CN114500260B - Method, equipment and medium for building two-layer virtual private line network - Google Patents
Method, equipment and medium for building two-layer virtual private line network Download PDFInfo
- Publication number
- CN114500260B CN114500260B CN202210018234.3A CN202210018234A CN114500260B CN 114500260 B CN114500260 B CN 114500260B CN 202210018234 A CN202210018234 A CN 202210018234A CN 114500260 B CN114500260 B CN 114500260B
- Authority
- CN
- China
- Prior art keywords
- request
- private line
- network
- configuration parameter
- configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0876—Aspects of the degree of configuration automation
- H04L41/0886—Fully automatic configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
Abstract
The invention relates to the technical field of network virtualization, and particularly discloses a method, equipment and a medium for building a two-layer virtualized private network, wherein the method comprises the steps of configuring physical ports of a plurality of network equipment and building a software defined network; the network device comprises a switch and a router; after receiving a first request sent by a client, generating a private line order; generating a first configuration parameter associated with the private line order according to the first request; generating an audit request according to the private line order, sending the audit request and obtaining an audit result; and when the auditing result is passed, issuing the first configuration parameter to the corresponding first network equipment, and modifying the configuration parameter of the port corresponding to the first network equipment into the first configuration parameter. The invention can automatically issue the configuration instruction to the network equipment, simplifies the configuration operation of the network equipment, reduces the operation and maintenance workload, and has simple implementation and high operation efficiency.
Description
Technical Field
The invention relates to the technical field of network virtualization, in particular to a method, equipment and medium for building a two-layer virtualization private network.
Background
With the development of modern communication technology, the technology of network transmission is continuously updated, and the requirements are more and more complicated and diversified. Among diversified network services provided by operators, the private network service refers to a resource service of leasing a private tunnel resource of cross-equipment from an A end to a B end to a user and enabling the user to exclusively share the private network. Compared with a general ISP or IDC bandwidth network, the private network has stronger safety and higher data transmission quality, and is the best choice for most users to construct a private channel or an intranet private channel. Currently, most enterprises and individual users rent a private network, so that terminal devices of enterprise users can access the private network to realize safe, high-quality and high-reliability private data transmission.
In the existing private network building method, in order to enable the terminal device of the user to access the private network, a private link between the user-side gateway and the network device needs to be built. Therefore, the terminal equipment of the user can be connected to the network equipment gateway through the user side gateway, and then the private line network is accessed through the core gateway. In the existing network technology, in order to establish a dedicated communication link between a user-side device and a core-side device, a configuration technology for a device administrator to manually configure a response at a core gateway is required, where the configuration technology includes two-layer vlan, QINQ vlan, MPLS-VPLS, VXLAN-switch (two-layer), VXLAN-routing (three-layer), and the like, so that the technologies are used to construct a static dedicated communication link between devices at two ends (the user side and the core side), and a terminal device or a user can access data through the two-side devices and forward the data to a dedicated network through the established communication link. However, manually configuring the corresponding configuration parameters in the network device may result in a complicated configuration operation.
At present, a private line opening mode in a data center is generally that a switch and a router are manually configured, and a private line channel required by a client is opened by using technologies such as two-layer vlan, qinq, mpls-vpls, vxlan and the like, so that the problems of slow opening period, complicated charging mode segmentation, complicated charging logic and the like exist. And part of clients have 95-value bandwidth charging requirements and on-time charging requirements, and the requirements further increase the operation and maintenance pressure of operation and maintenance personnel. And the special line opened by the internet client can also cause great pressure on operation and maintenance when the charging demand is continuously increased.
Disclosure of Invention
The invention provides a construction method, equipment and medium of a two-layer virtual private network, aiming at solving the problems that the existing two-layer private network is complex in manual configuration operation, poor in manual configuration timeliness and high in operation and maintenance pressure, cannot meet the opening and disconnection requirements of the existing private network and wastes private network resources.
The invention provides a method for building a two-layer virtual private network, which comprises the following steps:
configuring physical ports of a plurality of network devices, and constructing a software defined network; the network device comprises a switch and a router;
after receiving a first request sent by a client, generating a private line order;
generating a first configuration parameter associated with the private line order according to the first request;
generating an audit request according to the private line order, sending the audit request and obtaining an audit result;
and when the auditing result is passed, issuing the first configuration parameter to the corresponding first network equipment, and modifying the configuration parameter of the port corresponding to the first network equipment into the first configuration parameter.
Preferably, after the modifying the configuration parameter of the port corresponding to the first network device to the first configuration parameter, the method further includes:
and acquiring a configuration result of the first network equipment, and sending the configuration result and the private line order to a client.
Preferably, the method further comprises the following steps:
and if the audit result is not passed, sending the audit result and the private line order to the client.
Preferably, the first request is one of a private line opening request, a private line unsubscribing request or a private line modifying request;
the request for opening the special line comprises physical addresses and bandwidth values of two ends of the special line to be opened;
the request for unsubscribing the private line comprises physical addresses and bandwidth values of two ends of the private line needing unsubscribing;
and the request for modifying the special line comprises the physical address and the bandwidth value at the two ends of the special line before modification and the physical address and the bandwidth value at the two ends of the special line after modification.
Preferably, before submitting the audit request, the method further includes:
detecting whether data exists in a corresponding port of the corresponding network equipment or not according to the first configuration parameter;
when the first request is a request for opening a private line and the configuration parameters in the corresponding port of the corresponding network equipment are detected, withdrawing the request for opening the private line;
and when the first request is an unsubscribe private line request and no configuration parameters are detected in the corresponding port of the corresponding network equipment, withdrawing the unsubscribe private line request.
Preferably, the generating, according to the first request, a first configuration parameter associated with the private line order includes:
when the first request is a request for opening a private line, inquiring a nearest idle device port according to physical addresses and bandwidth values at two ends of the private line, and generating a first configuration parameter comprising a device IP, a device port type, a device port number, a device virtual network identifier and a device port speed limit of the two-end device;
when the first request is a request for unsubscribing a private line, generating first configuration parameters including respective device IP, device port type, device port number, device virtual network identifier and device port speed limit of devices at two ends to be unsubscribed according to physical addresses and bandwidth values at two ends of the private line;
and when the first request is a request for modifying the private line, generating first configuration parameters comprising the equipment IP, the equipment port type, the equipment port number, the equipment virtual network identifier and the equipment port speed limit of the equipment at the two ends before modification and the equipment at the two ends after modification according to the physical addresses and bandwidth values at the two ends of the private line before modification and the physical addresses and bandwidth values at the two ends of the private line after modification.
Preferably, before submitting the audit request and obtaining the audit result, the method further includes:
acquiring a configuration parameter white list which does not need to be checked;
detecting whether the first configuration parameter needs to be checked or not according to the configuration parameter white list;
if not, directly issuing the first configuration parameter to the corresponding network equipment;
otherwise, submitting the auditing request and obtaining the auditing result.
The invention also provides a device for building the two-layer virtual private network, which comprises: the system comprises an initialization module, an order module, a configuration module, an audit module and an execution module;
the initialization module is used for configuring physical ports of a plurality of network devices and building a software defined network; the network device comprises a switch and a router;
the order module is used for generating a private line order associated with a first request after receiving the first request sent by a client;
the configuration module is used for generating a first configuration parameter according to the first request;
the auditing module is used for submitting an auditing request and obtaining an auditing result;
and the execution module is used for issuing the first configuration parameter to the corresponding network equipment and modifying the parameter of the network equipment into the first configuration parameter when the checking result is passed.
Preferably, the first request is one of a private line opening request, a private line unsubscribing request or a private line modifying request;
the request for opening the special line comprises physical addresses and bandwidth values of two ends of the special line to be opened;
the request for unsubscribing the private line comprises physical addresses and bandwidth values of two ends of the private line needing unsubscribing;
the request for modifying the special line comprises physical addresses and bandwidth values at two ends of the special line before modification and physical addresses and bandwidth values at two ends of the special line after modification;
the configuration module comprises a first detection unit, a first execution unit and a second execution unit;
the first detection unit is used for detecting whether data exists in a corresponding port of the corresponding network equipment or not according to the first configuration parameter;
the first execution unit is configured to withdraw the private line opening request when the first request is the private line opening request and the first detection unit detects that the configuration parameters exist in the corresponding port of the corresponding network device;
the second execution unit is configured to withdraw the unsubscribe private line request when the first request is the unsubscribe private line request and the first detection unit detects that no configuration parameter exists in the corresponding port of the corresponding network device.
Preferably, the auditing module further includes a white list unit, a second detecting unit, a third executing unit and a fourth executing unit;
the white list unit is used for acquiring a configuration parameter white list which does not need to be checked;
the second detection unit is used for detecting whether the first configuration parameter needs to be checked or not according to the configuration parameter white list;
the third execution unit is configured to, when the second detection unit detects that the auditing is not required, directly issue the first configuration parameter to the corresponding network device;
and the fourth execution unit is used for submitting an audit request and obtaining an audit result when the second detection unit detects that the audit is required.
The invention provides a computer-readable storage medium, which comprises a stored computer program, wherein when the computer program runs, a device where the computer-readable storage medium is located is controlled to execute the building method of the two-layer virtualized private network.
The invention has the beneficial effects that:
compared with the prior art that the configuration operation is complicated due to the fact that corresponding configuration is manually configured in network equipment in the prior art, the configuration instruction can be automatically issued to the network equipment to instruct the network equipment to establish the private network of the user side ports at two ends, and the parameters of the network equipment do not need to be manually configured, so that the configuration operation of the network equipment is simplified, the operation and maintenance workload is reduced, the efficiency and timeliness of opening the private line are higher, and the method for accessing the private network is more intelligent and self-service. The invention is easy to realize and has high operation efficiency.
Drawings
The invention will be further described with reference to the accompanying drawings, in which:
FIG. 1 is a flow chart of a method according to one embodiment of the present invention;
FIG. 2 is a flow chart of a method according to another embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The scheme discloses a special line automatic opening method based on a new generation network technology SDN and VXLAN.
Software Defined Networking (SDN) is an implementation of Network virtualization, and its core technology OpenFlow separates a control plane and a data plane of a Network device, thereby implementing flexible control of Network traffic, making the Network more intelligent as a pipeline, and providing a good platform for innovation of a core Network and applications.
VXLAN is a network virtualization technology, can improve the expansion problem of large cloud computing when deploying, and is an expansion to VLAN. VXLAN is a powerful tool that can extend two layers across a three-layer network. It can solve the portability limitation of VMS (virtual memory system) by encapsulating traffic and extending it to a third layer gateway so that it can access servers on external IP subnets.
Referring to fig. 1 and 2, an embodiment of the present invention includes a method, a device, and a medium for building a two-layer virtualized private network, which are applied to a data center based on a private line charging manner, and are configured to distribute configuration commands to switches and router devices according to characteristics of each private line demand, and to distribute configurations in a standard format by using a standardized switch development interface.
The method for building the two-layer virtualized private network in the embodiment specifically comprises the following steps:
s1, configuring physical ports of a plurality of network devices, and building a software defined network; the network device comprises a switch and a router;
s2, after receiving a first request sent by a client, generating a private line order;
s3, generating a first configuration parameter associated with the private line order according to the first request;
s4, generating an audit request according to the private line order, sending the audit request and obtaining an audit result;
s41, when the checking result is passed, the first configuration parameter is issued to the corresponding first network equipment, and the configuration parameter of the port corresponding to the first network equipment is modified into the first configuration parameter.
According to the embodiment, the private line network is opened by automatically generating the configuration instruction according to the private line request. Compared with the complexity of configuration operation caused by corresponding configuration manually configured in the network equipment in the prior art, the embodiment can automatically issue the configuration instruction to the network equipment to instruct the network equipment to establish the private network of the user side ports at two ends, and does not need to manually configure the parameters of the network equipment, so that the configuration operation of the network equipment is simplified, the operation and maintenance workload is reduced, the efficiency and timeliness of opening the private line are higher, and the method for accessing the private network is more intelligent and self-service. The invention is easy to realize and has high operation efficiency.
Preferably, after step S41, the method further includes:
and S5, acquiring a configuration result of the first network equipment, and sending the configuration result and the private line order to a client.
Preferably, the method further comprises the following steps:
and S42, if the checking result is not passed, sending the checking result and the private line order to the client.
Preferably, the first request is one of a private line opening request, a private line unsubscribing request or a private line modifying request;
the request for opening the special line comprises physical addresses and bandwidth values of two ends of the special line to be opened;
the request for unsubscribing the private line comprises physical addresses and bandwidth values of two ends of the private line needing unsubscribing;
and the request for modifying the special line comprises the physical address and the bandwidth value at the two ends of the special line before modification and the physical address and the bandwidth value at the two ends of the special line after modification.
Preferably, before the step S4, the method further includes the following sub-steps:
s31, detecting whether data exists in a corresponding port of the corresponding network equipment or not according to the first configuration parameter;
s311, when the first request is a private line opening request and the configuration parameters in the corresponding port of the corresponding network equipment are detected, withdrawing the private line opening request;
s312, when the first request is an unsubscribe request and it is detected that there is no configuration parameter in the corresponding port of the corresponding network device, withdrawing the unsubscribe request.
Preferably, before the step S4, the method further includes:
s32, acquiring a configuration parameter white list which does not need to be checked;
s321, detecting whether the first configuration parameter needs to be checked or not according to the configuration parameter white list;
s41, if not, directly issuing the first configuration parameter to the corresponding network equipment;
and S4, if not, submitting an auditing request and obtaining an auditing result.
The invention also provides a device for building the two-layer virtual private network, which comprises: the system comprises an initialization module, an order module, a configuration module, an audit module and an execution module;
the initialization module is used for configuring physical ports of a plurality of network devices and building a software defined network; the network device comprises a switch and a router;
the order module is used for generating a private line order associated with a first request after receiving the first request sent by a client;
the configuration module is used for generating a first configuration parameter according to the first request;
the auditing module is used for submitting an auditing request and obtaining an auditing result;
and the execution module is used for issuing the first configuration parameter to the corresponding network equipment and modifying the parameter of the network equipment into the first configuration parameter when the checking result is passed.
Preferably, the first request is one of a private line opening request, a private line unsubscribing request or a private line modifying request;
the request for opening the special line comprises physical addresses and bandwidth values of two ends of the special line to be opened;
the request for unsubscribing the private line comprises physical addresses and bandwidth values of two ends of the private line needing unsubscribing;
the request for modifying the special line comprises physical addresses and bandwidth values at two ends of the special line before modification and physical addresses and bandwidth values at two ends of the special line after modification;
the configuration module comprises a first detection unit, a first execution unit and a second execution unit;
the first detection unit is used for detecting whether data exists in a corresponding port of the corresponding network equipment or not according to the first configuration parameter;
the first execution unit is configured to withdraw the private line opening request when the first request is the private line opening request and the first detection unit detects that the configuration parameters exist in the corresponding port of the corresponding network device;
the second execution unit is configured to withdraw the unsubscribe private line request when the first request is the unsubscribe private line request and the first detection unit detects that no configuration parameter exists in the corresponding port of the corresponding network device.
Preferably, the auditing module further includes a white list unit, a second detecting unit, a third executing unit and a fourth executing unit;
the white list unit is used for acquiring a configuration parameter white list which does not need to be checked;
the second detection unit is used for detecting whether the first configuration parameter needs to be checked or not according to the configuration parameter white list;
the third execution unit is configured to directly issue the first configuration parameter to the corresponding network device when the second detection unit detects that the auditing is not required;
and the fourth execution unit is used for submitting an audit request and obtaining an audit result when the second detection unit detects that the audit is required.
The embodiment overcomes the defect that an intelligent and reasonable automatic special line opening method is lacked in the existing network, solves the problem that the background of operation and maintenance personnel opens the special line with large workload, and is simple and efficient to realize. The embodiment can automatically send the configuration instruction to the network equipment, so that the network equipment establishes the private network of the user side ports at two ends, and the parameters of the network equipment do not need to be manually configured, thereby simplifying the configuration operation of the network equipment, reducing the operation and maintenance workload, ensuring higher efficiency and timeliness of opening the private line, and ensuring that the private network access method is more intelligent and self-service.
Referring to fig. 2, the detailed flow steps of the present embodiment for opening and unsubscribing the private line are as follows:
s11, logging in network equipment;
s12, configuring physical ports of a plurality of network devices, and building a software defined network; the network device comprises a switch and a router;
s2, detecting order requirements;
s21, after receiving a first request sent by a client, generating a private line order;
s3, generating a first configuration parameter associated with the private line order according to the first request;
s311, when the first request is an unsubscribe private line request;
s321, detecting whether a corresponding port of the corresponding network equipment has a configuration parameter;
s52, if the corresponding port has no configuration parameters, withdrawing the request of the unsubscribing private line;
s331, if the corresponding port has configuration parameters, detecting whether to need to be audited;
s51, if the auditing is not needed, the first configuration parameter is issued to the corresponding network equipment, and the configuration parameter of the network equipment is modified into the first configuration parameter;
s41, if the audit is needed, generating an audit request according to the private line order, sending the audit request and obtaining an audit result;
s51, when the checking result is that the first configuration parameter passes, issuing the first configuration parameter to the corresponding network equipment, and modifying the configuration parameter of the network equipment into the first configuration parameter;
s52, withdrawing the request of unsubscribing the private line when the checking result is failed;
s312, when the first request is a request for opening a private line;
s322, detecting whether a corresponding port of the corresponding network equipment has a configuration parameter;
s53, if the corresponding port has the configuration parameters, withdrawing the request for opening the private line;
s332, if the corresponding port has no configuration parameter, detecting whether to need to be audited;
s51, if the verification is not needed, the first configuration parameter is issued to the corresponding network equipment, and the configuration parameter of the network equipment is modified into the first configuration parameter;
s42, if the audit is needed, generating an audit request according to the private line order, sending the audit request and obtaining an audit result;
s51, when the checking result is that the first configuration parameter passes, issuing the first configuration parameter to the corresponding first network equipment, and modifying the configuration parameter of the port corresponding to the first network equipment into the first configuration parameter;
and S53, withdrawing the request for opening the private line when the audit result is passed.
In this embodiment, the step S3 specifically includes:
generating a first configuration parameter associated with the private line order according to the first request, specifically:
when the first request is a request for opening a private line, inquiring a nearest idle device port according to physical addresses and bandwidth values at two ends of the private line, and generating a first configuration parameter comprising a device IP, a device port type, a device port number, a device virtual network identifier and a device port speed limit of the two-end device;
when the first request is a request for unsubscribing a private line, generating first configuration parameters including respective device IP, device port type, device port number, device virtual network identifier and device port speed limit of devices at two ends to be unsubscribed according to physical addresses and bandwidth values at two ends of the private line;
and when the first request is a request for modifying the private line, generating first configuration parameters including the devices at the two ends before modification and the devices at the two ends after modification, the respective device IP, the device port types, the device port numbers, the device virtual network identifiers and the device port speed limits of the devices according to the physical addresses and the bandwidth values at the two ends of the private line before modification and the physical addresses and the bandwidth values at the two ends of the private line after modification.
In this embodiment, two end devices are respectively an a-end device and a B-end device, and the first request and the data of the first configuration parameter are both contained in the following databases:
1. user parameter form database: user UID number (globally unique), VNI number (globally unique, automatically assigned in order), bandwidth value.
2. Device configuration parameter database: an A-end device management IP, an A-end device port type, an A-end device port number and an A-end device VNI number (global unique, automatically distributed in sequence); the B-side equipment manages IP, the port type of the B-side equipment, the port number of the B-side equipment and the VNI number of the B-side equipment (the global is unique and the VNI numbers are automatically distributed in sequence).
3. The system schedules the VNI number corresponding to the customer in the user parameters to be substituted into the form filled by the customer, and the content of the form filled by the customer contains the following information: the special bandwidth value, the A end and the B end are accessed into the equipment corresponding to the machine room and correspond to the port number.
Combining the information of the form filled by the client with the device configuration database of the system to generate a configuration file, taking the respective device IP, device port type, device port number, device virtual network identifier and the first configuration parameter of the device port speed limit of the two devices as examples, the content of which comprises:
an a-side device management IP "x.x.x.x";
the A-side equipment port type "GE,10GE,40GE,100GE";
the port numbers of the A-side equipment are 'port 1-48 and port 49-54';
the number of VNI of the A-end equipment is 3000-13000;
the speed limit of the A-end equipment port is 1024-102400000 (unit kbps);
b-side device management IP "x.x.x.x";
the B-side equipment port type "GE,10GE,40GE,100GE";
the port numbers "port 1-48 and port 49-54" of the B-side device;
the number of VNI of B-end equipment is 3000-13000;
and the speed limit of the B-end equipment port is 1024-102400000 (unit kbps).
In this embodiment, an SNMP southward open interface technology function is used, and an open SNMP-MIB is used to perform SNMP information collection and establish a database entry (configuration parameter database) for network devices (switches and routers) such as huawei and huasan, and record information to the configuration parameter database, where the following information is included:
device IP interface information: the method mainly comprises the steps that IP information of a virtual loopback port of equipment is collected, the virtual loopback port acts on a VTEP endpoint IP (the system is uniformly called as equipment management IP) of VXLAN, and verification is carried out on information input by the equipment, so that inconsistency between personnel input and actual operation is prevented;
device port information: the method mainly comprises the steps of collecting physical port information of equipment, and recording port numbers such as GE,10GE,40GE,100GE and the like as port numbers;
device configuration information: the VXLAN configuration items of the main acquisition equipment comprise VXLAN tunnel interface configuration, virtual two-layer domain configuration and VNI number configuration, and are used for checking, verifying and configuring by administrators and operation and maintenance staff, troubleshooting, debugging and the like;
equipment port speed limit information: the method mainly collects the configuration of speed limit in all VXLAN configured ports, and is used for checking, troubleshooting, debug and the like.
As another embodiment of the present invention, a system for opening a two-layer virtualized private network (hereinafter referred to as a system) is implemented by programming through the above method for building a two-layer virtualized private network, and when a customer submits a private line request through the system, a switch port (entered by a worker in advance) required by the private line request is subjected to system association matching, and the system generates a configuration for opening a private line and submits the configuration to a switch for configuration and issue, so that the private network is conveniently opened, manual configuration is replaced by machine automation, and the occurrence of errors and the workload of operation and maintenance are reduced.
In this embodiment, the switch and the router are configured by using the system through the public southbound interface, so as to realize docking, identify the existing equipment configuration, manage each switch physical port, and establish a database table entry according to the port information.
The practical use scenario of the present embodiment is as follows:
1. when a request for opening a private line is issued, the system automatically generates a private line order and associates the corresponding private line order, and associates the A end and the B end of a physical port of corresponding network equipment so as to generate a configuration item; the submitted data after the configuration is automatically generated is finally approved and confirmed by a manager and sent to the switch; finally, feeding back a special line order to a user at the front end of the system;
2. if the request for releasing the private line is issued, the system performs the releasing deletion of the configuration generated by the A terminal and the B terminal which establish the association relationship according to the filled private line order, and finally the data after the configuration generated automatically is submitted and approved by the management personnel and is confirmed to be issued to the switch; finally, the result is fed back to a user at the front end of the system;
3. if a request for modifying the private line (modifying bandwidth) is issued, the system adjusts and modifies the configuration generated by the A end and the B end which establish the association relationship according to the filled private line order, carries out data submission after the configuration is generated, and is approved and confirmed by management personnel to be issued to the switch; the final feedback results to the user at the front end of the system.
The system can be adjusted by a system administrator to be directly issued to the switch or to be issued to the switch after being approved. The system is used for reducing the workload of personnel configuration, but simultaneously protecting the safety of the existing network according to the actual situation.
The configuration parameters are automatically issued to the network equipment after being checked and verified, and the corresponding private network is directly opened. The order of the feedback private line is used for distinguishing each private line by the client, and the order can be used for subsequently associating the service of unsubscription and modification. The client does not need to directly participate in the configuration and opening of the switch, and can verify whether the private network is successfully opened or not and start to use the private network only by submitting the first request and receiving the feedback result.
The invention discloses a device, comprising a processor and a storage device, wherein the storage device is used for storing one or more programs; when the one or more programs are executed by the processor, the processor realizes the building method of the two-layer virtual private network. The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, which is the control center for the test equipment and connects the various parts of the overall test equipment using various interfaces and lines.
The storage means may be adapted to store computer programs and/or modules, and the processor may be adapted to implement various functions of the terminal device by running or executing the computer programs and/or modules stored in the storage means and by invoking data stored in the storage means. The storage device may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the terminal device, and the like. In addition, the storage device may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
Wherein, if the module/unit integrated by the building equipment of the two-layer virtual private network is realized in the form of software functional unit and sold or used as an independent product, the module/unit can be stored in a computer readable storage medium. Based on such understanding, all or part of the flow in the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in at least one computer-readable storage medium and used for instructing related hardware to implement the steps of the above-described embodiments of the method when executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying computer program code, recording medium, U.S. disk, removable hard disk, magnetic diskette, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), electrical carrier wave signal, telecommunications signal, software distribution medium, etc.
It should be noted that the embodiments of the apparatuses and devices described above are merely illustrative, where units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. In addition, in the drawings of the device embodiments provided by the present invention, the connection relationship between the modules indicates that there is a communication connection therebetween, and may be specifically implemented as one or more communication buses or signal lines. One of ordinary skill in the art can understand and implement it without inventive effort.
The above-mentioned embodiments are provided to further explain the objects, technical solutions and advantages of the present invention in detail, and it should be understood that the above-mentioned embodiments are only examples of the present invention and are not intended to limit the scope of the present invention. It should be understood that any modifications, equivalents, improvements and the like, which come within the spirit and principle of the invention, may occur to those skilled in the art and are intended to be included within the scope of the invention.
Claims (7)
1. A method for building a two-layer virtual private network is characterized by comprising the following steps:
configuring physical ports of a plurality of network devices and building a software defined network; the network equipment comprises a switch and a router;
after receiving a first request sent by a client, generating a private line order;
generating a first configuration parameter associated with the private line order according to the first request;
generating an audit request according to the private line order, sending the audit request and obtaining an audit result;
before submitting the audit request and obtaining the audit result, the method further comprises:
acquiring a configuration parameter white list which does not need to be checked;
detecting whether the first configuration parameter needs to be checked or not according to the configuration parameter white list;
if not, directly issuing the first configuration parameter to the corresponding network equipment;
otherwise, submitting an audit request and obtaining an audit result;
when the auditing result is passed, issuing the first configuration parameter to the corresponding first network equipment, and modifying the configuration parameter of the port corresponding to the first network equipment into the first configuration parameter;
after the modifying the configuration parameter of the port corresponding to the first network device to the first configuration parameter, the method further includes:
acquiring a configuration result of the first network equipment, and sending the configuration result and the private line order to a client;
and if the audit result is not passed, sending the audit result and the private line order to a client.
2. The method as claimed in claim 1, wherein the first request is one of a private line open request, a private line unsubscribe request, or a private line modify request;
the request for opening the special line comprises physical addresses and bandwidth values of two ends of the special line to be opened;
the request for unsubscribing the private line comprises physical addresses and bandwidth values of two ends of the private line needing unsubscribing;
and the request for modifying the special line comprises the physical address and the bandwidth value at the two ends of the special line before modification and the physical address and the bandwidth value at the two ends of the special line after modification.
3. The method according to claim 2, wherein before submitting the audit request, the method further comprises:
detecting whether data exists in a corresponding port of the corresponding network equipment or not according to the first configuration parameter;
when the first request is a request for opening a private line and the configuration parameters in the corresponding port of the corresponding network equipment are detected, withdrawing the request for opening the private line;
and when the first request is an unsubscribe private line request and no configuration parameters are detected in the corresponding port of the corresponding network equipment, withdrawing the unsubscribe private line request.
4. The method for building a two-tier virtualized private line network according to claim 2, wherein the generating a first configuration parameter associated with the private line order according to the first request specifically includes:
when the first request is a request for opening a private line, inquiring a nearest idle device port according to physical addresses and bandwidth values at two ends of the private line, and generating a first configuration parameter comprising a device IP, a device port type, a device port number, a device virtual network identifier and a device port speed limit of the two-end device;
when the first request is a request for unsubscribing a private line, generating first configuration parameters including respective device IP, device port type, device port number, device virtual network identifier and device port speed limit of devices at two ends to be unsubscribed according to physical addresses and bandwidth values at two ends of the private line;
and when the first request is a request for modifying the private line, generating first configuration parameters comprising the equipment IP, the equipment port type, the equipment port number, the equipment virtual network identifier and the equipment port speed limit of the equipment at the two ends before modification and the equipment at the two ends after modification according to the physical addresses and bandwidth values at the two ends of the private line before modification and the physical addresses and bandwidth values at the two ends of the private line after modification.
5. A two-layer virtual private network building device is characterized by comprising: the system comprises an initialization module, an order module, a configuration module, an auditing module and an execution module;
the initialization module is used for configuring physical ports of a plurality of network devices and building a software defined network; the network device comprises a switch and a router;
the order module is used for generating a private line order associated with a first request after receiving the first request sent by a client;
the configuration module is used for generating a first configuration parameter according to the first request;
the auditing module is used for submitting an auditing request and obtaining an auditing result;
before submitting the audit request and obtaining the audit result, the method further comprises:
acquiring a configuration parameter white list which does not need to be checked;
detecting whether the first configuration parameter needs to be checked or not according to the configuration parameter white list;
if not, directly issuing the first configuration parameter to the corresponding network equipment;
otherwise, submitting an audit request and obtaining an audit result;
the execution module is used for issuing the first configuration parameter to the corresponding network equipment and modifying the parameter of the network equipment into the first configuration parameter when the checking result is passed;
after the modifying the configuration parameter of the port corresponding to the first network device to the first configuration parameter, the method further includes:
acquiring a configuration result of the first network equipment, and sending the configuration result and the private line order to a client;
and if the audit result is not passed, sending the audit result and the private line order to the client.
6. The device for building a two-layer virtualized private line network according to claim 5, wherein the first request is one of a private line open request, a private line unsubscribe request, or a private line modify request;
the request for opening the special line comprises physical addresses and bandwidth values of two ends of the special line to be opened;
the request for unsubscribing the private line comprises physical addresses and bandwidth values of two ends of the private line needing unsubscribing;
the request for modifying the special line comprises physical addresses and bandwidth values at two ends of the special line before modification and physical addresses and bandwidth values at two ends of the special line after modification;
the configuration module comprises a first detection unit, a first execution unit and a second execution unit;
the first detection unit is used for detecting whether data exists in a corresponding port of the corresponding network equipment or not according to the first configuration parameter;
the first execution unit is configured to withdraw the private line opening request when the first request is a private line opening request and the first detection unit detects that the configuration parameters exist in the corresponding port of the corresponding network device;
the second execution unit is configured to withdraw the unsubscribe private line request when the first request is the unsubscribe private line request and the first detection unit detects that no configuration parameter exists in the corresponding port of the corresponding network device.
7. A computer-readable storage medium, comprising a stored computer program, wherein when the computer program runs, the computer-readable storage medium controls a device to execute the method for building a two-layer virtualized private network according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210018234.3A CN114500260B (en) | 2022-01-07 | 2022-01-07 | Method, equipment and medium for building two-layer virtual private line network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210018234.3A CN114500260B (en) | 2022-01-07 | 2022-01-07 | Method, equipment and medium for building two-layer virtual private line network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114500260A CN114500260A (en) | 2022-05-13 |
| CN114500260B true CN114500260B (en) | 2022-11-08 |
Family
ID=81509408
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210018234.3A Active CN114500260B (en) | 2022-01-07 | 2022-01-07 | Method, equipment and medium for building two-layer virtual private line network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114500260B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106533883A (en) * | 2016-11-16 | 2017-03-22 | 中国联合网络通信集团有限公司 | Network private line establishment method, apparatus and system |
| CN106571992A (en) * | 2016-10-27 | 2017-04-19 | 深圳市深信服电子科技有限公司 | Virtual Private Line (VPL) establishing method and device |
| CN109120459A (en) * | 2018-09-27 | 2019-01-01 | 中国联合网络通信有限公司广东省分公司 | A kind of metropolitan area network business processing method based on arranging service device |
| CN109361555A (en) * | 2018-12-03 | 2019-02-19 | 中国联合网络通信集团有限公司 | The method and apparatus that cloud network service is opened |
| CN111106991A (en) * | 2018-10-29 | 2020-05-05 | 中国移动通信集团浙江有限公司 | Cloud special line system and service issuing and opening method thereof |
| CN112203172A (en) * | 2020-10-09 | 2021-01-08 | 中国联合网络通信集团有限公司 | Special line opening method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017204954A1 (en) * | 2016-05-24 | 2017-11-30 | Level 3 Communications, Llc | Systems and methods for staging customer premise equipment of a telecommunications network |
-
2022
- 2022-01-07 CN CN202210018234.3A patent/CN114500260B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106571992A (en) * | 2016-10-27 | 2017-04-19 | 深圳市深信服电子科技有限公司 | Virtual Private Line (VPL) establishing method and device |
| CN106533883A (en) * | 2016-11-16 | 2017-03-22 | 中国联合网络通信集团有限公司 | Network private line establishment method, apparatus and system |
| CN109120459A (en) * | 2018-09-27 | 2019-01-01 | 中国联合网络通信有限公司广东省分公司 | A kind of metropolitan area network business processing method based on arranging service device |
| CN111106991A (en) * | 2018-10-29 | 2020-05-05 | 中国移动通信集团浙江有限公司 | Cloud special line system and service issuing and opening method thereof |
| CN109361555A (en) * | 2018-12-03 | 2019-02-19 | 中国联合网络通信集团有限公司 | The method and apparatus that cloud network service is opened |
| CN112203172A (en) * | 2020-10-09 | 2021-01-08 | 中国联合网络通信集团有限公司 | Special line opening method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114500260A (en) | 2022-05-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110301104B (en) | Optical line terminal OLT equipment virtualization method and related equipment | |
| JP5976942B2 (en) | System and method for providing policy-based data center network automation | |
| US8966029B2 (en) | Network control system for configuring middleboxes | |
| US8331362B2 (en) | Methods and apparatus for distributed dynamic network provisioning | |
| US10911331B2 (en) | Service configuration method and apparatus for network service | |
| CN101442469B (en) | Method, system and apparatus for down distributing configuration data | |
| US8359390B2 (en) | Method and system for provisioning services on a communication network | |
| US11799946B2 (en) | Method and apparatus for cloud service management, and readable storage medium | |
| CN103905303B (en) | Data processing method, apparatus and system after a kind of virtual machine VM across-the-wire migrations | |
| CN112039682A (en) | Method for application and practice of software defined data center in operator network | |
| US7735095B2 (en) | Network device drivers using a communication transport | |
| US20220350637A1 (en) | Virtual machine deployment method and related apparatus | |
| CN110798341B (en) | Service opening method, device and system | |
| CN114500260B (en) | Method, equipment and medium for building two-layer virtual private line network | |
| CN112187489B (en) | Network management system and method based on software defined network | |
| US11888678B2 (en) | Configuration error information transmission method and device | |
| CN112003825A (en) | SDN-based virtual network isolation method and SDN controller | |
| US20230134981A1 (en) | Network configuration verification in computing systems | |
| US20200412621A1 (en) | Health check automation for virtual network functions | |
| CN114189485A (en) | Network port management method and system of switch and computer readable storage medium | |
| CN110955537A (en) | Method and device for containing pipes by physical machine | |
| AU2015258160A1 (en) | Network control system for configuring middleboxes | |
| CN112953741B (en) | Method and device for controlling and managing secure access ports of metropolitan area network | |
| WO2023098645A1 (en) | Container network configuration method and apparatus, computing node, master node, and storage medium | |
| US20230094033A1 (en) | Decentralized software upgrade image distribution for network device upgrades |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |