CN114826823B - Virtual network segmentation method, device and system - Google Patents

Virtual network segmentation method, device and system Download PDF

Info

Publication number
CN114826823B
CN114826823B CN202210302805.6A CN202210302805A CN114826823B CN 114826823 B CN114826823 B CN 114826823B CN 202210302805 A CN202210302805 A CN 202210302805A CN 114826823 B CN114826823 B CN 114826823B
Authority
CN
China
Prior art keywords
virtual
factor
virtual border
border gateway
gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210302805.6A
Other languages
Chinese (zh)
Other versions
CN114826823A (en
Inventor
马塞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Cloud Computing Ltd
Original Assignee
Alibaba Cloud Computing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Cloud Computing Ltd filed Critical Alibaba Cloud Computing Ltd
Priority to CN202210302805.6A priority Critical patent/CN114826823B/en
Publication of CN114826823A publication Critical patent/CN114826823A/en
Application granted granted Critical
Publication of CN114826823B publication Critical patent/CN114826823B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a virtual network segmentation method, device and system. Wherein the method comprises the following steps: acquiring resource utilization rates of a plurality of groups of virtual border gateways in a virtual network, wherein the plurality of groups of virtual border gateways are respectively provided with a plurality of sub-networks of the virtual network, and the sub-networks are obtained by dividing virtual machines in the virtual network; determining a first virtual border gateway in the plurality of groups of virtual border gateways based on the resource utilization rate, wherein the resource utilization rate of the first virtual border gateway is greater than a first preset threshold; dividing a target subnet deployed by a first virtual border gateway to obtain a plurality of fragments; a target tile of the plurality of tiles is scheduled from a first virtual border gateway to a second virtual border gateway of the plurality of virtual border gateways. The method solves the technical problem that the segmentation method of the virtual network in the related technology cannot cope with a single super-large-scale virtual network.

Description

Virtual network segmentation method, device and system
Technical Field
The present application relates to the field of cloud computing, and in particular, to a method, an apparatus, and a system for partitioning a virtual network.
Background
Along with the continuous increase of the scale of the virtual network, manufacturers gradually start to adopt a software-hardware combined scheme to realize the virtual border gateway node. Because of the customer's requirement for forwarding performance, most of the traffic needs to be forwarded by hardware, so the configuration of a virtual network can be partitioned into multiple sets of virtual border gateways. However, when the size of a customer's single virtual network approaches or exceeds the maximum capacity that a single set of virtual border gateways can support, this virtual border gateway is caused to have a bottleneck.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the application provides a virtual network segmentation method, device and system, which at least solve the technical problem that the virtual network segmentation method in the related art cannot cope with a single ultra-large scale virtual network.
According to an aspect of an embodiment of the present application, there is provided a method for partitioning a virtual network, including: acquiring resource utilization rates of a plurality of groups of virtual border gateways in a virtual network, wherein the plurality of groups of virtual border gateways are respectively provided with a plurality of sub-networks of the virtual network, and the sub-networks are obtained by dividing virtual machines in the virtual network; determining a first virtual border gateway in the plurality of groups of virtual border gateways based on the resource utilization rate, wherein the resource utilization rate of the first virtual border gateway is greater than a first preset threshold; dividing a target subnet deployed by a first virtual border gateway to obtain a plurality of fragments; a target tile of the plurality of tiles is scheduled from a first virtual border gateway to a second virtual border gateway of the plurality of virtual border gateways.
According to another aspect of the embodiments of the present application, there is also provided a partitioning apparatus for a virtual network, including: the system comprises an acquisition module, a storage module and a control module, wherein the acquisition module is used for acquiring resource utilization rates of a plurality of groups of virtual border gateways in a virtual network, wherein the plurality of groups of virtual border gateways are respectively provided with a plurality of sub-networks of the virtual network, and the sub-networks are obtained by dividing virtual machines in the virtual network; the determining module is used for determining a first virtual border gateway in the plurality of groups of virtual border gateways based on the resource utilization rate, wherein the resource utilization rate of the first virtual border gateway is larger than a first preset threshold value; the segmentation module is used for segmenting the target subnet deployed by the first virtual border gateway to obtain a plurality of fragments; and the scheduling module is used for scheduling the target fragments in the plurality of fragments from the first virtual border gateway to a second virtual border gateway in the plurality of groups of virtual border gateways.
According to another aspect of the embodiments of the present application, there is also provided a computer readable storage medium, where the computer readable storage medium includes a stored program, where the apparatus on which the computer readable storage medium is located is controlled to perform the method in the above embodiments when the program runs.
According to another aspect of the embodiments of the present application, there is also provided a computer terminal, including: the system comprises a memory and a processor for running a program stored in the memory, wherein the program executes the method in the embodiment.
According to another aspect of the embodiments of the present application, there is also provided a partitioning system for a virtual network, including: a processor; and a memory, coupled to the processor, for providing instructions to the processor for processing the steps of: acquiring resource utilization rates of a plurality of groups of virtual border gateways in a virtual network, wherein the plurality of groups of virtual border gateways are respectively provided with a plurality of sub-networks of the virtual network, and the sub-networks are obtained by dividing virtual machines in the virtual network; determining a first virtual border gateway in the plurality of groups of virtual border gateways based on the resource utilization rate, wherein the resource utilization rate of the first virtual border gateway is greater than a first preset threshold; dividing a target subnet deployed by a first virtual border gateway to obtain a plurality of fragments; a target tile of the plurality of tiles is scheduled from a first virtual border gateway to a second virtual border gateway of the plurality of virtual border gateways.
In the embodiment of the application, a first virtual border gateway with the resource utilization rate larger than a first preset threshold value is determined through the resource utilization rates of a plurality of groups of virtual border gateways in the virtual network, then a target subnet deployed by the first virtual border gateway is segmented to obtain a plurality of fragments, and the target fragments in the plurality of fragments are dispatched from the first virtual border gateway to a second virtual border gateway in the plurality of groups of virtual border gateways, so that the purpose of two-stage segmentation of the virtual network is achieved. It is easy to notice that under the condition that the resource utilization rate of the first virtual border gateway is large, the target sub-network can be further segmented to obtain a plurality of segments, so that the situations of large VPC scale and large sub-network scale in the ultra-large scale virtual network are met, the resource cost of a single group of virtual border gateways is reduced, and the technical problem that the segmentation method of the virtual network in the related technology cannot cope with the single ultra-large scale virtual network is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
FIG. 1 is a schematic diagram of the physical topology of a virtual network according to the prior art;
fig. 2 is a hardware configuration block diagram of a computer terminal for implementing a segmentation method of a virtual network according to an embodiment of the present application;
FIG. 3 is a flow chart of a method of partitioning a virtual network, according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a splitting apparatus of a virtual network according to an embodiment of the present application;
fig. 5 is a block diagram of a computer terminal according to an embodiment of the present application.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
First, partial terms or terminology appearing in describing embodiments of the present application are applicable to the following explanation:
virtual private network: virtual Private Cloud, simply referred to as VPC, may be a dynamically configured pool of public cloud computing resources that require the use of encryption protocols, tunneling protocols, and other security procedures to transfer data between the enterprise and the cloud service provider.
Virtual border gateway: virtual Edge Gateway, referred to as VEG, may be a boundary device of a VPC, and is configured to forward a packet in the VPC to the internet or other VPCs.
Virtual machine: the Virtual Machine, abbreviated as VM, may refer to a complete computer system with complete hardware system functions, which operates in a secure isolation environment through software simulation.
In cloud computing networks, a virtual network (VPC) of a user is often composed of virtual switches and virtual border gateways (VEGs) on physical machines on an underlying implementation. When the message is found to need to send the VPC, for example, to the internet or to other VPCs, the message needs to be sent to the boundary equipment of the VPC, namely, the VEG, and the VPC is sent after being processed by the VEG. With the continuous expansion of the cloud network scale, cloud manufacturers have begun to choose to use hardware with relatively low network configuration capacity, such as ASIC, FPGA, instead of a general purpose X86 server as the user's VEG. At the same time, the capacity of the hardware VEG with better performance may be lower than the number of virtual machines required by the user, as shown in fig. 1, the VPC of the user has 500 ten thousand VMs, but a single group VEG only supports 200 ten thousand VMs.
In the requirements of clients on forwarding performance, most of traffic needs to be forwarded by hardware, so for the virtual border gateway node, a horizontal expansion mode is generally required to divide the configuration of a virtual network into multiple groups of VEGs. The conventional segmentation method can statically segment different virtual networks into multiple groups of VEGs according to a certain mode (for example, random robin), as shown in fig. 1, 250 ten thousand VM in the VPC of the user can be segmented into VEG1, 150 ten thousand VM is segmented into VEG2, and 100 ten thousand VM is segmented into VEG3. However, this solution cannot cope with a scenario where the size of a single virtual network approaches or exceeds the maximum capacity that can be supported by a single group of gateways, and at the same time, cannot cope with a problem that the configuration among multiple groups of VEGs is unbalanced, resulting in that individual VEGs become bottlenecks.
In order to solve the above problems, the present application provides a new method for partitioning a virtual network, which partitions the virtual network into a plurality of partitions according to two-level concepts of sub-networks (subnets) and partitions (slices), and distributes the partitions to a plurality of groups of VEGs, so as to satisfy the scene of a very large scale virtual network. The dynamic scheduling of the fragments is performed based on the network configuration density factor, and when the configuration of a single VEG group is excessive, the configuration can be scheduled to other VEGs.
Example 1
There is also provided in accordance with an embodiment of the present application a method of partitioning a virtual network, it being noted that the steps shown in the flowchart of the figures may be performed in a computer system, such as a set of computer executable instructions, and, although a logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in an order other than that shown or described herein.
The method embodiments provided in the embodiments of the present application may be performed in a computer terminal, a server, a cloud server, or similar computing device. Fig. 2 shows a hardware block diagram of a computer terminal for implementing a segmentation method of a virtual network. As shown in fig. 2, the computer terminal 20 may include one or more (shown as 202a, 202b, … …,202 n) processors (which may include, but are not limited to, processing devices such as a microprocessor MCU or a programmable logic device FPGA), a memory 204 for storing data, and a transmission device 206 for communication functions. In addition, the method may further include: a display, an input/output interface (I/O interface), a Universal Serial BUS (USB) port (which may be included as one of the ports of the BUS), a network interface, a power supply, and/or a camera. It will be appreciated by those of ordinary skill in the art that the configuration shown in fig. 2 is merely illustrative and is not intended to limit the configuration of the electronic device described above. For example, the computer terminal 20 may also include more or fewer components than shown in FIG. 2, or have a different configuration than shown in FIG. 2.
It should be noted that the one or more processors and/or other data processing circuits described above may be referred to herein generally as "data processing circuits. The data processing circuit may be embodied in whole or in part in software, hardware, firmware, or any other combination. Furthermore, the data processing circuitry may be a single stand-alone processing module or incorporated, in whole or in part, into any of the other elements in the computer terminal 20. The data processing circuit acts as a processor control (e.g., selection of the path of the variable resistor termination connected to the interface).
The memory 204 may be used to store software programs and modules of application software, such as program instructions/data storage devices corresponding to the virtual network partitioning method in the embodiments of the present application, and the processor executes the software programs and modules stored in the memory 204, thereby executing various functional applications and data processing, that is, implementing the virtual network partitioning method described above. Memory 204 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 204 may further include memory located remotely from the processor 202, which may be connected to the computer terminal 20 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission means 206 is used for receiving or transmitting data via a network. The specific examples of the network described above may include a wireless network provided by a communication provider of the computer terminal 20. In one example, the transmission device 206 includes a network adapter (Network Interface Controller, NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 206 may be a Radio Frequency (RF) module for communicating with the internet wirelessly.
The display may be, for example, a touch screen type Liquid Crystal Display (LCD) that may enable a user to interact with a user interface of the computer terminal 20.
In the above-described operating environment, the present application provides a virtual network partitioning method as shown in fig. 3. Fig. 3 is a flowchart of a method of partitioning a virtual network according to an embodiment of the present application. As shown in fig. 3, the method comprises the steps of:
step S302, obtaining resource utilization rates of a plurality of groups of virtual border gateways in a virtual network, wherein the plurality of groups of virtual border gateways are respectively provided with a plurality of sub-networks of the virtual network, and the plurality of sub-networks are obtained by dividing virtual machines in the virtual network.
In a VPC, network configurations are mainly of two types: VPC routing, configuration of VMs within VPC, wherein the VPC routing can be configured by a customer to each subnet, i.e., each subnet has an independent routing entry table that is effective for all VMs of the own subnet, even if the number of VMs within the own subnet increases, the number of corresponding routing entries does not increase. The configuration of VMs in the VPC may refer to information such as IP address, MAC address, etc. of the physical machine where each VM is located, and the configuration may increase as the number of VMs increases. Typically, VPC routes change less frequently, while the configuration of VMs within a VPC dynamically changes as VMs are created and deleted.
For the configuration of VPC ROUTEs and VMs within the VPC, the VEG may set two separate memory spaces, vpc_route_mem storing the ROUTEs and vpc_vm_mem storing the VM configuration, respectively. Since VM configuration will linearly rise as the network scale expands, the scenario in which the vpc_vm_mem specification is smaller than the virtual network VM scale is mainly considered in this application.
In an alternative embodiment, the USAGE rates of the above two resources of VEG may be obtained, respectively described as vpc_route_mem_usage and vpc_vm_mem_usage, where the USAGE rates may refer to the values of the currently used resources/maximum specification.
Step S304, based on the resource utilization rate, determining a first virtual border gateway in the plurality of groups of virtual border gateways, wherein the resource utilization rate of the first virtual border gateway is greater than a first preset threshold.
The first preset threshold in the above step may be a preset resource usage threshold, and when the resource usage of a certain group of VEGs exceeds the threshold, it is determined that the configuration of the group of VEGs is too many, and it is necessary to segment the virtual network and schedule the segments to other VEGs.
And step S306, dividing the target subnet deployed by the first virtual border gateway to obtain a plurality of fragments.
The traditional segmentation method mainly considers that VPC route is resource with granularity of a subnet, so that the segmentation is carried out according to the subnet, but the segmentation is only carried out according to the subnet, when the VM number of a single subnet is excessive, the VPC_VM_MEM capacity of the single gateway can be exceeded, meanwhile, the utilization rate of the VPC_VM_MEM of the subsequent multiple groups of VEGs can be unbalanced because the subsequent VM number cannot be predicted when the subnet is created. For example, taking the virtual network scenario as shown in fig. 1 as an example, subnet 1 and subnet 3 may be partitioned into VEG1, and subnet 2 and subnet 4 may be partitioned into VEG2, and as the user creates most VMs into subnets 1 and 3, the vpc_vm_mem of VEG1 may have a usage rate far exceeding VEG2, and vpc_vm_mem of VEG1 may become a bottleneck.
In order to split VPC routing and VM configuration within VPC horizontally into multiple groups of VEGs, two levels of splitting may be employed, the first level being a subnet and the second level being a subnet split. In an alternative embodiment, the target subnet may be divided in dichotomy into n-th order slices of 2 (i.e., the multiple slices described above).
It should be noted that, when the subnet is just created, only one Slice is defaulted.
Step S308, scheduling the target fragments of the plurality of fragments from the first virtual border gateway to a second virtual border gateway of the plurality of virtual border gateways.
In an alternative embodiment, when the resource usage of the first VEG is higher, the current partial subnet may be partitioned into slices and then scheduled to other VEGs.
According to the technical scheme provided by the embodiment of the application, through the resource utilization rate of the plurality of groups of virtual border gateways in the virtual network, the first virtual border gateway with the resource utilization rate larger than the first preset threshold value is determined, then the target sub-network deployed by the first virtual border gateway is segmented to obtain a plurality of fragments, and the target fragments in the plurality of fragments are dispatched from the first virtual border gateway to the second virtual border gateway in the plurality of groups of virtual border gateways, so that the purpose of two-stage segmentation of the virtual network is achieved. It is easy to notice that under the condition that the resource utilization rate of the first virtual border gateway is large, the target sub-network can be further segmented to obtain a plurality of segments, so that the situations of large VPC scale and large sub-network scale in the ultra-large scale virtual network are met, the resource cost of a single group of virtual border gateways is reduced, and the technical problem that the segmentation method of the virtual network in the related technology cannot cope with the single ultra-large scale virtual network is solved.
In the above embodiments of the present application, scheduling a target tile of a plurality of tiles from a first virtual border gateway to a second virtual border gateway of a plurality of virtual border gateways includes: obtaining the fragmentation information of the plurality of fragments and gateway information of a second virtual border gateway; generating a scheduling factor corresponding to the target fragment based on the fragment information and the gateway information, wherein the scheduling factor is used for representing the influence degree of the target fragment on the resource utilization rate of the second virtual border gateway after the target fragment is scheduled to the second virtual border gateway; and scheduling the target fragments to a second virtual border gateway based on the scheduling factor.
The fragmentation information in the above step may be the number of VMs, the active IP, and the theoretical maximum IP contained in each fragmented after the fragmentation, but is not limited thereto, and any information related to the fragmentation that affects the resource usage rate may be used as the fragmentation information. The gateway information in the above step may be the number of subnet routes of all subnets stored in the first VEG and the Slice obtained by dividing all subnets, but is not limited thereto, and any VEG related information that affects the resource utilization may be used as the gateway information.
In an alternative embodiment, in order to avoid the problem that static partitioning causes excessive configuration of a single VEG set, called a bottleneck point, a dynamic scheduling algorithm based on a scheduling factor is introduced, so that the size of the Slice obtained by partitioning can be dynamically adjusted, so as to dynamically balance the resource utilization rate among multiple VEGs.
Table 1 below shows the relationship among virtual IP, subnet, slice, and VEGs to which VM belongs, and as can be seen from table 1, there is only configuration information of relevant Slice on each VEG. If the virtual switch does not send the VM message to the VEG to which the fragment belongs, the VEG cannot forward the message correctly because of no relevant configuration. Therefore, a piece of slice flow guide table is maintained on the virtual switch and the virtual boundary gateway. As shown in table 2, the routing table points to the VEG to which the slice belongs for the next hop of the address segment of each slice. The slicing flow guiding table is used as a routing table and occupies VPC_ROUTE_MEM, so the slicing flow guiding table also has a certain specification and cannot be configured with excessive flow guiding rules.
TABLE 1
Virtual machine IP address Belonging virtual subnetwork Sub-network split VEG of the genus
10.0.0.1 subnet1 sub1-Slice1 VEG1
10.0.0.2 subnet1 sub1-Slice1 VEG1
10.0.0.129 subnet1 sub1-Slice2 VEG2
10.0.1.1 subnet2 sub2-Slice1 VEG1
TABLE 2
Destination address Next hop The slice
10.0.0.0/25 gateway1 sub1-Slice1
10.0.0.128.0/25 Gateway2 Sub1-Slice2
10.0.1.0/24 gateway1 Sub2-Slice1
Therefore, if the problem that the single subnet is too large is solved or the configuration is balanced among multiple groups of VEGs as much as possible, the subnet is divided into slices as small as possible, so that the effect is better, but too small division results in too many entries of the Slice drainage table. In order to ensure that ultra-large scale VPC is supported, the present application provides a dynamic scheduling algorithm based on a network configuration density factor (i.e., the scheduling factor described above), when the factor is higher, the subnet is more prone to be fragmented and scheduled to other VEGs, so that the scheduling can consider both the scheduling efficiency and the capacity of the fragmented flow guide table.
In the above embodiment of the present application, the resource usage rate includes: a first utilization of a first resource for storing a route, and a second utilization of a second resource for storing a virtual machine configuration, wherein generating a scheduling factor based on the shard information and the gateway information comprises: determining a first factor based on gateway information, wherein the first factor is used for representing the influence degree of the first use rate; determining a second factor based on the fragmentation information, wherein the first factor is used to characterize the extent of impact on the second usage; and fusing the first factor and the second factor to obtain a scheduling factor.
The first resource in the above step may be vpc_route_mem storing ROUTEs, and the first USAGE is described as vpc_route_mem_usage; the second resource may be vpc_vm_mem storing the VM configuration and the second USAGE is described as vpc_vm_mem_usage.
In an alternative embodiment, the capacity angle is configured for routes: each subnet has its own independent routing table, taking the virtual network scenario as shown in fig. 1 as an example, if VEG2 has no Slice of subnet 1, at this time, one Slice of subnet 1 is scheduled from VEG1 to VEG2, and then the routing of subnet 1 needs to be added on VEG 2; if the Slice of subnet 1 is already contained on VEG2, then scheduling a new Slice does not result in increased routing. Thus, a first factor determined based on gateway information of the second VEG may be introduced. Capacity angle for VM configuration: in the scheduling process, if the scheduling is determined according to the number of the IPs of a Slice, a large subnet may be partitioned multiple times, which may further cause expansion of a subnet drainage table and complexity of management. Taking the virtual network scenario as shown in fig. 1 as an example, if the subnet 1 has 16 thousands of active IPs and the other subnet 2 has 4 thousands of IPs, it is assumed that the IP distribution is uniform, all on VEG1, and 4 thousands of IPs need to be scheduled to VEG2 according to the capacity. At this time, the subnet 1 may be selectively split by two bisections, one of the fragments may be scheduled to the VEG2, or the subnet 2 may be directly selected to be scheduled to the VEG2, but selecting the fragment of the subnet 1 may increase the usage of the subnet drainage table, which is called as "subnet fragmentation". To prevent the occurrence of a phenomenon like "subnet fragmentation", a second factor determined based on the fragmentation information may be introduced. By combining the two factors, a scheduling factor is obtained, and the higher the factor is, the higher the vpc_route_mem of the VEG can be reduced as much as possible while the vpc_vm_mem usage of the VEG is reduced.
In the above embodiment of the present application, the gateway information includes at least: the routing table and the fragmentation information of the subnet deployed by the second virtual border gateway, wherein determining the first factor based on the gateway information comprises: judging whether the second virtual border gateway contains the fragments of the target subnet or not based on the fragment information to obtain a judging result; generating a first parameter based on the determination result; acquiring a first coefficient corresponding to the first factor; and obtaining a product of the first parameter, the first coefficient and the number of the routing tables to obtain a first factor.
In an alternative embodiment, the first factor a may be obtained using the following formula:
a= (1-whether the second VEG contains a Slice of the target subnet) first coefficient number of routing tables,
the first parameter is (1-whether the second VEG contains the Slice of the target subnet), the first coefficient is a routing density coefficient, and is an adjustable coefficient, and the first coefficient can be adjusted according to the attention degree of the vpc_vm_mem of the VEG, and can be adjusted to be lower when the vpc_vm_mem is more concerned, and at this time, the scheduling policy is more concerned about whether the vpc_vm_mem_usage of the first VEG can be reduced.
In the above embodiment of the present application, the gateway information further includes: the method comprises the steps of obtaining a first coefficient corresponding to a first factor, wherein the first coefficient comprises a first capacity of a first resource and a second capacity of a second resource, and the first coefficient comprises: acquiring the ratio of the first capacity to the second capacity; a first coefficient is determined based on the ratio, the first usage, and the second usage.
In an alternative embodiment, dynamic adjustment may be made based on the ratio of VPC_ROUTE_MEM to VPC_VM_MEM of the actual VEG, and the current utilization of both resources.
In the above embodiment of the present application, the fragmentation information includes at least: virtual machine number, active network address, and maximum network address, wherein determining the second factor based on the shard information comprises: acquiring the ratio of an active network address to a maximum network address to obtain the network address density; generating a second parameter based on the network address density of the target fragment and the network address densities of other fragments in the plurality of fragments; generating a third parameter based on the second parameter and the second coefficient; and obtaining a product of the third parameter and the number of the target virtual machines to obtain a second factor, wherein the number of the target virtual machines is used for representing the number of the virtual machines contained in the target fragments.
In an alternative embodiment, first, the present application defines a concept of network address density, i.e., IP density (IP density, which may be simply referred to as density), IP density=active IP of the present Slice/theoretical maximum IP of the present Slice. According to experience in cloud computing, if a user's subnet is fragmented, if the IP density of one Slice is significantly more than that of another Slice, i.e., sibling Slice (Sibling Slice), it means that the IP of the subnet may also be greatly increased. In addition, if the IP density of one Slice is obviously greater than that of another Slice, the splitting efficiency is not high, and the method is not superior to the method for directly dispatching the father node and avoiding the subnet fragments.
Thus, the second factor b can be obtained using the following formula:
b= (1- (absolute value of IP density difference of present slice and sibling slice) × second coefficient) × target virtual machine number,
the second parameter is (the absolute value of the IP density difference between the slice and the serving slice), the third parameter is (1- (the absolute value of the IP density difference between the slice and the serving slice) ×the second coefficient), the second coefficient is an IP density coefficient, and is an adjustable coefficient, which can be adjusted according to the attention degree of the subnet splitting table of the VEG, namely vpc_route_mem, and can be adjusted higher when the subnet splitting table is more concerned, at this time, the scheduling policy is more concerned about whether the number of entries of the subnet splitting table is increased or not; the coefficient may be reduced when the size of the subnet splitting table is large or the usage is low.
It should be noted that, because the types of different VEGs may be different, the subnet splitting table, vpc_route_mem, and vpc_vm_mem are different, and the current running states are different, in this embodiment of the present application, the values of the first coefficient and the second coefficient may be adjusted according to the type of the actual VEGs.
In the above embodiment of the present application, fusing the first factor and the second factor to obtain the scheduling factor includes: and obtaining a difference value between the second factor and the first factor to obtain a scheduling factor.
In an alternative embodiment, the scheduling factor may be derived using the following formula:
scheduling factor = b-a= (1- (absolute value of IP density difference of present Slice and serving Slice) × second coefficient) × target virtual machine number- (1-second VEG contains Slice of target subnet) × first coefficient× routing table number.
In the above embodiment of the present application, scheduling the target fragment to the second virtual border gateway based on the scheduling factor includes: comparing the scheduling factor with a second preset threshold; and under the condition that the scheduling factor is greater than or equal to a second preset threshold value, scheduling the target fragments to a second virtual border gateway.
In an alternative embodiment, the higher the scheduling factor, which means that the slice is scheduled, the vpc_route_mem of the VEG can be reduced as much as possible while the vpc_vm_mem usage of the VEG is reduced. Therefore, a second preset threshold may be preset, where the threshold is a scheduling threshold, defining a minimum value of the target slice for scheduling, and only if the scheduling factor is greater than the minimum value, the target slice may be scheduled to the second VEG, otherwise, the target slice is not scheduled.
For example, assuming VEG1 capacity 100, currently capacity 50 has been used, subnets vsw1 and vsw2 are deployed; VEG2 capacity 100, currently using capacity 50, deploys a subnet vsw3, where vsw1 contains 50 VMs, vsw2 contains 0 VMs, and vsw3 contains 50 VMs. When vsw2 increases to 30, the total VEG1 capacity reaches 80, exceeds the capacity threshold, and begins to fragment. First try to make the dichotomy: vsw2-slice1, vsw2-slice 25, at this time, because the density difference between the slice and the sibling slice is large, the calculated scheduling factor is low, and is lower than the scheduling threshold, and scheduling is not performed; when vsw2 increases to 45, vsw2-slice1 25, vsw2-slice2 20, the scheduling factor is higher, and vsw2-slice2 may be scheduled to VEG2.
In the above embodiment of the present application, determining, based on the resource usage, a first virtual border gateway of the plurality of sets of virtual border gateways includes: comparing the first utilization rate of each group of virtual boundary networks with a first preset value in a preset threshold value, and comparing the second utilization rate with a second preset value in the preset threshold value; and acquiring a virtual boundary gateway with the first utilization rate being larger than a first preset value or a virtual boundary gateway with the second utilization rate being larger than a second preset value to obtain the first virtual boundary gateway.
The first resource in the above step may be vpc_route_mem storing ROUTEs, and the first USAGE is described as vpc_route_mem_usage; the second resource may be vpc_vm_mem storing the VM configuration and the second USAGE is described as vpc_vm_mem_usage. For the first usage rate and the second usage rate, a usage rate threshold may be preset, that is, the first preset value and the second preset value, respectively, where when the first usage rate is greater than the first preset value, the first resource is indicated to be tense; and when the second utilization rate is larger than a second preset value, indicating that the second resource is tense.
As can be seen from the above, since VEG contains two resources, the USAGE rates of the two resources can be obtained, respectively, and since the VM configuration linearly increases with the network scale, vpc_vm_mem_usage changes greatly, and VPC ROUTE changes less frequently, vpc_route_mem_usage changes less greatly. In an alternative embodiment, only vpc_vm_mem_usage may be considered to determine whether the virtual network needs to be partitioned, that is, when the first USAGE rate is greater than the first preset value, it indicates that the first resource is tense, and the virtual network needs to be partitioned, so that the target subnet may be partitioned by using a dichotomy method, to obtain multiple fragments; otherwise, the first resource is not stressed, and the virtual network is not required to be divided. In another alternative embodiment, vpc_route_mem_usage and vpc_vm_mem_usage may be considered comprehensively, when the first USAGE rate is greater than the first preset value or the second USAGE rate is greater than the second preset value, it indicates that the first resource or the second resource is tense, and the virtual network needs to be segmented, so that the target subnet may be segmented by a bisection method, to obtain multiple segments; otherwise, the two resources are not stressed, and the virtual network is not required to be divided. In yet another alternative embodiment, vpc_route_mem_usage and vpc_vm_mem_usage may be considered comprehensively, when the first USAGE rate is greater than the first preset value and the second USAGE rate is greater than the second preset value, it indicates that both resources are tense, and the virtual network needs to be partitioned, so that the target subnet may be partitioned by a dichotomy, to obtain multiple fragments; otherwise, it indicates that there is no shortage of one resource, and the virtual network is not required to be divided.
In an actual application scenario, a determination scheme capable of meeting user requirements can be selected to determine whether to partition a virtual network according to the capacity that can be supported by VEG and the number of virtual machines required by the user.
In the above embodiment of the present application, the partitioning of the target subnet deployed by the first virtual border gateway to obtain a plurality of fragments includes: and dividing the target subnet according to a dichotomy to obtain a plurality of fragments.
In order to avoid the inappropriateness of the target subnet segmentation method, the scheduling factor is determined based on the segmented fragments, so that the scheduling factor does not meet the new requirement of dynamic scheduling, in an alternative embodiment, the target subnet can be segmented by adopting a dichotomy, so that the number of VMs contained in two segmented fragments each time is balanced, and the density difference between different fragments is smaller.
For example, assuming that the target subnet contains 30 VMs, the partitioning may be performed in a dichotomy to obtain two slices, one containing 25 VMs and the other containing 5 VMs. Assuming that the target subnet contains 45 VMs, the splitting can be performed according to a dichotomy to obtain two slices, one containing 25 VMs and the other containing 20 VMs.
It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required in the present application.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), comprising several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method described in the embodiments of the present application.
Example 2
According to an embodiment of the present application, there is also provided a virtual network splitting apparatus for implementing the above virtual network splitting method, as shown in fig. 4, the apparatus 400 includes: an acquisition module 402, a determination module 404, a segmentation module 406, and a scheduling module 408.
The obtaining module 402 is configured to obtain resource utilization rates of a plurality of groups of virtual border gateways in the virtual network, where the plurality of groups of virtual border gateways are respectively deployed with a plurality of subnets of the virtual network, and the plurality of subnets are obtained by dividing virtual machines in the virtual network; the determining module 404 is configured to determine, based on the resource usage, a first virtual border gateway of the plurality of groups of virtual border gateways, where the resource usage of the first virtual border gateway is greater than a first preset threshold; the segmentation module 406 is configured to segment a target subnet deployed by the first virtual border gateway to obtain a plurality of segments; scheduling module 408 is configured to schedule a target tile of the plurality of tiles from a first virtual border gateway to a second virtual border gateway of the plurality of virtual border gateways.
Here, the above-mentioned obtaining module 402, determining module 404, dividing module 406, and scheduling module 408 correspond to steps S302 to S308 in embodiment 1, and the four modules are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to those disclosed in embodiment 1 above. It should be noted that the above-described module may be operated as a part of the apparatus in the computer terminal 10 provided in embodiment 1.
In the above embodiment of the present application, the scheduling module includes: an information acquisition unit, a factor generation unit and a scheduling unit.
The information acquisition unit is used for acquiring the fragmentation information of the plurality of fragments and gateway information of the second virtual border gateway; the factor generation unit is used for generating a scheduling factor corresponding to the target fragment based on the fragment information and the gateway information, wherein the scheduling factor is used for representing the influence degree of the target fragment on the resource utilization rate of the second virtual border gateway after the target fragment is scheduled to the second virtual border gateway; the scheduling unit is used for scheduling the target fragments to the second virtual boundary gateway based on the scheduling factors.
In the above embodiment of the present application, the resource usage rate includes: a first usage of a first resource for storing a route, and a second usage of a second resource for storing a virtual machine configuration, wherein the factor generating unit comprises: a first factor determination subunit, a second factor determination subunit, and a fusion subunit.
The first factor determining subunit is configured to determine a first factor based on gateway information, where the first factor is used to characterize a degree of influence on the first usage rate; the second factor determining subunit is configured to determine a second factor based on the fragmentation information, where the first factor is used to characterize a degree of influence on the second usage; and the fusion subunit is used for fusing the first factor and the second factor to obtain the scheduling factor.
In the above embodiment of the present application, the gateway information includes at least: the first factor determining subunit is further configured to determine, based on the fragmentation information, whether the second virtual border gateway includes fragmentation of the target subnet, to obtain a determination result; generating a first parameter based on the determination result; acquiring a first coefficient corresponding to the first factor; and obtaining a product of the first parameter, the first coefficient and the number of the routing tables to obtain a first factor.
In the above embodiment of the present application, the gateway information further includes: the first factor determination subunit is further configured to obtain a ratio of the first capacity to the second capacity; a first coefficient is determined based on the ratio, the first usage, and the second usage.
In the above embodiment of the present application, the fragmentation information includes at least: the virtual machine number, the active network address and the maximum network address, wherein the second factor determining subunit is further configured to obtain a ratio of the active network address to the maximum network address, so as to obtain a network address density; generating a second parameter based on the network address density of the target fragment and the network address densities of other fragments in the plurality of fragments; generating a third parameter based on the second parameter and the second coefficient; and obtaining a product of the third parameter and the number of the target virtual machines to obtain a second factor, wherein the number of the target virtual machines is used for representing the number of the virtual machines contained in the target fragments.
In the above embodiment of the present application, the fusion subunit is further configured to obtain a difference value between the second factor and the first factor, to obtain the scheduling factor.
In the above embodiment of the present application, the scheduling unit is further configured to compare the scheduling factor with a second preset threshold; and under the condition that the scheduling factor is greater than or equal to a second preset threshold value, scheduling the target fragments to a second virtual border gateway.
In the above embodiment of the present application, the determining module includes: a comparison unit and a gateway determination unit.
The comparison unit is used for comparing the first utilization rate of each group of virtual boundary networks with a first preset value in a preset threshold value and comparing the second utilization rate with a second preset value in the preset threshold value; the gateway determining unit is used for obtaining a virtual border gateway with a first use rate larger than a first preset value or a virtual border gateway with a second use rate larger than a second preset value to obtain the first virtual border gateway.
In the above embodiment of the present application, the segmentation module includes: and a dividing unit.
The dividing unit is used for dividing the target subnet according to a dichotomy to obtain a plurality of fragments.
It should be noted that, the preferred embodiments in the foregoing examples of the present application are the same as the embodiments provided in example 1, the application scenario and the implementation process, but are not limited to the embodiments provided in example 1.
Example 3
According to an embodiment of the present application, there is also provided a segmentation system for a virtual network, including:
a processor;
and a memory, coupled to the processor, for providing instructions to the processor for processing the steps of: acquiring resource utilization rates of a plurality of groups of virtual border gateways in a virtual network, wherein the plurality of groups of virtual border gateways are respectively provided with a plurality of sub-networks of the virtual network, and the sub-networks are obtained by dividing virtual machines in the virtual network; determining a first virtual border gateway in the plurality of groups of virtual border gateways based on the resource utilization rate, wherein the resource utilization rate of the first virtual border gateway is greater than a first preset threshold; dividing a target subnet deployed by a first virtual border gateway to obtain a plurality of fragments; a target tile of the plurality of tiles is scheduled from a first virtual border gateway to a second virtual border gateway of the plurality of virtual border gateways.
The above-mentioned partition system of the virtual network may be a management system of the virtual network, including one or more servers, or may be a cloud computing network, including one or more cloud servers, but not limited thereto.
The memory is further configured to provide instructions for the processor to process the following processing steps: obtaining the fragmentation information of the plurality of fragments and gateway information of a second virtual border gateway; generating a scheduling factor corresponding to the target fragment based on the fragment information and the gateway information, wherein the scheduling factor is used for representing the influence degree of the target fragment on the resource utilization rate of the second virtual border gateway after the target fragment is scheduled to the second virtual border gateway; and scheduling the target fragments to a second virtual border gateway based on the scheduling factor.
The memory is further configured to provide instructions for the processor to process the following processing steps: determining a first factor based on gateway information, wherein the first factor is used for representing the influence degree of the first use rate; determining a second factor based on the fragmentation information, wherein the first factor is used to characterize the extent of impact on the second usage; and fusing the first factor and the second factor to obtain a scheduling factor.
The memory is further configured to provide instructions for the processor to process the following processing steps: judging whether the second virtual border gateway contains the fragments of the target subnet or not based on the fragment information to obtain a judging result; generating a first parameter based on the determination result; acquiring a first coefficient corresponding to the first factor; and obtaining a product of the first parameter, the first coefficient and the number of the routing tables to obtain a first factor.
The memory is further configured to provide instructions for the processor to process the following processing steps: the method comprises the steps of obtaining a first coefficient corresponding to a first factor, wherein the first coefficient comprises a first capacity of a first resource and a second capacity of a second resource, and the first coefficient comprises: acquiring the ratio of the first capacity to the second capacity; a first coefficient is determined based on the ratio, the first usage, and the second usage.
The memory is further configured to provide instructions for the processor to process the following processing steps: acquiring the ratio of an active network address to a maximum network address to obtain the network address density; generating a second parameter based on the network address density of the target fragment and the network address densities of other fragments in the plurality of fragments; generating a third parameter based on the second parameter and the second coefficient; and obtaining a product of the third parameter and the number of the target virtual machines to obtain a second factor, wherein the number of the target virtual machines is used for representing the number of the virtual machines contained in the target fragments.
The memory is further configured to provide instructions for the processor to process the following processing steps: and obtaining a difference value between the second factor and the first factor to obtain a scheduling factor.
The memory is further configured to provide instructions for the processor to process the following processing steps: comparing the scheduling factor with a second preset threshold; and under the condition that the scheduling factor is greater than or equal to a second preset threshold value, scheduling the target fragments to a second virtual border gateway.
The memory is further configured to provide instructions for the processor to process the following processing steps: comparing the first utilization rate of each group of virtual boundary networks with a first preset value in a preset threshold value, and comparing the second utilization rate with a second preset value in the preset threshold value; and acquiring a virtual boundary gateway with the first utilization rate being larger than a first preset value or a virtual boundary gateway with the second utilization rate being larger than a second preset value to obtain the first virtual boundary gateway.
The memory is further configured to provide instructions for the processor to process the following processing steps: and dividing the target subnet according to a dichotomy to obtain a plurality of fragments.
It should be noted that, the preferred embodiments in the foregoing examples of the present application are the same as the embodiments provided in example 1, the application scenario and the implementation process, but are not limited to the embodiments provided in example 1.
Example 4
Embodiments of the present application may provide a computer terminal, which may be any one of a group of computer terminals.
Alternatively, in this embodiment, the above-mentioned computer terminal may be located in at least one network device among a plurality of network devices of the computer network. The computer terminal may be at least one cloud server of a plurality of cloud servers located in a cloud computing network.
In this embodiment, the above-mentioned computer terminal may execute the program code of the following steps in the virtual network segmentation method: acquiring resource utilization rates of a plurality of groups of virtual border gateways in a virtual network, wherein the plurality of groups of virtual border gateways are respectively provided with a plurality of sub-networks of the virtual network, and the sub-networks are obtained by dividing virtual machines in the virtual network; determining a first virtual border gateway in the plurality of groups of virtual border gateways based on the resource utilization rate, wherein the resource utilization rate of the first virtual border gateway is greater than a first preset threshold; dividing a target subnet deployed by a first virtual border gateway to obtain a plurality of fragments; a target tile of the plurality of tiles is scheduled from a first virtual border gateway to a second virtual border gateway of the plurality of virtual border gateways.
Alternatively, fig. 5 is a block diagram of a computer terminal according to an embodiment of the present application. As shown in fig. 5, the computer terminal a may include: one or more (only one is shown) processors 502, and a memory 504.
The memory may be used to store software programs and modules, such as program instructions/modules corresponding to the method and apparatus for partitioning a virtual network in the embodiments of the present application, and the processor executes the software programs and modules stored in the memory, thereby executing various functional applications and data processing, that is, implementing the method for partitioning a virtual network described above. The memory may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory may further include memory remotely located with respect to the processor, which may be connected to terminal a through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The processor may call the information and the application program stored in the memory through the transmission device to perform the following steps: acquiring resource utilization rates of a plurality of groups of virtual border gateways in a virtual network, wherein the plurality of groups of virtual border gateways are respectively provided with a plurality of sub-networks of the virtual network, and the sub-networks are obtained by dividing virtual machines in the virtual network; determining a first virtual border gateway in the plurality of groups of virtual border gateways based on the resource utilization rate, wherein the resource utilization rate of the first virtual border gateway is greater than a first preset threshold; dividing a target subnet deployed by a first virtual border gateway to obtain a plurality of fragments; a target tile of the plurality of tiles is scheduled from a first virtual border gateway to a second virtual border gateway of the plurality of virtual border gateways.
Optionally, the above processor may further execute program code for: obtaining the fragmentation information of the plurality of fragments and gateway information of a second virtual border gateway; generating a scheduling factor corresponding to the target fragment based on the fragment information and the gateway information, wherein the scheduling factor is used for representing the influence degree of the target fragment on the resource utilization rate of the second virtual border gateway after the target fragment is scheduled to the second virtual border gateway; and scheduling the target fragments to a second virtual border gateway based on the scheduling factor.
Optionally, the resource usage rate includes: the processor may further execute program code for storing a first utilization of a first resource of the route and a second utilization of a second resource of the virtual machine configuration: determining a first factor based on gateway information, wherein the first factor is used for representing the influence degree of the first use rate; determining a second factor based on the fragmentation information, wherein the first factor is used to characterize the extent of impact on the second usage; and fusing the first factor and the second factor to obtain a scheduling factor.
Optionally, the gateway information includes at least: the processor may further execute program code for: judging whether the second virtual border gateway contains the fragments of the target subnet or not based on the fragment information to obtain a judging result; generating a first parameter based on the determination result; acquiring a first coefficient corresponding to the first factor; and obtaining a product of the first parameter, the first coefficient and the number of the routing tables to obtain a first factor.
Optionally, the gateway information further includes: the processor may further execute the program code to: acquiring the ratio of the first capacity to the second capacity; a first coefficient is determined based on the ratio, the first usage, and the second usage.
Optionally, the fragmentation information at least includes: the processor may further execute program code for: acquiring the ratio of an active network address to a maximum network address to obtain the network address density; generating a second parameter based on the network address density of the target fragment and the network address densities of other fragments in the plurality of fragments; generating a third parameter based on the second parameter and the second coefficient; and obtaining a product of the third parameter and the number of the target virtual machines to obtain a second factor, wherein the number of the target virtual machines is used for representing the number of the virtual machines contained in the target fragments.
Optionally, the above processor may further execute program code for: and obtaining a difference value between the second factor and the first factor to obtain a scheduling factor.
Optionally, the above processor may further execute program code for: comparing the scheduling factor with a second preset threshold; and under the condition that the scheduling factor is greater than or equal to a second preset threshold value, scheduling the target fragments to a second virtual border gateway.
Optionally, the above processor may further execute program code for: comparing the first utilization rate of each group of virtual boundary networks with a first preset value in a preset threshold value, and comparing the second utilization rate with a second preset value in the preset threshold value; and acquiring a virtual boundary gateway with the first utilization rate being larger than a first preset value or a virtual boundary gateway with the second utilization rate being larger than a second preset value to obtain the first virtual boundary gateway.
Optionally, the above processor may further execute program code for: and dividing the target subnet according to a dichotomy to obtain a plurality of fragments.
By adopting the embodiment of the application, a virtual network segmentation scheme is provided. Under the condition that the resource utilization rate of the first virtual border gateway is large, the target sub-network can be further segmented to obtain a plurality of fragments, so that the situations of large VPC scale and large sub-network scale in the ultra-large scale virtual network are met, the resource cost of a single group of virtual border gateways is reduced, and the technical problem that the segmentation method of the virtual network in the related art cannot cope with a single ultra-large scale virtual network is solved.
It will be appreciated by those skilled in the art that the structure shown in fig. 5 is only illustrative, and the computer terminal may be a smart phone (such as an Android phone, an iOS phone, etc.), a tablet computer, a palm computer, a mobile internet device (Mobile Internet Devices, MID), a PAD, etc. Fig. 5 is not limited to the structure of the electronic device. For example, computer terminal A may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in FIG. 5, or have a different configuration than shown in FIG. 5.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of the above embodiments may be implemented by a program for instructing a terminal device to execute in association with hardware, the program may be stored in a computer readable storage medium, and the storage medium may include: flash disk, read-Only Memory (ROM), random-access Memory (Random Access Memory, RAM), magnetic or optical disk, and the like.
Example 5
Embodiments of the present application also provide a storage medium. Alternatively, in this embodiment, the storage medium may be used to store the program code executed by the virtual network splitting method provided in the above embodiment.
Alternatively, in this embodiment, the storage medium may be located in any one of the computer terminals in the computer terminal group in the computer network, or in any one of the servers in the server cluster, or in any one of the cloud servers in the cloud computing network.
Alternatively, in the present embodiment, the storage medium is configured to store program code for performing the steps of: acquiring resource utilization rates of a plurality of groups of virtual border gateways in a virtual network, wherein the plurality of groups of virtual border gateways are respectively provided with a plurality of sub-networks of the virtual network, and the sub-networks are obtained by dividing virtual machines in the virtual network; determining a first virtual border gateway in the plurality of groups of virtual border gateways based on the resource utilization rate, wherein the resource utilization rate of the first virtual border gateway is greater than a first preset threshold; dividing a target subnet deployed by a first virtual border gateway to obtain a plurality of fragments; a target tile of the plurality of tiles is scheduled from a first virtual border gateway to a second virtual border gateway of the plurality of virtual border gateways.
Optionally, the above storage medium is further configured to store program code for performing the steps of: obtaining the fragmentation information of the plurality of fragments and gateway information of a second virtual border gateway; generating a scheduling factor corresponding to the target fragment based on the fragment information and the gateway information, wherein the scheduling factor is used for representing the influence degree of the target fragment on the resource utilization rate of the second virtual border gateway after the target fragment is scheduled to the second virtual border gateway; and scheduling the target fragments to a second virtual border gateway based on the scheduling factor.
Optionally, the resource usage rate includes: the storage medium is further arranged to store program code for performing the steps of: determining a first factor based on gateway information, wherein the first factor is used for representing the influence degree of the first use rate; determining a second factor based on the fragmentation information, wherein the first factor is used to characterize the extent of impact on the second usage; and fusing the first factor and the second factor to obtain a scheduling factor.
Optionally, the gateway information includes at least: the routing table and fragmentation information for the subnet deployed by the second virtual border gateway, the storage medium further configured to store program code for performing the steps of: judging whether the second virtual border gateway contains the fragments of the target subnet or not based on the fragment information to obtain a judging result; generating a first parameter based on the determination result; acquiring a first coefficient corresponding to the first factor; and obtaining a product of the first parameter, the first coefficient and the number of the routing tables to obtain a first factor.
Optionally, the gateway information further includes: the storage medium is further arranged to store program code for performing the steps of: acquiring the ratio of the first capacity to the second capacity; a first coefficient is determined based on the ratio, the first usage, and the second usage.
Optionally, the fragmentation information at least includes: the number of virtual machines, the active network address and the maximum network address, the storage medium being further arranged to store program code for: acquiring the ratio of an active network address to a maximum network address to obtain the network address density; generating a second parameter based on the network address density of the target fragment and the network address densities of other fragments in the plurality of fragments; generating a third parameter based on the second parameter and the second coefficient; and obtaining a product of the third parameter and the number of the target virtual machines to obtain a second factor, wherein the number of the target virtual machines is used for representing the number of the virtual machines contained in the target fragments.
Optionally, the above storage medium is further configured to store program code for performing the steps of: and obtaining a difference value between the second factor and the first factor to obtain a scheduling factor.
Optionally, the above storage medium is further configured to store program code for performing the steps of: comparing the scheduling factor with a second preset threshold; and under the condition that the scheduling factor is greater than or equal to a second preset threshold value, scheduling the target fragments to a second virtual border gateway.
Optionally, the above storage medium is further configured to store program code for performing the steps of: comparing the first utilization rate of each group of virtual boundary networks with a first preset value in a preset threshold value, and comparing the second utilization rate with a second preset value in the preset threshold value; and acquiring a virtual boundary gateway with the first utilization rate being larger than a first preset value or a virtual boundary gateway with the second utilization rate being larger than a second preset value to obtain the first virtual boundary gateway.
Optionally, the above storage medium is further configured to store program code for performing the steps of: and dividing the target subnet according to a dichotomy to obtain a plurality of fragments.
The foregoing embodiment numbers of the present application are merely for describing, and do not represent advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology content may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, such as the division of the units, is merely a logical function division, and may be implemented in another manner, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application and are intended to be comprehended within the scope of the present application.

Claims (13)

1. A method for partitioning a virtual network, comprising:
acquiring resource utilization rates of a plurality of groups of virtual border gateways in a virtual network, wherein the plurality of groups of virtual border gateways are respectively provided with a plurality of sub-networks of the virtual network, and the sub-networks are obtained by dividing virtual machines in the virtual network;
determining a first virtual border gateway in the plurality of groups of virtual border gateways based on the resource utilization, wherein the resource utilization of the first virtual border gateway is greater than a first preset threshold;
dividing a target subnet deployed by the first virtual border gateway to obtain a plurality of fragments;
and scheduling the target fragments in the plurality of fragments from the first virtual border gateway to a second virtual border gateway in the plurality of groups of virtual border gateways.
2. The method of claim 1, wherein scheduling a target tile of the plurality of tiles from the first virtual border gateway to a second virtual border gateway of the plurality of sets of virtual border gateways comprises:
obtaining the fragmentation information of the plurality of fragments and the gateway information of the second virtual border gateway;
Generating a scheduling factor corresponding to the target fragment based on the fragment information and the gateway information, wherein the scheduling factor is used for representing the influence degree of the target fragment on the resource utilization rate of the second virtual border gateway after being scheduled to the second virtual border gateway;
and scheduling the target fragments to the second virtual border gateway based on the scheduling factor.
3. The method of claim 2, wherein the resource usage comprises: a first usage of a first resource for storing a route, and a second usage of a second resource for storing a virtual machine configuration, wherein generating a scheduling factor based on the shard information and the gateway information comprises:
determining a first factor based on the gateway information, wherein the first factor is used for representing the influence degree of the first usage;
determining a second factor based on the fragmentation information, wherein the first factor is used for representing the influence degree of the second usage;
and fusing the first factor and the second factor to obtain the scheduling factor.
4. A method according to claim 3, wherein the gateway information comprises at least: the routing table and the fragmentation information of the subnet deployed by the second virtual border gateway, wherein determining the first factor based on the gateway information comprises:
Based on the fragmentation information, judging whether the second virtual border gateway contains the fragmentation of the target subnet or not to obtain a judging result;
generating a first parameter based on the determination result;
acquiring a first coefficient corresponding to the first factor;
and obtaining the product of the first parameter, the first coefficient and the number of routing tables to obtain the first factor.
5. The method of claim 4, wherein the gateway information further comprises: the obtaining the first coefficient corresponding to the first factor includes:
acquiring the ratio of the first capacity to the second capacity;
the first coefficient is determined based on the ratio, the first usage, and the second usage.
6. A method according to claim 3, wherein the fragmentation information comprises at least: the virtual machine number, the active network address, and the maximum network address, wherein determining the second factor based on the shard information comprises:
acquiring the ratio of the active network address to the maximum network address to obtain network address density;
generating a second parameter based on the network address density of the target tile and the network address densities of other tiles in the plurality of tiles;
Acquiring a second coefficient corresponding to the second factor;
generating a third parameter based on the second parameter and the second coefficient;
and obtaining the product of the third parameter and the number of the target virtual machines to obtain the second factor, wherein the number of the target virtual machines is used for representing the number of the virtual machines contained in the target fragment.
7. A method according to claim 3, wherein fusing the first factor and the second factor to obtain the scheduling factor comprises:
and obtaining the difference value of the second factor and the first factor to obtain the scheduling factor.
8. The method of claim 2, wherein scheduling the target shard to the second virtual border gateway based on the scheduling factor comprises:
comparing the scheduling factor with a second preset threshold;
and under the condition that the scheduling factor is greater than or equal to the second preset threshold value, scheduling the target fragments to the second virtual border gateway.
9. The method of claim 1, wherein determining a first virtual border gateway of the plurality of sets of virtual border gateways based on the resource usage comprises:
Comparing the first utilization rate of each group of virtual boundary networks with a first preset value in the preset threshold value, and comparing the second utilization rate with a second preset value in the preset threshold value;
and acquiring the virtual border gateway with the first utilization rate larger than the first preset value or the virtual border gateway with the second utilization rate larger than the second preset value to obtain the first virtual border gateway.
10. The method of claim 1, wherein partitioning the target subnet deployed by the first virtual border gateway to obtain a plurality of fragments comprises:
and dividing the target subnet according to a dichotomy to obtain the plurality of fragments.
11. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored program, wherein the program, when run, controls a device in which the computer readable storage medium is located to perform the method of any one of claims 1 to 10.
12. A computer terminal, comprising: a memory and a processor for executing a program stored in the memory, wherein the program when run performs the method of any one of claims 1 to 10.
13. A virtual network partitioning system, comprising:
a processor; and
a memory, coupled to the processor, for providing instructions to the processor to process the following processing steps: acquiring resource utilization rates of a plurality of groups of virtual border gateways in a virtual network, wherein the plurality of groups of virtual border gateways are respectively provided with a plurality of sub-networks of the virtual network, and the sub-networks are obtained by dividing virtual machines in the virtual network; determining a first virtual border gateway in the plurality of groups of virtual border gateways based on the resource utilization, wherein the resource utilization of the first virtual border gateway is greater than a first preset threshold; dividing a target subnet deployed by the first virtual border gateway to obtain a plurality of fragments; and scheduling the target fragments in the plurality of fragments from the first virtual border gateway to a second virtual border gateway in the plurality of groups of virtual border gateways.
CN202210302805.6A 2022-03-25 2022-03-25 Virtual network segmentation method, device and system Active CN114826823B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210302805.6A CN114826823B (en) 2022-03-25 2022-03-25 Virtual network segmentation method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210302805.6A CN114826823B (en) 2022-03-25 2022-03-25 Virtual network segmentation method, device and system

Publications (2)

Publication Number Publication Date
CN114826823A CN114826823A (en) 2022-07-29
CN114826823B true CN114826823B (en) 2024-02-27

Family

ID=82531500

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210302805.6A Active CN114826823B (en) 2022-03-25 2022-03-25 Virtual network segmentation method, device and system

Country Status (1)

Country Link
CN (1) CN114826823B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674223A (en) * 2008-09-13 2010-03-17 华为技术有限公司 Gateway equipment load processing method, network equipment and network system
KR20150116092A (en) * 2014-04-04 2015-10-15 한국전자통신연구원 Method and apparatus for partitoning newtork based on slicing
CN105357322A (en) * 2015-12-11 2016-02-24 中国科学院信息工程研究所 Virtual machine distribution method based on topology partition
CN106998284A (en) * 2016-01-25 2017-08-01 阿里巴巴集团控股有限公司 The network system and method for private network are connected by virtual private networks
CN114157606A (en) * 2021-12-09 2022-03-08 锐捷网络股份有限公司 Virtual network element equipment switching method, equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674223A (en) * 2008-09-13 2010-03-17 华为技术有限公司 Gateway equipment load processing method, network equipment and network system
WO2010028580A1 (en) * 2008-09-13 2010-03-18 华为技术有限公司 Load processing method of gateway equipment, network equipment and network system
KR20150116092A (en) * 2014-04-04 2015-10-15 한국전자통신연구원 Method and apparatus for partitoning newtork based on slicing
CN105357322A (en) * 2015-12-11 2016-02-24 中国科学院信息工程研究所 Virtual machine distribution method based on topology partition
CN106998284A (en) * 2016-01-25 2017-08-01 阿里巴巴集团控股有限公司 The network system and method for private network are connected by virtual private networks
CN114157606A (en) * 2021-12-09 2022-03-08 锐捷网络股份有限公司 Virtual network element equipment switching method, equipment and storage medium

Also Published As

Publication number Publication date
CN114826823A (en) 2022-07-29

Similar Documents

Publication Publication Date Title
CN110113441B (en) Computer equipment, system and method for realizing load balance
CN108924268B (en) Container cloud service system and pod creation method and device
CN108768692B (en) Network creation method, related equipment and system
US9081617B1 (en) Provisioning of virtual machines using an N-ARY tree of clusters of nodes
KR20140027518A (en) Method and apparatus for assignment of virtual resources within a cloud environment
CN110505319A (en) A kind of RS485 is from device address auto-allocation method and system
CN109617816B (en) Data message transmission method and device
US9507625B2 (en) Apparatus and method for generating software defined network(SDN)-based virtual network according to user demand
CN106533973B (en) Method, equipment and system for distributing service message
CN110928637A (en) Load balancing method and system
CN109417492A (en) A kind of network function NF management method and NF management equipment
CN110798412A (en) Multicast service processing method, device, cloud platform, equipment and readable storage medium
CN105099953A (en) Cloud data center virtual network isolation method and device
EP2928129B1 (en) Method and network devices for determining an administrative domain in a virtual cluster
CN110958133B (en) Network slice mapping method, device, server and storage medium
CN107517129B (en) Method and device for configuring uplink interface of equipment based on OpenStack
US11979335B2 (en) Network controller
CN109302302B (en) Method, system and computer readable storage medium for scaling service network element
CN114826823B (en) Virtual network segmentation method, device and system
CN111130820A (en) Cluster management method and device and computer system
CN108347465B (en) Method and device for selecting network data center
WO2017050343A1 (en) Advertising method and system in network functions virtualization environment
CN114172753A (en) Address reservation method, network equipment and system
CN111885044A (en) Method, device, equipment and storage medium for configuring multiple network cards of cloud host
CN108833570B (en) Cluster storage and balanced transmission system based on cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant