CN114363021B - Network target range system, virtual network implementation method and device of network target range system - Google Patents
Network target range system, virtual network implementation method and device of network target range system Download PDFInfo
- Publication number
- CN114363021B CN114363021B CN202111576655.XA CN202111576655A CN114363021B CN 114363021 B CN114363021 B CN 114363021B CN 202111576655 A CN202111576655 A CN 202111576655A CN 114363021 B CN114363021 B CN 114363021B
- Authority
- CN
- China
- Prior art keywords
- ovn
- logical
- flow table
- logic
- virtual network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 108090000623 proteins and genes Proteins 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 14
- 230000008685 targeting Effects 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 23
- 238000010586 diagram Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 11
- 238000004891 communication Methods 0.000 description 9
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000007935 neutral effect Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000005538 encapsulation Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013499 data model Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/70—Virtual switches
Abstract
The application discloses a network range system, a virtual network implementation method and a device of the network range system, wherein the network range system comprises a control node and at least two calculation nodes, wherein: the control node is configured to generate logical virtual network configuration data information according to a stored logical virtual network topology structure, convert the received logical virtual network configuration data information into OVN logical flow table information, and send the OVN logical flow table information to each computing node, where the logical virtual network topology structure at least includes a virtual machine and a logical switching device, and the logical switching device at least includes a logical switch; the computing node is configured to create a corresponding virtual machine according to the received OVN logical flow table information, synchronize the OVN logical flow table information to an OVS flow table, and forward a data packet according to the OVN logical flow table information.
Description
Technical Field
The application relates to the technical field of network information, in particular to a network target range system, and a virtual network implementation method and device of the network target range system.
Background
The network target range is a technology for simulating and reproducing the running states and running environments of a network architecture, system equipment and business processes in a real network space based on a virtualization technology, and can more effectively realize the behaviors of learning, researching, checking, competing, playing and the like related to network safety, thereby improving the network safety countermeasure level of users.
The infrastructure of the network target range system mainly comprises a virtual machine and a virtual switching device, and in order to improve network security, a virtual security device (such as a virtual firewall) can be added into the network target range system, wherein the virtual switching device mainly comprises a virtual switch and a virtual router and is used for communicating a communication network between the virtual machine and the virtual machine (such as the network target range system comprises the virtual security device, and the virtual switching device is also used for communicating the communication network between the virtual machine and the virtual security device). Each virtual device is built on the host machine by means of the network target range system, each virtual device occupies the resources of the host machine, and the total resources of the host machine and the resources occupied by the single virtual device directly determine the number of virtual devices (namely the size of the virtual network scale) which can be simulated by one host machine. In order to realize the functions of basic two-layer and three-layer network, virtual-real interconnection, DHCP (Dynamic Host Configuration Protocol ) and the like in the network target range system, and network isolation, flow control and the like with fine granularity, unified management control and configuration are required to be carried out on the virtual switching equipment.
In the existing network target range system, in a two-layer and three-layer network communication mode that an OpenWRT is taken as a three-layer routing device and is combined with an OVS (Open virtual switch) to realize a virtual network, the OpenWRT is a Linux operating system facing an embedded device, and can be used as a virtual switching device in the virtual network.
The existing SDN (Software Defined Network ) controllers, such as ODL (Open Dayleight), are modularized, extensible, scalable and multi-protocol-supporting controller frameworks developed based on SDN, RYU (Open source SDN controller), and the like, are used as controllers, and are combined with related virtual switching devices to realize a virtual network communication mode in a network target system, so that although unified management control of the network target system can be realized to a certain extent, due to the fact that the SDN controllers have more functional redundancy functions, huge architecture and difficult maintenance, and meanwhile, the virtual switching devices consume host resources.
In the existing manner of using a neutral (neutral is one of the OpenStack core items and provides a virtual network function under a cloud computing environment) module of an OpenStack (OpenStack is an open source cloud computing management platform item) as a virtual network scheduling module to realize virtual network communication of a network target system, because the neutral is the open source item, redundancy functions are more, vulnerabilities of the neutral are easy to be utilized, and security risks exist.
Disclosure of Invention
In order to solve the problems that the existing virtual network communication implementation mode of the network target range system consumes host machine resources and has safety risks, the embodiment of the application provides the network target range system, and a virtual network implementation method and device of the network target range system.
In a first aspect, an embodiment of the present application provides a network shooting range system, including a control node and at least two computing nodes, where:
the control node is configured to generate logical virtual network configuration data information according to a stored logical virtual network topology structure, convert the logical virtual network configuration data information into open virtual network OVN logical flow table information, and send the OVN logical flow table information to each computing node, where the logical virtual network topology structure at least includes a virtual machine and a logical switching device, and the logical switching device at least includes a logical switch;
the computing node is configured to create a corresponding virtual machine according to the received OVN logical flow table information, synchronize the OVN logical flow table information to an OVS flow table of the open virtual switch, and forward a data packet according to the OVN logical flow table information.
In a possible implementation manner, the control node comprises a network range configuration module and a OVN centralized control module, the computing node comprises OVN controllers and OVS components, the network range configuration module and the OVN centralized control module are connected through an open virtual switch database OVSDB management protocol, the OVN centralized control module is respectively connected with the OVN controllers in each computing node through the OVSDB management protocol, and the OVN controllers in each computing node are connected with the OVS components through the OVSDB management protocol;
the network targeting configuration module is specifically configured to generate logical virtual network configuration data information according to the logical virtual network topology structure, and send the logical virtual network configuration data information to the OVN centralized control module;
the OVN centralized control module is specifically configured to convert the received logical virtual network configuration data information into OVN logical flow table information, and send the OVN logical flow table information to OVN controllers in the computing nodes;
the OVN controller is specifically configured to create a corresponding virtual machine on a computing node to which the corresponding virtual machine belongs according to the received OVN logical flow table information, and synchronize the OVN logical flow table information to an OVS flow table of an OVS component on the computing node, where the virtual machine is connected to a bridge of the OVS component through a virtual network card;
the OVS component is specifically configured to forward a data packet according to the OVN logical flow table information.
In a possible implementation manner, the OVN centralized control module comprises a OVN northbound database, a OVN centralized controller and a OVN southbound database, wherein the OVN northbound database and the OVN centralized controller are connected through an OVSDB management protocol, and the OVN centralized controller and the OVN southbound database are connected through an OVSDB management protocol;
the OVN northbound database is specifically configured to receive and store the logical virtual network configuration data information sent by the network target range configuration module;
the OVN centralized controller is specifically configured to, when detecting the logical virtual network configuration data information stored in the OVN northbound database, convert the logical virtual network configuration data information into the OVN logical flow table information, and send the OVN logical flow table information to the OVN soutthbound database;
the OVN southbound database is specifically configured to receive the OVN logic flow table information sent by the OVN centralized controller, and send the OVN logic flow table information to the OVN controller in each computing node.
In a possible implementation manner, the OVN controller is specifically configured to construct a generic network virtual encapsulation gene tunnel between the computing node to which the controller belongs and other computing nodes, so that virtual machines on the computing nodes communicate across hosts.
In one possible implementation manner, the gene tunnel encapsulates and decapsulates the data message by encapsulating port information of the logic switching device in the OVN logic flow table information.
In a possible implementation manner, the OVS component is specifically configured to configure a bridge of the OVS component to be in a secure mode, and configure an OVS interface identifier in the OVS flow table to point to a port of a logic switching device in the OVN logic flow table information, so that a data packet flowing through the OVS interface by a virtual machine connected to the bridge of the OVS component is forwarded according to the OVN logic flow table information.
In a second aspect, an embodiment of the present application provides a method for implementing a virtual network of a network target range system, which is applied to the network target range system described in the embodiment of the present application, where the network target range system includes a control node and at least two computing nodes, and the method includes:
the control node generates logic virtual network configuration data information according to a stored logic virtual network topological structure, wherein the logic virtual network topological structure at least comprises a virtual machine and logic switching equipment, and the logic switching equipment at least comprises a logic switch;
converting the logic virtual network configuration data information into open virtual network OVN logic flow table information, and sending the OVN logic flow table information to each computing node, so that each computing node creates a corresponding virtual machine according to the received OVN logic flow table information, synchronizes the OVN logic flow table information into an own Open Virtual Switch (OVS) flow table, and forwards data messages according to the OVN logic flow table information, wherein the virtual machine is connected to a bridge of an OVS component of the computing node through a virtual network card.
In one possible implementation, a generic network virtual encapsulation gene tunnel is constructed between each computing node and other computing nodes, so that virtual machines on each computing node communicate across hosts.
In one possible implementation manner, the gene tunnel encapsulates and decapsulates the data message by encapsulating port information of the logic switching device in the OVN logic flow table information.
In a possible implementation manner, each computing node configures a bridge of a respective OVS component to be in a secure mode, configures an OVS interface identifier in the OVS flow table to point to a port of a logic switching device in the OVN logic flow table information, so that a data packet flowing through the OVS interface by a virtual machine connected to the bridge of the OVS component is forwarded according to the OVN logic flow table information.
In a third aspect, an embodiment of the present application provides a virtual network implementation device of a network range system, which is applied to the network range system in the embodiment of the present application, where the network range system includes a control node and at least two computing nodes, and the device includes:
the generating unit is used for generating logic virtual network configuration data information according to a stored logic virtual network topological structure, wherein the logic virtual network topological structure at least comprises a virtual machine and logic switching equipment, and the logic switching equipment at least comprises a logic switch;
the sending unit is configured to convert the logic virtual network configuration data information into OVN logic flow table information, and send the OVN logic flow table information to each computing node, so that each computing node creates a corresponding virtual machine according to the received OVN logic flow table information, synchronizes the OVN logic flow table information into its own OVS flow table, and forwards a data message according to the OVN logic flow table information, where the virtual machine is connected to a bridge of an OVS component of the computing node through a virtual network card.
In one possible implementation, a generic network virtual encapsulation gene tunnel is constructed between each computing node and other computing nodes, so that virtual machines on each computing node communicate across hosts.
In one possible implementation manner, the gene tunnel encapsulates and decapsulates data messages by encapsulating port information of the logical switch in the OVN logical flow table information.
In a possible implementation manner, each computing node configures a bridge of a respective OVS component to be in a secure mode, configures an OVS interface identifier in the OVS flow table to point to a port of a logical switch in the OVN logical flow table information, so that a data packet flowing through the OVS interface by a virtual machine connected to the bridge of the OVS component is forwarded according to the OVN logical flow table information.
In a fourth aspect, an embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements a virtual network implementation method of a network range system according to the present application when the processor executes the program.
In a fifth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which when executed by a processor performs steps in a virtual network implementation method of a network range system according to the present application.
The embodiment of the application has the following beneficial effects:
the network target range system provided by the embodiment of the application comprises a control node and at least two computing nodes, wherein the control node is used for generating logic virtual network configuration data information according to a stored logic virtual network topological structure, converting the logic virtual network configuration data information into OVN logic flow table information and transmitting OVN logic flow table information to each computing node, the logic virtual network topological structure at least comprises a virtual machine and logic switching equipment, the logic switching equipment at least comprises a logic switch, the computing nodes are used for creating a corresponding virtual machine according to OVN logic flow table information transmitted by the received control node, and synchronizing OVN logic flow table information into an OVS flow table of the computing node, and forwarding data messages according to OVN logic flow table information.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
fig. 1 is a schematic structural diagram of a network shooting range system according to an embodiment of the present application;
fig. 2 is a diagram illustrating an example of a logical virtual network topology according to an embodiment of the present application;
fig. 3 is a schematic flow chart of an implementation method of a virtual network of the network target range system according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a virtual network implementation device of a network target range system according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to solve the problems in the background art, the embodiment of the application provides a network shooting range system, a virtual network implementation method and a virtual network implementation device of the network shooting range system.
The preferred embodiments of the present application will be described below with reference to the accompanying drawings of the specification, it being understood that the preferred embodiments described herein are for illustration and explanation only, and not for limitation of the present application, and embodiments of the present application and features of the embodiments may be combined with each other without conflict.
In this context, it is to be understood that the technical terms referred to in the present application are:
1. OVS: the open virtual switch is a high-quality virtual switch supporting multi-layer data forwarding, can be deployed on a server, has better programming expansibility compared with the traditional switch, and has network isolation and data forwarding functions realized by the traditional switch.
2. OVN (Open Virtual Network ) is a software system that supports virtual network abstraction. OVN is extended to some extent to the existing OVS functions, such as basic virtual two-layer and three-layer network switching, higher-order NAT (Network Address Translation ), DHCP, ACL (Access Control Lists, access control list), qos (Quality of Service ), and the like.
3. OVSDB (Open VSwitch Database, open virtual switch database) management protocol the main object of OVSDB management protocol management is OVSDB, which provides a programmable portal for OVSDB. OVSDB is the only database of OVSs, while OVSDB management protocol is also the only protocol of OVSs at management layer, while OVN also supports OVSDB management protocol.
4. Overlay-Overlay technology is to build a virtual network on top of the existing physical network, and the upper layer application is only related to the virtual network.
5. Geneve (Generic Network Virtualization Encapsulation, generic network virtual package): an Overlay protocol enables cross-virtual machine host communication through an abstract Overlay plane.
6. Br-int (bridge): default bridge for OVS.
As shown in fig. 1, which is a schematic structural diagram of a network target system according to an embodiment of the present application, the network target system may include a control node 11 and at least two computing nodes 12. The control node 11 may include a network range configuration module 111 and a OVN centralized control module 112, the computing node 12 may include OVN controllers (i.e., OVN controllers) 121 and OVS components 122, the network range configuration modules 111 and OVN centralized control modules 112 are connected by an OVSDB management protocol, the OVN centralized control module 112 is connected with OVN controllers 121 in each computing node 12 by an OVSDB management protocol, and the OVN controllers 121 in each computing node 12 are connected with the OVS components 122 by an OVSDB management protocol, where:
the control node 11 is configured to generate Logical virtual network configuration data information according to a stored Logical virtual network topology structure, convert the Logical virtual network configuration data information into OVN Logical flow table information, and send OVN Logical flow table information to each computing node, where the Logical virtual network topology structure at least includes a virtual machine and a Logical switching device, and the Logical switching device at least includes a Logical Switch (Logical Switch).
In particular, the network targeting configuration module 111 is specifically configured to generate logical virtual network configuration data information according to the stored logical virtual network topology structure, and send the logical virtual network configuration data information to the OVN centralized control module 112.
In an implementation, the control node 11 and the computing node 12 may be servers. The embodiment of the present application will be described by taking two computing nodes (e.g., computing node 1 and computing node 2 in fig. 1) as an example.
The network farm configuration module 111 constructs and stores a Logical virtual network topology according to the requirements of the virtual network of the network farm system, where the Logical virtual network topology may include virtual machines and Logical switching devices, and may further include virtual security devices, and the Logical switching devices may include Logical switches, and may further include Logical routers (Logical routers). Assuming that the constructed logical virtual network topology is shown in fig. 2 and includes a logical router, a logical switch 1, a logical switch 2, a virtual machine 1, a virtual machine 2, a virtual machine 3 and a virtual machine 4, wherein the logical router is connected with the logical switch 1 through its port 1 and the port 1 of the logical switch 1, the logical router is connected with the logical switch 2 through its port 2 and the port 1 of the logical switch 2, the virtual machine 1 is connected with the logical switch 1 through the port 2 of the logical switch 1, the virtual machine 2 is connected with the logical switch 1 through the port 3 of the logical switch 1, the virtual machine 3 is connected with the logical switch 2 through the port 2 of the logical switch 2, and the virtual machine 4 is connected with the logical switch 2 through the port 3 of the logical switch 2, the network scope configuration module 111 may generate logical virtual network configuration data information according to the logical virtual network topology shown in fig. 2, which may include, but is not limited to: static routing information of the logic router, NAT configuration information and gateway router configuration information; configuration information of the logical switch ACL, qos, DHCP and the like; and the connection association relation among the logic router, each logic switch and each virtual machine, namely logic virtual network link information.
OVN centralized control module 112 is specifically configured to convert the received logical virtual network configuration data information into OVN logical flow table information, and send OVN logical flow table information to OVN controller 121 in each computing node 12.
Specifically, the OVN centralized control module includes OVN Northd (OVN Northbound DB) databases 1121, OVN centralized controllers (OVN Northd) 1122 and OVN southbound database (OVN southbound DB) 1123, the network range configuration modules 111 and OVN Northd databases 1121 are connected by a management protocol, the OVN Northd databases 1121 and OVN centralized controllers 1122 are connected by an OVSDB management protocol, and the OVN centralized controllers 1122 and OVN southbound databases 1123 are connected by an OVSDB management protocol.
Specifically, the OVN northbound database 1121 is specifically configured to receive and store the logical virtual network configuration data information sent by the network target range configuration module 111.
OVN the centralized controller 1122 is specifically configured to, when detecting the logical virtual network configuration data information stored in the OVN northbound database 1121, convert the logical virtual network configuration data information into OVN logical flow table information, and send OVN logical flow table information to the OVN southbound database 1123.
OVN southbound database 1123 is specifically configured to receive OVN logical flow table information sent by OVN centralized controller 1122 and send OVN logical flow table information to OVN controller 121 in each computing node 12.
The computing node 12 is configured to create a corresponding virtual machine according to the received OVN logical flow table information, synchronize OVN logical flow table information to the OVS flow table, and forward the data packet according to OVN logical flow table information.
In specific implementation, the OVN controller 121 is specifically configured to create a corresponding virtual machine on the computing node 12 to which the corresponding virtual machine belongs according to the received OVN logical flow table information, and synchronize the OVN logical flow table information to an OVS flow table of an OVS component on the computing node, where the virtual machine is connected to a bridge of the OVS component through a virtual network card.
Specifically, the OVN controller 121 on any computing node 12 is configured to create a corresponding virtual machine on the computing node 12 according to the logical virtual network link information included in the OVN logical flow table information, and taking the logical virtual network topology structure in fig. 2 as an example, virtual machine 1 and virtual machine 2 may be created on computing node 1 in fig. 1, virtual machine 3 and virtual machine 4 may be created on computing node 2, virtual machine 1 and virtual machine 2 are connected to the bridge of the OVS component 122 of computing node 1 through respective virtual network cards, and virtual machine 3 and virtual machine 4 are connected to the bridge of the OVS component 122 of computing node 2 through respective virtual network cards, that is: the method comprises the steps that a plurality of virtual machines contained in a logical virtual network topology structure are created in a scattered mode on different computing nodes, and a logical switching device is not required to be created: the logic switch 1, the logic switch 2 and the logic router are not actually existed, the essence of the logic switch is a set of flow table sets for guiding data traffic to carry out two-layer forwarding, the essence of the logic router is a set of flow table sets for guiding data traffic to carry out three-layer forwarding, therefore, the logic switch equipment does not occupy the resources of a computing node, compared with the prior art that a virtual machine is required to be created on a host of the virtual machine, the virtual switch equipment is also required to be created, the resources of the host of the virtual machine are effectively saved, and furthermore, the OVN controller 121 on the computing node 1 synchronizes OVN logic flow table information to the OVS flow table of the OVS component 122 on the computing node 1, and the OVN controller 121 on the computing node 2 synchronizes OVN logic flow table information to the OVS flow table of the OVS component 122 on the computing node 2. Wherein, the ovsdb-server and OVS-vswitch together form the OVS component 122.
In a specific implementation process, the OVN controller 121 on any computing node 12 is specifically configured to construct a gene tunnel between the computing node 12 to which it belongs and other computing nodes 12, so that the virtual machine on each computing node 12 performs cross-host communication through the constructed gene tunnel.
Specifically, the gene tunnel encapsulates and decapsulates the data message by encapsulating the port information of the logic switching device in the OVN logic flow table information.
In the embodiment of the application, the configuration OVN tunnel encapsulation type is Gene, compared with VXLAN (Virtual Extensible Local Area Network ) encapsulation, the method is more applicable to a logic virtual network, and the Gene can directly encapsulate a port of a logic switching device (such as a logic switch) and is more compatible with the OVN virtual network, so that a Gene tunnel is established for forwarding all data messages for public use, and the data forwarding efficiency is improved while the resources of a computing node are saved.
The OVS component 122 is specifically configured to forward the data packet according to OVN logical flow table information.
Specifically, the OVS component 122 on any computing node 12 is specifically configured to configure a bridge of the OVS component to be in a secure mode, and configure an OVS interface identifier in an OVS flow table to point to a port of a logic switching device in OVN logic flow table information, so that a data packet flowing through the OVS interface by a virtual machine on the bridge connected to the OVS component 122 is forwarded according to OVN logic flow table information.
Specifically, the bridge (Br-int) of the OVS component 122 is configured to be in a secure mode, i.e. the bridge of the OVS component 122 does not direct any data traffic forwarding, and the data traffic on the OVS Interface is directed to the port of the logic switching device by configuring the interface_id field of the external_ids in the OVS Interface table to direct the forwarding according to the flow table (i.e. OVN logic flow table) of the port of the logic switching device, so as to realize the mapping relationship from OVN logic data model to OVS traffic forwarding, and realize that the data message of the virtual machine accessed through the OVS component 122 is forwarded by OVN logic flow table, so that the user of the target network system breaks away from the complex flow table configuration.
The network target range system provided by the embodiment of the application realizes mapping the information of the logic switching equipment and the configuration thereof, etc., which are easy to be understood by a user, into the configuration of the bottom virtual network, uniformly uses the OVSDB management protocol as the communication management protocol of the logic virtual network, realizes the configuration consistency and uniform management control of the virtual network of the network target range system, and loads the virtual network based on the OVN logic flow table, so that the logic switching equipment does not occupy or occupies little host machine resources, thereby saving the network target range system resources and creating more virtual machines.
Based on the same inventive concept, the embodiment of the application also provides a virtual network implementation method of the network target range system, and because the principle of solving the problem of the virtual network implementation method of the network target range system is similar to that of the network target range system, the implementation of the method can refer to the implementation of the system, and the repetition is omitted.
As shown in fig. 3, a schematic implementation flow chart of a virtual network implementation method of a network target range system according to an embodiment of the present application is applied to the network target range system according to the embodiment of the present application, where the network target range system includes a control node and at least two computing nodes, and the method includes:
s21, the control node generates logic virtual network configuration data information according to a stored logic virtual network topological structure, wherein the logic virtual network topological structure at least comprises a virtual machine and logic switching equipment, and the logic switching equipment at least comprises a logic switch.
S22, converting the logic virtual network configuration data information into OVN logic flow table information, and sending OVN logic flow table information to each computing node, so that each computing node creates a corresponding virtual machine according to the received OVN logic flow table information, synchronizes OVN logic flow table information into an OVS flow table of itself, and forwards data messages according to OVN logic flow table information.
The virtual machine is connected to a bridge of the OVS component of the computing node through a virtual network card.
In one possible implementation, a generic network virtual encapsulation gene tunnel is constructed between each computing node and other computing nodes, so that virtual machines on each computing node communicate across hosts.
In one possible implementation manner, the gene tunnel encapsulates and decapsulates the data message by encapsulating port information of the logic switching device in the OVN logic flow table information.
In a possible implementation manner, each computing node configures a bridge of a respective OVS component to be in a secure mode, configures an OVS interface identifier in the OVS flow table to point to a port of a logic switching device in the OVN logic flow table information, so that a data packet flowing through the OVS interface by a virtual machine connected to the bridge of the OVS component is forwarded according to the OVN logic flow table information.
Based on the same inventive concept, the embodiments of the present application further provide a virtual network implementation device of a network target range system, and because the principle of solving the problem of the virtual network implementation device of the network target range system is similar to that of the network target range system, the implementation of the device can refer to the implementation of the system, and the repetition is omitted.
As shown in fig. 4, a schematic structural diagram of a virtual network implementation device of a network range system according to an embodiment of the present application is applied to the network range system according to the embodiment of the present application, where the network range system includes a control node and at least two computing nodes, and the device includes:
a generating unit 31, configured to generate logical virtual network configuration data information according to a stored logical virtual network topology structure, where the logical virtual network topology structure at least includes a virtual machine and a logical switching device, and the logical switching device at least includes a logical switch;
the sending unit 32 is configured to convert the logical virtual network configuration data information into OVN logical flow table information, and send the OVN logical flow table information to each computing node, so that each computing node creates a corresponding virtual machine according to the received OVN logical flow table information, synchronizes the OVN logical flow table information into its own OVS flow table, and forwards a data packet according to the OVN logical flow table information, where the virtual machine is connected to a bridge of an OVS component of the computing node through a virtual network card.
In one possible implementation, a generic network virtual encapsulation gene tunnel is constructed between each computing node and other computing nodes, so that virtual machines on each computing node communicate across hosts.
In one possible implementation manner, the gene tunnel encapsulates and decapsulates data messages by encapsulating port information of the logical switch in the OVN logical flow table information.
In a possible implementation manner, each computing node configures a bridge of a respective OVS component to be in a secure mode, configures an OVS interface identifier in the OVS flow table to point to a port of a logical switch in the OVN logical flow table information, so that a data packet flowing through the OVS interface by a virtual machine connected to the bridge of the OVS component is forwarded according to the OVN logical flow table information.
Based on the same technical concept, the embodiment of the present application further provides an electronic device 400, referring to fig. 5, where the electronic device 400 is configured to implement a virtual network implementation method of the network range system described in the foregoing method embodiment, and the electronic device 400 of this embodiment may include: memory 401, processor 402, and a computer program stored in the memory and executable on the processor, such as an implementation of a network range system. The processor, when executing the computer program, implements the steps of the various network target system embodiments described above, such as step S21 shown in fig. 3. Alternatively, the processor, when executing the computer program, performs the functions of the modules/units of the apparatus embodiments described above, e.g. 31.
The specific connection medium between the memory 401 and the processor 402 is not limited in the embodiment of the present application. In the embodiment of the present application, the memory 401 and the processor 402 are connected through the bus 403 in fig. 5, the bus 403 is shown by a thick line in fig. 5, and the connection manner between other components is only schematically illustrated, but not limited to. The bus 403 may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, only one thick line is shown in fig. 5, but not only one bus or one type of bus.
The memory 401 may be a volatile memory (RAM) such as a random-access memory (RAM); the memory 401 may also be a nonvolatile memory (non-volatile memory), such as a read-only memory, a flash memory (flash memory), a Hard Disk Drive (HDD) or a Solid State Drive (SSD), or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto. Memory 401 may be a combination of the above.
A processor 402 for implementing a virtual network implementation method of a network range system as shown in fig. 2.
The embodiment of the application also provides a computer readable storage medium which stores computer executable instructions required to be executed by the processor and contains a program for executing the processor.
In some possible embodiments, aspects of the network target system provided by the present application may also be implemented in the form of a program product comprising program code for causing an electronic device to carry out the steps of the virtual network implementation method of the network target system according to the various exemplary embodiments of the present application described above in this specification, when the program product is run on the electronic device.
It will be apparent to those skilled in the art that embodiments of the present application may be provided as a system, method, apparatus, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. A networked range system comprising a control node and at least two computing nodes, wherein:
the control node is configured to generate logical virtual network configuration data information according to a stored logical virtual network topology structure, convert the logical virtual network configuration data information into open virtual network OVN logical flow table information, and send the OVN logical flow table information to each computing node, where the logical virtual network topology structure at least includes a virtual machine and a logical switching device, the logical switching device at least includes a logical switch, and the logical virtual network configuration data includes network configuration information of the logical switching device, and logical virtual network link information between the virtual machine and the logical switching device;
the computing node is configured to create a corresponding virtual machine according to the received OVN logical flow table information, synchronize the OVN logical flow table information to an OVS flow table of the open virtual switch, and forward a data packet according to the OVN logical flow table information.
2. The system of claim 1, wherein the control node comprises a network range configuration module and a OVN centralized control module, the computing node comprises OVN controllers and OVS components, the network range configuration module and the OVN centralized control module are connected through an open virtual switch database OVSDB management protocol, the OVN centralized control module is connected through an OVSDB management protocol with OVN controllers in each computing node, and the OVN controllers in each computing node are connected through an OVSDB management protocol with OVS components;
the network targeting configuration module is specifically configured to generate logical virtual network configuration data information according to the logical virtual network topology structure, and send the logical virtual network configuration data information to the OVN centralized control module;
the OVN centralized control module is specifically configured to convert the received logical virtual network configuration data information into OVN logical flow table information, and send the OVN logical flow table information to OVN controllers in the computing nodes;
the OVN controller is specifically configured to create a corresponding virtual machine on a computing node to which the corresponding virtual machine belongs according to the received OVN logical flow table information, and synchronize the OVN logical flow table information to an OVS flow table of an OVS component on the computing node, where the virtual machine is connected to a bridge of the OVS component through a virtual network card;
the OVS component is specifically configured to forward a data packet according to the OVN logical flow table information.
3. The system of claim 2, wherein the OVN centralized control module comprises a OVN northbound database, a OVN centralized controller, and a OVN southbound database, the OVN northbound database and the OVN centralized controller being connected via an OVSDB management protocol, the OVN centralized controller and the OVN southbound database being connected via an OVSDB management protocol;
the OVN northbound database is specifically configured to receive and store the logical virtual network configuration data information sent by the network target range configuration module;
the OVN centralized controller is specifically configured to, when detecting the logical virtual network configuration data information stored in the OVN northbound database, convert the logical virtual network configuration data information into the OVN logical flow table information, and send the OVN logical flow table information to the OVN soutthbound database;
the OVN southbound database is specifically configured to receive the OVN logic flow table information sent by the OVN centralized controller, and send the OVN logic flow table information to the OVN controller in each computing node.
4. The system of claim 2, wherein,
the OVN controller is specifically configured to construct a generic network virtual encapsulation gene tunnel between the computing node to which the controller belongs and other computing nodes, so that virtual machines on the computing nodes communicate across hosts.
5. The system of claim 4, wherein the gene tunnel encapsulates and de-encapsulates data messages by encapsulating port information of a logical switching device in the OVN logical flow table information.
6. The system of claim 2, wherein,
the OVS component is specifically configured to configure a bridge of the OVS component to be in a secure mode, and configure an OVS interface identifier in the OVS flow table to point to a port of a logic switching device in the OVN logic flow table information, so that a data packet flowing through the OVS interface by a virtual machine connected to the bridge of the OVS component is forwarded according to the OVN logic flow table information.
7. A method of virtual network implementation of a network range system, applied to a network range system according to any one of claims 1 to 6, the network range system comprising a control node and at least two computing nodes, the method comprising:
the control node generates logic virtual network configuration data information according to a stored logic virtual network topological structure, wherein the logic virtual network topological structure at least comprises a virtual machine and logic switching equipment, the logic switching equipment at least comprises a logic switch, and the logic virtual network configuration data comprises network configuration information of the logic switching equipment and logic virtual network link information between the virtual machine and the logic switching equipment;
converting the logic virtual network configuration data information into open virtual network OVN logic flow table information, and sending the OVN logic flow table information to each computing node, so that each computing node creates a corresponding virtual machine according to the received OVN logic flow table information, synchronizes the OVN logic flow table information into an own Open Virtual Switch (OVS) flow table, and forwards data messages according to the OVN logic flow table information, wherein the virtual machine is connected to a bridge of an OVS component of the computing node through a virtual network card.
8. A virtual network implementation device of a network range system, applied to the network range system according to any one of claims 1 to 6, the network range system comprising a control node and at least two computing nodes, the device comprising:
the generating unit is used for generating logic virtual network configuration data information according to a stored logic virtual network topological structure, wherein the logic virtual network topological structure at least comprises a virtual machine and logic switching equipment, and the logic switching equipment at least comprises a logic switch;
the sending unit is configured to convert the logic virtual network configuration data information into OVN logic flow table information, and send the OVN logic flow table information to each computing node, so that each computing node creates a corresponding virtual machine according to the received OVN logic flow table information, synchronizes the OVN logic flow table information into its own OVS flow table, and forwards a data message according to the OVN logic flow table information, where the virtual machine is connected to a bridge of an OVS component of the computing node through a virtual network card.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the virtual network implementation of the network range system of claim 7 when the program is executed by the processor.
10. A computer readable storage medium having stored thereon a computer program, which when executed by a processor, implements the steps in a virtual network implementation method of a network range system according to claim 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111576655.XA CN114363021B (en) | 2021-12-22 | 2021-12-22 | Network target range system, virtual network implementation method and device of network target range system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111576655.XA CN114363021B (en) | 2021-12-22 | 2021-12-22 | Network target range system, virtual network implementation method and device of network target range system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114363021A CN114363021A (en) | 2022-04-15 |
| CN114363021B true CN114363021B (en) | 2023-11-03 |
Family
ID=81101501
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111576655.XA Active CN114363021B (en) | 2021-12-22 | 2021-12-22 | Network target range system, virtual network implementation method and device of network target range system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114363021B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115002029A (en) * | 2022-05-31 | 2022-09-02 | 济南浪潮数据技术有限公司 | Traffic forwarding method, device, equipment and storage medium |
| CN115208660B (en) * | 2022-07-14 | 2024-03-22 | 软极网络技术(北京)有限公司 | Transparent access method for network target range equipment |
| CN115277349B (en) * | 2022-07-18 | 2024-01-02 | 天翼云科技有限公司 | Method for configuring distributed gateway, open virtual network and storage medium |
| CN115348126A (en) * | 2022-07-26 | 2022-11-15 | 北京永信至诚科技股份有限公司 | Network target range entity equipment access method, device and implementation system |
| CN115314356B (en) * | 2022-08-09 | 2023-11-24 | 中电云计算技术有限公司 | Cross-region distributed SDN control device and method based on OVN |
| CN115378868B (en) * | 2022-08-18 | 2023-09-19 | 中电云数智科技有限公司 | System and method for realizing message processing based on SNAT resource pool |
| CN115426324A (en) * | 2022-08-26 | 2022-12-02 | 绿盟科技集团股份有限公司 | Method and device for accessing entity equipment to network target range |
| CN115484209B (en) * | 2022-09-23 | 2024-04-02 | 绿盟科技集团股份有限公司 | Network traffic playback method and device, medium and electronic equipment |
| CN117354197B (en) * | 2023-12-06 | 2024-02-27 | 广州医科大学附属第五医院(广州再生医学与健康广东省实验室附属医院) | Virtual network breakpoint detection method and device, terminal equipment and storage medium |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363159A (en) * | 2014-07-02 | 2015-02-18 | 北京邮电大学 | Virtual open network building system and method based on software definition network |
| CN106534325A (en) * | 2016-11-24 | 2017-03-22 | 深圳市永达电子信息股份有限公司 | Heterogeneous network communication system for railway rail transit |
| US9697172B1 (en) * | 2012-12-28 | 2017-07-04 | Juniper Networks, Inc. | Virtual network optimizing a physical network |
| CN106919435A (en) * | 2015-12-25 | 2017-07-04 | 华为技术有限公司 | The creation method of virtual machine, the management method of resource and device |
| CN108418705A (en) * | 2018-01-29 | 2018-08-17 | 山东汇贸电子口岸有限公司 | Virtual machine mixes the virtual network management method and system of nested framework with container |
| CN108737272A (en) * | 2017-04-19 | 2018-11-02 | 江南大学 | High-performance routing conversion in a kind of cloud computing |
| CN109802852A (en) * | 2018-12-13 | 2019-05-24 | 烽台科技(北京)有限公司 | The construction method and system of network simulation topology applied to network target range |
| CN109885377A (en) * | 2018-11-23 | 2019-06-14 | 中国银联股份有限公司 | The method of unified resource scheduling coordinator and its creation virtual machine and/or container, unified resource dispatch system |
| CN110601949A (en) * | 2019-09-10 | 2019-12-20 | 中国人民解放军国防科技大学 | Multi-virtual equipment container networking method |
| CN111478820A (en) * | 2020-06-24 | 2020-07-31 | 南京赛宁信息技术有限公司 | Network equipment configuration system and method for large-scale network environment of network target range |
| CN111600913A (en) * | 2020-07-22 | 2020-08-28 | 南京赛宁信息技术有限公司 | Self-adaptive access method and system for real equipment in attack and defense scene of network shooting range |
| CN112187610A (en) * | 2020-09-24 | 2021-01-05 | 北京赛宁网安科技有限公司 | Network isolation system and method for network target range |
| CN112383481A (en) * | 2020-11-02 | 2021-02-19 | 科大讯飞股份有限公司 | Flow table generation and port forwarding method, node, electronic device and storage medium |
| CN113326103A (en) * | 2021-08-03 | 2021-08-31 | 中电长城网际安全技术研究院(北京)有限公司 | Virtual machine creation method and device |
| CN113359511A (en) * | 2021-06-23 | 2021-09-07 | 陕西工大锐迪信息技术有限公司 | Construction method and device of industrial control simulation network, computer equipment and storage medium |
| CN113472848A (en) * | 2021-05-31 | 2021-10-01 | 济南浪潮数据技术有限公司 | Network fusion method and device of virtual machine and container and related equipment |
| CN113472575A (en) * | 2021-06-30 | 2021-10-01 | 北京凌云雀科技有限公司 | Deployment method and device of open virtual network |
| CN113572634A (en) * | 2021-06-22 | 2021-10-29 | 济南浪潮数据技术有限公司 | Method and system for realizing two-layer intercommunication between in-cloud network and out-cloud network |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8660124B2 (en) * | 2011-08-05 | 2014-02-25 | International Business Machines Corporation | Distributed overlay network data traffic management by a virtual server |
| US9847910B2 (en) * | 2012-08-31 | 2017-12-19 | Bce Inc. | IP MPLS PoP virtualization and fault tolerant virtual router |
| US20150381480A1 (en) * | 2013-03-01 | 2015-12-31 | Nec Corporation | Network system, resource control device, and virtual machine generation device |
| US10250529B2 (en) * | 2014-07-21 | 2019-04-02 | Big Switch Networks, Inc. | Systems and methods for performing logical network forwarding using a controller |
| CN106936715B (en) * | 2015-12-31 | 2019-06-07 | 新华三技术有限公司 | Virtual machine message control method and device |
| EP3694159A1 (en) * | 2016-08-03 | 2020-08-12 | Huawei Technologies Co., Ltd. | Network interface card, computing device, and data packet processing method |
| US10880210B2 (en) * | 2018-12-26 | 2020-12-29 | Juniper Networks, Inc. | Cloud network having multiple protocols using virtualization overlays across physical and virtualized workloads |
-
2021
- 2021-12-22 CN CN202111576655.XA patent/CN114363021B/en active Active
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9697172B1 (en) * | 2012-12-28 | 2017-07-04 | Juniper Networks, Inc. | Virtual network optimizing a physical network |
| CN104363159A (en) * | 2014-07-02 | 2015-02-18 | 北京邮电大学 | Virtual open network building system and method based on software definition network |
| CN106919435A (en) * | 2015-12-25 | 2017-07-04 | 华为技术有限公司 | The creation method of virtual machine, the management method of resource and device |
| CN106534325A (en) * | 2016-11-24 | 2017-03-22 | 深圳市永达电子信息股份有限公司 | Heterogeneous network communication system for railway rail transit |
| CN108737272A (en) * | 2017-04-19 | 2018-11-02 | 江南大学 | High-performance routing conversion in a kind of cloud computing |
| CN108418705A (en) * | 2018-01-29 | 2018-08-17 | 山东汇贸电子口岸有限公司 | Virtual machine mixes the virtual network management method and system of nested framework with container |
| CN109885377A (en) * | 2018-11-23 | 2019-06-14 | 中国银联股份有限公司 | The method of unified resource scheduling coordinator and its creation virtual machine and/or container, unified resource dispatch system |
| CN109802852A (en) * | 2018-12-13 | 2019-05-24 | 烽台科技(北京)有限公司 | The construction method and system of network simulation topology applied to network target range |
| CN110601949A (en) * | 2019-09-10 | 2019-12-20 | 中国人民解放军国防科技大学 | Multi-virtual equipment container networking method |
| CN111478820A (en) * | 2020-06-24 | 2020-07-31 | 南京赛宁信息技术有限公司 | Network equipment configuration system and method for large-scale network environment of network target range |
| CN111600913A (en) * | 2020-07-22 | 2020-08-28 | 南京赛宁信息技术有限公司 | Self-adaptive access method and system for real equipment in attack and defense scene of network shooting range |
| CN112187610A (en) * | 2020-09-24 | 2021-01-05 | 北京赛宁网安科技有限公司 | Network isolation system and method for network target range |
| CN112383481A (en) * | 2020-11-02 | 2021-02-19 | 科大讯飞股份有限公司 | Flow table generation and port forwarding method, node, electronic device and storage medium |
| CN113472848A (en) * | 2021-05-31 | 2021-10-01 | 济南浪潮数据技术有限公司 | Network fusion method and device of virtual machine and container and related equipment |
| CN113572634A (en) * | 2021-06-22 | 2021-10-29 | 济南浪潮数据技术有限公司 | Method and system for realizing two-layer intercommunication between in-cloud network and out-cloud network |
| CN113359511A (en) * | 2021-06-23 | 2021-09-07 | 陕西工大锐迪信息技术有限公司 | Construction method and device of industrial control simulation network, computer equipment and storage medium |
| CN113472575A (en) * | 2021-06-30 | 2021-10-01 | 北京凌云雀科技有限公司 | Deployment method and device of open virtual network |
| CN113326103A (en) * | 2021-08-03 | 2021-08-31 | 中电长城网际安全技术研究院(北京)有限公司 | Virtual machine creation method and device |
Non-Patent Citations (2)
| Title |
|---|
| 蒋迪.《私有云架构设计与实现》.2017,第189-203页. * |
| 虚拟化工控网络靶场的设计与自动化部署;陈吉龙;翟健宏;;智能计算机与应用(05);第66-72、76页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114363021A (en) | 2022-04-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114363021B (en) | Network target range system, virtual network implementation method and device of network target range system | |
| EP3430512B1 (en) | Network virtualization of containers in computing systems | |
| CN110301104B (en) | Optical line terminal OLT equipment virtualization method and related equipment | |
| CN106712988B (en) | A kind of virtual network management method and device | |
| CN103997414A (en) | Configuration information generation method and network control unit | |
| CN107592216B (en) | Virtual-real network fusion simulation method supporting multi-scene experimental isolation | |
| CN108123818B (en) | Simulation method for flexible and extensible fusion of virtual and actual networks | |
| CN106685787B (en) | PowerVM (virtual machine) virtualized network management method and device based on OpenStack | |
| CN110995561B (en) | Virtual network data communication interaction method and system based on container technology | |
| US11586575B2 (en) | System decoder for training accelerators | |
| CN103346981A (en) | Virtual exchange method, related device and computer system | |
| CN109547349A (en) | Flow managing method, device, terminal and storage medium based on virtual flow-line | |
| CN101924699A (en) | Message forwarding method, system and provider edge equipment | |
| CN106155264A (en) | The computer approach of the power consumption of management storage subsystem and computer system | |
| Casado et al. | Ripcord: A modular platform for data center networking | |
| Koldehofe et al. | Tutorial: Event-based systems meet software-defined networking | |
| CN108574613A (en) | The double layer intercommunication method and device of SDN data centers | |
| CN110505095B (en) | Method for building large-scale virtual data center by using small number of servers | |
| CN108512737B (en) | Data center IP layer interconnection method and SDN controller | |
| CN105871676B (en) | The method for connecting network and system of distal end virtual machine in a kind of desktop cloud | |
| WO2023116268A1 (en) | Network isolation method and system, and proxy device | |
| CN114124714B (en) | Multi-level network deployment method, device, equipment and storage medium | |
| CN113342456A (en) | Connection method, device, equipment and storage medium | |
| Bai | Modeling analysis of Intelligent Manufacturing System based on SDN | |
| CN115622878A (en) | Method and device for realizing k8s network bridge plug-in, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |