CN113726637B - Network traffic transparent transmission method and device based on cloud platform and storage medium - Google Patents
Network traffic transparent transmission method and device based on cloud platform and storage medium Download PDFInfo
- Publication number
- CN113726637B CN113726637B CN202111058757.2A CN202111058757A CN113726637B CN 113726637 B CN113726637 B CN 113726637B CN 202111058757 A CN202111058757 A CN 202111058757A CN 113726637 B CN113726637 B CN 113726637B
- Authority
- CN
- China
- Prior art keywords
- virtual
- bridge
- network
- custom
- virtual network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
- H04L12/462—LAN interconnection over a bridge based backbone
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The invention discloses a network traffic transparent transmission method, a device and a storage medium based on a cloud platform, wherein the method comprises the following steps: creating a general virtual network bridge and establishing bridging with a common virtual network card; creating at least one custom virtual network bridge, and establishing the bridge connection between one custom virtual network bridge and the convergence virtual network card; according to the flow table rule, the flow with the user-defined virtual local area network tag enters a first user-defined virtual network bridge through a convergent virtual network card and then enters a physical network card bridged with the first user-defined virtual network bridge; the flow without the user-defined virtual local area network label sequentially enters the general virtual network bridge and the second user-defined virtual network bridge through the common virtual network card, and then enters the physical network card bridged with the general virtual network bridge. By implementing the invention, at least one custom virtual network bridge is created, and one of the custom virtual network bridges is connected with the convergent virtual network card, so that the transmission of the flow with the custom virtual local area network label is realized; therefore, the original flow enters the hardware equipment, and the transparent transmission of the internal flow is realized.
Description
Technical Field
The invention relates to the technical field of cloud platform networks, in particular to a network traffic transparent transmission method and device based on a cloud platform and a storage medium.
Background
With the rapid development of cloud computing, more and more services are deployed in a virtual machine, the performance of the virtual machine can be comparable to that of a physical machine, and meanwhile, the virtual machine has flexibility which the physical machine does not have. When different services, modules and even cloud platforms (openstack/kubernets and the like) are deployed in the virtual machine, the cloud platforms have network implementation of the cloud platforms, including network types such as overlay, flat and vlan, and intercommunication can be achieved in the same cluster in an overlay mode; however, when communication with a physical network is needed or across a cluster, the communication must be converted into vlan traffic, and a problem exists in how to transmit the vlan traffic in the virtual machine to the physical network.
At present, the method for realizing transparent transmission of network traffic mainly depends on bottom layer software or is realized by using hardware equipment. For the implementation of hardware equipment, the defects mainly include hardware dependence, cost increase, brand binding and flexibility limitation. The hardware equipment is often at the periphery of the platform, the traffic is forwarded by the virtual switch, the vlan tag is processed, the original traffic is difficult to touch, and if the original traffic is expected to directly enter the hardware equipment, the framework is adjusted greatly. And the adoption of bottom layer software realizes the software which needs to depend on high version, and for some services which run stably and production environments, the updating influence range needs to be controlled to a very small range. Therefore, the network traffic transparent transmission is difficult to realize by adopting the bottom layer software.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, and a storage medium for network traffic transparent transmission based on a cloud platform, so as to solve a technical problem in the prior art that a method for implementing network traffic transparent transmission is difficult to implement.
The technical scheme provided by the invention is as follows:
a first aspect of an embodiment of the present invention provides a network traffic transparent transmission method based on a cloud platform, including: creating a general virtual network bridge and establishing bridging with a common virtual network card on a virtual machine; creating at least one custom virtual network bridge, and establishing a bridge connection between one custom virtual network bridge and a converged virtual network card on a virtual machine, wherein the bridge connection is defined as a first custom virtual network bridge; according to the flow table rule, the flow with the custom virtual local area network label enters a first custom virtual network bridge through a convergent virtual network card, and then enters a physical network card bridged with the first custom virtual network bridge; the flow without the user-defined virtual local area network label enters a general virtual network bridge through a common virtual network card, then enters a second user-defined virtual network bridge, and then enters a physical network card bridged with the second user-defined virtual network bridge; the first custom virtual bridge and the second custom virtual bridge are the same or two different custom virtual bridges.
Optionally, a patch port is used for connection between the general virtual bridge and the second custom virtual bridge.
Optionally, a custom virtual local area network tag is set for the related flow in the virtual machine, and the aggregation virtual network card does not set a tag.
Optionally, according to a preset flow rule, the flow passing through the converged virtual network card is not subjected to self-defined virtual local area network label stripping.
Optionally, the method includes that the traffic without the customized virtual local area network tag enters a general virtual network bridge through a common virtual network card, then enters a second customized virtual network bridge, and then enters a physical network card bridged with the second customized virtual network bridge, and includes: setting a label for a common virtual network card; adding an internal custom virtual local area network tag into the flow entering the common virtual network card according to the flow table rule, and then entering a second custom virtual network bridge; and in the second custom virtual network bridge, stripping the label of the internal custom virtual local area network of the flow self-carrying, and then entering the bridged physical network card.
Optionally, in the second custom virtual network bridge, stripping off an internal custom virtual local area network tag of the traffic itself comprises setting a corresponding network tag for a data packet in the traffic according to the virtual network attribute; and the flow with the corresponding network label enters the physical network card from the second custom virtual network bridge.
Optionally, the network traffic transparent transmission method is applied to an SDN scenario or a non-SDN scenario.
Optionally, all traffic enters the physical switch via a physical network card.
A second aspect of the embodiments of the present invention provides a network traffic transparent transmission device based on a cloud platform, including: the first bridging module is used for creating a general virtual network bridge and establishing bridging with a common virtual network card on a virtual machine; the second bridge module is used for creating at least one custom virtual bridge, and establishing bridge connection between one custom virtual bridge and a converged virtual network card on the virtual machine, and defining the bridge connection as the first custom virtual bridge; the first flow transmission module is used for enabling the flow with the custom virtual local area network tag to enter a first custom virtual network bridge through the aggregation virtual network card according to the flow table rule and then enter a physical network card bridged with the first custom virtual network bridge; the second flow transmission module is used for enabling the flow without the user-defined virtual local area network label to enter the general virtual network bridge through the common virtual network card, then enter the second user-defined virtual network bridge and then enter the physical network card bridged with the second user-defined virtual network bridge; the first custom virtual bridge and the second custom virtual bridge are the same or two different custom virtual bridges.
A third aspect of an embodiment of the present invention provides a computer-readable storage medium, where the computer-readable storage medium stores computer instructions, and the computer instructions are configured to enable the computer to execute the cloud platform-based network traffic transparent transmission method according to any one of the first aspect and the first aspect of the embodiment of the present invention.
A fourth aspect of an embodiment of the present invention provides an electronic device, including: the cloud platform-based network traffic transparent transmission method includes a memory and a processor, where the memory and the processor are communicatively connected to each other, the memory stores computer instructions, and the processor executes the computer instructions to perform the cloud platform-based network traffic transparent transmission method according to the first aspect and any one of the first aspect of the embodiments of the present invention.
The technical scheme provided by the invention has the following effects:
the network flow transparent transmission method, the device and the storage medium based on the cloud platform provided by the embodiment of the invention create at least one custom virtual network bridge on the basis of the existing network mechanism, and connect one of the custom virtual network bridges with the convergent virtual network card to realize the transmission of the flow with the custom virtual local area network label; and simultaneously, one of the created custom virtual bridges is connected with the universal virtual bridge, so that the transmission of the flow without the custom virtual local area network label is realized. Therefore, the network traffic transparent transmission method can realize that the original traffic enters the hardware equipment, namely the transparent transmission of the vlan traffic inside the virtual machine is realized. The network flow transparent transmission method does not need to add an additional physical network card, and the data network card can be directly reused; the hardware and software modification cost is low, the software and hardware modification cost belongs to an independent function, and the software and hardware modification cost is convenient to apply to a production environment. In addition, the transparent transmission method is adopted to increase the flexibility of the virtual machine and allow the cloud platform to be nested and deployed in the virtual machine.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a network traffic transparent transmission method based on a cloud platform according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a cloud platform based node network architecture according to an embodiment of the present invention;
fig. 3 is a flowchart of a network traffic transparent transmission method based on a cloud platform according to another embodiment of the present invention;
fig. 4 is a block diagram of a network traffic transparent transmission apparatus based on a cloud platform according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of a computer-readable storage medium provided according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides a network traffic transparent transmission method based on a cloud platform, which can be applied to Kubernets or Openstack management platforms. As shown in fig. 1, the network architecture is a network architecture of nodes, wherein, in the corresponding management platform, the internal cluster is a minimum of three nodes. The node types of the cluster include control nodes, network nodes, and storage nodes. Through resource multiplexing or super-fusion design, three types of nodes are placed in the same node, namely one node is a control node, a network node and a computing node. Meanwhile, in order to realize network isolation of the nodes, a management network, a data network and a storage network are respectively arranged in each node. The management network refers to a data path for communication among modules in the cluster; the data network refers to the east-west flow of the cluster and a data path taken by the cross-node communication flow of the virtual machines in the cluster; storage network refers to the data path that disk storage traffic traverses. As shown in fig. 2, the network traffic transparent transmission method of the cloud platform includes the following steps:
step S101: and creating a general virtual network bridge and establishing bridging with a common virtual network card on the virtual machine.
Specifically, when the network architecture shown in fig. 1 is adopted, three virtual network cards are included in each node, including a management network, a storage network, and a data network (vlan network). In order to realize the transmission of the virtual network card flow in the nodes in the network, each node creates a bridge-integer (br-int bridge, general virtual bridge), and then establishes the bridge connection between the common virtual network card and the general virtual bridge. One attribute of the common virtual network card is that no custom virtual local area network tag is set in the flow passing through the common virtual network card.
Step S102: creating at least one custom virtual network bridge, and establishing a bridge connection between one custom virtual network bridge and a converged virtual network card on a virtual machine, wherein the bridge connection is defined as a first custom virtual network bridge.
Specifically, in order to implement traffic transparent transmission and ensure that the original traffic enters the hardware device, the name of the added bridge may be customized when the virtual network card is created. Therefore, a user-defined virtual network bridge can be introduced, and the virtual network card can be added conveniently. In one embodiment, the custom virtual bridge may be a br-vlan, and after the custom virtual bridge is referenced, the trunk port of the converged virtual network card is added to the custom virtual bridge. The trunk port of the converged virtual network card allows the flow of a plurality of vlans to pass through, namely, allows the flow provided with the custom virtual local area network tag to pass through, so that the flow of the specified virtual network card passing through the converged virtual network card can enter the custom virtual network bridge br-vlan. Thus, the common virtual bridge can be prevented from re-tagging, washing and checking traffic.
When creating a custom virtual bridge, one or more custom virtual bridges may be created. And when the number of the created custom virtual bridges is multiple, bridging one of the custom virtual bridges and the aggregation virtual bridge, and simultaneously determining the custom virtual bridge as a first custom virtual bridge. When the number of the created custom virtual bridges is one, the custom virtual bridge and the convergence virtual bridge are bridged, and then the custom virtual bridge and the general virtual bridge are bridged simultaneously.
In one embodiment, when bridging the custom virtual bridge and the generic virtual bridge, a patch port (patch port) may be used. Specifically, when a connection is established, a pair of ports can be created in two bridges, and peers are mutually specified, so that two bridge connections are realized. The method is realized by adopting the following commands:
ovs-vsctl add-port<bridge name><port name>
ovs-vsctl set interface<port name>type=patch
ovs-vsctl set interface<port name>options:peer=<peer name>
step S103: and according to the flow table rule, the flow with the custom virtual local area network tag enters a first custom virtual network bridge through the aggregation virtual network card, and then enters a physical network card bridged with the first custom virtual network bridge.
In one embodiment, after the custom virtual network bridge bridged by the virtual network cards is determined and aggregated, according to the flow table rule, the flow with the custom virtual local area network tag enters the first custom virtual network bridge through the aggregated virtual network card and then enters the physical data network card.
In one embodiment, a joining bridge may be designated when creating the virtual network card, e.g., as a trunk port; if not specified, the default is to join the generic virtual bridge. For example, when a trunk is specified, traffic is directed to the specified custom virtual bridge. Therefore, in the virtual machine, the user-defined virtual local area network tag can be set for the vlan traffic needing to be transmitted to the physical network in a transparent mode. When the flow is provided with the custom virtual local area network tag, the flow can directly enter a custom virtual network bridge, such as br-vlan, through the converged virtual network card. Meanwhile, according to the br-vlan traffic rule, vlan stripping is not performed on trunk port virtual traffic, that is, no interference and preprocessing are performed on the traffic.
Specifically, because the physical data network card is bridged with the custom virtual network bridge, the flow passing through the custom virtual network bridge enters the physical network card; and at this time, the flow entering the physical network card is reserved in a custom virtual local area network tag vlan tag set inside the virtual machine. Then, the flow through the physical network card enters the physical switch, and the network device with the physical vlan is communicated. Because the vlan is directly transmitted to the bottom platform, the vlan remains unchanged after entering the physical network card, and can communicate with devices such as switches, bare computers and virtual machines of the physical network card.
Step S104: the flow without the custom virtual local area network label enters a general virtual network bridge through a common virtual network card, then enters a second custom virtual network bridge, and then enters a physical network card bridged with the second custom virtual network bridge; the first custom virtual bridge and the second custom virtual bridge are the same or two different custom virtual bridges.
In one embodiment, when a plurality of custom virtual bridges are created, the first custom virtual bridge and the aggregation virtual bridge are bridged; the custom virtual bridge that bridges the generic virtual bridge is then defined as a second custom virtual bridge. Wherein the first custom virtual bridge is not connected to the generic virtual bridge. The flow with the user-defined virtual local area network label sequentially passes through the convergent virtual network card, the first user-defined virtual network bridge and the physical network card bridged with the first user-defined virtual network bridge; the flow without the custom virtual local area network label passes through the general virtual network bridge, the second custom virtual network bridge and the physical network card bridged with the second custom virtual network bridge in sequence through the common virtual network card.
In one embodiment, when one custom virtual bridge is created, the custom virtual bridge connects not only with the aggregation virtual bridge, but also with the generic virtual bridge. Therefore, the flow with the user-defined virtual local area network label sequentially passes through the convergent virtual network card, the user-defined virtual network bridge and the physical network card; the flow without the user-defined virtual local area network label passes through the general virtual network bridge, the user-defined virtual network bridge and the physical network card in sequence through the common virtual network card.
The network flow transparent transmission method based on the cloud platform provided by the embodiment of the invention is characterized in that at least one custom virtual network bridge is created on the basis of the existing network mechanism, and one of the custom virtual network bridges is connected with a converged virtual network card, so that the transmission of the flow with the custom virtual local area network tag is realized; meanwhile, one of the created custom virtual network bridges is connected with the universal virtual network bridge, so that the flow transmission without the custom virtual local area network label is realized. Therefore, the network flow transparent transmission method can realize that the original flow enters the hardware equipment, namely the transparent transmission of the vlan flow inside the virtual machine is realized. The network flow transparent transmission method does not need to add an additional physical network card, and the data network card can be directly multiplexed; the hardware and software modification cost is low, the software and hardware modification cost belongs to an independent function, and the software and hardware modification cost is convenient to apply to a production environment. In addition, the transparent transmission method is adopted to increase the flexibility of the virtual machine and allow the cloud platform to be nested and deployed in the virtual machine.
As an optional implementation manner of the embodiment of the present invention, as shown in fig. 3, a flow without a customized virtual local area network tag enters a general virtual network bridge through a general virtual network card, then enters a second customized virtual network bridge, and then enters a physical network card bridged with the second customized virtual network bridge, which includes the following steps:
step S201: and setting a label for the common virtual network card.
Step S202: and adding an internal custom virtual local area network tag to the flow entering the common virtual network card according to the flow table rule, and then entering a second custom virtual network bridge.
Specifically, for a virtual network card that does not designate to join in a network bridge, i.e., a common virtual network card, the flow of the corresponding virtual network card is defaulted to enter the common virtual network bridge. Before entering the general virtual network bridge, a label can be set on the virtual network card; namely, after the flow enters the universal virtual network card, an internal vlan tag (internal custom virtual local area network tag) is added to the virtual network card according to the flow table rule.
The flow table rule is dynamically generated when the virtual network card is created and is issued to the computing node where the virtual machine is located. The format of the flow table rule is set as follows:
idle_age=0,hard_age=65534,
priority=3,in_port=186,vlan_tci=0x0000
actions=mod_vlan_vid:4,NORMAL;
namely: the incoming traffic from port number 186 is set to vlan tag 4. The vlan tag here is dynamically calculated. The problem of heterogeneous network types can be solved by adding the internal vlan tag to the virtual network card. The cloud platform has various network types, such as vlan/vxlan/gre/gene, and an internal vlan mechanism is introduced for introducing traffic into different bridges (processing different types of traffic) and for isolating traffic. The virtual network cards of the same network in one node are the same as the corresponding vlan tags, and can communicate with each other.
Therefore, after the internal custom virtual local area network tag is added to the flow of the common virtual network bridge, the flow with the internal custom virtual local area network tag enters a second custom virtual network bridge connected with the common virtual network bridge through the common virtual network bridge.
Step S203: and in the second custom virtual network bridge, stripping the label of the internal custom virtual local area network of the flow self-carrying, and then entering the bridged physical network card.
Specifically, after the flow of the virtual network card enters the second custom virtual network bridge from the general virtual network bridge, the physical network cannot identify the internal vlan tag; therefore, the internal vlan is stripped off according to the flow table rule. Then, setting a corresponding network label for a data packet in the flow of the common virtual network card according to the virtual network attribute (such as overlay, flat or vlan); the network tag can be recognized and forwarded by the physical network. And because the physical data network card is bridged to the user-defined virtual network bridge, the flow of the virtual network card directly enters the physical switch after passing from the user-defined virtual network bridge to the physical network card. Because the data packets with the corresponding network tags can be identified by the corresponding physical networks, the corresponding physical switches can identify the same network tags, namely the data packets with the same tags belong to the same network, and therefore, the communication between the corresponding physical switches can be realized. In addition, the common virtual network card is provided with an internal custom virtual local area network tag, and the internal custom virtual local area network tag is stripped off at the second custom virtual network bridge to set a network tag. Therefore, the mapping relation between the internal custom virtual local area network tag and the network tag can be obtained in the second custom virtual network bridge, and only the network tag is left in the flow after the flow of the common virtual network card enters the physical switch. That is, only the mapping relationship between the internal custom virtual local area network tag and the network tag is provided in the cluster, and only the corresponding network tag is provided outside the cluster.
As an optional implementation manner of the embodiment of the present invention, the network traffic transparent transmission method may be applied to an SDN scenario or a non-SDN scenario. When the method is applied to a non-SDN scene, the ordinary virtual network card traffic and the trunk port virtual traffic may be transmitted according to the above steps S301 to S303 and steps S201 to S203, respectively. When the method is applied to an SDN scene, trunk port virtual traffic may also be transmitted according to the foregoing steps S201 to S203.
The description of the functions of the cloud platform-based network traffic transparent transmission device provided by the embodiment of the invention refers to the description of the cloud platform-based network traffic transparent transmission method in the above embodiment in detail.
An embodiment of the present invention further provides a network traffic transparent transmission device based on a cloud platform, and as shown in fig. 4, the device includes:
the first bridging module is used for creating a general virtual network bridge and establishing bridging with a common virtual network card on a virtual machine; for details, refer to the related description of step S101 in the above method embodiment.
The second bridge module is used for creating at least one custom virtual bridge, and establishing bridge connection between one custom virtual bridge and a converged virtual network card on the virtual machine, and defining the bridge connection as the first custom virtual bridge; for details, refer to the related description of step S102 in the above method embodiment.
The first flow transmission module is used for enabling the flow with the user-defined virtual local area network label to enter a first user-defined virtual network bridge through the aggregation virtual network card according to the flow table rule and then enter a physical network card bridged with the first user-defined virtual network bridge; for details, refer to the related description of step S103 in the above method embodiment.
The second flow transmission module is used for enabling the flow without the custom virtual local area network label to enter the general virtual network bridge through the common virtual network card, then enter the second custom virtual network bridge and then enter the physical network card bridged with the second custom virtual network bridge; the first custom virtual bridge and the second custom virtual bridge are the same or two different custom virtual bridges. For details, refer to the related description of step S104 in the above method embodiment.
The network flow transparent transmission method based on the cloud platform provided by the embodiment of the invention is characterized in that at least one custom virtual network bridge is created on the basis of the existing network mechanism, and one of the custom virtual network bridges is connected with a converged virtual network card, so that the transmission of the flow with the custom virtual local area network tag is realized; and simultaneously, one of the created custom virtual bridges is connected with the universal virtual bridge, so that the transmission of the flow without the custom virtual local area network label is realized. Therefore, the network flow transparent transmission method can realize that the original flow enters the hardware equipment, namely the transparent transmission of the vlan flow inside the virtual machine is realized. The network flow transparent transmission method does not need to add an additional physical network card, and the data network card can be directly multiplexed; the hardware and software modification cost is low, the software and hardware modification cost belongs to an independent function, and the software and hardware modification cost is convenient to apply to a production environment. In addition, the transparent transmission method is adopted to increase the flexibility of the virtual machine and allow the cloud platform to be nested and deployed in the virtual machine.
The description of the functions of the cloud platform-based network traffic transparent transmission device provided by the embodiment of the invention refers to the description of the cloud platform-based network traffic transparent transmission method in the above embodiment in detail.
An embodiment of the present invention further provides a storage medium, as shown in fig. 5, where a computer program 601 is stored on the storage medium, and when executed by a processor, the instructions implement the steps of the cloud platform-based network traffic transparent transmission method in the foregoing embodiments. The storage medium is also stored with audio and video stream data, characteristic frame data, interactive request signaling, encrypted data, preset data size and the like. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk Drive (Hard Disk Drive, abbreviated as HDD), or a Solid State Drive (SSD); the storage medium may also comprise a combination of memories of the kind described above.
An embodiment of the present invention further provides an electronic device, as shown in fig. 6, the electronic device may include a processor 51 and a memory 52, where the processor 51 and the memory 52 may be connected by a bus or in another manner, and fig. 6 takes the connection by the bus as an example.
The processor 51 may be a Central Processing Unit (CPU). The Processor 51 may also be other general purpose processors, digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.
The memory 52, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as the corresponding program instructions/modules in the embodiments of the present invention. The processor 51 executes various functional applications and data processing of the processor by running the non-transitory software programs, instructions and modules stored in the memory 52, that is, the cloud platform-based network traffic transparent transmission method in the above method embodiment is implemented.
The memory 52 may include a storage program area and a storage data area, wherein the storage program area may store an operating device, an application program required for at least one function; the storage data area may store data created by the processor 51, and the like. Further, the memory 52 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 52 may optionally include memory located remotely from the processor 51, and these remote memories may be connected to the processor 51 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 52 and when executed by the processor 51, perform the cloud platform-based network traffic pass-through method in the embodiment shown in fig. 1-3.
The details of the electronic device may be understood by referring to the corresponding descriptions and effects in the embodiments shown in fig. 1 to fig. 3, and are not described herein again.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.
Claims (8)
1. A network traffic transparent transmission method based on a cloud platform is characterized by comprising the following steps:
creating a general virtual network bridge and establishing bridging with a common virtual network card on a virtual machine;
creating at least one custom virtual network bridge, and establishing a bridge connection between one custom virtual network bridge and a converged virtual network card on a virtual machine, wherein the bridge connection is defined as a first custom virtual network bridge;
according to the flow table rule, the flow with the custom virtual local area network label enters a first custom virtual network bridge through a convergent virtual network card, and then enters a physical network card bridged with the first custom virtual network bridge;
the flow without the custom virtual local area network label enters a general virtual network bridge through a common virtual network card, then enters a second custom virtual network bridge, and then enters a physical network card bridged with the second custom virtual network bridge; the first custom virtual bridge and the second custom virtual bridge are the same or two different custom virtual bridges;
according to a preset flow rule, the flow passing through the converged virtual network card does not carry out self-defined virtual local area network label stripping;
the flow without the user-defined virtual local area network label enters a general virtual network bridge through a common virtual network card, then enters a second user-defined virtual network bridge, and then enters a physical network card bridged with the second user-defined virtual network bridge, and the method comprises the following steps:
setting a label for the common virtual network card;
adding an internal custom virtual local area network tag to the flow entering the common virtual network card according to the flow table rule, and then entering a second custom virtual network bridge;
in the second custom virtual network bridge, stripping off the label of the internal custom virtual local area network of the flow self-carrying, and then entering a bridged physical network card;
in the second custom virtual bridge, stripping off the internal custom virtual local area network tag of the traffic itself comprises,
setting a corresponding network tag for a data packet in the flow according to the virtual network attribute;
and the flow with the corresponding network label enters the physical network card from the second custom virtual network bridge.
2. The cloud platform-based network traffic pass-through method according to claim 1, wherein the generic virtual bridge and the second custom virtual bridge are connected by a patch port.
3. The cloud platform-based network traffic transparent transmission method according to claim 1, wherein a custom virtual local area network tag is set for the relevant traffic inside the virtual machine, and the aggregation virtual network card is not set with a tag.
4. The cloud platform-based network traffic pass-through method of claim 1, wherein the network traffic pass-through method is applied to either an SDN scenario or a non-SDN scenario.
5. The cloud platform-based network traffic transparent transmission method according to any one of claims 1 to 3, wherein all traffic enters the physical switch via a physical network card.
6. The utility model provides a network flow passes through device based on cloud platform which characterized in that includes:
the first bridging module is used for creating a general virtual network bridge and establishing bridging with a common virtual network card on a virtual machine;
the second bridge module is used for creating at least one custom virtual bridge, and establishing bridge connection between one custom virtual bridge and a converged virtual network card on the virtual machine, and defining the bridge connection as the first custom virtual bridge;
the first flow transmission module is used for enabling the flow with the custom virtual local area network tag to enter a first custom virtual network bridge through the aggregation virtual network card according to the flow table rule and then enter a physical network card bridged with the first custom virtual network bridge;
the second flow transmission module is used for enabling the flow without the custom virtual local area network label to enter the general virtual network bridge through the common virtual network card, then enter the second custom virtual network bridge and then enter the physical network card bridged with the second custom virtual network bridge; the first custom virtual bridge and the second custom virtual bridge are the same or two different custom virtual bridges;
according to a preset flow rule, the flow passing through the converged virtual network card does not carry out self-defined virtual local area network label stripping;
the flow without the user-defined virtual local area network label enters a general virtual network bridge through a common virtual network card, then enters a second user-defined virtual network bridge, and then enters a physical network card bridged with the second user-defined virtual network bridge, and the method comprises the following steps:
setting a label for the common virtual network card;
adding an internal custom virtual local area network tag into the flow entering the common virtual network card according to the flow table rule, and then entering a second custom virtual network bridge;
in the second custom virtual network bridge, stripping the label of the internal custom virtual local area network of the flow self-carrying, and then entering a bridged physical network card;
in the second custom virtual bridge, stripping off the internal custom virtual local area network tag of the traffic itself comprises,
setting a corresponding network tag for a data packet in the flow according to the virtual network attribute;
and the flow with the corresponding network tag enters the physical network card from the second custom virtual network bridge.
7. A computer-readable storage medium storing computer instructions for causing a computer to perform the cloud platform-based network traffic transparent transmission method according to any one of claims 1-5.
8. An electronic device, comprising: a memory and a processor, the memory and the processor being communicatively connected to each other, the memory storing computer instructions, and the processor executing the computer instructions to perform the cloud platform-based network traffic transparent transmission method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111058757.2A CN113726637B (en) | 2021-09-09 | 2021-09-09 | Network traffic transparent transmission method and device based on cloud platform and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111058757.2A CN113726637B (en) | 2021-09-09 | 2021-09-09 | Network traffic transparent transmission method and device based on cloud platform and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113726637A CN113726637A (en) | 2021-11-30 |
| CN113726637B true CN113726637B (en) | 2022-11-01 |
Family
ID=78683034
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111058757.2A Active CN113726637B (en) | 2021-09-09 | 2021-09-09 | Network traffic transparent transmission method and device based on cloud platform and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113726637B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114422295B (en) * | 2021-12-27 | 2023-05-23 | 联想(北京)有限公司 | Network information processing method, electronic equipment and storage medium |
| CN115174310B (en) * | 2022-05-16 | 2024-04-05 | 深圳市广和通无线通信软件有限公司 | PDN dialing and configuration method, system, device, equipment and storage medium |
| CN116170389B (en) * | 2023-04-19 | 2023-07-21 | 安超云软件有限公司 | Service container drainage method, system and computer cluster |
| CN116155838B (en) * | 2023-04-24 | 2023-07-21 | 远江盛邦(北京)网络安全科技股份有限公司 | Flow transparent transmission method and device and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486192A (en) * | 2014-12-05 | 2015-04-01 | 国云科技股份有限公司 | VLAN (Virtual Local Area Network) isolation method |
| CN106385365A (en) * | 2015-08-07 | 2017-02-08 | 杭州华三通信技术有限公司 | Method of realizing cloud platform safety based on openflow table and apparatus thereof |
| CN106685787A (en) * | 2017-01-03 | 2017-05-17 | 华胜信泰信息产业发展有限公司 | Power VM virtualized network management method and device based on Open Stack |
| CN107276800A (en) * | 2017-06-12 | 2017-10-20 | 郑州云海信息技术有限公司 | A kind of network traffics method for tracing and device for cloud data center |
| CN107592216A (en) * | 2017-09-01 | 2018-01-16 | 湖南合天智汇信息技术有限公司 | A kind of actual situation network integration emulation mode for supporting more scene experiment isolation |
| CN108123819A (en) * | 2016-11-30 | 2018-06-05 | 江南大学 | A kind of emulation mode of actual situation network seamless fusion |
| CN111800326A (en) * | 2019-04-08 | 2020-10-20 | 中移(苏州)软件技术有限公司 | Message transmission method and device, processing node and storage medium |
-
2021
- 2021-09-09 CN CN202111058757.2A patent/CN113726637B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486192A (en) * | 2014-12-05 | 2015-04-01 | 国云科技股份有限公司 | VLAN (Virtual Local Area Network) isolation method |
| CN106385365A (en) * | 2015-08-07 | 2017-02-08 | 杭州华三通信技术有限公司 | Method of realizing cloud platform safety based on openflow table and apparatus thereof |
| CN108123819A (en) * | 2016-11-30 | 2018-06-05 | 江南大学 | A kind of emulation mode of actual situation network seamless fusion |
| CN106685787A (en) * | 2017-01-03 | 2017-05-17 | 华胜信泰信息产业发展有限公司 | Power VM virtualized network management method and device based on Open Stack |
| CN107276800A (en) * | 2017-06-12 | 2017-10-20 | 郑州云海信息技术有限公司 | A kind of network traffics method for tracing and device for cloud data center |
| CN107592216A (en) * | 2017-09-01 | 2018-01-16 | 湖南合天智汇信息技术有限公司 | A kind of actual situation network integration emulation mode for supporting more scene experiment isolation |
| CN111800326A (en) * | 2019-04-08 | 2020-10-20 | 中移(苏州)软件技术有限公司 | Message transmission method and device, processing node and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 《Openstack架构下的混合云组网设计及实现》;郝凯;《中国优秀博硕士学位论文全文数据库(硕士)——信息科技辑》;20180715;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113726637A (en) | 2021-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113726637B (en) | Network traffic transparent transmission method and device based on cloud platform and storage medium | |
| CN115699698B (en) | Loop prevention in virtual L2 networks | |
| US10545750B2 (en) | Distributed upgrade in virtualized computing environments | |
| US9942623B2 (en) | Data center network architecture | |
| TWI821463B (en) | Logical router comprising disaggregated network elements | |
| EP2859444B1 (en) | Elastic enforcement layer for cloud security using sdn | |
| US9294351B2 (en) | Dynamic policy based interface configuration for virtualized environments | |
| WO2017173952A1 (en) | Method, device, and system for centralizing management of virtual machines and implementing communications between virtual machines | |
| US20180205673A1 (en) | Managing network traffic in virtual switches based on logical port identifiers | |
| CN109088820B (en) | Cross-device link aggregation method and device, computing device and storage medium | |
| CN108337192B (en) | Message communication method and device in cloud data center | |
| US10419365B2 (en) | Service insertion in basic virtual network environment | |
| EP3821589B1 (en) | Session management in a forwarding plane | |
| US9590855B2 (en) | Configuration of transparent interconnection of lots of links (TRILL) protocol enabled device ports in edge virtual bridging (EVB) networks | |
| WO2017148326A1 (en) | Resource management method and device | |
| CN110636036A (en) | OpenStack cloud host network access control method based on SDN | |
| US20230107891A1 (en) | User interface for cloud native software-defined network architectures | |
| CN107566238B (en) | Method for automatically identifying vlan frame and non-vlan frame through user-state configuration physical interface | |
| CN108512737B (en) | Data center IP layer interconnection method and SDN controller | |
| US11296931B2 (en) | Method of deploying a network configuration in a datacenter having a point of presence | |
| US20170289030A1 (en) | Multiple provider framework for virtual switch data planes and data plane migration | |
| WO2022017254A1 (en) | Method and apparatus for generating service template, and device and storage medium | |
| US10601649B1 (en) | Stack switching detection and provisioning | |
| CN110266597B (en) | Flow control method, device, equipment and storage medium | |
| Patel | History and Evolution of Cloud Native Networking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |