMS system according to the network opening worksheet, calls the cloud management platform according to the TIC configuration worksheet, and calls the SDN controller according to the SDN configuration worksheet;
the EOMS system establishes communication connection between the client equipment and a private network of a government enterprise according to the network opening work order;
the cloud management platform generates vCPE, and enables the cloud management platform to configure TIC and the government enterprise cloud according to the TIC configuration work order, so that the TIC is in communication connection with the government enterprise cloud;
and the SDN controller establishes a vxlan tunnel from the client equipment to the vCPE based on the government enterprise private network according to the SDN configuration work order, so that the client equipment is connected with the vCPE, and the client equipment accesses the government enterprise cloud resources connected with the TIC.
In an alternative manner, the Yun Guan platform includes a first core switch and the administrative cloud includes a second core switch; and the cloud management platform establishes communication connection before the first core switch and the second core switch so as to enable the TIC to be in communication connection with the government enterprise cloud.
In an alternative manner, the private government enterprise network includes an MCE and an MPLS VPN private line, and the client device and the MCE communicate through the MPLS VPN private line. .
According to the embodiment of the invention, the arrangement center generates the network opening work order, the TIC configuration work order and the SDN configuration work order according to the business order information of the client, and each work order respectively executes corresponding functions, so that the client accesses the administrative enterprise cloud resources. According to the embodiment of the invention, when a client is accessed, the cloud resource access flow from the client to the cloud of the government enterprise is carried out through the arrangement center, so that the complicated flow of manually configuring the VPN in the prior art is avoided, and the cloud resource access efficiency is improved.
The foregoing description is only an overview of the technical solutions of the embodiments of the present invention, and may be implemented according to the content of the specification, so that the technical means of the embodiments of the present invention can be more clearly understood, and the following specific embodiments of the present invention are given for clarity and understanding.
Drawings
The drawings are only for purposes of illustrating embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
fig. 1 shows a flow diagram of a method for cloud resource access according to an embodiment of the present invention;
FIG. 2 shows a functional block diagram of a cloud resource access device according to an embodiment of the present invention;
fig. 3 shows a schematic structural diagram of a cloud resource access system according to an embodiment of the present invention;
FIG. 4 illustrates a schematic diagram of a computing device provided by an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein.
Fig. 1 shows a flowchart of a method for cloud resource access according to an embodiment of the present invention. As shown in fig. 1, the method comprises the steps of:
step 110: service subscription information of the client device is acquired.
In this step, the client performs service subscription through the e-commerce self-service interface in the client device, and generates service subscription information. The clients in the embodiment of the invention are government enterprise clients, and the business referred in the embodiment of the invention is government enterprise cloud resource ordering business, namely, business that the government enterprise clients open to access government enterprise cloud resources. The service subscription information comprises information such as IP address, cloud resource address, required bandwidth, opening duration and the like of the client equipment. After the self-service interface of the client generates service order information, the order information is sent to an arrangement center for service processing. The orchestration center obtains service subscription information of the client device.
It should be understood that the premise of carrying out service subscription on the e-commerce self-service interface is that the client is a registered client of the e-commerce self-service interface, and if the client is not registered on the e-commerce self-service interface, service subscription can be carried out after registration.
Step 120: and generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service subscription information.
In this step, after receiving the service subscription information, the orchestration center automatically allocates a downlink address of a multi-instance user border equipment (multi-vpn-instance custom edge, MCE) of the private government-enterprise network to the client device from an address resource pool maintained by the orchestration center itself, so that the client device accesses the private government-enterprise network through the downlink address. The arrangement center extracts information related to the site construction part from the order information to form a network opening work order. In a specific embodiment, the network opening worksheet includes an MCE downlink address, a client IP address, port resources, and the like. And extracting information related to the creation of virtual client equipment (virtual custom provider edge, vCPE) and the opening of an internal network from the subscription information to form a TIC configuration work order. In a specific embodiment, the TIC configuration worksheet includes: MCE down-link address, IP address of client device, cloud resource address, etc. And extracting information related to the software defined network (software defined networking, SDN) from the subscription information to form an SDN configuration work order. In a specific embodiment, the SDN configuration worksheet includes an IP address of the client device, a cloud resource address or the like.
Step 130: and the EOMS system is singly used according to the network opening work order, so that the EOMS system establishes communication connection between the client equipment and the private network of the government and enterprise according to the network opening work order.
The electronic operation and maintenance system (electric operation maintenance system, EOMS) acquires the network opening work order and informs EOMS operation and maintenance personnel to perform downlink construction according to the network opening work order, so that communication connection between the client equipment and the private network of the government enterprise is established. The system comprises a client device, an enterprise private network, an Ethernet over coax system and an enterprise private network, wherein the enterprise private network comprises an MCE and an MPLS VPN private line, and the EOMS system informs EOMS operation and maintenance personnel to establish the MPLS VPN private line between the client device and the MCE according to a network opening worksheet so that the client device can communicate with the MCE in the enterprise private network through the MPLS VPN private line.
Step 140: and calling the cloud management platform according to the TIC configuration work order to enable the cloud management platform to generate vCPE, and enabling the cloud management platform to configure the TIC and the government enterprise cloud according to the TIC configuration work order so that the TIC is in communication connection with the government enterprise cloud.
In this step, the cloud tube platform includes TICs, which in the embodiment of the present invention are edge TICs. After the orchestration calls the cloud management platform, the cloud management platform calls a virtualized core network element (virtual network function manager, VNFM), a virtualized infrastructure manager (virtualised infrastructure manager, VIM) to generate a virtual client device (virtual custom provider edge, vCPE). vces, also known as cloud CPEs, use software-based functionality instead of proprietary hardware, and can be firewalls, border gateways, routers, VPNs, etc. The vCPE is used as a gateway of the customer equipment and is unique to different customer equipment, and mutual access among different customer equipment can be realized through the vCPE, so that intercommunication among enterprises is realized. The vCPE in TIC is a core network element, has 4 interfaces, which are respectively an interconnection interface with a client side, an access public network interface, an access government enterprise cloud interface and a management network interface, and has the following capabilities as a network control point:
(1) The gateway of the user has the DHCP and NAT capabilities;
(2) Bandwidth control point: speed limiting based on the interface to realize site-to-DC and site-to-site;
(3) Network connection point: cloud private line services such as site-to-DC, site-to-site and the like are realized; when bandwidth adjustment is needed, the SDN controller can send a bandwidth adjustment instruction through a preset protocol to modify Qos configuration parameters on an MCE downlink port and a port of the cloud PE butt-joint cloud GW, so that dynamic adjustment of bandwidth is realized.
On the MCE, the vCPE network segment route in the TIC is distributed outwards through the MPLS VPN, and the network SDN controller address is distributed outwards through the MPLS VPN, so that the route accessibility among the client equipment, the vCPE and the network SDN controller is realized.
An SDN network is adopted in the TIC, and the SDN is designed through an Ethernet VPN technology and adopts a standard spin-leaf architecture. The TIC comprises a first core switch, the administrative enterprise cloud comprises a second core switch, and the first core switch is in communication connection with the second core switch, so that MCE equipment in the administrative enterprise cloud on the TIC is realized. In the government enterprise cloud, the MCE device is interconnected with the second core switch three layers. Each vCPE is connected with an interface of the administrative enterprise cloud to configure a two-layer network.
Step 150: and calling the SDN controller according to the SDN configuration worksheet, so that the SDN controller establishes a vxlan tunnel from the client device of the government enterprise private network to the vCPE according to the SDN configuration worksheet, and the client device is connected with the vCPE to realize that the client device accesses the government enterprise cloud resources connected with the TIC.
In the step, the client equipment is communicated with the TIC through an MPLS VPN private line, and the SDN controller creates a vxlan tunnel from the client to the vCPE in the TIC on the basis of the MPLS VPN private line according to the SDN configuration work order, so that the client accesses the vCPE in the TIC. A communication network is established between the vce and the administrative cloud, so that after the customer accesses the vce in the TIC, the administrative cloud can be accessed. When creating a vxlan tunnel between a client and a TIC, the SDN controller uses a network address of a client device contained in an SDN configuration work sheet as an address of the vxlan tunnel, and identifies the client device on the vCPE through a virtual switching interface (virtual switch interface, VSI). The VSIs are in one-to-one correspondence with the network addresses of the client devices, and different clients can be distinguished through the VSIs.
According to the embodiment of the invention, the arrangement center generates the network opening work order, the TIC configuration work order and the SDN configuration work order according to the business order information of the client, and each work order respectively executes corresponding functions, so that the client accesses the administrative enterprise cloud resources. According to the embodiment of the invention, when a client is accessed, the cloud resource access flow from the client to the cloud of the government enterprise is carried out through the arrangement center, so that the complicated flow of manually configuring the VPN in the prior art is avoided, and the cloud resource access efficiency is improved.
In some embodiments, the cloud management platform establishes a VRF for the customer device on a second core switch of the vce and the political enterprise cloud, enabling the vce to connect to the political enterprise cloud to access resources of the political enterprise cloud. Wherein the VRF is unique for different customer devices, so the VRF can uniquely identify the vCPE, thereby enabling isolation between different customer devices.
In some embodiments, after implementing the client access to the TIC-connected government enterprise cloud, the cloud management platform creates a client-corresponding virtual private cloud (virtual private cloud, VPC) in the government enterprise cloud. When a client accesses the government enterprise cloud connected with the TIC, the client accesses the VPC resource in the government enterprise cloud, so that the information security is realized.
In some embodiments, the orchestration center receives cloud resource access results returned by the EOMS system, the cloud management platform and the SDN controller, and if each result shows that the provisioning is successful, determines that the service subscription of the client is successful. And the arrangement center sends feedback information of successful cloud resource access to the user terminal.
Fig. 2 shows a functional block diagram of an apparatus for cloud resource access according to another embodiment of the present invention. As shown in fig. 2, the apparatus includes: the system comprises an acquisition module 210, a generation module 220, a first call module 230, a second call module 240 and a third call module 250. The acquiring module 210 is configured to acquire service subscription information of a client device. The generating module 220 is configured to generate a network provisioning worksheet, a TIC configuration worksheet, and an SDN configuration worksheet according to the service subscription information. The first invoking module 230 is configured to invoke an EOMS system according to a network provisioning worksheet, so that the EOMS system establishes a communication connection between the client device and the private network of the government enterprise according to the network provisioning worksheet. The second invoking module 240 is configured to invoke a cloud management platform according to the TIC configuration worksheet, so that the cloud management platform generates vCPE, and the cloud management platform configures the TIC and the government enterprise cloud according to the TIC configuration worksheet, so that the TIC is in communication connection with the government enterprise cloud. The third invoking module 250 is configured to invoke an SDN controller according to the SDN configuration worksheet, so that the SDN controller establishes a vxlan tunnel from the client device to the vCPE based on the government enterprise private network according to the SDN configuration worksheet, and connects the client device to the vCPE, so as to enable the client device to access TIC-connected government enterprise cloud resources.
In an optional manner, the cloud management platform establishes a communication connection between the first core switch of the TIC and the second core switch of the administrative cloud according to the TIC configuration worksheet.
In an alternative way, the cloud management platform establishes a VRF for the customer device on a second core switch of the vce and the administrative cloud to identify the customer device.
In an alternative manner, the private government enterprise network includes an MCE and an MPLS VPN private line, and the EOMS system establishes a communication connection between the client device and the MCE according to the network opening worksheet, where the client device and the MCE are communicated through the MPLS VPN private line.
In an optional manner, the SDN configuration worksheet includes a network address of a client device, and the SDN controller uses the network address of the client device as a vlan tunnel address to establish a vlan tunnel between the client device and the vce; the SDN controller establishes a VSI on the vCPE to identify the client device, wherein the VSI corresponds to the network address of the client device one by one.
According to the embodiment of the invention, the arrangement center generates the network opening work order, the TIC configuration work order and the SDN configuration work order according to the business order information of the client, and each work order respectively executes corresponding functions, so that the client accesses the administrative enterprise cloud resources. According to the embodiment of the invention, when a client is accessed, the cloud resource access flow from the client to the cloud of the government enterprise is carried out through the arrangement center, so that the complicated flow of manually configuring the VPN in the prior art is avoided, and the cloud resource access efficiency is improved.
Fig. 3 is a schematic structural diagram of a cloud resource access system according to another embodiment of the present invention. As shown in fig. 2, the system includes orchestration center 200, EOMS system 300, cloud management platform 400, and SDN controller 500. The orchestration center 200 is communicatively connected with the EOMS system 300, the cloud management platform 400, and the SDN controller 500; the orchestration center 200 is configured to obtain service subscription information of a client device, and generate a network provisioning worksheet, a TIC configuration worksheet, and an SDN configuration worksheet according to the service subscription information; the orchestration center 200 calls the EOMS system 300 according to the network opening worksheet, calls the cloud management platform 400 according to the TIC configuration worksheet, and calls the SDN controller 500 according to the SDN configuration worksheet; the EOMS system 300 establishes communication connection between the client device and the private network of the government enterprise according to the network opening worksheet; the cloud management platform 400 generates vce, and makes the cloud management platform 400 configure the TIC and the government enterprise cloud according to the TIC configuration work order, so that the TIC is in communication connection with the government enterprise cloud. In TIC, cloud management platform 400 invokes VNFM, VIM to generate vCPE, supports elastic expansion and contraction of NFV resources, and implements applications such as vCPE generation, monitoring, shutdown, resource recovery, etc. as needed. The SDN controller 500 establishes a vxlan tunnel from the client device to the vCPE based on the government enterprise private network according to the SDN configuration worksheet, so that the client device is connected with the vCPE, so as to enable the client device to access the government enterprise cloud resource connected with the TIC.
The orchestration center 200 is equivalent to the brain of the whole business system, and is used for performing end-to-end business orchestration between the client and the administrative enterprise cloud for the business opened by the client. And the parameter information of cloud resource access is issued, so that the functions of elastic expansion and contraction of network resources and distribution of network resources in the telecommunication cloud basic assembly TIC (network function virtualization, NFV) are realized.
The cloud management platform 400 configures the TIC and the government enterprise cloud according to the TIC configuration worksheet, and establishes communication connection between the first core switch of the TIC and the second core switch of the government enterprise cloud, so that the TIC and the government enterprise cloud are in communication connection.
In some embodiments, after cloud management platform 400 establishes a communication connection between a first core switch of a TIC and a second core switch of a government enterprise cloud according to a TIC configuration worksheet, cloud management platform 400 establishes a VRF for a customer device on a vce and the second core switch of the government enterprise cloud to identify different customer devices.
In the embodiment of the invention, the private government and enterprise network comprises an MCE and an MPLS VPN private line, and the EOMS system 300 establishes communication connection between the client device and the MCE according to the network opening worksheet, thereby realizing communication connection from the client device to the private government and enterprise network. The client device and the MCE are connected by an MPLS VPN private line. And the vCPE network segment is routed on the MCE and is distributed outside through the MPLS VPN. The address of the SDN controller 500 is also published externally through the MPLS VPN, so that the IP routing between the client device, the cloud management platform and the network SDN controller is reachable.
The network address of the client device is included in the SDN configuration work list, and the SDN controller 500 uses the network address of the client device as a vxlan tunnel address to establish a vxlan tunnel between the client device and the vce; the SDN controller establishes VSIs on the vCPEs to identify the client devices, and the VSIs are in one-to-one correspondence with the network addresses of the client devices. The vlan-tunnel created by SDN controller 500 is a vlan-two-layer tunnel, the starting point of the vlan is the customer device, and the end point is the vCPE within the TIC.
FIG. 4 illustrates a schematic diagram of a computing device architecture according to an embodiment of the invention, and the particular embodiment of the invention is not limited to a particular implementation of the computing device. The computing device provided by the embodiment of the invention can be applied to any component in the cloud resource access system.
As shown in fig. 4, the computing device may include: a processor 402, a communication interface (Communications Interface) 404, a memory 406, and a communication bus 408.
Wherein: processor 402, communication interface 404, and memory 406 communicate with each other via communication bus 408. A communication interface 404 for communicating with network elements of other devices, such as clients or other servers. The processor 402 is configured to execute the program 410, and may specifically perform the relevant steps in the embodiment of the cloud resource access method.
In particular, program 410 may include program code including computer-executable instructions.
The processor 402 may be a central processing unit CPU, or a specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present invention. The one or more processors included by the computing device may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
Memory 406 for storing programs 410. Memory 406 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
Program 410 may be specifically invoked by processor 402 to cause a computing device to perform steps 110 through 170 of fig. 1.
Embodiments of the present invention provide a computer readable storage medium storing at least one executable instruction that, when executed on a computing device/apparatus, causes the computing device/apparatus to perform a method for cloud resource access in any of the method embodiments described above.
Embodiments of the present invention provide a computer program that may be invoked by a processor to cause a computing device to perform a method of cloud resource access in any of the method embodiments described above.
Embodiments of the present invention provide a computer program product comprising a computer program stored on a computer readable storage medium, the computer program comprising program instructions which, when run on a computer, cause the computer to perform a method of cloud resource access in any of the method embodiments described above.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with the teachings herein. The required structure for a construction of such a system is apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It will be appreciated that the teachings of the present invention described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the present invention.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the above description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., the claimed invention requires more features than are expressly recited in each claim.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component, and they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specifically stated.

Claims (10)

1. A method for cloud resource access, the method comprising:
acquiring service subscription information of client equipment;
generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service subscription information;
the EOMS system is singly used according to the network opening work order, so that the EOMS system establishes communication connection between the client equipment and the private network of the government and enterprise according to the network opening work order;
invoking a cloud pipe platform according to the TIC configuration work order to enable the cloud pipe platform to generate vCPE in the TIC, wherein the vCPE comprises a firewall, a border gateway, a router and a VPN; the cloud management platform configures the TIC and the government enterprise cloud according to the TIC configuration work order, so that the TIC is in communication connection with the government enterprise cloud;
and calling an SDN controller according to the SDN configuration work order, so that the SDN controller establishes a vxlan tunnel from the client device of the government enterprise private network to the vCPE according to the SDN configuration work order, and the client device is connected with the vCPE to realize that the client device accesses government enterprise cloud resources connected with the TIC.
2. The method of claim 1, wherein the invoking the cloud management platform according to the TIC configuration worksheet to cause the cloud management platform to configure a TIC and the government enterprise cloud according to the TIC configuration worksheet such that the TIC is communicatively connected with the government enterprise cloud comprises:
and the cloud management platform establishes communication connection between the first core switch of the TIC and the second core switch of the administrative cloud according to the TIC configuration work order.
3. The method of claim 2, wherein after the cloud management platform establishes a communication connection between a first core switch of the TIC and a second core switch of the government enterprise cloud according to the TIC configuration worksheet, the method further comprises:
the cloud management platform establishes a VRF for the customer device on the vce and a second core switch of the government enterprise cloud to identify the customer device.
4. The method of claim 1, wherein the private government enterprise network includes MCE and MPLS VPN private lines, the provisioning the job ticket based on the network to invoke an EOMS system to cause the EOMS system to establish a communication connection between the customer device to the private government enterprise network based on the network provisioning job ticket, comprising:
and the EOMS system establishes communication connection between the client equipment and the MCE according to the network opening worksheet, and the client equipment and the MCE are communicated through the MPLS VPN private line.
5. The method of claim 1, wherein the SDN configuration worksheet includes a network address of the customer device, the invoking an SDN controller according to the SDN configuration worksheet to cause the SDN controller to establish a vxlan tunnel based on the customer device to the vCPE of the government enterprise private network according to the SDN configuration worksheet, connecting the customer device with the vCPE to enable the customer device to access the TIC-connected government enterprise cloud resources, comprising:
the SDN controller takes the network address of the client device as a vxlan tunnel address, and establishes a vxlan tunnel between the client device and the vCPE;
the SDN controller establishes a VSI on the vCPE to identify the client device, wherein the VSI corresponds to the network address of the client device one by one.
6. An apparatus for cloud resource access, the apparatus comprising:
the acquisition module is used for acquiring service subscription information of the client equipment;
the generation module is used for generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service subscription information;
the first calling module is used for calling an EOMS system according to the network opening work order, so that the EOMS system establishes communication connection between the client equipment and the private network of the government enterprise according to the network opening work order;
the second calling module is used for calling a cloud pipe platform according to the TIC configuration work order so that the cloud pipe platform generates vCPE, wherein the vCPE comprises a firewall, a border gateway, a router and a VPN; configuring TIC and government enterprise cloud by the cloud management platform according to the TIC configuration work order, so that the TIC is in communication connection with the government enterprise cloud;
and the third calling module is used for calling the SDN controller according to the SDN configuration work order, so that the SDN controller establishes a vxlan tunnel from the client equipment of the government enterprise private network to the vCPE according to the SDN configuration work order, and the client equipment is connected with the vCPE to realize that the client equipment accesses TIC connected government enterprise cloud resources.
7. A computing device, the computing device comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is configured to store at least one executable instruction, where the executable instruction causes the processor to perform operations corresponding to a cloud resource access method according to any one of claims 1-5.
8. A cloud resource access system, the system comprising: the system comprises an orchestration center, an EOMS system, a cloud management platform and an SDN controller;
the orchestration center is in communication connection with the EOMS system, the cloud management platform and the SDN controller;
the arrangement center is used for acquiring service order information of the client equipment and generating a network opening work order, a TIC configuration work order and an SDN configuration work order according to the service order information;
the arrangement center calls the EOMS system according to the network opening worksheet, calls the cloud management platform according to the TIC configuration worksheet, and calls the SDN controller according to the SDN configuration worksheet;
the EOMS system establishes communication connection between the client equipment and a private network of a government enterprise according to the network opening work order;
the cloud pipe platform generates vCPE, wherein the vCPE comprises a firewall, a border gateway, a router and VPN; configuring TIC and government enterprise cloud by the cloud management platform according to the TIC configuration work order, so that the TIC is in communication connection with the government enterprise cloud;
and the SDN controller establishes a vxlan tunnel from the client equipment to the vCPE based on the government enterprise private network according to the SDN configuration work order, so that the client equipment is connected with the vCPE, and the client equipment accesses the government enterprise cloud resources connected with the TIC.
9. The system of claim 8, wherein the Yun Guan platform comprises a first core switch and the administrative cloud comprises a second core switch; and the cloud management platform establishes communication connection before the first core switch and the second core switch so as to enable the TIC to be in communication connection with the government enterprise cloud.
10. The system of claim 8, wherein the government-enterprise private network includes an MCE and an MPLS VPN private line, the customer equipment and the MCE being in communication through the MPLS VPN private line.
CN202010430913.2A 2020-05-20 2020-05-20 Cloud resource access method, device, system and computing equipment Active CN113709194B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010430913.2A CN113709194B (en) 2020-05-20 2020-05-20 Cloud resource access method, device, system and computing equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010430913.2A CN113709194B (en) 2020-05-20 2020-05-20 Cloud resource access method, device, system and computing equipment

Publications (2)

Publication Number Publication Date
CN113709194A CN113709194A (en) 2021-11-26
CN113709194B true CN113709194B (en) 2023-07-14

Family

ID=78645611

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010430913.2A Active CN113709194B (en) 2020-05-20 2020-05-20 Cloud resource access method, device, system and computing equipment

Country Status (1)

Country Link
CN (1) CN113709194B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884810A (en) * 2022-03-25 2022-08-09 阿里云计算有限公司 Network data transmission method, access method and storage medium based on SDN
CN116781693A (en) * 2022-11-07 2023-09-19 中移(苏州)软件技术有限公司 Cloud service access method, platform, equipment and storage medium
CN115776441B (en) * 2023-02-13 2023-04-28 北京天弛网络有限公司 SDN-based virtual private line service issuing method and device, medium and electronic equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107580065B (en) * 2017-09-15 2019-06-14 中国联合网络通信集团有限公司 A kind of private clound cut-in method and equipment
CN111106991B (en) * 2018-10-29 2022-05-06 中国移动通信集团浙江有限公司 Cloud special line system and service issuing and opening method thereof
CN109617906B (en) * 2019-01-03 2020-12-29 中国联合网络通信集团有限公司 Access method and device of hybrid cloud

Also Published As

Publication number Publication date
CN113709194A (en) 2021-11-26

Similar Documents

Publication Publication Date Title
US11604658B2 (en) Default gateway extension
CN111371706B (en) Cloud network with multiple protocols using virtualization overlays across physical and virtualization workloads
US10999163B2 (en) Multi-cloud virtual computing environment provisioning using a high-level topology description
US10547463B2 (en) Multicast helper to link virtual extensible LANs
CN113709194B (en) Cloud resource access method, device, system and computing equipment
CN110120934B (en) Method, software defined network controller and medium for applying firewall policy
US11303555B2 (en) Inter-data center software-defined network controller network
Bakshi Considerations for software defined networking (SDN): Approaches and use cases
US9203784B2 (en) Distributed virtual switch architecture for a hybrid cloud
US8166201B2 (en) Configuring intercommunications between computing nodes
US11070396B2 (en) Virtual cloud exchange system and method
US10728327B2 (en) External injection of cloud based network functions into network services
WO2014166247A1 (en) Implementation method and system for virtual network management
US20210051077A1 (en) Communication system, communication apparatus, method, and program
CN104468162A (en) Method and system for network management, virtual network entity, and network device
US11902160B2 (en) EVPN host routed bridging (HRB) and EVPN cloud native data center
US9716688B1 (en) VPN for containers and virtual machines in local area networks
CN113055220B (en) Scalable and robust network management for cloud-based NAT environments
CN112187489B (en) Network management system and method based on software defined network
CN115002029A (en) Traffic forwarding method, device, equipment and storage medium
US11469958B1 (en) Network controller deployment
Kodama et al. Proposal of a Foundation to Provide a TCP Service with Cooperative Applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant