CN113923149B - Network access method, device, network system, electronic equipment and storage medium - Google Patents
Network access method, device, network system, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113923149B CN113923149B CN202010658503.3A CN202010658503A CN113923149B CN 113923149 B CN113923149 B CN 113923149B CN 202010658503 A CN202010658503 A CN 202010658503A CN 113923149 B CN113923149 B CN 113923149B
- Authority
- CN
- China
- Prior art keywords
- server
- network
- virtual
- port
- local area
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000004891 communication Methods 0.000 claims description 24
- 230000002776 aggregation Effects 0.000 claims description 2
- 238000004220 aggregation Methods 0.000 claims description 2
- 238000004590 computer program Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 description 16
- 238000010586 diagram Methods 0.000 description 13
- 238000012423 maintenance Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000009434 installation Methods 0.000 description 3
- 239000002184 metal Substances 0.000 description 3
- KKIMDKMETPPURN-UHFFFAOYSA-N 1-(3-(trifluoromethyl)phenyl)piperazine Chemical compound FC(F)(F)C1=CC=CC(N2CCNCC2)=C1 KKIMDKMETPPURN-UHFFFAOYSA-N 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 206010047289 Ventricular extrasystoles Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- COCAUCFPFHUGAA-MGNBDDOMSA-N n-[3-[(1s,7s)-5-amino-4-thia-6-azabicyclo[5.1.0]oct-5-en-7-yl]-4-fluorophenyl]-5-chloropyridine-2-carboxamide Chemical compound C=1C=C(F)C([C@@]23N=C(SCC[C@@H]2C3)N)=CC=1NC(=O)C1=CC=C(Cl)C=N1 COCAUCFPFHUGAA-MGNBDDOMSA-N 0.000 description 1
- 239000002071 nanotube Substances 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000005129 volume perturbation calorimetry Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Abstract
The embodiment of the invention provides a network access method, a network access device, a network system, electronic equipment and a storage medium. The network access method comprises the following steps: obtaining an access request of a server, wherein the access request comprises information of an object to be accessed requesting connection; creating a virtual local area network comprising a first port according to the first port connected with the server; and configuring a routing table corresponding to the first port according to the information of the virtual local area network and the information of the object to be accessed so as to forward the message of the server based on the routing table. According to the embodiment of the invention, the server can be safely and quickly accessed into the cloud network system.
Description
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a network access method, a network access device, a network system, electronic equipment and a computer storage medium.
Background
With the continuous development of cloud computing technology, more and more enterprises migrate applications to cloud network systems for operation. In this process, there are some virtual containers or virtual machines that cannot meet the user's usage requirements. For example: in the use scenes of high-performance forwarding, safety compliance, stock nanotubes and the like, the use requirements of users cannot be met by simply relying on virtual containers or virtual machines. To meet the requirements of such usage scenarios, a physical server (also called bare metal server) needs to be further deployed on the basis of a virtual container, a virtual machine, etc., so that the virtual container, the virtual machine, etc. and the physical server are used in combination to meet the requirements.
Currently, applications requiring deployment of physical servers mainly include three types:
the first type of applications that require direct access to a physical server and cannot be virtualized.
The second category, database applications running in virtual machines but of relatively poor performance, big data processing applications.
A third class, security compliance, requires applications that must be deployed in a physical server.
The above application determines the necessity of the physical server in the virtual network of the user, and how to safely and quickly access the physical server to the cloud network system becomes a problem to be solved.
Disclosure of Invention
In view of the above, an embodiment of the present invention provides a network access scheme to solve some or all of the above problems.
According to a first aspect of an embodiment of the present invention, there is provided a network access method including: obtaining an access request of a server, wherein the access request comprises information of an object to be accessed requesting connection; creating a virtual local area network comprising a first port according to the first port connected with the server; and configuring a routing table corresponding to the first port according to the information of the virtual local area network and the information of the object to be accessed so as to forward the message of the server based on the routing table.
According to a second aspect of an embodiment of the present invention, there is provided a network system, including a server access gateway, at least one object to be accessed connected to the server access gateway, and a server connected to the server access gateway, where the server access gateway is configured to execute the network access method, so that the server is communicatively connected to a corresponding object to be accessed through the server access gateway.
According to a third aspect of an embodiment of the present invention, there is provided a network access device, including: the access request comprises information of an object to be accessed, which is requested to be connected by the server; the creation module is used for creating a virtual local area network comprising a first port according to the first port connected with the server; and the generation module is used for configuring the routing table corresponding to the first port according to the information of the virtual local area network and the information of the object to be accessed so as to forward the message of the server based on the routing table.
According to a fourth aspect of an embodiment of the present invention, there is provided an electronic device including: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus; the memory is configured to store at least one executable instruction, where the executable instruction causes the processor to perform operations corresponding to the network access method according to the first aspect.
According to a fifth aspect of an embodiment of the present invention, there is provided a computer storage medium having stored thereon a computer program which, when executed by a processor, implements the network access method according to the first aspect.
According to the network access scheme provided by the embodiment of the invention, aiming at a server which needs to be accessed into a network system such as a cloud network system, a virtual local area network comprising a first port connected with the server is created according to an access request of the server, and a routing table is generated according to information of the virtual local area network so as to forward a message of the server based on the routing table, thereby realizing connection between the server and an object to be accessed in the network system (such as an object which needs to realize corresponding application through the server in the cloud network system). Therefore, on one hand, the server can be safely and rapidly accessed without disassembling and assembling hardware which is suitable for accessing the cloud network system and without additionally installing an intelligent network card, and the access cost can be reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present invention, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
Fig. 1a is a flowchart illustrating steps of a network access method according to a first embodiment of the present invention;
fig. 1b is a schematic structural diagram of a network system using a scenario according to a first embodiment of the present invention;
fig. 2a is a flowchart illustrating steps of a network access method according to a second embodiment of the present invention;
fig. 2b is a schematic structural diagram of a connection between a server and a file server in a usage scenario according to a second embodiment of the present invention;
fig. 3a is a flowchart illustrating steps of a network access method according to a third embodiment of the present invention;
fig. 3b is a schematic structural diagram of a connection between a server and a virtual network in a usage scenario according to a third embodiment of the present invention;
fig. 3c is a schematic structural diagram of a server, virtual network and user network connection of a usage scenario according to a third embodiment of the present invention;
fig. 4 is a block diagram of a network system according to a fourth embodiment of the present invention;
fig. 5 is a block diagram of a network access device according to a fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention.
Detailed Description
In order to better understand the technical solutions in the embodiments of the present invention, the following description will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which are derived by a person skilled in the art based on the embodiments of the present invention, shall fall within the scope of protection of the embodiments of the present invention.
The implementation of the embodiments of the present invention will be further described below with reference to the accompanying drawings.
Example 1
Referring to fig. 1a, a flowchart of steps of a network access method according to a first embodiment of the present invention is shown.
The network access method of the embodiment comprises the following steps:
step S102: and obtaining an access request of the server.
The access request of the server is used to request the server (for example, a bare metal server provided for the user to use, which may also be simply referred to as a bare metal server) to access the cloud network system, and may be in any suitable request form. The access request comprises information of an object to be accessed, which is requested to be connected by the server. The object to be accessed may be different in different usage requirements, for example, but not limited to, a file server or a virtual network.
The access request of the server includes information of an object to be accessed to which the server requests a connection, but is not limited thereto. Those skilled in the art may configure other contents included in the access request of the server as needed, which is not limited in this embodiment.
For example, when an operating system is installed in a server to make the server after accessing the cloud network system available, the object to be accessed may be a file server, and the information of the object to be accessed may be the name, IP address, or MAC address of the file server, which can identify the file server. For another example, in order to enable the server after accessing the cloud network system to be used by the user, the object to be accessed may be a virtual network (such as VPC 1) used by the user, and the information of the object to be accessed may be information capable of identifying the virtual network, such as a virtual network name or an IP address.
In one scenario as shown in fig. 1b, the server has an application portal and a BMC portal (out-of-band management portal), where the application portal is used to connect with a server access gateway to access corresponding devices in the in-band network, such as a core switch, etc., to enable transmission of server application data, and specifically, for example, the application portal of the server is connected to the first port of the server access gateway through a cable. The BMC network port is used for being connected with the out-of-band switch, so that the out-of-band switch is connected to the server out-of-band control device, the server out-of-band control device can remotely perform operations such as power-on and power-off on the server, and the purpose of remotely controlling the server through the server out-of-band control device is achieved.
It should be noted that, the in-band network and the out-of-band network shown in fig. 1b adopt conventional meanings in the art, where the in-band network is an internal network, and is used to implement exchange and transmission of internal data; the out-of-band network is an external network independent of the in-band network, and as can be seen in fig. 1b, it can be connected to the server through the server's BMC portal and remotely control the server. In the system shown in fig. 1b, the network access method according to the embodiment of the present invention may be performed by a server access gateway. The server access gateway may be a switch (e.g., a two-layer switch, a three-layer switch, etc.). Because the switch is mainstream equipment in industry, adopt it as server access gateway and make the fortune dimension personnel maintain more easily, the technical requirement to fortune dimension personnel is lower. Compared with the method that the intelligent network card is installed in the server, the method that the access from the server to the network system is completed through the intelligent network card is simpler in maintenance of the switch.
In order to make the server available after the server is accessed to the cloud network system, a corresponding operating system needs to be installed on the server, and the server with the operating system is added to a virtual network to which a virtual machine used by a user belongs, so that the user can operate the accessed server like other virtual machines in the cloud network system.
When installing an operating system to a server, the server and a file server storing an operating system source file need to be accessed into a network (i.e. a physical network of a network system), so that the server can perform data transmission with the file server, and the server can acquire the operating system source file from the file server and locally install the operating system according to the operating system source file.
After installing the operating system to the server, in order for the user to access the server and operate the server, it is necessary to add the server to a virtual network (VPC) used by the user so that the user can access the server and operate the server as if operating a virtual machine in the virtual network.
In order to achieve the above purpose of accessing the server to the network where different objects to be accessed are located, the server access gateway receives an access request of the server, and determines the objects to be accessed to which the server needs to be connected according to the access request.
Step S104: and creating a virtual local area network comprising the first port according to the first port connected with the server.
In this step, taking a server access gateway as an example, the server access gateway has a first port, and the first port is connected to the server. The server may be connected to the first port of the server access gateway through the application network port thereof in a wired manner, and of course, may also be connected to the first port of the server access gateway in a wireless manner, which is not limited in this embodiment.
It should be noted that in this embodiment, the number of servers may be one or more, and accordingly, each port connected to a server in the server access gateway may be referred to as a first port.
The server access gateway creates a virtual local area network based on the first port. The virtual local area network can be a logic network created by adopting VLAN (Virtual Local Area Network) technology, and can realize that among a plurality of servers connected to the same switch (namely, server access gateway), the servers in the same virtual local area network can access each other, and the servers in different virtual local area networks can not access each other, so that the isolation of the servers in different virtual local area networks is realized, and further, even if the servers of different users are connected in the same server access gateway, the servers can not communicate with each other, and the security of server data is ensured.
The following describes the access situation with reference to a specific example: for example, the switch includes 4 ports a to D, and 4 servers are referred to as servers 1 to 4 for convenience of description, wherein port a is connected to server 1, port B is connected to server 2, port C is connected to server 3, and port D is connected to server 4.
If user a requests to use servers 1 and 2 and user B requests to use servers 3 and 4, then a first virtual local area network (denoted VLAN 1) may be created and ports a and B contained therein, and a second virtual local area network (denoted VLAN 2) may be created and ports C and D contained therein. This allows communication between servers 1 and 2, between servers 3 and 4, and between servers 1 and 2 and servers 3 and 4. Thus, the user A can conveniently use the servers 1 and 2, the data sent by the servers 1 and 2 are not transmitted to the servers 3 and 4, the user B cannot obtain the data of the user A, and the safety of the data is ensured, and vice versa.
Of course, the virtual local area network may be a network based on VLAN technology, or may be a virtual local area network created by adopting other technologies, so long as it is ensured that the data are reliable and servers in the same virtual local area network can communicate with each other.
In this embodiment, the virtual local area network is created with a virtual local area network identification (denoted as VLAN ID) for uniquely identifying the virtual local area network. The virtual local area network identifier may be a virtual local area network identifier dynamically allocated by a management system in the network system based on the object to be accessed, and the VLAN ID may be VLAN 10, VLAN 20, etc. After the server access gateway acquires the virtual local area network identifier, a virtual local area network is created based on the virtual local area network identifier.
Step S106: and configuring a routing table corresponding to the first port according to the information of the virtual local area network and the information of the object to be accessed so as to forward the message of the server based on the routing table.
In this embodiment, the information of the virtual local area network includes, but is not limited to, virtual local area network identification (i.e., VLAN ID).
As mentioned above, if the object to be accessed is a file server (such as TFTP server), the information of the object to be accessed may be at least one of an IP address, a MAC address, and an IP address of a corresponding gateway of the file server, but is not limited thereto.
If the object to be accessed is a virtual network (e.g. VPC 1), the information of the object to be accessed may be at least one of an IP address of the virtual network and an IP address of a corresponding gateway, but is not limited thereto.
Different routing tables can be generated in the server access gateway aiming at different objects to be accessed, so that the server access gateway can forward according to the routing tables after a message related to the server reaches the server access gateway, and therefore the server and the objects to be accessed can realize data interaction.
For example, when installing an operating system to a server, the server needs to access the network of the file server to obtain an operating system source file from the file server. In this case, the server access gateway makes the default VLAN ID of the first port be the VLAN ID (e.g., VLAN 10) of the virtual local area network where the server is located. For the vlan id of the first port, an IP address of the first port (denoted as a first IP address) is configured, and the first IP address is used as an IP address of a default gateway in the process of installing the operating system.
And generating a routing table according to the first IP address and the second IP address of the file server, so that after a message sent to the file server by the server or a message returned to the server by the file server reaches the server access gateway, the server access gateway can forward according to the routing table, thereby realizing the mutual access of the server and the file server.
According to the embodiment, for a server (i.e., a physical server) which needs to be accessed to a network system such as a cloud network system, a virtual local area network comprising a first port connected with the server is created according to an access request of the server, and a routing table is generated according to information of the virtual local area network so as to forward a message of the server based on the routing table, so that connection between the server and an object to be accessed in the network system (such as an object which needs to be applied correspondingly through the server in the cloud network system) is realized. Therefore, on one hand, the server can be accessed through the virtual local area network without disassembling and assembling hardware which is suitable for accessing the cloud network system and without additionally installing an intelligent network card.
Example two
Referring to fig. 2a, a flowchart of steps of a network access method according to a second embodiment of the present invention is shown.
In this embodiment, the method is still executed by the server access gateway, and the network access method according to the embodiment of the present invention is described on the condition that an operating system is installed based on the server.
First, as shown in fig. 2b, a schematic diagram of a server connected to a file server in a network system when an operating system is installed in the server is shown.
As shown in fig. 2b, the server access gateways are at least one group, and each group of server access gateways is composed of two switches. Therefore, the server can be provided with the function of accessing the network of the network system in a highly reliable mode in a double-machine hot standby mode, and the reliability is improved.
The application network ports (such as 2 in-band application network ports) of each server are respectively connected to two switches in a group of server access gateways through a group bond mode, so that the requirement of a high-reliability access network system is met.
The out-of-band management and control network port (such as a BMC network port) of each server is connected to the out-of-band network of the network system, so that the server takes out-of-band management and control devices to power up, power down, PXE installation configuration (pre-start execution environment, preboot eXecution Environment) and other operations on the server.
The server in-band management control device uniformly manages functions of registration management of the server, installation of a server operating system, joining or leaving of the server from a virtual network of a network system and the like.
A user-owned server (e.g., a physical machine) or an application server needs to install an operating system on the server before it can be used by the user. The user may select an operating system running on the server as desired, for example: linux systems (e.g., CENTOS, UBUNTU, etc.) or WINDOWS systems (e.g., WINDOWS7, WINDOWS 10, etc.), or other operating systems.
When the server installs the operating system, the server in-band management and control device sets the server starting option as PXE through the out-of-band network, then the server is controlled to perform power-down and power-up operations through the out-of-band network, in the process, the in-band network of the server is triggered to perform PXE operations, and a flow of installing the operating system is executed.
When the operating system is installed, the server can send a message without a virtual local area network tag, the message is used for requesting to acquire the source file of the operating system, the message reaches the server access gateway, and the server access gateway forwards the message according to the routing table so that the message reaches the file server. The file server returns the requested operating system source file to the server through the server access gateway, so that the server can install the operating system. The server access gateway may then access the server with the operating system installed to the virtual network of the network system as needed for user operation and use. In the above procedure, both the server and the file server (e.g., TFTP SERVER) follow the PXE specification, thereby ensuring that the operating system can be stably installed.
In the network access method of this embodiment, based on the foregoing steps S102 to S106, and when the operating system is installed to the server, if the object to be accessed is a file server of the network system, step S106 includes the following sub-steps:
Substep S1061A: and determining a first IP address corresponding to a default gateway of the first port based on the configuration of the first port.
In one specific implementation, sub-step S1061A is implemented by processes I-III described below.
Process I: and configuring the identifier of the virtual local area network as the identifier of the virtual local area network of the first port, and configuring the first port to allow receiving the message without carrying the virtual local area network tag.
Alternatively, the first port connected to the server in the server access gateway may be configured as a two-layer port, so that multiple first ports in the same virtual lan may share one out-of-pair IP address, so that multiple servers may be managed conveniently when one user requests the servers.
The two-layer port configures a default VLAN ID (virtual local area network identification) as an identification of the virtual local area network created in step S104, for example VLAN 10, and configures the first port to allow reception of a packet without a virtual local area network tag (e.g., an ethernet packet sent by a server).
Process II: and configuring the first IP address of a default gateway of the first port for the virtual local area network identifier configured by the first port.
The first IP address of the first port is configured for the VLAN ID of the first port as the first IP address of the default gateway during installation of the operating system.
Process III: and configuring a relay IP address of the dynamic host configuration protocol corresponding to the first port for the virtual local area network identifier configured by the first port so as to forward a dynamic host configuration protocol request based on the relay IP address.
By configuring the relay IP address, the purposes of configuring a VLAN ID configured by the first port and configuring a DHCP server (dynamic host configuration protocol service) relay function of the first port are achieved, and a DHCP request message received by the Virtual Local Area Network (VLAN) is forwarded to the DHCP server of the network system, so that the server can request an own IP address from the DHCP server. Accordingly, the DHCP server of the network system needs to configure an IP address pool for allocating an IP address to the server to cooperate with the PXE operation of the server.
It should be noted that, in practical application, the execution sequence of the above process II and the process III may be not sequential, but may also be executed in parallel.
Substep S1062A: and configuring a routing table corresponding to the first port at least according to the first IP address and the information of the file server.
In one embodiment, step S1062A is implemented by processes IV-V.
Process IV: and acquiring a second IP address corresponding to the object to be accessed according to the information of the file server.
Process V: and generating the routing table according to the first IP address, the second IP address and the relay IP address.
According to the embodiment, for a server needing to be accessed to a network system such as a cloud network system, a virtual local area network comprising a first port connected with the server is created according to an access request of the server, and a routing table is generated according to information of the virtual local area network so as to forward a message of the server based on the routing table, so that connection between the server and an object to be accessed in the network system (such as an object needing to realize corresponding application through the server in the cloud network system) is realized. Therefore, on one hand, the server can be safely and rapidly accessed without disassembling and assembling hardware which is suitable for accessing the cloud network system and without additionally installing an intelligent network card, and the access cost can be reduced.
Example III
Referring to fig. 3a, a flowchart of the steps of a network access method according to a third embodiment of the present invention is shown.
In this embodiment, the method is still executed by the server access gateway, and the network access method in the embodiment of the present invention will be described by taking the virtual network of the server access network system as an example.
First, as shown in fig. 3b, a schematic diagram of a server connected to a virtual network when the server is switched to be connected to the virtual network in the network system is shown.
When a user applies for adding a server to a certain virtual network (which may be a certain VPC subnetwork, such as VPC1, etc.) on a console of a network system, the server needs to be switched from the initial physical network of the network system to the virtual network (i.e. the VPC (Virtual Private Cloud) subnetwork of the network system). So that the server can access some resources in the network system (for example, the server accesses a DNS server of the network system, or a yum source server used by the server by installing software), and the deployment service can be installed on the server. That is, the server needs to be switched between the physical network and the virtual network.
When the server is switched into the virtual network, the object to be accessed is the virtual network, such as VPC1 or VPC2, and the server access gateway executes a network access method so that the server is used as a member in the virtual network, thereby communicating with the virtual machines in the virtual network.
In this embodiment, the network access method includes the steps S102 to S106 described above. When the object to be accessed is a virtual network of a network system, the step S106 includes the following sub-steps:
substep S1061B: and configuring the identifier of the virtual local area network as the identifier of the virtual local area network of the first port.
For example, the first port is configured as a two-layer port and the VLAN ID of the first port is configured as the virtual local area network identification (e.g., VLAN ID Y) it created. In this way, the message without VLAN tag sent by the server can only enter the virtual local area network created for the message to be forwarded, but can not reach other virtual local area networks, so that the server can only access the corresponding virtual network.
In addition, the first port only allows the message with the VLAN ID Y as the virtual local area network tag to pass through. Therefore, messages with other VLAN tags (virtual local area network tags) sent by the server can be discarded when reaching the first port, so that the possibility of illegal access of the server to other virtual networks is avoided.
By combining the two configurations, the access range of the server on the server access gateway can be controlled, and the data security and isolation are ensured.
Substep S1062B: and generating the routing table according to the virtual local area network identification of the first port and the information of the virtual network.
In a specific implementation, sub-step S1062B is implemented by:
process a: and creating a virtual routing table in the routing table, and creating a table entry corresponding to the virtual network in the virtual routing table according to the information of the virtual network.
For example, a VRF (Virtual Routing and Forwarding) entry is created on a server access gateway. The VRF entries are in one-to-one correspondence with the virtual networks accessed by the server.
Such as: the server access gateway comprises ports A-G, wherein the ports A-D belong to a virtual local area network (wherein the virtual local area network is identified as VLAN 10), and servers connected with the ports A-D are servers 1-4 respectively and request to be added into the VPC 1. The ports E-G belong to another virtual local area network (wherein the virtual local area network is identified as VLAN 20) and the servers connected to it are servers 5-7, respectively, requesting to join in VPC2.
In the created virtual routing table, a corresponding VRF table item 1 is created aiming at the VPC1, and the message routing of the servers 1-4 is indicated to the VPC1; corresponding VRF entry 2 is created for VPC2, indicating that the messages of servers 5-7 are routed to VPC2.
Process b: and creating a virtual extensible local area network tunnel interface corresponding to the virtual network according to the information of the virtual network, and binding the tunnel interface to the virtual routing table.
For example, a VXLAN tunnel interface (virtual extensible local area network tunnel interface) is created on the server access gateway, whose VXLAN ID corresponds one-to-one to the virtual network to which the server requests access, and which VXLAN tunnel interface is bound into the virtual routing table.
For example, VXLAN 10 corresponds to VPC1, VXLAN 20 corresponds to VPC2, and VXLAN 10 and VXLAN 20 are bound into a virtual routing table.
Process c: and creating a private three-layer interface of the virtual local area network according to the virtual local area network identifier of the first port, and binding the private three-layer interface into the virtual routing table.
For example, a virtual local area network three-layer interface identified as a VLAN ID is created on a server access gateway and bound into the virtual routing table.
For example, a VLAN three-layer interface is created on the server access gateway, and the VLAN ID of the VLAN three-layer interface is VLAN ID Y. And binding the VLAN three-layer interface into the created virtual routing table, thus ensuring that the three-layer routing table is private and avoiding forwarding the message related to the server to other unauthorized virtual networks.
Process d: and adding a default route forwarding table entry in the virtual route table so as to forward the access request with the access object being outside the virtual network to a gateway configured in the forwarding table entry based on the forwarding table entry.
For example, a route forwarding table item in the VRF is configured on a server access gateway, and a default route forwarding table item is added, that is, the destination IP address network segment is 0.0.0.0, the subnet mask is 0.0.0.0, and the next hop is the gateway of the virtual network of the network system. Therefore, the communication flow which is sent out by the server and accesses other networks is uniformly forwarded to the gateway of the virtual network of the network system, and the gateway of the virtual network of the network system determines whether the message is sent to the virtual machine or other network segments according to the routing table item of the gateway.
The server access gateway configured in this way cooperates with the virtual network to realize the access of the server to the virtual network, so that the user can access the server like accessing the virtual machine in the virtual network.
Accordingly, in order to cooperate with the server to join in the virtual network, the gateway of the virtual network opens the communication from the virtual network to the server access gateway according to the private line access flow, and this operation may be implemented in any manner in the prior art, which is not limited in this embodiment. The server in-band management and control device allocates an IP address of a virtual network to be accessed to the server (for example, the server 1 is accessed to the VPC1, an IP address in the VPC1 is allocated to the server 1, for example, 192.168.1.12. In addition, the gateway IP is configured as a gateway IP of the virtual network to be accessed, and the allocated IP address and gateway IP of the server are solidified in a network port configuration file manner, so that the operation is the existing operation and is not repeated.
The server can be switched from the physical network to the virtual network through the server access gateway, and the message without the virtual local area network tag sent by the server is accessed to the virtual network through the VLAN ID of the first port of the server access gateway. Meanwhile, the server also distributes the IP address of the virtual network, so that the server can only communicate in the virtual network, but not in the physical network, and the potential safety hazard of the bottom layer of the network system is avoided.
The following describes a server connection to a virtual network, inter-server communication in the virtual network, and user access to a server in the virtual network in connection with a specific usage scenario:
fig. 3c shows a schematic diagram of a user accessing a server in a virtual network using a scenario.
Referring to fig. 3c, wherein the server 1 is connected to the virtual network 1 through a server access gateway. When the server sends a message without a virtual local area network tag (denoted as a message a), when the message a arrives at the server access gateway, the message a is automatically marked with a virtual local area network tag which is the same as the VLAN ID of the first port which receives the message a, so that the message a can be ensured to be transmitted only in the virtual local area network to which the server 1 belongs. According to the destination address (i.e. the IP address of the object to be accessed) contained in the message A, the server access gateway searches the virtual routing table, and forwards the virtual routing table to the virtual network 1 according to the searching result, thereby realizing communication.
When the server 2 and the server 1 join the same virtual network (e.g. VPC 1) under the same virtual network access gateway, that is, access to the same subnet, the first port of the server 2 connected to the server access gateway is configured with the same port default VLAN ID as that of the server 1, so that the server 1 and the server 2 can communicate with each other.
When the server 2 and the server 1 are connected to different virtual networks under the same virtual network access gateway (e.g. the server 1 joins the VPC1 and the server 2 joins the VPC 2), that is, the joining subnets are different, the same virtual local area network identifier is configured on the first port corresponding to the server 1 and the server 2, and the table entry of the corresponding virtual routing table is configured on the server access gateway, so that the server 2 and the server 1 can communicate with each other.
When the server 1 and the server 2 join virtual networks under different virtual network access gateways (e.g., VPC1 and VPC2 belong to different virtual network access gateways), that is, join different virtual networks, interworking is not possible because the server 2 and the server 1 belong to different VPCs.
If the server 1 and the server 2 are required to communicate, the server 1 and the server 2 can communicate by configuring two virtual networks on a network system.
When the user's equipment needs to access the server to deploy the application and monitor the operation and maintenance, the user's network (or IDC, internet Data Center, internet data center) is connected to the virtual network to which the server belongs by means of a conventional cloud private line, etc., and on the virtual network access gateway of the virtual network, the route supporting the user's network can forward the user's message to the route of the virtual network to which the server is accessed (see the flow indication indicated by the central line in fig. 3 c), thereby realizing the routing between the user's network and the virtual network of the server, and thus, the user can deploy the service and the operation and maintenance application on the server.
By configuring the server access gateway, 3 difficulties of joining the virtual network by the existing server are solved, namely, safe access, rapid joining, deployment and operation and maintenance. The secure access means that the server must be switched from the physical network to which the operating system is attached to the virtual network, so as to achieve the purpose of accessing the network system network safely without threatening the security of the bottom layer of the network system. The fast joining refers to fast joining of the server to the virtual network through the coordinated and consistent coordination of the server access gateway, the virtual network access gateway, the server in-band management and the server out-of-band management. The deployment and operation refers to the fact that a user network is connected to a virtual network of a network system through conventional private line access capability, and can log in to a server to perform application deployment and operation.
The access of the server is realized by adopting a server access gateway mode, the server of the client is not invaded, the existing virtual network architecture of the network system is not required to be reconstructed, and the scheme is simple and the cost is low. Compared with the scheme using the intelligent network card, each server is not required to install the intelligent network card, and the intelligent network card is used for completing the conversion from the physical network to the virtual network. This avoids high customer investment in the early stages. And the user does not need to manually disassemble the case of each server to install the intelligent network card, and meanwhile, does not need to configure a management channel for the intelligent network card so as to facilitate the network system to manage the configuration of the intelligent network card, thereby reducing the cost of the user to install and configure. In addition, the problem that the intelligent network card is a black box for users, so that the later operation and maintenance cost is high is solved.
By using the server access gateway, the physical network which is physically connected to the network system can be realized by connecting the server with the server access gateway, the physical network is available, and the server access gateway can access the server to the virtual network of the network system according to the requirement.
Example IV
Referring to fig. 4, a block diagram of a network system according to a fourth embodiment of the present invention is shown.
The network system of the present embodiment includes: the server access gateway 402, at least one object to be accessed 404 connected with the server access gateway, and a server 406 connected with the server access gateway, wherein the server access gateway 402 is used for executing the network access method, so that the server 406 is in communication connection with the corresponding object to be accessed through the server access gateway.
By accessing the gateway through the server, the network system (such as a cloud network system) can be accessed without intrusion into the server and without hardware disassembly. An operating system can be installed for a server through a server access gateway, the server is accessed to a virtual network of a network system, and an operation and maintenance channel of the server is provided. Therefore, the security requirement is met, and the server can be quickly accessed to the virtual network, so that the client can safely and quickly deploy the application, and the user experience is improved.
Optionally, the number of the server access gateways is at least two, and the first network port of the server is connected with the at least two server access gateways in a link aggregation mode, so that the safe, rapid and reliable connection between the server and the network system can be ensured.
The first portal may be an application portal of the server.
Optionally, the network system further includes an out-of-server management and control device 408, where the out-of-server management and control device 408 is communicatively connected to the server through a second port of the server, and is configured to configure a port configuration file of the server, where the port configuration file includes a gateway IP address of the virtual network and an IP address of the server in the virtual network that requests access.
The second portal may be a BMC portal.
The server can be remotely controlled through the server out-of-band management and control device, and when the server has faults and needs to be restarted or an operating system is remotely installed, the server can be conveniently operated through the server out-of-band management and control device, so that the server deployment is not limited by a geographic space.
Example five
Referring to fig. 5, a block diagram of a network access device according to a fifth embodiment of the present invention is shown.
The network access device of the present embodiment is applied to a server access gateway connected to a server, and includes:
an obtaining module 502, configured to obtain an access request of a server, where the access request includes information of an object to be accessed that requests connection;
A creating module 504, configured to create a virtual local area network including a first port connected to the server according to the first port; the method comprises the steps of carrying out a first treatment on the surface of the
And a generating module 506, configured to configure a routing table corresponding to the first port according to the information of the virtual local area network and the information of the object to be accessed, so as to forward the message of the server based on the routing table.
Optionally, if the object to be accessed is a file server, the generating module 506 includes:
a first configuration module 5061, configured to determine, based on a configuration of the first port, a first IP address corresponding to a default gateway of the first port;
the first route generating module 5062 is configured to configure a routing table corresponding to the first port according to at least the first IP address and the information of the file server.
Optionally, the first configuration module 5061 is configured to configure the identifier of the virtual local area network as the identifier of the virtual local area network of the first port, and configure the first port to allow receiving a message that does not carry a virtual local area network tag; and configuring the first IP address of a default gateway of the first port for the virtual local area network identifier configured by the first port.
Optionally, the first configuration module 5061 is further configured to configure, for the virtual local area network identifier configured by the first port, a relay IP address of the dynamic host configuration protocol corresponding to the first port, so as to forward the dynamic host configuration protocol request based on the relay IP address.
Optionally, the first route generating module 5062 is configured to obtain, according to the information of the file server, a second IP address corresponding to the object to be accessed; and generating the routing table according to the first IP address, the second IP address and the relay IP address.
Optionally, if the object to be accessed is a virtual network of the network system, the generating module 506 includes:
a second configuration module 5063, configured to configure the identifier of the virtual local area network as a virtual local area network identifier of the first port;
a second route generation module 5064, configured to generate the routing table according to the virtual lan identifier of the first port and the information of the virtual network.
Optionally, the second route generation module 5064 is configured to create a virtual route table in the route table, and create an entry corresponding to the virtual network in the virtual route table according to the information of the virtual network; creating a virtual extensible local area network tunnel interface corresponding to the virtual network according to the information of the virtual network, and binding the tunnel interface to the virtual routing table; and creating a private three-layer interface of the virtual local area network according to the virtual local area network identifier of the first port, and binding the private three-layer interface into the virtual routing table.
Optionally, the second route generating module 5064 is further configured to add a default route forwarding table entry in the virtual route table, so as to forward, based on the forwarding table entry, an access request with an access object being outside the virtual network to a gateway configured in the forwarding table entry.
The network access device of the present embodiment is configured to implement the corresponding network access method in the foregoing multiple method embodiments, and has the beneficial effects of the corresponding method embodiments, which are not described herein. In addition, the functional implementation of each module in the network access device of the present embodiment may refer to the description of the corresponding parts in the foregoing method embodiments, which is not repeated herein.
Example six
Referring to fig. 6, a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention is shown, and the specific embodiment of the present invention is not limited to the specific implementation of the electronic device.
As shown in fig. 6, the electronic device may include: a processor 602, a communication interface (Communications Interface), a memory 606, and a communication bus 608.
Wherein:
processor 602, communication interface 604, and memory 606 perform communication with each other via communication bus 608.
Communication interface 604 is used to communicate with other electronic devices, such as terminal devices or servers.
The processor 602 is configured to execute the program 610, and may specifically perform relevant steps in the above-described network access method embodiment.
In particular, program 610 may include program code including computer-operating instructions.
The processor 602 may be a central processing unit CPU or a specific integrated circuit ASIC (Application Specific Integrated Circuit) or one or more integrated circuits configured to implement embodiments of the present invention. The one or more processors included in the electronic device may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
A memory 606 for storing a program 610. The memory 606 may comprise high-speed RAM memory or may further comprise non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 610 may be configured in a server access gateway, and may specifically be configured to cause the processor 602 to: obtaining an access request of a server, wherein the access request comprises information of an object to be accessed requesting connection; creating a virtual local area network comprising a first port according to the first port connected with the server; and configuring a routing table corresponding to the first port according to the information of the virtual local area network and the information of the object to be accessed so as to forward the message of the server based on the routing table.
In an alternative embodiment, if the object to be accessed is a file server, the program 610 is further configured to cause the processor 602 to determine, when configuring a routing table corresponding to the first port according to the information of the virtual local area network and the information of the object to be accessed, a first IP address corresponding to a default gateway of the first port based on the configuration of the first port; and configuring a routing table corresponding to the first port at least according to the first IP address and the information of the file server.
In an alternative embodiment, the program 610 is further configured to cause the processor 602 to configure the identifier of the virtual local area network as the virtual local area network identifier of the first port, and configure the first port to allow receiving a packet that does not carry a virtual local area network tag when determining, based on the configuration of the first port, a first IP address corresponding to a default gateway of the first port; and configuring the first IP address of a default gateway of the first port for the virtual local area network identifier configured by the first port.
In an alternative embodiment, the program 610 is further configured to, when determining, based on the configuration of the first port, a first IP address corresponding to a default gateway of the first port, configure, for a virtual local area network identifier configured by the first port, a relay IP address of a dynamic host configuration protocol corresponding to the first port, so as to forward a dynamic host configuration protocol request based on the relay IP address.
In an alternative embodiment, the program 610 is further configured to cause the processor 602 to obtain, when configuring the routing table corresponding to the first port according to at least the first IP address and the information of the file server, a second IP address corresponding to the object to be accessed according to the information of the file server; the routing table is generated from the first IP address, the second IP address, and the relay I P address.
In an alternative embodiment, if the object to be accessed is a virtual network of a network system, the program 610 is further configured to cause the processor 602 to configure, when configuring a routing table corresponding to the first port according to the information of the virtual local area network and the information of the object to be accessed, an identifier of the virtual local area network as a virtual local area network identifier of the first port; and generating the routing table according to the virtual local area network identification of the first port and the information of the virtual network.
In an alternative embodiment, the program 610 is further configured to cause the processor 602 to create a virtual routing table in the routing table when generating the routing table according to the virtual local area network identifier of the first port and the information of the virtual network, and create an entry corresponding to the virtual network in the virtual routing table according to the information of the virtual network; creating a virtual extensible local area network tunnel interface corresponding to the virtual network according to the information of the virtual network, and binding the tunnel interface to the virtual routing table; and creating a private three-layer interface of the virtual local area network according to the virtual local area network identifier of the first port, and binding the private three-layer interface into the virtual routing table.
In an alternative embodiment, the program 610 is further configured to cause the processor 602 to add a default routing forwarding table entry in the virtual routing table when generating the routing table according to the virtual local area network identifier of the first port and the information of the virtual network, so as to forward, based on the forwarding table entry, an access request with an access object being outside the virtual network to a gateway configured in the forwarding table entry.
It should be noted that, according to implementation requirements, each component/step described in the embodiments of the present invention may be split into more components/steps, or two or more components/steps or part of operations of the components/steps may be combined into new components/steps, so as to achieve the objects of the embodiments of the present invention.
The above-described methods according to embodiments of the present invention may be implemented in hardware, firmware, or AS software or computer code storable in a recording medium such AS a CD ROM, RAM, floppy disk, hard disk, or magneto-optical disk, or AS computer code originally stored in a remote recording medium or a non-transitory machine-readable medium and to be stored in a local recording medium downloaded through a network, so that the methods described herein may be processed by such software on a recording medium using a general purpose computer, a special purpose processor, or programmable or dedicated hardware such AS an AS ic or FPGA. It is understood that a computer, processor, microprocessor controller, or programmable hardware includes a storage component (e.g., RAM, ROM, flash memory, etc.) that can store or receive software or computer code that, when accessed and executed by a computer, processor, or hardware, implements the network access methods described herein. Further, when the general-purpose computer accesses code for implementing the network access method shown herein, execution of the code converts the general-purpose computer into a special-purpose computer for executing the network access method shown herein.
Those of ordinary skill in the art will appreciate that the elements and method steps of the examples described in connection with the embodiments disclosed herein can be implemented as electronic hardware, or as a combination of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the embodiments of the present invention.
The above embodiments are only for illustrating the embodiments of the present invention, but not for limiting the embodiments of the present invention, and various changes and modifications may be made by one skilled in the relevant art without departing from the spirit and scope of the embodiments of the present invention, so that all equivalent technical solutions also fall within the scope of the embodiments of the present invention, and the scope of the embodiments of the present invention should be defined by the claims.
Claims (12)
1. A network access method, comprising:
obtaining an access request of a server, wherein the access request comprises information of an object to be accessed requesting connection;
creating a virtual local area network comprising a first port according to the first port connected with the server;
Configuring a routing table corresponding to the first port according to the information of the virtual local area network and the information of the object to be accessed so as to forward the message of the server based on the routing table;
the configuring a routing table corresponding to the first port according to the information of the virtual local area network and the information of the object to be accessed includes:
if the object to be accessed is a file server, configuring the identifier of the virtual local area network as the virtual local area network identifier of the first port, configuring the first port to allow receiving a message without carrying a virtual local area network tag, configuring a first IP address corresponding to a default gateway of the first port for the virtual local area network identifier configured by the first port, and configuring the first port connected with the server in a server access gateway as a two-layer port; and configuring a routing table corresponding to the first port at least according to the first IP address and the information of the file server.
2. The method of claim 1, wherein the determining, based on the configuration of the first port, a first IP address corresponding to a default gateway of the first port, further comprises;
And configuring a relay IP address of the dynamic host configuration protocol corresponding to the first port for the virtual local area network identifier configured by the first port so as to forward a dynamic host configuration protocol request based on the relay IP address.
3. The method of claim 2, wherein the configuring the routing table corresponding to the first port according to at least the first IP address and the information of the file server includes:
acquiring a second IP address corresponding to the object to be accessed according to the information of the file server;
and generating the routing table according to the first IP address, the second IP address and the relay IP address.
4. The method of claim 1, wherein configuring the routing table corresponding to the first port according to the information of the virtual local area network and the information of the object to be accessed comprises:
if the object to be accessed is a virtual network of a network system, configuring the identifier of the virtual local area network as the virtual local area network identifier of the first port;
and generating the routing table according to the virtual local area network identification of the first port and the information of the virtual network.
5. The method of claim 4, wherein the generating the routing table from the virtual local area network identification of the first port and the virtual network information comprises:
Creating a virtual routing table in the routing table, and creating a table entry corresponding to the virtual network in the virtual routing table according to the information of the virtual network;
creating a virtual extensible local area network tunnel interface corresponding to the virtual network according to the information of the virtual network, and binding the tunnel interface to the virtual routing table;
and creating a private three-layer interface of the virtual local area network according to the virtual local area network identifier of the first port, and binding the private three-layer interface into the virtual routing table.
6. The method of claim 5, wherein the generating the routing table from the virtual local area network identification of the first port and the virtual network information further comprises:
and adding a default route forwarding table entry in the virtual route table so as to forward the access request with the access object being outside the virtual network to a gateway configured in the forwarding table entry based on the forwarding table entry.
7. A network system comprising a server access gateway, at least one object to be accessed connected to the server access gateway, and a server connected to the server access gateway, the server access gateway being configured to perform the network access method of any one of claims 1-6, such that the server is communicatively connected to a corresponding object to be accessed through the server access gateway.
8. The network system of claim 7, wherein the number of server access gateways is at least two, and the first portal of the server is connected to the at least two server access gateways by link aggregation.
9. The network system according to claim 7, wherein the network system further comprises a server in-band management and control device, the server in-band management and control device is in communication connection with the server through a second portal of the server and is used for configuring a portal configuration file of the server, wherein the portal configuration file includes a gateway IP address of a virtual network and an IP address of the server in the virtual network requesting access.
10. A network access device, comprising:
the access request comprises information of an object to be accessed, which is requested to be connected by the server;
the creation module is used for creating a virtual local area network comprising a first port according to the first port connected with the server;
the generation module is used for configuring a routing table corresponding to the first port according to the information of the virtual local area network and the information of the object to be accessed so as to forward the message of the server based on the routing table;
The generating module is configured to configure the identifier of the virtual local area network as the virtual local area network identifier of the first port if the object to be accessed is a file server, configure the first port to allow receiving a message without carrying a virtual local area network tag, and configure a first IP address corresponding to a default gateway of the first port for the virtual local area network identifier configured by the first port; and configuring a routing table corresponding to the first port at least according to the first IP address and the information of the file server.
11. An electronic device, comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is configured to store at least one executable instruction that causes the processor to perform operations corresponding to the network access method according to any one of claims 1-6.
12. A computer storage medium having stored thereon a computer program which when executed by a processor implements the network access method according to any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010658503.3A CN113923149B (en) | 2020-07-09 | 2020-07-09 | Network access method, device, network system, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010658503.3A CN113923149B (en) | 2020-07-09 | 2020-07-09 | Network access method, device, network system, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113923149A CN113923149A (en) | 2022-01-11 |
| CN113923149B true CN113923149B (en) | 2023-12-19 |
Family
ID=79232076
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010658503.3A Active CN113923149B (en) | 2020-07-09 | 2020-07-09 | Network access method, device, network system, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113923149B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115550257A (en) * | 2022-10-17 | 2022-12-30 | 昆明能讯科技有限责任公司 | Method for realizing data routing processing between power distribution type systems and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101001455A (en) * | 2006-06-23 | 2007-07-18 | 华为技术有限公司 | Method and system for radio terminal wire accessing interconnected network |
| CN106375176A (en) * | 2016-08-29 | 2017-02-01 | 无锡华云数据技术服务有限公司 | Method for accessing physical machine to cloud platform |
| CN106888145A (en) * | 2017-03-17 | 2017-06-23 | 新华三技术有限公司 | A kind of VPN resource access methods and device |
| CN108768692A (en) * | 2018-04-18 | 2018-11-06 | 华为技术有限公司 | A kind of network creation method, relevant device and system |
-
2020
- 2020-07-09 CN CN202010658503.3A patent/CN113923149B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101001455A (en) * | 2006-06-23 | 2007-07-18 | 华为技术有限公司 | Method and system for radio terminal wire accessing interconnected network |
| CN106375176A (en) * | 2016-08-29 | 2017-02-01 | 无锡华云数据技术服务有限公司 | Method for accessing physical machine to cloud platform |
| CN106888145A (en) * | 2017-03-17 | 2017-06-23 | 新华三技术有限公司 | A kind of VPN resource access methods and device |
| CN108768692A (en) * | 2018-04-18 | 2018-11-06 | 华为技术有限公司 | A kind of network creation method, relevant device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113923149A (en) | 2022-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220123960A1 (en) | Data Packet Processing Method, Host, and System | |
| US10389542B2 (en) | Multicast helper to link virtual extensible LANs | |
| CN107005471B (en) | Universal customer premises equipment | |
| US9397856B2 (en) | Virtual tunnel network router | |
| US10091274B2 (en) | Method, device, and system for controlling network device auto-provisioning | |
| CN103580980B (en) | The method and device thereof that virtual network finds and automatically configures automatically | |
| EP2351315B1 (en) | A virtualization platform | |
| US20120131579A1 (en) | Method and system for deploying at least one virtual network on the fly and on demand | |
| US11032369B1 (en) | System and method for non-disruptive migration of software components to a public cloud system | |
| US9143480B2 (en) | Encrypted VPN connection | |
| CN114070723B (en) | Virtual network configuration method and system of bare metal server and intelligent network card | |
| CN107770010B (en) | OpenFlow-based home networking method and system | |
| US10178068B2 (en) | Translating network attributes of packets in a multi-tenant environment | |
| JP2022541381A (en) | COMMUNICATION METHOD, GATEWAY, AND MANAGEMENT METHOD AND APPARATUS IN HYBRID CLOUD ENVIRONMENT | |
| CN105706424A (en) | Connecting radio base stations via a third party network | |
| CN108574613B (en) | Two-layer intercommunication method and device for SDN data center | |
| CN113923149B (en) | Network access method, device, network system, electronic equipment and storage medium | |
| CN107113333A (en) | The configuration of server apparatus | |
| CN112667293B (en) | Method, device and storage medium for deploying operating system | |
| US11128558B2 (en) | Automatic routing configuration between hosts and network layer devices | |
| CN115865601A (en) | SDN network communication system of cross-cloud data center | |
| CN105516121B (en) | The method and system that AC is communicated with AP in WLAN | |
| KR102386386B1 (en) | Router with selective VPN connection function of terminal and VPN connection method of terminal using the same | |
| CN111917858B (en) | Remote management system, method, device and server | |
| US11303511B2 (en) | Boot server support in an enterprise fabric network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |