CN114070789A - Method for realizing external network multi-line access based on OpenStack - Google Patents
Method for realizing external network multi-line access based on OpenStack Download PDFInfo
- Publication number
- CN114070789A CN114070789A CN202111357884.2A CN202111357884A CN114070789A CN 114070789 A CN114070789 A CN 114070789A CN 202111357884 A CN202111357884 A CN 202111357884A CN 114070789 A CN114070789 A CN 114070789A
- Authority
- CN
- China
- Prior art keywords
- virtual
- network
- address
- interface
- router
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000013507 mapping Methods 0.000 claims abstract description 15
- 238000012545 processing Methods 0.000 claims abstract description 7
- 238000004891 communication Methods 0.000 description 7
- 239000000306 component Substances 0.000 description 6
- 206010047289 Ventricular extrasystoles Diseases 0.000 description 4
- 238000005129 volume perturbation calorimetry Methods 0.000 description 4
- 101000652292 Homo sapiens Serotonin N-acetyltransferase Proteins 0.000 description 3
- 102100030547 Serotonin N-acetyltransferase Human genes 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/58—Association of routers
- H04L45/586—Association of routers of virtual routers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
Abstract
The invention discloses a method for realizing external network multi-line access based on OpenStack, which comprises the following steps: acquiring an IP address of an operator; summarizing and mapping the acquired IP addresses to an intranet address with a preset digit; the virtual router is set to an external gateway connected to a first preset IP in a gateway setting mode, a first interface is formed in the virtual router, and a second preset IP of the first interface is used for connecting an external network; creating a plurality of virtual routing table files in a virtual router so as to correspond to an operator through each virtual routing table file; creating a policy route in the virtual router to associate different addresses with the virtual routing table; connecting the tenant network to a virtual router, and generating a second interface in the router, wherein the IP of the second interface is an internal gateway address of the tenant network for connecting an internal network; the floating IP is configured on an external interface of the virtual router through a neutron component, and the processing rule of the floating IP is set in the virtual routing table file.
Description
Technical Field
The invention relates to the technical field of OpenStack external network multi-line access, in particular to a method for realizing external network multi-line access based on OpenStack.
Background
The OpenStack is an open-source cloud operating system, and can control resource pools such as large-scale computation, storage, networks and the like through a data center. All management can be done through a front-end interface administrator, and end users can also be made to deploy resources through a web interface.
OpenStack supports almost all types of cloud environments, has become a mainstream IaaS (infrastructure as a service) standard, provides a solution for infrastructure as a service (IaaS) by various services, each of which provides an API for integration. Because a plurality of network server providers exist in China currently, and network resources provided by different network providers are different in address, gateway and the like, underlying users cannot be flexibly and conveniently used. Either a network wire change or an address change.
Disclosure of Invention
The invention aims to provide a method for realizing external network multi-line access based on OpenStack, aiming at accessing different multi-network access provider services to an OpenStack cluster. The bottom layer user can easily obtain the network resources of different operators by using different formatting IP modes. Therefore, flexible, freely controllable and multi-network resource access and allocation are realized.
In order to achieve the above object, the present invention provides a method for implementing external network multi-line access based on OpenStack, including:
acquiring an IP address of an operator;
summarizing and mapping the acquired IP addresses to an intranet address with a preset digit;
the method comprises the steps that a virtual route created by a neutron component based on Openstack is set to an external gateway connected to a first preset IP in a gateway setting mode, a first interface is formed in a virtual router, and a second preset IP of the first interface is used for connecting an external network;
creating a plurality of virtual routing table files in a virtual router so as to correspond to an operator through each virtual routing table file;
creating a policy route in the virtual router to associate different addresses with the virtual routing table;
connecting the tenant network to a virtual router, and generating a second interface in the router, wherein the IP of the second interface is an internal gateway address of the tenant network for connecting an internal network;
the floating IP is configured on an external interface of the virtual router through the neutron component, and processing rules of the floating IP are set in the virtual routing table file, wherein the processing rules comprise: when the router receives a packet sent from an external network, if the destination address is the first floating IP, the destination address is modified to the IP of the first tenant, so that the received additional network packet is sent to the first tenant, and when the first tenant sends data to the external network, the original address is modified to be the second floating IP.
In one implementation, the step of summarizing and mapping the acquired IP addresses to an intranet address with a preset number of bits includes:
and realizing netmap through an external interface, and assembling and mapping the acquired IP addresses to a 16-bit intranet address.
The method for realizing the multi-line access of the external network based on the OpenStack provided by the embodiment of the invention has the advantages that multiple operators access, the tolerance for the access mode is high, and the existing network environment does not need to be changed. Even compatibility with legacy networks. All operations are finished in an Openstack platform layer, a user does not sense the operations, a server does not need to be invaded, and the risk is low. The resource switching is simple and flexible, and the requirements on operators are reduced.
Drawings
Fig. 1 is a first flowchart of a method for implementing multi-line access to an external network based on OpenStack.
Fig. 2 is a schematic flow chart of a second method for implementing multi-line access to an external network based on OpenStack.
Fig. 3 is a schematic diagram of an embodiment of a method for implementing multi-line access to an external network based on OpenStack.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention.
As shown in fig. 1-3, the present invention provides a method for implementing external network multi-line access based on OpenStack, including:
s101, acquiring an IP address of an operator;
s102, summarizing and mapping the acquired IP addresses to an intranet address with a preset digit;
s103, based on a virtual route created by the neutron component of Openstack, the virtual route is set to an external gateway connected to a first preset IP in a gateway setting mode, a first interface is formed in the virtual router, and a second preset IP of the first interface is used for connecting an external network;
s104, a plurality of virtual routing table files are established in the virtual router so as to correspond to an operator through each virtual routing table file;
s105, establishing a policy route in the virtual router so as to associate different addresses with a virtual route table;
s106, connecting the tenant network to the virtual router, and generating a second interface in the router, wherein the IP of the second interface is the internal gateway address of the tenant network and is used for connecting the internal network;
s107, the floating IP is configured on the external interface of the virtual router through the neutron component, and the processing rule of the floating IP is set in the virtual routing table file, wherein the processing rule comprises: when the router receives a packet sent from an external network, if the destination address is the first floating IP, the destination address is modified to the IP of the first tenant, so that the received additional network packet is sent to the first tenant, and when the first tenant sends data to the external network, the original address is modified to be the second floating IP.
In general, an external network interface in an openstack platform only has a public network address field and a gateway of an operator, and partial programs in network services are replaced by the method and the system. The addresses of a plurality of operators can be abstracted into a 16-bit intranet address segment, different addresses can be assigned to different operator networks on the intranet address segment, and the virtual machine of the tenant is loaded with the abstracted intranet segment and is not sensed when the public network address is switched.
It should be noted that Neutron is a core component of OpenStack, and the positioning thereof is: naas (network as a service). Neutron realizes the network bridge function of internal and external network communication, and realizes the conversion and distribution of two-layer and three-layer network communication agents, namely, tenant network and public network addresses. When the cloud platform node scale and the business scale are increased, the performance and the reliability of the Neutron service are greatly dependent.
As will be understood by those skilled in the art, all packet communications need to be sent to the vroters in the respective VPC areas (the vroters of the VPCs may be on one network node or multiple network nodes), and the vroters convert the VPC intranet addresses nat into EIP addresses in a floating IP manner, and then perform layer 2 (same network segment) or layer 3 (cross-network segment) communications between the EIP addresses. Communication between EIPs goes to a physical switch or a physical router.
When the virtual machine accesses the internet or performs cross-data center service, network communication is completed through L3, namely, a network node. All traffic destined for the public network or across the data traffic will first be sent to the vRouter of the respective VPC. The vRouter accesses the public network by way of floating IP or by way of SNAT. The difference is that floating IP is adapted to take external distribution services with one-to-one mapping of the external network addresses, whereas SNAT is adapted to access the external network by virtual machines, which can share one external address with multiple virtual machines.
Specifically, as shown in fig. 2 and fig. 3, in the embodiment of the present invention, an IP (24 bits) of operator 1, an IP (24 bits) of operator 2, and an IP (24 bits) of operator 3 may be obtained, in the specific embodiment, for example, in the existing three operators, mobile, universal, and telecommunication. Assume that the IP address of the public telecommunication network is: 202.96.209.0/24(0-24), IP address of the public network of UNICOM is: 58.246.194.0/24; the IP address of the mobile public network is as follows: 114.141.24.0/24.
The netmap is realized through an external interface, that is, the IP is converged and mapped to a 16-bit intranet address, for example:
202.96.209.0/24 to 10.255.0.10/16;
58.246.194.0/24 mapping to 10.255.0.10/16
114.141.24.0/24 mapping to 10.255.0.10/16
A virtual router vRouter is created through a neutron component of openstack, a Gateway connected to 10.255.0.10/16 is arranged outside in the vRouter in a Set Gateway mode, and meanwhile a new interface is added in the vRouter, wherein the IP is 10.255.0.2 for connecting with an external network.
In the vRouter, through a developed script program, multiple virtual routing table files are created corresponding to different operators, for example:
telecommunication: CT ID: 101
Communication: CU ID: 102
Moving: CM ID: 103
Different addresses are associated with the virtual routing table through the strategy routing created by the developed script program in the vRouter, and the IP of 10.255.0.10/1 is issued to the tenant in the form of a formatting IP in the access example of the virtual machine in the entering and exiting direction.
SNAT examples
VM 192.168.1.11 bound to the public telecommunication network is first converted to 10.255.0.10, and then this address is mapped to 202.96.209.1. I.e. 192.168.1.11 access to the telecommunications direction is translated into 202.96.209.1 access to this telecommunications address. The mapping is unique and the entire conversion process is recorded in the virtual routing table.
The VM 192.168.1.21 bound to the public network is first converted to 10.255.0.11 and then mapped to 58.246.194.3. I.e., 192.168.1.21 access to the direction of the link is translated into 58.246.194.3 access to the address of the link. The mapping is unique and the entire conversion process is recorded in the virtual routing table.
DNAT examples
When a user accesses 202.96.209.1, it will be mapped to 10.255.0.10 this address and translated into an access of 192.168.1.11.
Example of routing
The data packet sent by VM 192.168.1.11 arrives at 192.168.1.1 (internal gateway) and nat is converted into 10.255.0.10(nat), and 10.255.0.10 with changed address sends the data packet to 10.255.0.1 (external gateway) and maps to 202.96.209.1 (mapping).
Operator network: the network address provided by the operator can be used for issuing the service. Each operator provides a network with independence. The IP across operators cannot be universal by default.
Openstack: the node running the program of the invention is responsible for running the virtual router, accessing the network resources of the operator and establishing the computing resources of the management tenant.
As shown in fig. 2 and 3, the program main body of the present invention: and a background process is operated in the openstack platform to be used as an enhancement and replacement of the openstack network component. And the system is responsible for establishing multiple operator resources in different virtual routing tables and establishing the corresponding relation between the IPs and the internal network segment. These correspondences are re-recorded in the virtual routing table.
Virtual routing table: in the linux system, the file is in the form of a file, and the file records the next hop address of the data packet to the final destination and the mapping relationship established by the program file.
Virtual router (vruter): and carrying a virtual routing table, and establishing a route through the virtual routing table entry. Analyzing the destination address of the data packet transmitted by various different types of networks, and converting the address of the non-TCP/IP network into a TCP/IP address, or vice versa; then, the data packets are transmitted to the designated position according to the optimal route according to the selected routing algorithm
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.
Claims (2)
1. A method for realizing external network multi-line access based on OpenStack is characterized by comprising the following steps:
acquiring an IP address of an operator;
summarizing and mapping the acquired IP addresses to an intranet address with a preset digit;
the method comprises the steps that a virtual route created by a neutron component based on Openstack is set to an external gateway connected to a first preset IP in a gateway setting mode, a first interface is formed in a virtual router, and a second preset IP of the first interface is used for connecting an external network;
creating a plurality of virtual routing table files in a virtual router so as to correspond to an operator through each virtual routing table file;
creating a policy route in the virtual router to associate different addresses with the virtual routing table; the policy routing is a set of routes to be taken for a data packet to travel from a sending end to a destination, the policy routing is a refinement of the routing and is a more flexible data packet routing forwarding mechanism than routing based on a target network, and the virtual routing table is a file for recording the routing;
connecting the tenant network to a virtual router, and generating a second interface in the router, wherein the IP of the second interface is an internal gateway address of the tenant network for connecting an internal network;
the floating IP is configured on an external interface of the virtual router through the neutron component, and processing rules of the floating IP are set in the virtual routing table file, wherein the processing rules comprise: when the router receives a packet sent from an external network, if the destination address is the first floating IP, the destination address is modified to the IP of the first tenant, so that the received additional network packet is sent to the first tenant, and when the first tenant sends data to the external network, the original address is modified to be the second floating IP.
2. A method for realizing external network multi-line access based on OpenStack is characterized in that the step of summarizing and mapping the acquired IP addresses to an intranet address with a preset digit comprises the following steps:
and realizing netmap through an external interface, and assembling and mapping the acquired IP addresses to a 16-bit intranet address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111357884.2A CN114070789B (en) | 2021-11-16 | 2021-11-16 | Method for realizing external network multi-line access based on OpenStack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111357884.2A CN114070789B (en) | 2021-11-16 | 2021-11-16 | Method for realizing external network multi-line access based on OpenStack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114070789A true CN114070789A (en) | 2022-02-18 |
| CN114070789B CN114070789B (en) | 2023-04-11 |
Family
ID=80272792
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111357884.2A Active CN114070789B (en) | 2021-11-16 | 2021-11-16 | Method for realizing external network multi-line access based on OpenStack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114070789B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010096963A1 (en) * | 2009-02-27 | 2010-09-02 | 华为技术有限公司 | Configuration method and apparatus for wireless backhaul ip address |
| CN104407913A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | Method for implementing two-wire access through virtual machine with single network card |
| CN105391771A (en) * | 2015-10-16 | 2016-03-09 | 张陵 | Multi-tenant-oriented cloud network architecture |
| CN105635332A (en) * | 2015-12-21 | 2016-06-01 | 国云科技股份有限公司 | Method for multiple virtual machines to share IP of single external network |
| CN107342895A (en) * | 2017-06-26 | 2017-11-10 | 网宿科技股份有限公司 | A kind of network optimized approach of multi-tenant, system, computing device and storage medium |
| CN107770062A (en) * | 2016-08-16 | 2018-03-06 | 北京金山云网络技术有限公司 | A kind of data packet sending method, device and the network architecture |
| WO2018162058A1 (en) * | 2017-03-08 | 2018-09-13 | Huawei Technologies Co., Ltd. | Flattening l3 routing in sdn using proactive shortest path |
| CN109743415A (en) * | 2019-02-27 | 2019-05-10 | 上海浪潮云计算服务有限公司 | A kind of public cloud network resilience IP realization method and system |
| CN112165432A (en) * | 2020-09-07 | 2021-01-01 | 广州锦行网络科技有限公司 | Method for realizing communication between OpenStack virtual machine and outside |
| US20210218598A1 (en) * | 2020-01-14 | 2021-07-15 | Cisco Technology, Inc. | Isolation and Segmentation in Multi-Cloud Interconnects |
-
2021
- 2021-11-16 CN CN202111357884.2A patent/CN114070789B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010096963A1 (en) * | 2009-02-27 | 2010-09-02 | 华为技术有限公司 | Configuration method and apparatus for wireless backhaul ip address |
| CN104407913A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | Method for implementing two-wire access through virtual machine with single network card |
| CN105391771A (en) * | 2015-10-16 | 2016-03-09 | 张陵 | Multi-tenant-oriented cloud network architecture |
| CN105635332A (en) * | 2015-12-21 | 2016-06-01 | 国云科技股份有限公司 | Method for multiple virtual machines to share IP of single external network |
| CN107770062A (en) * | 2016-08-16 | 2018-03-06 | 北京金山云网络技术有限公司 | A kind of data packet sending method, device and the network architecture |
| WO2018162058A1 (en) * | 2017-03-08 | 2018-09-13 | Huawei Technologies Co., Ltd. | Flattening l3 routing in sdn using proactive shortest path |
| CN107342895A (en) * | 2017-06-26 | 2017-11-10 | 网宿科技股份有限公司 | A kind of network optimized approach of multi-tenant, system, computing device and storage medium |
| CN109743415A (en) * | 2019-02-27 | 2019-05-10 | 上海浪潮云计算服务有限公司 | A kind of public cloud network resilience IP realization method and system |
| US20210218598A1 (en) * | 2020-01-14 | 2021-07-15 | Cisco Technology, Inc. | Isolation and Segmentation in Multi-Cloud Interconnects |
| CN112165432A (en) * | 2020-09-07 | 2021-01-01 | 广州锦行网络科技有限公司 | Method for realizing communication between OpenStack virtual machine and outside |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114070789B (en) | 2023-04-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10645056B2 (en) | Source-dependent address resolution | |
| US9979605B2 (en) | Virtualization mapping | |
| US9025468B1 (en) | Custom routing decisions | |
| US9876756B2 (en) | Network access method and device for equipment | |
| CN107770066B (en) | Cross-host, cross-VLAN and cross-cluster Docker container diversion method | |
| US9754297B1 (en) | Network routing metering | |
| CN112671628B (en) | Business service providing method and system | |
| US20090313690A1 (en) | Method for establishing a multi-link access between a local network and a remote network, and corresponding appliance | |
| CN104618243B (en) | Method for routing, apparatus and system, Scheduling of Gateway method and device | |
| CN109688241B (en) | IPv4/IPv6 dual-stack conversion method and system based on SDN | |
| US11252126B1 (en) | Domain name resolution in environment with interconnected virtual private clouds | |
| CN112671938B (en) | Business service providing method and system and remote acceleration gateway | |
| CN108429680A (en) | A kind of method for configuring route, system, medium and equipment based on virtual private cloud | |
| CN111556110B (en) | Automatic adaptation method for different physical service networks of private cloud system | |
| KR20130101618A (en) | System and method for operating network based on network virtualization | |
| WO2015001750A1 (en) | Communication system | |
| KR101794719B1 (en) | Method and system for ip address virtualization in sdn-based network virthalization platform | |
| CN112242952B (en) | Data forwarding method, cabinet top type switch and storage medium | |
| CN114070789B (en) | Method for realizing external network multi-line access based on OpenStack | |
| CN109660459A (en) | A kind of physical gateway and its method for being multiplexed IP address | |
| CN112968879A (en) | Method and equipment for realizing firewall management | |
| KR101124635B1 (en) | Connecting gateway with ipv4/ipv6 | |
| CN112073503A (en) | High-performance load balancing method based on flow control mechanism | |
| CN111935336A (en) | IPv 6-based network management method and system | |
| CN112738293B (en) | Method for connecting virtual machine with external network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240426 Address after: Room 311, 3rd Floor, No. 2918 Zhongshan North Road, Putuo District, Shanghai, 200000 Patentee after: SHANGHAI SIXUN INFORMATION TECHNOLOGY Co.,Ltd. Country or region after: China Patentee after: SHANGHAI LONGTIAN DIGITAL TECHNOLOGY Co.,Ltd. Address before: Room 2202, 768 Xietu Road, Huangpu District, Shanghai 200011 Patentee before: SHANGHAI SIXUN INFORMATION TECHNOLOGY Co.,Ltd. Country or region before: China |