CN114938318B - Cross-region peer-to-peer connection realization method based on elastic public network IP - Google Patents
Cross-region peer-to-peer connection realization method based on elastic public network IP Download PDFInfo
- Publication number
- CN114938318B CN114938318B CN202210506847.1A CN202210506847A CN114938318B CN 114938318 B CN114938318 B CN 114938318B CN 202210506847 A CN202210506847 A CN 202210506847A CN 114938318 B CN114938318 B CN 114938318B
- Authority
- CN
- China
- Prior art keywords
- network
- peer
- virtual private
- peer connection
- link
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000008569 process Effects 0.000 claims description 8
- 238000004891 communication Methods 0.000 abstract description 10
- 206010047289 Ventricular extrasystoles Diseases 0.000 description 11
- 238000005129 volume perturbation calorimetry Methods 0.000 description 11
- 101100513046 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) eth-1 gene Proteins 0.000 description 4
- 238000005538 encapsulation Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Abstract
The invention discloses a cross-regional peer-to-peer connection realization method based on an elastic public network IP, which relates to the technical field of cloud network communication; based on the elastic public network IP, a GRE tunnel is established, a link from the local virtual private network to the opposite virtual private network is established through the GRE tunnel, and peer-to-peer connection is carried out according to the link from the local virtual private network to the opposite virtual private network; the network card of the sub-network can be used in the same virtual router with the service VPC of the user, the network card can not occupy network segment resources of the user, an independent network naming space is arranged for the network card, the conflict between the link configuration of peer-to-peer connection and the link configuration of other networks is prevented, the scheme based on the elastic public network IP and GRE tunnel is further optimized, the private communication protocol is not relied on, the implementation is easy, and the network card can be popularized as an intranet communication scheme among heterogeneous clouds.
Description
Technical Field
The invention discloses an implementation method, relates to the technical field of cloud network communication, and in particular relates to a cross-regional peer-to-peer connection implementation method based on an elastic public network IP.
Background
The virtual private networks provided in the current cloud platform network technology are isolated from each other, and the virtual machine in one virtual private network and the virtual machines in other virtual private networks cannot communicate by using an intranet address. The peer-to-peer connection refers to opening two virtual private networks which are isolated from each other, so that virtual machine instances in the two virtual private networks can use intranet addresses to perform mutual access, and the access security is ensured. However, the existing peer-to-peer connection scheme is generally aimed at the inter-access requirement of intranet addresses of two virtual private networks in the same area in the cloud platform, but cannot meet the inter-access requirement of intranet addresses of two virtual private networks in different areas.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a cross-regional peer-to-peer connection realization method based on an elastic public network IP, provides intranet address interview capability among virtual private networks under a plurality of areas of a cloud platform, and meets the requirement of peer-to-peer connection among the virtual private networks of a plurality of areas.
The specific scheme provided by the invention is as follows:
the method for realizing the cross-regional peer-to-peer connection based on the elastic public network IP comprises the steps of creating a GRE tunnel based on the elastic public network IP, creating a link from a local virtual private network to an opposite virtual private network through the GRE tunnel, and creating the link in the process:
creating a link from the home virtual private network to the home peer-to-peer connection traffic gateway: establishing a non-business network segment sub-network of a local virtual private network, establishing a network card of the non-business network segment sub-network of the local end, binding the network card with a flow gateway connected with the local end in a peer-to-peer manner, and configuring a destination end of a local virtual router as an opposite virtual private network;
creating a link from the peer virtual private network to the peer-to-peer connection traffic gateway: establishing a non-business network segment sub-network of an opposite terminal virtual private network, establishing a network card of the opposite terminal non-business network segment sub-network, binding the network card with an opposite terminal peer-to-peer connection flow gateway, and configuring a destination terminal of an opposite terminal virtual route as a local terminal virtual private network;
creating a link from a peer-to-peer connection traffic gateway to a peer-to-peer connection traffic gateway: respectively binding the network card of the local end and the network card of the opposite end with an elastic public network IP, setting independent network namespaces for the network card of the local end and the network card of the opposite end, creating GRE tunnel port equipment under the network namespaces, and configuring local end IP information and opposite end IP information to the port equipment;
and carrying out peer-to-peer connection according to the link from the home VPN to the peer VPN.
Further, in the method for implementing the transregional peer-to-peer connection based on the elastic public network IP, the creation of the peer-to-peer connection traffic gateway instance of the home terminal is responsible for creating a GRE tunnel with the virtual private network of the opposite terminal, creating a network card instance of the sub-network of the non-service network segment of the home terminal, binding with the peer-to-peer connection traffic gateway instance of the home terminal,
and creating a peer-to-peer connection flow gateway instance of the opposite end, and creating a network card instance of the non-service network segment sub-network of the opposite end, and binding the network card instance with the peer-to-peer connection flow gateway instance of the opposite end.
In the implementation method of cross-regional peer-to-peer connection based on the elastic public network IP, GRE tunnel configuration is carried out by loading kernel components of GRE in the peer-to-peer connection flow gateway instance of the local end and the peer-to-peer connection flow gateway instance of the opposite end through a modprobe ip_gre command.
Further, in the method for implementing cross-regional peer-to-peer connection based on the elastic public network IP, GRE tunnel port equipment is created under the network naming space through an IP tunnel command.
The invention also provides a device for realizing the cross-regional peer-to-peer connection based on the elastic public network IP, which comprises a link creation module and a connection module,
the link creation module creates a GRE tunnel based on the elastic public network IP, creates a link from the home virtual private network to the opposite virtual private network through the GRE tunnel, and creates a link process:
creating a link from the home virtual private network to the home peer-to-peer connection traffic gateway: establishing a non-business network segment sub-network of a local virtual private network, establishing a network card of the non-business network segment sub-network of the local end, binding the network card with a flow gateway connected with the local end in a peer-to-peer manner, and configuring a destination end of a local virtual router as an opposite virtual private network;
creating a link from the peer virtual private network to the peer-to-peer connection traffic gateway: establishing a non-business network segment sub-network of an opposite terminal virtual private network, establishing a network card of the opposite terminal non-business network segment sub-network, binding the network card with an opposite terminal peer-to-peer connection flow gateway, and configuring a destination terminal of an opposite terminal virtual route as a local terminal virtual private network;
creating a link from a peer-to-peer connection traffic gateway to a peer-to-peer connection traffic gateway: respectively binding the network card of the local end and the network card of the opposite end with an elastic public network IP, setting independent network namespaces for the network card of the local end and the network card of the opposite end, creating GRE tunnel port equipment under the network namespaces, and configuring local end IP information and opposite end IP information to the port equipment;
and the connection module performs peer-to-peer connection according to the link from the home terminal virtual private network to the opposite terminal virtual private network.
Further, the link creation module creates a peer-to-peer connection traffic gateway instance of the home terminal in the device for realizing the cross-regional peer-to-peer connection based on the elastic public network IP, is responsible for creating a GRE tunnel with the virtual private network of the opposite terminal, creates a network card instance of the sub-network of the non-service network segment of the home terminal, binds with the peer-to-peer connection traffic gateway instance of the home terminal,
and creating a peer-to-peer connection flow gateway instance of the opposite end, and creating a network card instance of the non-service network segment sub-network of the opposite end, and binding the network card instance with the peer-to-peer connection flow gateway instance of the opposite end.
Furthermore, in the device for realizing transregional peer-to-peer connection based on the elastic public network IP, the link creation module loads kernel components of GRE in the peer-to-peer connection flow gateway instance of the home terminal and the peer-to-peer connection flow gateway instance of the opposite terminal through a modprobe ip_gre command to perform GRE tunnel configuration.
Further, in the device for implementing cross-regional peer-to-peer connection based on the elastic public network IP, the link creation module creates a GRE tunnel port device under the network namespace through an IP tunnel command.
The invention has the advantages that:
the invention provides a cross-regional peer-to-peer connection realization method based on an elastic public network IP, which solves the requirement of inter-access interconnection of intranet addresses between virtual private networks in different areas, utilizes a network card of a subnet to be in the same virtual router with a service VPC of a user, can not occupy network segment resources of the user, sets a separate network naming space for the network card, prevents link configuration of peer-to-peer connection from conflicting with link configuration of other networks, further optimizes a scheme based on the elastic public network IP and GRE tunnel, does not depend on a private communication protocol, is easy to realize, and can be popularized as an intranet communication scheme among heterogeneous clouds.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a method application framework of the present invention.
Detailed Description
GRE (General Routing Encapsulation, generic routing encapsulation) protocol encapsulates certain network layer protocol data messages so that the encapsulated data messages can be transmitted in another network layer protocol (e.g., IPv 4). GRE provides a mechanism for encapsulating messages of one protocol in messages of another protocol, which is a three-layer tunnel encapsulation technique, so that the messages can be transmitted transparently through the GRE tunnel.
GRE is a method of establishing direct point-to-point connections on a network in order to simplify the connection between individual networks. Moreover, the realization mechanism is simple, the burden on equipment at two ends of the tunnel is small, and the method is suitable for the purpose of opening the VPCs in the two areas in the scheme.
In order to establish a cross-regional GRE tunnel, an elastic public network IP resource provided by the cloud platform is required.
The elastic public network IP resource of the cloud platform provides a connection outlet with the public network and provides the capability of the cloud resource for accessing the external network.
The present invention will be further described with reference to the accompanying drawings and specific examples, which are not intended to be limiting, so that those skilled in the art will better understand the invention and practice it.
The invention provides a cross-regional peer-to-peer connection realization method based on an elastic public network IP, which is characterized in that a GRE tunnel is created based on the elastic public network IP, a link from a local virtual private network to an opposite virtual private network is created through the GRE tunnel, and the link creation process comprises the following steps:
creating a link from the home virtual private network to the home peer-to-peer connection traffic gateway: establishing a non-business network segment sub-network of a local virtual private network, establishing a network card of the non-business network segment sub-network of the local end, binding the network card with a flow gateway connected with the local end in a peer-to-peer manner, and configuring a destination end of a local virtual router as an opposite virtual private network;
creating a link from the peer virtual private network to the peer-to-peer connection traffic gateway: establishing a non-business network segment sub-network of an opposite terminal virtual private network, establishing a network card of the opposite terminal non-business network segment sub-network, binding the network card with an opposite terminal peer-to-peer connection flow gateway, and configuring a destination terminal of an opposite terminal virtual route as a local terminal virtual private network;
creating a link from a peer-to-peer connection traffic gateway to a peer-to-peer connection traffic gateway: respectively binding the network card of the local end and the network card of the opposite end with an elastic public network IP, setting independent network namespaces for the network card of the local end and the network card of the opposite end, creating GRE tunnel port equipment under the network namespaces, and configuring local end IP information and opposite end IP information to the port equipment;
and carrying out peer-to-peer connection according to the link from the home VPN to the peer VPN.
The method of the invention is based on the cross-domain peer-to-peer connection of the elastic public network IP, mainly relies on the elastic public network IP resource of the cloud platform and GRE tunnel protocol, and completes the virtual private network (VPC) of different areas, thereby realizing the purpose of internal network address communication.
In specific applications, in some embodiments of the method of the present invention, links are constructed, and the links are mainly three segments, including a link from a home virtual private network to a home peer connection traffic gateway, a link from the home peer connection traffic gateway to a peer connection traffic gateway, and a link from the peer connection traffic gateway to the peer virtual private network.
It can be seen from the three-segment link that the link is substantially symmetrical. Therefore, taking the 1.5 link creation process of the home terminal as an example, the service logic of the method of the present invention is described:
creating a link from the home virtual private network to the home peer-to-peer connection traffic gateway: a non-business network segment sub-network of a home terminal virtual private network is established, a network card of the non-business network segment sub-network of the home terminal is established, the network card is bound with a home terminal peer-to-peer connection flow gateway, a destination terminal of a home terminal virtual route is configured as a peer-to-peer virtual private network,
further, the method comprises the following specific steps:
applying an elastic public network IP on the cloud platform, wherein the IP is used as an endpoint for creating the GRE tunnel,
creating a peer-to-peer connection traffic gateway instance, which is responsible for creating a GRE tunnel with the peer, and forwarding traffic into the tunnel or into the traffic VPC,
in the local service VPC of the user, a subnet of a non-service network segment is established, the purpose of establishing the network segment is to be able to be in the same virtual router with the service VPC of the user and not to occupy network segment resources of the user,
in the subnetwork of the non-service network segment, a network card instance is created, and bound to the peer-to-peer connection traffic gateway instance,
a static route is configured in a router of the home terminal VPC, a destination terminal of the route is a network card IP of a counter terminal service VPC network segment, the next hop is a non-service network segment,
the link from the user traffic network to the home peer-to-peer connection traffic gateway is already created. The latter operation is to configure the traffic gateway of the home terminal and create a GRE tunnel of the home terminal. Creating a link from a peer-to-peer connection traffic gateway to a peer-to-peer connection traffic gateway: and respectively binding the network card of the local end and the network card of the opposite end with an elastic public network IP, setting independent network namespaces for the network card of the local end and the network card of the opposite end, creating GRE tunnel port equipment under the network namespaces, and configuring local end IP information and opposite end IP information to the port equipment.
Further, the method comprises the following specific steps:
the applied elastic public network IP is associated with the network card bound on the peer-to-peer connection flow gateway instance, so that the network card of the instance has the public network access capability,
the kernel component of the GRE is loaded in the traffic gateway instance using the command "modprobe ip _ GRE" for subsequent GRE tunnel creation configuration,
the network cards of the non-traffic segment subnets bound on the traffic gateway instance are set into separate network namespaces, which is to prevent the link configuration of the peer-to-peer connection from conflicting with the link configurations of other networks,
and creating tunnel port equipment under the independent network name space of the network card by using an 'IP tunnel' command, and configuring the local IP and the opposite IP information of the tunnel to the port equipment according to the planning.
And configuring a static route under the network naming space, wherein the flow of the network segment of which the destination end is the opposite end is sent out through the tunnel port equipment, and the default route is sent out through the network card equipment of the non-business subnet by taking the non-business subnet gateway as forwarding.
The link of the home terminal is already created. The link creation of the opposite terminal is basically the same as that of the local terminal, and the configuration of the IP information in the port device and the configuration description of the IP information should be symmetrical.
And carrying out peer-to-peer connection according to the link from the home VPN to the peer VPN.
Further, a certain cross-regional peer-to-peer connection scheme is exemplified:
VPC1 (192.168.0.0/16) in region a needs to communicate with VPC2 (172.16.0.0/12) in region B for intranet address, then:
(1) an elastic public network IP instance is applied in the area a, and the IP address is 100.111.0.100. An elastic public network IP instance is applied in the area B, and the IP address is 100.112.0.100.
(2) A peer-to-peer connection traffic gateway instance, abbreviated as traffic gateway a, is created in zone a.
(3) In VPC1 of region A, a subnet of 11.0.101.0/24 is created and the gateway of the subnet is plugged onto the virtual router of VPC 1.
(4) An instance of the network card was created within the subnet of 11.0.101.0/24 with an assigned IP of 11.0.101.100. The network card is plugged into the flow gateway A.
(5) One of the following routing rules is configured in the virtual router corresponding to the VPC 1: the destination end is 172.16.0.0/12, and the next hop is 11.0.101.100.
(6) The public network IP 100.111.0.100 is bound to the network card 11.0.101.100.
(7) Logging in to the traffic gateway A, executing "lsmod|grep_gre" to see if the kernel GRE component is loaded, and if no print is available, indicating that no load is available, executing "modprobe ip_gre" command is needed to load the component.
(8) In traffic gateway A, a network namespace is created, and the "ip netns add ns-gre" command is executed, taking the name ns-gre as an example. The network card name of 11.0.101.100 is found, taking name eth1 as an example, the "ip link set eth1 nstns ns-gre" is executed, and the network card is placed in the network namespace.
(9) In the ns-GRE namespace, "ip tunnel add tunnel mode GRE local 100.111.0.100 remotec 100.112.0.100" is performed using "ip tunnel" to create GRE tunnel local one end. And configures IP for the created network card device tunnel2, executing the command "IP addr add 12.1.100.101dev tunnel2 peer 12.1.100.102".
In the ns-gre namespace, static routing is configured, the execute command "ip route add172.16.0.0/12dev tunnel2" directs outgoing traffic to tunnel port tunnel2. And configures the default route, executes command "ip route add default via 11.0.101.100dev eth1", directs other traffic to the bound network card device eth1.
The method of the invention realizes the peer-to-peer connection of the area A and the area B, and performs the intranet address communication.
The invention also provides a device for realizing the cross-regional peer-to-peer connection based on the elastic public network IP, which comprises a link creation module and a connection module,
the link creation module creates a GRE tunnel based on the elastic public network IP, creates a link from the home virtual private network to the opposite virtual private network through the GRE tunnel, and creates a link process:
creating a link from the home virtual private network to the home peer-to-peer connection traffic gateway: establishing a non-business network segment sub-network of a local virtual private network, establishing a network card of the non-business network segment sub-network of the local end, binding the network card with a flow gateway connected with the local end in a peer-to-peer manner, and configuring a destination end of a local virtual router as an opposite virtual private network;
creating a link from the peer virtual private network to the peer-to-peer connection traffic gateway: establishing a non-business network segment sub-network of an opposite terminal virtual private network, establishing a network card of the opposite terminal non-business network segment sub-network, binding the network card with an opposite terminal peer-to-peer connection flow gateway, and configuring a destination terminal of an opposite terminal virtual route as a local terminal virtual private network;
creating a link from a peer-to-peer connection traffic gateway to a peer-to-peer connection traffic gateway: respectively binding the network card of the local end and the network card of the opposite end with an elastic public network IP, setting independent network namespaces for the network card of the local end and the network card of the opposite end, creating GRE tunnel port equipment under the network namespaces, and configuring local end IP information and opposite end IP information to the port equipment;
and the connection module performs peer-to-peer connection according to the link from the home terminal virtual private network to the opposite terminal virtual private network.
The content of information interaction and execution process between the modules in the device is based on the same conception as the embodiment of the method of the present invention, and specific content can be referred to the description in the embodiment of the method of the present invention, which is not repeated here.
The device can apply cross-regional peer-to-peer connection based on the elastic public network IP, solves the requirement of inter-access interconnection of intranet addresses between virtual private networks in different areas, can be in the same virtual router with the service VPC of a user by utilizing a network card of a subnet, can not occupy network segment resources of the user, and sets a separate network naming space for the network card to prevent the link configuration of peer-to-peer connection from conflicting with the link configuration of other networks, further optimizes the scheme based on the elastic public network IP and GRE tunnel, does not depend on private communication protocols, is easy to realize, and can be popularized as an intranet communication scheme among heterogeneous clouds.
It should be noted that not all the steps and modules in the above flowcharts and the system configuration diagrams are necessary, and some steps or modules may be omitted according to actual needs. The execution sequence of the steps is not fixed and can be adjusted as required. The system structure described in the above embodiments may be a physical structure or a logical structure, that is, some modules may be implemented by the same physical entity, or some modules may be implemented by multiple physical entities, or may be implemented jointly by some components in multiple independent devices.
The above-described embodiments are merely preferred embodiments for fully explaining the present invention, and the scope of the present invention is not limited thereto. Equivalent substitutions and modifications will occur to those skilled in the art based on the present invention, and are intended to be within the scope of the present invention. The protection scope of the invention is subject to the claims.
Claims (8)
1. The method for realizing the cross-regional peer-to-peer connection based on the elastic public network IP is characterized in that a GRE tunnel is created based on the elastic public network IP, a link from a local virtual private network to an opposite virtual private network is created through the GRE tunnel, and the link creation process comprises the following steps:
creating a link from the home virtual private network to the home peer-to-peer connection traffic gateway: establishing a non-business network segment sub-network of a local virtual private network, establishing a network card of the non-business network segment sub-network of the local end, binding the network card with a flow gateway connected with the local end in a peer-to-peer manner, and configuring a destination end of a local virtual router as an opposite virtual private network;
creating a link from the peer virtual private network to the peer-to-peer connection traffic gateway: establishing a non-business network segment sub-network of an opposite terminal virtual private network, establishing a network card of the opposite terminal non-business network segment sub-network, binding the network card with an opposite terminal peer-to-peer connection flow gateway, and configuring a destination terminal of an opposite terminal virtual route as a local terminal virtual private network;
creating a link from a peer-to-peer connection traffic gateway to a peer-to-peer connection traffic gateway: respectively binding the network card of the local end and the network card of the opposite end with an elastic public network IP, setting independent network namespaces for the network card of the local end and the network card of the opposite end, creating GRE tunnel port equipment under the network namespaces, and configuring local end IP information and opposite end IP information to the port equipment;
and carrying out peer-to-peer connection according to the link from the home VPN to the peer VPN.
2. The method for realizing cross-regional peer-to-peer connection based on elastic public network IP as claimed in claim 1, wherein a gateway instance of the peer-to-peer connection traffic of the home terminal is created, said gateway instance is responsible for creating GRE tunnel with the virtual private network of the opposite terminal, creating a network card instance of the sub-network of the non-service network segment of the home terminal, binding with the gateway instance of the peer-to-peer connection traffic of the home terminal,
and creating a peer-to-peer connection flow gateway instance of the opposite end, and creating a network card instance of the non-service network segment sub-network of the opposite end, and binding the network card instance with the peer-to-peer connection flow gateway instance of the opposite end.
3. The method for implementing cross-regional peer-to-peer connection based on elastic public network IP according to claim 2, wherein GRE tunnel configuration is performed by loading GRE kernel components in the peer-to-peer connection traffic gateway instance and the peer-to-peer connection traffic gateway instance by a modprobe ip_gre command.
4. A method of implementing a cross-regional peer-to-peer connection over elastic public network IP according to any of claims 1-3, characterized by creating GRE tunnel port devices under the network namespace by IP tunnel commands.
5. The device for realizing the cross-regional peer-to-peer connection based on the elastic public network IP is characterized by comprising a link creation module and a connection module,
the link creation module creates a GRE tunnel based on the elastic public network IP, creates a link from the home virtual private network to the opposite virtual private network through the GRE tunnel, and creates a link process:
creating a link from the home virtual private network to the home peer-to-peer connection traffic gateway: establishing a non-business network segment sub-network of a local virtual private network, establishing a network card of the non-business network segment sub-network of the local end, binding the network card with a flow gateway connected with the local end in a peer-to-peer manner, and configuring a destination end of a local virtual router as an opposite virtual private network;
creating a link from the peer virtual private network to the peer-to-peer connection traffic gateway: establishing a non-business network segment sub-network of an opposite terminal virtual private network, establishing a network card of the opposite terminal non-business network segment sub-network, binding the network card with an opposite terminal peer-to-peer connection flow gateway, and configuring a destination terminal of an opposite terminal virtual route as a local terminal virtual private network;
creating a link from a peer-to-peer connection traffic gateway to a peer-to-peer connection traffic gateway: respectively binding the network card of the local end and the network card of the opposite end with an elastic public network IP, setting independent network namespaces for the network card of the local end and the network card of the opposite end, creating GRE tunnel port equipment under the network namespaces, and configuring local end IP information and opposite end IP information to the port equipment;
and the connection module performs peer-to-peer connection according to the link from the home terminal virtual private network to the opposite terminal virtual private network.
6. The device for implementing trans-regional peer-to-peer connection based on elastic public network IP as claimed in claim 5, wherein said link creation module creates a peer-to-peer connection traffic gateway instance of the home terminal, is responsible for creating GRE tunnel with the virtual private network of the opposite terminal, creates a network card instance of the sub-network of the non-service network segment of the home terminal, binds with the peer-to-peer connection traffic gateway instance of the home terminal,
and creating a peer-to-peer connection flow gateway instance of the opposite end, and creating a network card instance of the non-service network segment sub-network of the opposite end, and binding the network card instance with the peer-to-peer connection flow gateway instance of the opposite end.
7. The device for implementing transregional peer-to-peer connection based on elastic public network IP as claimed in claim 6, wherein said link creation module loads GRE kernel components in the peer-to-peer connection traffic gateway instance and the peer-to-peer connection traffic gateway instance by means of a modprobe ip_gre command to perform GRE tunnel configuration.
8. The device for implementing cross-regional peer-to-peer connection based on elastic public network IP according to any of claims 5-7, wherein said link creation module creates GRE tunnel port devices under said network namespaces by IP tunnel commands.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210506847.1A CN114938318B (en) | 2022-05-11 | 2022-05-11 | Cross-region peer-to-peer connection realization method based on elastic public network IP |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210506847.1A CN114938318B (en) | 2022-05-11 | 2022-05-11 | Cross-region peer-to-peer connection realization method based on elastic public network IP |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114938318A CN114938318A (en) | 2022-08-23 |
CN114938318B true CN114938318B (en) | 2024-03-26 |
Family
ID=82865533
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210506847.1A Active CN114938318B (en) | 2022-05-11 | 2022-05-11 | Cross-region peer-to-peer connection realization method based on elastic public network IP |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114938318B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011103840A2 (en) * | 2011-04-19 | 2011-09-01 | 华为技术有限公司 | Virtual private cloud connection method and tunnel proxy server |
CN103746997A (en) * | 2014-01-10 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | Network security solution for cloud computing center |
CN106789367A (en) * | 2017-02-23 | 2017-05-31 | 郑州云海信息技术有限公司 | The construction method and device of a kind of network system |
CN108965094A (en) * | 2018-08-23 | 2018-12-07 | 郑州云海信息技术有限公司 | A kind of virtual machine network connection method and device |
CN111030912A (en) * | 2018-10-09 | 2020-04-17 | 华为技术有限公司 | Method for intercommunication between virtual private cloud VPCs |
EP3681110A1 (en) * | 2017-09-06 | 2020-07-15 | China Unionpay Co., Ltd | Interconnected region controller, interconnected region control method, and computer storage medium |
CN113132201A (en) * | 2019-12-30 | 2021-07-16 | 华为技术有限公司 | Communication method and device between VPCs |
CN113765801A (en) * | 2020-07-16 | 2021-12-07 | 北京京东尚科信息技术有限公司 | Message processing method and device applied to data center, electronic equipment and medium |
CN113965505A (en) * | 2021-09-27 | 2022-01-21 | 浪潮云信息技术股份公司 | Method for cloud host intercommunication among different virtual private networks and implementation architecture |
CN114401274A (en) * | 2022-01-21 | 2022-04-26 | 浪潮云信息技术股份公司 | Communication line creating method, device, equipment and readable storage medium |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104579887A (en) * | 2013-10-16 | 2015-04-29 | 宇宙互联有限公司 | Cloud gateway as well as cloud gateway creation and configuration system and method |
-
2022
- 2022-05-11 CN CN202210506847.1A patent/CN114938318B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011103840A2 (en) * | 2011-04-19 | 2011-09-01 | 华为技术有限公司 | Virtual private cloud connection method and tunnel proxy server |
CN103746997A (en) * | 2014-01-10 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | Network security solution for cloud computing center |
CN106789367A (en) * | 2017-02-23 | 2017-05-31 | 郑州云海信息技术有限公司 | The construction method and device of a kind of network system |
EP3681110A1 (en) * | 2017-09-06 | 2020-07-15 | China Unionpay Co., Ltd | Interconnected region controller, interconnected region control method, and computer storage medium |
CN108965094A (en) * | 2018-08-23 | 2018-12-07 | 郑州云海信息技术有限公司 | A kind of virtual machine network connection method and device |
CN111030912A (en) * | 2018-10-09 | 2020-04-17 | 华为技术有限公司 | Method for intercommunication between virtual private cloud VPCs |
CN113132201A (en) * | 2019-12-30 | 2021-07-16 | 华为技术有限公司 | Communication method and device between VPCs |
CN113765801A (en) * | 2020-07-16 | 2021-12-07 | 北京京东尚科信息技术有限公司 | Message processing method and device applied to data center, electronic equipment and medium |
CN113965505A (en) * | 2021-09-27 | 2022-01-21 | 浪潮云信息技术股份公司 | Method for cloud host intercommunication among different virtual private networks and implementation architecture |
CN114401274A (en) * | 2022-01-21 | 2022-04-26 | 浪潮云信息技术股份公司 | Communication line creating method, device, equipment and readable storage medium |
Non-Patent Citations (2)
Title |
---|
Analysis of Generic Routing Encapsulation (GRE) over IP Security (IPSec) VPN Tunneling in IPv6 Network;Raihan Uddin;《International Conference on Ubiquitous Communications and Network Computing》;全文 * |
基于腾讯云搭建公网可用的Keepalived集群实践;周家正;;电脑编程技巧与维护(第05期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN114938318A (en) | 2022-08-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Abdelwahab et al. | Network function virtualization in 5G | |
CN116057910B (en) | Virtual private cloud communication and configuration method and related device | |
CN109716717A (en) | From software-defined network controller management virtual port channel switching equipment peer-to-peer | |
US9294393B1 (en) | Interconnecting virtual private networks | |
CN103441996B (en) | The method and system of concurrent transmission file | |
CN109923838A (en) | Bridge the elastic VPN of long-range isolated island | |
CN109861899B (en) | Virtual home gateway and implementation method, home network center and data processing method | |
CN110290093A (en) | The SD-WAN network architecture and network-building method, message forwarding method | |
CN103685026A (en) | Virtual network access method and system | |
US11824685B2 (en) | Method for implementing GRE tunnel, access point and gateway | |
CN105264835A (en) | Gre tunnel implementation method, access device and convergence gateway | |
CN104412621A (en) | Methods and apparatus | |
CN110324225B (en) | Method and device for processing message | |
CN112602292B (en) | Inter-slice sharing in a 5G core network | |
CN115189920A (en) | Cross-network domain communication method and related device | |
CN112385194B (en) | State packet transmission between remote networks | |
CN113364660B (en) | Data packet processing method and device in LVS load balancing | |
US20230336377A1 (en) | Packet forwarding method and apparatus, and network system | |
CN114938318B (en) | Cross-region peer-to-peer connection realization method based on elastic public network IP | |
CN113596192B (en) | Communication method, device, equipment and medium based on gatekeeper networking | |
CN112671811B (en) | Network access method and equipment | |
CN115701037A (en) | Configuration method for intercommunication between virtual private cloud VPCs and related device | |
CN112039854A (en) | Data transmission method, device and storage medium | |
CN106817727B (en) | Transmission networking method for multiple movable wireless broadband systems | |
CN117439815B (en) | Intranet penetration system and method based on reverse transparent bridging |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |