CN114363021A - Network shooting range system, virtual network implementation method and device of network shooting range system - Google Patents
Network shooting range system, virtual network implementation method and device of network shooting range system Download PDFInfo
- Publication number
- CN114363021A CN114363021A CN202111576655.XA CN202111576655A CN114363021A CN 114363021 A CN114363021 A CN 114363021A CN 202111576655 A CN202111576655 A CN 202111576655A CN 114363021 A CN114363021 A CN 114363021A
- Authority
- CN
- China
- Prior art keywords
- ovn
- logical
- flow table
- virtual network
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000015654 memory Effects 0.000 claims description 23
- 238000004891 communication Methods 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 15
- 238000012545 processing Methods 0.000 claims description 8
- 238000012544 monitoring process Methods 0.000 claims description 2
- 238000007726 management method Methods 0.000 description 23
- 238000010586 diagram Methods 0.000 description 16
- 230000006870 function Effects 0.000 description 11
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000005538 encapsulation Methods 0.000 description 3
- 238000002955 isolation Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013499 data model Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 108090000623 proteins and genes Proteins 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/70—Virtual switches
Abstract
The application discloses a network shooting range system, a virtual network implementation method and a virtual network implementation device of the network shooting range system, wherein the network shooting range system comprises a control node and at least two computing nodes, wherein: the control node is configured to generate logical virtual network configuration data information according to a stored logical virtual network topology, convert the received logical virtual network configuration data information into OVN logical flow table information, and send the OVN logical flow table information to each computing node, where the logical virtual network topology at least includes a virtual machine and a logical switch device, and the logical switch device at least includes a logical switch; the computing node is configured to create a corresponding virtual machine according to the received OVN logical flow table information, synchronize the OVN logical flow table information into an OVS flow table, and forward a data packet according to the OVN logical flow table information.
Description
Technical Field
The present application relates to the field of network information technologies, and in particular, to a network shooting range system, and a method and an apparatus for implementing a virtual network of the network shooting range system.
Background
The network target range is a technology for simulating and reproducing the running states and running environments of network architecture, system equipment and business processes in a real network space based on a virtualization technology, and can effectively realize the behaviors of learning, researching, checking, competition, playing games and the like related to network safety, thereby improving the network safety confrontation level of users.
The infrastructure of the network shooting range system mainly comprises a virtual machine and a virtual switching device, and in order to improve the network security, a virtual security device (such as a virtual firewall and the like) can be added into the network shooting range system, wherein the virtual switching device mainly comprises a virtual switch and a virtual router, and the virtual switching device is used for communicating a communication network between the virtual machine and the virtual machine (such as the network shooting range system comprises the virtual security device, and the virtual switching device is also used for communicating the communication network between the virtual machine and the virtual security device). Each virtual device is built on a host machine by depending on a network target range system, each virtual device occupies resources of the host machine, and the total resources of the host machine and the resources occupied by a single virtual device directly determine the number of virtual devices (namely the size of the scale of the virtual network) which can be simulated by one host machine. In order to implement basic functions of a two-layer three-layer network, virtual-real interconnection, a Dynamic Host Configuration Protocol (DHCP), and the like in a network target range system, fine-grained network isolation, flow control, and the like, unified management control and Configuration need to be performed on virtual switching equipment.
In a two-layer and three-layer network communication mode of realizing a virtual network by combining Open Virtual Switch (OVS) with Open wrt as a three-layer routing device in an existing network target site system, OpenWRT is a Linux operating system facing embedded devices and can be used as a virtual switching device in the virtual network.
An existing SDN (Software Defined Network) controller, such as an ODL (Open data, which is a modular, extensible, scalable, and multiprotocol-supported controller framework developed based on an SDN), an RYU (Open source SDN controller), and the like, is used as a controller, and a virtual Network communication mode in a Network target site system is implemented in combination with a mode of a relevant virtual switching device.
In the existing mode of using a Neutron (Neutron is one of OpenStack core items and provides a virtual network function in a cloud computing environment) module of an OpenStack (OpenStack is an open source cloud computing management platform item) as a virtual network scheduling module to realize virtual network communication of a network shooting range system, because the Neutron is an open source item, the redundant function is more, and the loophole is easy to be utilized, so that the safety risk exists.
Disclosure of Invention
In order to solve the problems that the existing implementation mode of virtual network communication of the network shooting range system consumes host machine resources and has safety risks, the embodiment of the application provides a network shooting range system, and a virtual network implementation method and device of the network shooting range system.
In a first aspect, an embodiment of the present application provides a network range system, including a control node and at least two computing nodes, where:
the control node is configured to generate logical virtual network configuration data information according to a stored logical virtual network topology, convert the logical virtual network configuration data information into logical flow table information of an open virtual network OVN, and send the OVN logical flow table information to each computing node, where the logical virtual network topology at least includes a virtual machine and a logical switch device, and the logical switch device at least includes a logical switch;
the computing node is configured to create a corresponding virtual machine according to the received OVN logical flow table information, synchronize the OVN logical flow table information into an open virtual switch OVS flow table, and forward a data packet according to the OVN logical flow table information.
In one possible implementation, the control nodes include a network range configuration module and an OVN centralized control module, the computing nodes include a OVN controller and an OVS component, the network range configuration module and the OVN centralized control module are connected through an open virtual switch database OVSDB management protocol, the OVN centralized control module is respectively connected with a OVN controller in each computing node through an OVSDB management protocol, and a OVN controller in each computing node is connected with the OVS component through an OVSDB management protocol;
the network range configuration module is specifically configured to generate logical virtual network configuration data information according to the logical virtual network topology structure, and send the logical virtual network configuration data information to the OVN centralized control module;
the OVN centralized control module is specifically configured to convert the received logical virtual network configuration data information into OVN logical flow table information, and send the OVN logical flow table information to the OVN controller in each compute node;
the OVN controller is specifically configured to create a corresponding virtual machine on a computing node to which the controller belongs according to the received OVN logical flow table information, and synchronize the OVN logical flow table information to an OVS flow table of an OVS component on the computing node, where the virtual machine is connected to a bridge of the OVS component through a virtual network card;
the OVS component is specifically configured to forward a data packet according to the OVN logical flow table information.
In a possible implementation, the OVN centralized control module includes a OVN northbound database, a OVN centralized controller and a OVN southbound database, the OVN northbound database and the OVN centralized controller are connected through an OVSDB management protocol, and the OVN centralized controller and the OVN southbound database are connected through an OVSDB management protocol;
the OVN northbound database is specifically configured to receive and store the logical virtual network configuration data information sent by the network range configuration module;
the OVN centralized controller is specifically configured to, when monitoring the logical virtual network configuration data information stored in the OVN northbound database, convert the logical virtual network configuration data information into the OVN logical flow table information, and send the OVN logical flow table information to the OVN southbound database;
the OVN southbound database is specifically configured to receive the OVN logical flow table information sent by the OVN centralized controller, and send the OVN logical flow table information to the OVN controller in each compute node.
In one possible implementation, the OVN controller is specifically configured to construct a generic network virtual encapsulation tunnel between its own compute node and other compute nodes, so that virtual machines on each compute node perform cross-host communication.
In a possible implementation manner, the Geneve tunnel encapsulates and decapsulates the data packet by encapsulating the port information of the logical switching device in the OVN logical flow table information.
In a possible embodiment, the OVS component, specifically, the bridge configured to the OVS component is in a security mode, and an OVS interface identifier in the OVS flow table is configured to point to a port of the logic switching device in the OVN logic flow table information, so that a data packet flowing through the OVS interface on a virtual machine connected to the bridge of the OVS component is forwarded according to the OVN logic flow table information.
In a second aspect, an embodiment of the present application provides a virtual network implementation method for a network shooting range system, which is applied to the network shooting range system in the embodiment of the present application, where the network shooting range system includes a control node and at least two computing nodes, and the method includes:
the control node generates logical virtual network configuration data information according to a stored logical virtual network topological structure, wherein the logical virtual network topological structure at least comprises a virtual machine and a logical switching device, and the logical switching device at least comprises a logical switch;
converting the logic virtual network configuration data information into logic flow table information of an open virtual network OVN, and sending the OVN logic flow table information to each computing node, so that each computer node creates a corresponding virtual machine according to the received OVN logic flow table information, synchronizes the OVN logic flow table information to an OVS flow table of an open virtual switch of the computer node, and forwards data messages according to the OVN logic flow table information, wherein the virtual machine is connected to a bridge of an OVS component of the computing node through a virtual network card.
In one possible implementation, a generic network virtual encapsulation (GMP) tunnel is constructed between each computing node and other computing nodes, so that the virtual machines on each computing node perform cross-host communication.
In a possible implementation manner, the Geneve tunnel encapsulates and decapsulates the data packet by encapsulating the port information of the logical switching device in the OVN logical flow table information.
In a possible embodiment, each computing node configures a bridge of its respective OVS component to a security mode, configures an OVS interface identifier in the OVS flow table to point to a port of the logic switching device in the OVN logic flow table information, so that a data packet flowing through the OVS interface on a virtual machine connected to the bridge of the OVS component is forwarded according to the OVN logic flow table information.
In a third aspect, an embodiment of the present application provides a virtual network implementation apparatus for a network shooting range system, which is applied to the network shooting range system in the embodiment of the present application, where the network shooting range system includes a control node and at least two computing nodes, and the apparatus includes:
the system comprises a generating unit, a processing unit and a processing unit, wherein the generating unit is used for generating logical virtual network configuration data information according to a stored logical virtual network topological structure, the logical virtual network topological structure at least comprises a virtual machine and a logical switching device, and the logical switching device at least comprises a logical switch;
the sending unit is used for converting the logic virtual network configuration data information into OVN logic flow table information, sending the OVN logic flow table information to each computing node, so that each computer node creates a corresponding virtual machine according to the received OVN logic flow table information, synchronizes the OVN logic flow table information to an OVS flow table of the computer node, and forwards a datagram according to the OVN logic flow table information, wherein the virtual machine is connected to a bridge of an OVS component of the computing node through a virtual network card.
In one possible implementation, a generic network virtual encapsulation (GMP) tunnel is constructed between each computing node and other computing nodes, so that the virtual machines on each computing node perform cross-host communication.
In a possible implementation manner, the Geneve tunnel encapsulates and decapsulates the data packet by encapsulating the port information of the logical switch in the OVN logical flow table information.
In a possible embodiment, each computing node configures a bridge of its respective OVS component to a security mode, configures an OVS interface identifier in the OVS flow table to point to a port of the logical switch in the OVN logical flow table information, so that a data packet flowing through the OVS interface by a virtual machine connected to the bridge of the OVS component is forwarded according to the OVN logical flow table information.
In a fourth aspect, an embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the virtual network implementation method of the network range system described in the present application when executing the program.
In a fifth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the virtual network implementation method of the network range system described in the present application.
The beneficial effects of the embodiment of the application are as follows:
the network shooting range system provided by the embodiment of the application comprises a control node and at least two computing nodes, wherein the control node is used for generating logic virtual network configuration data information according to a stored logic virtual network topological structure, converting the logic virtual network configuration data information into OVN logic flow table information, and sending OVN logic flow table information to each computing node, wherein the logic virtual network topological structure at least comprises a virtual machine and a logic switching device, the logic switching device at least comprises a logic switch, the computer nodes are used for creating corresponding virtual machines according to received OVN logic flow table information sent by the control node, synchronizing OVN logic flow table information into an OVS flow table of the computer nodes, and forwarding data messages according to OVN logic flow table information, so that the network shooting range system provided by the embodiment of the application realizes that information such as logic switching devices and configuration thereof which are easy to understand by a user is mapped into bottom layer virtual network configuration, compared with the prior art that virtual machines need to be established on host machines of virtual machines, the resources of the host machines of the virtual machines are effectively saved, the host machines can establish more virtual machines, and the security risk is avoided while the resources of the network target range system are saved.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic structural diagram of a network shooting range system provided in an embodiment of the present application;
fig. 2 is a diagram illustrating an example of a logical virtual network topology according to an embodiment of the present application;
fig. 3 is a schematic implementation flow diagram of a virtual network implementation method of a network shooting range system according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a virtual network implementation apparatus of a network shooting range system according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to solve the problems in the background art, embodiments of the present application provide a network shooting range system, and a method and an apparatus for implementing a virtual network of the network shooting range system.
The preferred embodiments of the present application will be described below with reference to the accompanying drawings of the specification, it should be understood that the preferred embodiments described herein are merely for illustrating and explaining the present application, and are not intended to limit the present application, and that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
In this context, it is to be understood that, in the technical terms referred to in the present application:
1. OVS: the open virtual switch is a high-quality virtual switch supporting multi-layer data forwarding, can be deployed on a server, has better programming expansibility compared with the traditional switch, and has network isolation and data forwarding functions realized by the traditional switch.
2. OVN (Open Virtual Network), is a software system that supports Virtual Network abstraction. OVN have been extended to some extent by OVS existing functions, such as basic virtual two-layer, three-layer Network switching, and higher-order NAT (Network Address Translation), DHCP, ACL (Access Control Lists), Qos (Quality of Service), and other functions.
3. OVSDB (Open VSwitch Database) management protocol the main object of management of the OVSDB management protocol is OVSDB, and the OVSDB management protocol provides a programmable entry of the OVSDB. OVSDB is the unique database of OVS, and OVSDB management protocol is also the unique protocol of OVS at the management layer, while OVN also supports OVSDB management protocol.
4. The Overlay technology is to construct a virtual network on the existing physical network, and upper-layer applications are only related to the virtual network.
5. Gene (general Network visualization Encapsulation, general Network virtual Encapsulation): an Overlay protocol realizes cross-virtual machine host machine communication through an abstract Overlay plane.
6. Br-int (bridge): the default bridge of the OVS.
As shown in fig. 1, which is a schematic structural diagram of a network shooting range system provided in an embodiment of the present application, the network shooting range system may include a control node 11 and at least two computing nodes 12. Control node 11 may include network range configuration modules 111 and OVN centralized control module 112, computing nodes 12 may include OVN controllers (i.e., OVN controllers) 121 and OVS components 122, network range configuration modules 111 and OVN centralized control module 112 are connected via OVSDB management protocol, OVN centralized control module 112 is connected via OVSDB management protocol with OVN controllers 121 in respective computing nodes 12, OVN controllers 121 in respective computing nodes 12 are connected via OVSDB management protocol with OVS components 122, where:
the control node 11 is configured to generate Logical virtual network configuration data information according to a stored Logical virtual network topology, convert the Logical virtual network configuration data information into OVN Logical flow table information, and send OVN Logical flow table information to each computing node, where the Logical virtual network topology at least includes a virtual machine and a Logical switching device, and the Logical switching device at least includes a Logical Switch (Logical Switch).
In specific implementation, the network range configuration module 111 is specifically configured to generate logical virtual network configuration data information according to the stored logical virtual network topology, and send OVN the logical virtual network configuration data information to the centralized control module 112.
In a specific implementation, the control node 11 and the computing node 12 may be servers. The embodiment of the present application is described by taking only two computing nodes (e.g., computing node 1 and computing node 2 in fig. 1) as an example.
The network shooting range configuration module 111 constructs and stores a Logical virtual network topology according to the requirement of the virtual network of the network shooting range system, where the Logical virtual network topology may include a virtual machine and a Logical switching device, and may also include a virtual security device, and the Logical switching device may include a Logical switch, and may also include a Logical Router (Logical Router). Assuming that the constructed logical virtual network topology is as shown in fig. 2, and includes a logical router, a logical switch 1, a logical switch 2, a virtual machine 1, a virtual machine 2, a virtual machine 3, and a virtual machine 4, wherein the logical router is connected to the logical switch 1 through a port 1 thereof and a port 1 of the logical switch 1, the logical router is connected to the logical switch 2 through a port 2 thereof and a port 1 of the logical switch 2, the virtual machine 1 is connected to the logical switch 1 through a port 2 of the logical switch 1, the virtual machine 2 is connected to the logical switch 1 through a port 3 of the logical switch 1, the virtual machine 3 is connected to the logical switch 2 through a port 2 of the logical switch 2, and the virtual machine 4 is connected to the logical switch 2 through a port 3 of the logical switch 2, the network drone configuration module 111 may generate logical virtual network configuration data information according to the logical virtual network topology shown in fig. 2, the following information may be included, but is not limited to: static routing information, NAT configuration information and gateway router configuration information of the logic router; configuration information such as logic switch ACL, Qos, DHCP and the like; and the connection association relationship among the logical router, each logical switch and each virtual machine, namely the logical virtual network link information.
OVN, the centralized control module 112 is specifically configured to convert the received logical virtual network configuration data information into OVN logical flow table information, and send OVN logical flow table information to the OVN controller 121 in each compute node 12.
Specifically, the OVN centralized control module includes OVN Northbound databases (OVN Northbound DB)1121, OVN centralized controllers (OVN Northbound) 1122 and OVN southbound databases (OVN southbound DB)1123, the network range configuration modules 111 and OVN Northbound databases 1121 are connected by a management protocol, OVN Northbound databases 1121 and OVN centralized controllers 1122 are connected by an OVSDB management protocol, and the OVN centralized controller 1122 and the OVN southbound database 1123 are connected by an OVSDB management protocol.
Specifically, the OVN northbound database 1121 is specifically configured to receive and store the logical virtual network configuration data information sent by the network range configuration module 111.
OVN the centralized controller 1122 is specifically configured to, when it is monitored that OVN the logical virtual network configuration data information stored in the northbound database 1121 is stored, convert the logical virtual network configuration data information into OVN logical flow table information, and send OVN the logical flow table information to the OVN southbound database 1123.
OVN southbound to the database 1123, is specifically configured to receive OVN the logical flow table information of OVN sent by the centralized controller 1122, and send OVN the logical flow table information to the OVN controller 121 in each compute node 12.
And the computing node 12 is configured to create a corresponding virtual machine according to the received OVN logical flow table information, synchronize OVN logical flow table information into the OVS flow table, and forward a data packet according to OVN logical flow table information.
In specific implementation, the OVN controller 121 is specifically configured to create a corresponding virtual machine on the computing node 12 to which the controller belongs according to the received OVN logical flow table information, and synchronize OVN logical flow table information to an OVS flow table of an OVS component on the computing node, where the virtual machine is connected to a bridge of the OVS component through a virtual network card.
Specifically, the OVN controller 121 on any computing node 12 is configured to create a corresponding virtual machine on the computing node 12 according to the logical virtual network link information included in the OVN logical flow table information, and taking the logical virtual network topology in fig. 2 as an example, it may create a virtual machine 1 and a virtual machine 2 on the computing node 1 in fig. 1, create a virtual machine 3 and a virtual machine 4 on the computing node 2, where the virtual machine 1 and the virtual machine 2 are connected to the bridge of the OVS component 122 of the computing node 1 through respective virtual network cards, and the virtual machine 3 and the virtual machine 4 are connected to the bridge of the OVS component 122 of the computing node 2 through respective virtual network cards, that is: the method comprises the following steps of dispersing a plurality of virtual machines contained in a logic virtual network topology structure on different computing nodes for creation without creating a logic switching device: logical switch 1, logical switch 2, and logical router, since they are not really present, the essence of a logical switch is a set of flow table sets for directing data traffic for two-layer forwarding, the essence of a logical router is a set of flow table sets for directing data traffic for three-layer forwarding, therefore, the logic switching equipment does not occupy the resources of the computing nodes, compared with the prior art that the virtual machine needs to be established on the host machine of the virtual machine and the virtual switching equipment needs to be established at the same time, the resources of the host machine of the virtual machine are effectively saved, in turn, the OVN controller 121 on compute node 1 synchronizes OVN logical flow table information to the OVS flow table of the OVS component 122 on compute node 1, and the OVN controller 121 on compute node 2 synchronizes OVN logical flow table information to the OVS flow table of the OVS component 122 on compute node 2. Wherein, ovsdb-server and OVS-vswitch constitute the OVS component 122.
In an implementation, the OVN controller 121 on any computing node 12 is specifically configured to construct a Geneve tunnel between the computing node 12 to which it belongs and other computing nodes 12, so that the virtual machines on each computing node 12 perform cross-host communication through the constructed Geneve tunnel.
Specifically, the Geneve tunnel encapsulates and decapsulates the data packet by encapsulating OVN the port information of the logical switching device in the logical flow table information.
In the embodiment of the present application, the configuration OVN tunnel encapsulation type is Geneve, which is more suitable for a logical Virtual Network than VXLAN (Virtual Extensible Local Area Network) encapsulation, and Geneve can directly encapsulate a port of a logical switching device (such as a logical switch), which is more compatible with a OVN Virtual Network, so that a Geneve tunnel is established for forwarding all data packets, and data forwarding efficiency is improved while computing node resources are saved.
The OVS component 122 is specifically configured to forward a data packet according to the OVN logical flow table information.
Specifically, the OVS component 122 on any computing node 12 is specifically configured to configure the bridge of the OVS component to be in the security mode, and configure the OVS interface identifier in the OVS flow table to point to the port of the logical switching device in the OVN logical flow table information, so that the data packet flowing through the OVS interface on the bridge connected to the OVS component 122 is forwarded according to the OVN logical flow table information.
Specifically, the bridge (Br-int) of the OVS component 122 is configured to be in a secure mode, that is, the bridge of the OVS component 122 does not direct any data traffic to forward, and directs the data traffic on the OVS Interface to forward according to the flow table (that is, OVN logic flow table) of the port of the logic switching device by configuring the iface _ id field of the external _ ids in the OVS Interface table, so as to implement a mapping relationship from the OVN logic data model to OVS traffic forwarding, implement that the data packet of the virtual machine accessed through the OVS component 122 is forwarded by the OVN logic flow table, and enable the user of the target field network system to escape from complex flow table configuration.
The network shooting range system provided by the embodiment of the application realizes mapping of information such as logic switching equipment and configuration thereof which are easy to understand by a user into configuration of a bottom virtual network, uniformly uses an OVSDB management protocol as a communication management protocol of the logic virtual network, realizes configuration consistency and uniform management control of the virtual network of the network shooting range system, and bears the virtual network based on OVN logic flow tables, so that the logic switching equipment does not occupy or occupies few host machine resources, thereby saving network shooting range system resources and creating more virtual machines.
Based on the same inventive concept, the embodiment of the application also provides a virtual network implementation method of the network shooting range system, and as the principle of solving the problem of the virtual network implementation method of the network shooting range system is similar to that of the network shooting range system, the implementation of the method can be referred to the implementation of the system, and repeated parts are not repeated.
As shown in fig. 3, an implementation flow diagram of a virtual network implementation method of a network shooting range system provided in the embodiment of the present application is applied to the network shooting range system described in the embodiment of the present application, where the network shooting range system includes a control node and at least two computing nodes, and the method includes:
and S21, the control node generates logic virtual network configuration data information according to the stored logic virtual network topology structure, wherein the logic virtual network topology structure at least comprises a virtual machine and a logic switching device, and the logic switching device at least comprises a logic switch.
And S22, converting the logic virtual network configuration data information into OVN logic flow table information, and sending OVN logic flow table information to each computing node, so that each computing node creates a corresponding virtual machine according to the received OVN logic flow table information, synchronizes OVN logic flow table information to an OVS flow table of the computing node, and forwards data messages according to OVN logic flow table information.
The virtual machine is connected to the network bridge of the OVS component of the computing node through the virtual network card.
In one possible implementation, a generic network virtual encapsulation (GMP) tunnel is constructed between each computing node and other computing nodes, so that the virtual machines on each computing node perform cross-host communication.
In a possible implementation manner, the Geneve tunnel encapsulates and decapsulates the data packet by encapsulating the port information of the logical switching device in the OVN logical flow table information.
In a possible embodiment, each computing node configures a bridge of its respective OVS component to a security mode, configures an OVS interface identifier in the OVS flow table to point to a port of the logic switching device in the OVN logic flow table information, so that a data packet flowing through the OVS interface on a virtual machine connected to the bridge of the OVS component is forwarded according to the OVN logic flow table information.
Based on the same inventive concept, the embodiment of the application also provides a virtual network implementation device of the network shooting range system, and as the principle of solving the problems of the virtual network implementation device of the network shooting range system is similar to that of the network shooting range system, the implementation of the device can refer to the implementation of the system, and repeated parts are not repeated.
As shown in fig. 4, a schematic structural diagram of a virtual network implementation apparatus of a network shooting range system provided in the embodiment of the present application is applied to the network shooting range system described in the embodiment of the present application, where the network shooting range system includes a control node and at least two computing nodes, and the apparatus includes:
a generating unit 31, configured to generate logical virtual network configuration data information according to a stored logical virtual network topology, where the logical virtual network topology at least includes a virtual machine and a logical switching device, and the logical switching device at least includes a logical switch;
the sending unit 32 is configured to convert the logical virtual network configuration data information into OVN logical flow table information, and send the OVN logical flow table information to each computing node, so that each computer node creates a corresponding virtual machine according to the received OVN logical flow table information, synchronizes the OVN logical flow table information to its own OVS flow table, and forwards a data packet according to the OVN logical flow table information, where the virtual machine is connected to a bridge of an OVS component of the computing node through a virtual network card.
In one possible implementation, a generic network virtual encapsulation (GMP) tunnel is constructed between each computing node and other computing nodes, so that the virtual machines on each computing node perform cross-host communication.
In a possible implementation manner, the Geneve tunnel encapsulates and decapsulates the data packet by encapsulating the port information of the logical switch in the OVN logical flow table information.
In a possible embodiment, each computing node configures a bridge of its respective OVS component to a security mode, configures an OVS interface identifier in the OVS flow table to point to a port of the logical switch in the OVN logical flow table information, so that a data packet flowing through the OVS interface by a virtual machine connected to the bridge of the OVS component is forwarded according to the OVN logical flow table information.
Based on the same technical concept, an embodiment of the present application further provides an electronic device 400, and referring to fig. 5, the electronic device 400 is configured to implement the virtual network implementation method of the network shooting range system described in the foregoing method embodiment, where the electronic device 400 of this embodiment may include: a memory 401, a processor 402, and a computer program, such as an implementation program for a network range system, stored in the memory and executable on the processor. The processor, when executing the computer program, implements the steps in the various network range system embodiments described above, such as step S21 shown in fig. 3. Alternatively, the processor, when executing the computer program, implements the functions of the modules/units in the above-described device embodiments, for example, 31.
The embodiment of the present application does not limit the specific connection medium between the memory 401 and the processor 402. In the embodiment of the present application, the memory 401 and the processor 402 are connected by the bus 403 in fig. 5, the bus 403 is represented by a thick line in fig. 5, and the connection manner between other components is merely illustrative and is not limited thereto. The bus 403 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 5, but this is not intended to represent only one bus or type of bus.
The memory 401 may be a volatile memory (volatile memory), such as a random-access memory (RAM); the memory 401 may also be a non-volatile memory (non-volatile memory) such as, but not limited to, a read-only memory (rom), a flash memory (flash memory), a Hard Disk Drive (HDD) or a solid-state drive (SSD), or the memory 401 may be any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 401 may be a combination of the above memories.
The embodiment of the present application further provides a computer-readable storage medium, which stores computer-executable instructions required to be executed by the processor, and includes a program required to be executed by the processor.
In some possible embodiments, the various aspects of the network range system provided herein may also be implemented in the form of a program product comprising program code for causing an electronic device to perform the steps of the virtual network implementation method of the network range system according to various exemplary embodiments of the present application described above in this specification when the program product is run on the electronic device.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a system, method, apparatus, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (10)
1. A network range system comprising a control node and at least two computing nodes, wherein:
the control node is configured to generate logical virtual network configuration data information according to a stored logical virtual network topology, convert the logical virtual network configuration data information into logical flow table information of an open virtual network OVN, and send the OVN logical flow table information to each computing node, where the logical virtual network topology at least includes a virtual machine and a logical switch device, and the logical switch device at least includes a logical switch;
the computing node is configured to create a corresponding virtual machine according to the received OVN logical flow table information, synchronize the OVN logical flow table information into an open virtual switch OVS flow table, and forward a data packet according to the OVN logical flow table information.
2. The system of claim 1, wherein the control nodes comprise a network range configuration module and an OVN centralized control module, the compute nodes comprise a OVN controller and an OVS component, the network range configuration module and the OVN centralized control module are connected via an open virtual switch database OVSDB management protocol, the OVN centralized control module is respectively connected with a OVN controller in each compute node via an OVSDB management protocol, and the OVN controller in each compute node is connected with the OVS component via an OVSDB management protocol;
the network range configuration module is specifically configured to generate logical virtual network configuration data information according to the logical virtual network topology structure, and send the logical virtual network configuration data information to the OVN centralized control module;
the OVN centralized control module is specifically configured to convert the received logical virtual network configuration data information into OVN logical flow table information, and send the OVN logical flow table information to the OVN controller in each compute node;
the OVN controller is specifically configured to create a corresponding virtual machine on a computing node to which the controller belongs according to the received OVN logical flow table information, and synchronize the OVN logical flow table information to an OVS flow table of an OVS component on the computing node, where the virtual machine is connected to a bridge of the OVS component through a virtual network card;
the OVS component is specifically configured to forward a data packet according to the OVN logical flow table information.
3. The system of claim 2, wherein the OVN centralized control module comprises a OVN northbound database, a OVN centralized controller, and a OVN southbound database, the OVN northbound database and the OVN centralized controller are connected via an OVSDB management protocol, and the OVN centralized controller is connected with the OVN southbound database via an OVSDB management protocol;
the OVN northbound database is specifically configured to receive and store the logical virtual network configuration data information sent by the network range configuration module;
the OVN centralized controller is specifically configured to, when monitoring the logical virtual network configuration data information stored in the OVN northbound database, convert the logical virtual network configuration data information into the OVN logical flow table information, and send the OVN logical flow table information to the OVN southbound database;
the OVN southbound database is specifically configured to receive the OVN logical flow table information sent by the OVN centralized controller, and send the OVN logical flow table information to the OVN controller in each compute node.
4. The system of claim 2,
the OVN controller is specifically used for constructing a generic tunnel for generic network virtual encapsulation between the computing node to which the controller belongs and other computing nodes, so that the virtual machines on the computing nodes perform cross-host communication.
5. The system of claim 4, wherein the Geneve tunnel encapsulates and decapsulates data packets by encapsulating port information of a logical switching device in the OVN logical flow table information.
6. The system of claim 2,
the OVS component is specifically configured to configure a bridge of the OVS component to be in a secure mode, configure an OVS interface identifier in the OVS flow table to point to a port of the logic switching device in the OVN logic flow table information, and forward a data packet, which flows through the OVS interface, of a virtual machine connected to the bridge of the OVS component according to the OVN logic flow table information.
7. A virtual network implementation method of a network shooting range system, which is applied to the network shooting range system according to any one of claims 1-6, wherein the network shooting range system comprises a control node and at least two computing nodes, and the method comprises the following steps:
the control node generates logical virtual network configuration data information according to a stored logical virtual network topological structure, wherein the logical virtual network topological structure at least comprises a virtual machine and a logical switching device, and the logical switching device at least comprises a logical switch;
converting the logic virtual network configuration data information into logic flow table information of an open virtual network OVN, and sending the OVN logic flow table information to each computing node, so that each computer node creates a corresponding virtual machine according to the received OVN logic flow table information, synchronizes the OVN logic flow table information to an OVS flow table of an open virtual switch of the computer node, and forwards data messages according to the OVN logic flow table information, wherein the virtual machine is connected to a bridge of an OVS component of the computing node through a virtual network card.
8. A virtual network implementation device of a network shooting range system, applied to the network shooting range system according to any one of claims 1-6, wherein the network shooting range system comprises a control node and at least two computing nodes, the device comprises:
the system comprises a generating unit, a processing unit and a processing unit, wherein the generating unit is used for generating logical virtual network configuration data information according to a stored logical virtual network topological structure, the logical virtual network topological structure at least comprises a virtual machine and a logical switching device, and the logical switching device at least comprises a logical switch;
the sending unit is used for converting the logic virtual network configuration data information into OVN logic flow table information, sending the OVN logic flow table information to each computing node, so that each computer node creates a corresponding virtual machine according to the received OVN logic flow table information, synchronizes the OVN logic flow table information to an OVS flow table of the computer node, and forwards a datagram according to the OVN logic flow table information, wherein the virtual machine is connected to a bridge of an OVS component of the computing node through a virtual network card.
9. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor, when executing the program, implements a virtual network implementation method of the network range system of claim 7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the virtual network implementation method of a network range system according to claim 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111576655.XA CN114363021B (en) | 2021-12-22 | 2021-12-22 | Network target range system, virtual network implementation method and device of network target range system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111576655.XA CN114363021B (en) | 2021-12-22 | 2021-12-22 | Network target range system, virtual network implementation method and device of network target range system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114363021A true CN114363021A (en) | 2022-04-15 |
| CN114363021B CN114363021B (en) | 2023-11-03 |
Family
ID=81101501
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111576655.XA Active CN114363021B (en) | 2021-12-22 | 2021-12-22 | Network target range system, virtual network implementation method and device of network target range system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114363021B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115002029A (en) * | 2022-05-31 | 2022-09-02 | 济南浪潮数据技术有限公司 | Traffic forwarding method, device, equipment and storage medium |
| CN115208660A (en) * | 2022-07-14 | 2022-10-18 | 软极网络技术(北京)有限公司 | Transparent access method for network target range equipment |
| CN115277349A (en) * | 2022-07-18 | 2022-11-01 | 天翼云科技有限公司 | Method for configuring distributed gateway, open virtual network and storage medium |
| CN115314356A (en) * | 2022-08-09 | 2022-11-08 | 中电云数智科技有限公司 | OVN-based cross-region distributed SDN control device and method |
| CN115348126A (en) * | 2022-07-26 | 2022-11-15 | 北京永信至诚科技股份有限公司 | Network target range entity equipment access method, device and implementation system |
| CN115378868A (en) * | 2022-08-18 | 2022-11-22 | 中电云数智科技有限公司 | System and method for realizing message processing based on SNAT resource pool |
| CN115426324A (en) * | 2022-08-26 | 2022-12-02 | 绿盟科技集团股份有限公司 | Method and device for accessing entity equipment to network target range |
| CN115484209A (en) * | 2022-09-23 | 2022-12-16 | 绿盟科技集团股份有限公司 | Network flow playback method, device, medium and electronic equipment |
| CN117354197A (en) * | 2023-12-06 | 2024-01-05 | 广州医科大学附属第五医院(广州再生医学与健康广东省实验室附属医院) | Virtual network breakpoint detection method and device, terminal equipment and storage medium |
Citations (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130033993A1 (en) * | 2011-08-05 | 2013-02-07 | International Business Machines Corporation | Distributed Overlay Network Data Traffic Management by a Virtual Server |
| CN104363159A (en) * | 2014-07-02 | 2015-02-18 | 北京邮电大学 | Virtual open network building system and method based on software definition network |
| US20150236900A1 (en) * | 2012-08-31 | 2015-08-20 | Bce Inc. | Ip mpls pop virtualization and fault tolerant virtual router |
| US20150381480A1 (en) * | 2013-03-01 | 2015-12-31 | Nec Corporation | Network system, resource control device, and virtual machine generation device |
| US20160021032A1 (en) * | 2014-07-21 | 2016-01-21 | Big Switch Networks, Inc. | Systems and methods for performing logical network forwarding using a controller |
| CN106534325A (en) * | 2016-11-24 | 2017-03-22 | 深圳市永达电子信息股份有限公司 | Heterogeneous network communication system for railway rail transit |
| US9697172B1 (en) * | 2012-12-28 | 2017-07-04 | Juniper Networks, Inc. | Virtual network optimizing a physical network |
| CN106919435A (en) * | 2015-12-25 | 2017-07-04 | 华为技术有限公司 | The creation method of virtual machine, the management method of resource and device |
| US20180212869A1 (en) * | 2016-08-03 | 2018-07-26 | Huawei Technologies Co., Ltd. | Network interface card, computing device, and data packet processing method |
| CN108418705A (en) * | 2018-01-29 | 2018-08-17 | 山东汇贸电子口岸有限公司 | Virtual machine mixes the virtual network management method and system of nested framework with container |
| CN108737272A (en) * | 2017-04-19 | 2018-11-02 | 江南大学 | High-performance routing conversion in a kind of cloud computing |
| CN109802852A (en) * | 2018-12-13 | 2019-05-24 | 烽台科技(北京)有限公司 | The construction method and system of network simulation topology applied to network target range |
| CN109885377A (en) * | 2018-11-23 | 2019-06-14 | 中国银联股份有限公司 | The method of unified resource scheduling coordinator and its creation virtual machine and/or container, unified resource dispatch system |
| US20190268262A1 (en) * | 2015-12-31 | 2019-08-29 | New H3C Technologies Co., Ltd | Controlling packets of virtual machines |
| CN110601949A (en) * | 2019-09-10 | 2019-12-20 | 中国人民解放军国防科技大学 | Multi-virtual equipment container networking method |
| US20200213227A1 (en) * | 2018-12-26 | 2020-07-02 | Juniper Networks, Inc. | Cloud network having multiple protocols using virtualization overlays across physical and virtualized workloads |
| CN111478820A (en) * | 2020-06-24 | 2020-07-31 | 南京赛宁信息技术有限公司 | Network equipment configuration system and method for large-scale network environment of network target range |
| CN111600913A (en) * | 2020-07-22 | 2020-08-28 | 南京赛宁信息技术有限公司 | Self-adaptive access method and system for real equipment in attack and defense scene of network shooting range |
| CN112187610A (en) * | 2020-09-24 | 2021-01-05 | 北京赛宁网安科技有限公司 | Network isolation system and method for network target range |
| CN112383481A (en) * | 2020-11-02 | 2021-02-19 | 科大讯飞股份有限公司 | Flow table generation and port forwarding method, node, electronic device and storage medium |
| CN113326103A (en) * | 2021-08-03 | 2021-08-31 | 中电长城网际安全技术研究院(北京)有限公司 | Virtual machine creation method and device |
| CN113359511A (en) * | 2021-06-23 | 2021-09-07 | 陕西工大锐迪信息技术有限公司 | Construction method and device of industrial control simulation network, computer equipment and storage medium |
| CN113472848A (en) * | 2021-05-31 | 2021-10-01 | 济南浪潮数据技术有限公司 | Network fusion method and device of virtual machine and container and related equipment |
| CN113472575A (en) * | 2021-06-30 | 2021-10-01 | 北京凌云雀科技有限公司 | Deployment method and device of open virtual network |
| CN113572634A (en) * | 2021-06-22 | 2021-10-29 | 济南浪潮数据技术有限公司 | Method and system for realizing two-layer intercommunication between in-cloud network and out-cloud network |
-
2021
- 2021-12-22 CN CN202111576655.XA patent/CN114363021B/en active Active
Patent Citations (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130033993A1 (en) * | 2011-08-05 | 2013-02-07 | International Business Machines Corporation | Distributed Overlay Network Data Traffic Management by a Virtual Server |
| US20150236900A1 (en) * | 2012-08-31 | 2015-08-20 | Bce Inc. | Ip mpls pop virtualization and fault tolerant virtual router |
| US9697172B1 (en) * | 2012-12-28 | 2017-07-04 | Juniper Networks, Inc. | Virtual network optimizing a physical network |
| US20150381480A1 (en) * | 2013-03-01 | 2015-12-31 | Nec Corporation | Network system, resource control device, and virtual machine generation device |
| CN104363159A (en) * | 2014-07-02 | 2015-02-18 | 北京邮电大学 | Virtual open network building system and method based on software definition network |
| US20160021032A1 (en) * | 2014-07-21 | 2016-01-21 | Big Switch Networks, Inc. | Systems and methods for performing logical network forwarding using a controller |
| CN106919435A (en) * | 2015-12-25 | 2017-07-04 | 华为技术有限公司 | The creation method of virtual machine, the management method of resource and device |
| US20190268262A1 (en) * | 2015-12-31 | 2019-08-29 | New H3C Technologies Co., Ltd | Controlling packets of virtual machines |
| US20180212869A1 (en) * | 2016-08-03 | 2018-07-26 | Huawei Technologies Co., Ltd. | Network interface card, computing device, and data packet processing method |
| CN106534325A (en) * | 2016-11-24 | 2017-03-22 | 深圳市永达电子信息股份有限公司 | Heterogeneous network communication system for railway rail transit |
| CN108737272A (en) * | 2017-04-19 | 2018-11-02 | 江南大学 | High-performance routing conversion in a kind of cloud computing |
| CN108418705A (en) * | 2018-01-29 | 2018-08-17 | 山东汇贸电子口岸有限公司 | Virtual machine mixes the virtual network management method and system of nested framework with container |
| CN109885377A (en) * | 2018-11-23 | 2019-06-14 | 中国银联股份有限公司 | The method of unified resource scheduling coordinator and its creation virtual machine and/or container, unified resource dispatch system |
| CN109802852A (en) * | 2018-12-13 | 2019-05-24 | 烽台科技(北京)有限公司 | The construction method and system of network simulation topology applied to network target range |
| US20200213227A1 (en) * | 2018-12-26 | 2020-07-02 | Juniper Networks, Inc. | Cloud network having multiple protocols using virtualization overlays across physical and virtualized workloads |
| CN110601949A (en) * | 2019-09-10 | 2019-12-20 | 中国人民解放军国防科技大学 | Multi-virtual equipment container networking method |
| CN111478820A (en) * | 2020-06-24 | 2020-07-31 | 南京赛宁信息技术有限公司 | Network equipment configuration system and method for large-scale network environment of network target range |
| CN111600913A (en) * | 2020-07-22 | 2020-08-28 | 南京赛宁信息技术有限公司 | Self-adaptive access method and system for real equipment in attack and defense scene of network shooting range |
| CN112187610A (en) * | 2020-09-24 | 2021-01-05 | 北京赛宁网安科技有限公司 | Network isolation system and method for network target range |
| CN112383481A (en) * | 2020-11-02 | 2021-02-19 | 科大讯飞股份有限公司 | Flow table generation and port forwarding method, node, electronic device and storage medium |
| CN113472848A (en) * | 2021-05-31 | 2021-10-01 | 济南浪潮数据技术有限公司 | Network fusion method and device of virtual machine and container and related equipment |
| CN113572634A (en) * | 2021-06-22 | 2021-10-29 | 济南浪潮数据技术有限公司 | Method and system for realizing two-layer intercommunication between in-cloud network and out-cloud network |
| CN113359511A (en) * | 2021-06-23 | 2021-09-07 | 陕西工大锐迪信息技术有限公司 | Construction method and device of industrial control simulation network, computer equipment and storage medium |
| CN113472575A (en) * | 2021-06-30 | 2021-10-01 | 北京凌云雀科技有限公司 | Deployment method and device of open virtual network |
| CN113326103A (en) * | 2021-08-03 | 2021-08-31 | 中电长城网际安全技术研究院(北京)有限公司 | Virtual machine creation method and device |
Non-Patent Citations (1)
| Title |
|---|
| 陈吉龙;翟健宏;: "虚拟化工控网络靶场的设计与自动化部署", 智能计算机与应用, no. 05, pages 189 - 203 * |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115002029A (en) * | 2022-05-31 | 2022-09-02 | 济南浪潮数据技术有限公司 | Traffic forwarding method, device, equipment and storage medium |
| CN115208660A (en) * | 2022-07-14 | 2022-10-18 | 软极网络技术(北京)有限公司 | Transparent access method for network target range equipment |
| CN115208660B (en) * | 2022-07-14 | 2024-03-22 | 软极网络技术(北京)有限公司 | Transparent access method for network target range equipment |
| CN115277349A (en) * | 2022-07-18 | 2022-11-01 | 天翼云科技有限公司 | Method for configuring distributed gateway, open virtual network and storage medium |
| CN115277349B (en) * | 2022-07-18 | 2024-01-02 | 天翼云科技有限公司 | Method for configuring distributed gateway, open virtual network and storage medium |
| CN115348126A (en) * | 2022-07-26 | 2022-11-15 | 北京永信至诚科技股份有限公司 | Network target range entity equipment access method, device and implementation system |
| CN115314356B (en) * | 2022-08-09 | 2023-11-24 | 中电云计算技术有限公司 | Cross-region distributed SDN control device and method based on OVN |
| CN115314356A (en) * | 2022-08-09 | 2022-11-08 | 中电云数智科技有限公司 | OVN-based cross-region distributed SDN control device and method |
| CN115378868B (en) * | 2022-08-18 | 2023-09-19 | 中电云数智科技有限公司 | System and method for realizing message processing based on SNAT resource pool |
| CN115378868A (en) * | 2022-08-18 | 2022-11-22 | 中电云数智科技有限公司 | System and method for realizing message processing based on SNAT resource pool |
| CN115426324A (en) * | 2022-08-26 | 2022-12-02 | 绿盟科技集团股份有限公司 | Method and device for accessing entity equipment to network target range |
| CN115484209A (en) * | 2022-09-23 | 2022-12-16 | 绿盟科技集团股份有限公司 | Network flow playback method, device, medium and electronic equipment |
| CN115484209B (en) * | 2022-09-23 | 2024-04-02 | 绿盟科技集团股份有限公司 | Network traffic playback method and device, medium and electronic equipment |
| CN117354197A (en) * | 2023-12-06 | 2024-01-05 | 广州医科大学附属第五医院(广州再生医学与健康广东省实验室附属医院) | Virtual network breakpoint detection method and device, terminal equipment and storage medium |
| CN117354197B (en) * | 2023-12-06 | 2024-02-27 | 广州医科大学附属第五医院(广州再生医学与健康广东省实验室附属医院) | Virtual network breakpoint detection method and device, terminal equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114363021B (en) | 2023-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114363021B (en) | Network target range system, virtual network implementation method and device of network target range system | |
| CN109802852B (en) | Method and system for constructing network simulation topology applied to network target range | |
| CN103997414B (en) | Generate method and the network control unit of configuration information | |
| US9781037B2 (en) | Method and apparatus for advanced statistics collection | |
| US10063470B2 (en) | Data center network system based on software-defined network and packet forwarding method, address resolution method, routing controller thereof | |
| Prete et al. | Simulation in an SDN network scenario using the POX Controller | |
| CN106712988B (en) | A kind of virtual network management method and device | |
| US9413645B1 (en) | Methods and apparatus for accessing route information in a distributed switch | |
| CN108123818B (en) | Simulation method for flexible and extensible fusion of virtual and actual networks | |
| CN107592216B (en) | Virtual-real network fusion simulation method supporting multi-scene experimental isolation | |
| CN109547349A (en) | Flow managing method, device, terminal and storage medium based on virtual flow-line | |
| US11586575B2 (en) | System decoder for training accelerators | |
| CN107404436A (en) | Communication means and device for virtual expansible LAN | |
| CN105721358A (en) | Methods and apparatus related to a switch fabric system having a multi-hop distributed control plane and a single-hop data plane | |
| CN105407140A (en) | Calculation resource virtualization system of networked test system and method thereof | |
| CN103534987B (en) | For the method and system of configuration virtual network configuration | |
| CN107211036A (en) | A kind of method and data center network of data center network networking | |
| CN108494607B (en) | Container-based design method and system for large two-layer network architecture | |
| CN106850459A (en) | A kind of method and device for realizing virtual network load balancing | |
| JP2010531602A (en) | Method and apparatus for communication of diagnostic data in a real-time communication network | |
| WO2023165137A1 (en) | Cross-cluster network communication system and method | |
| CN110601949A (en) | Multi-virtual equipment container networking method | |
| CN113992590A (en) | Link load balancing method based on software defined network | |
| Casado et al. | Ripcord: A modular platform for data center networking | |
| CN108574613A (en) | The double layer intercommunication method and device of SDN data centers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |