CN115296848A - Bastion machine system based on multi-local area network environment and bastion machine access method - Google Patents
Bastion machine system based on multi-local area network environment and bastion machine access method Download PDFInfo
- Publication number
- CN115296848A CN115296848A CN202210790944.8A CN202210790944A CN115296848A CN 115296848 A CN115296848 A CN 115296848A CN 202210790944 A CN202210790944 A CN 202210790944A CN 115296848 A CN115296848 A CN 115296848A
- Authority
- CN
- China
- Prior art keywords
- user
- bastion machine
- local area
- proxy gateway
- area network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention provides a bastion machine system based on a multi-local area network environment and a bastion machine access method, and belongs to the field of network security. The method comprises the steps that a proxy gateway is arranged for each local area network, a single bastion machine is arranged for a multi-local area network environment, and all proxy gateways are connected with the bastion machine at the same time; setting a database corresponding to the proxy gateway in the bastion machine, partitioning the database based on the host IP, and storing the associated information of the current host IP access user in the partition; after a user logs in the bastion machine system, the bastion machine system directly generates request data according to the login information of the user, and sends the request data to a corresponding proxy gateway according to the proxy gateway IP; the proxy gateway modifies the target IP in the TCP data packet message of the transmission layer into the IP of the target host, and modifies the source IP into the proxy gateway IP, so that the connection is directly established between the client of the user and the target host, and the access is realized. The invention reduces the hardware quantity, saves the cost and improves the network access speed.
Description
Technical Field
The invention belongs to the field of network security, and particularly relates to a bastion machine system based on a multi-local area network environment and a bastion machine access method.
Background
With the development of cloud computing, virtualization technology and network security field, hosts (virtual hosts or physical hosts) in a plurality of different networks (virtual networks or physical networks) need to be accessed through bastion machines among different local area networks, and for the local area networks, because each network is independent and the networks are not communicated with each other, the traditional method is to deploy one bastion machine system in each network. For example, as shown in fig. 1, three networks are isolated from each other (lan 1, lan2, and lan3, respectively), and each network has a plurality of hosts (host 1, host 2, and host n, respectively) and a bastion, and since the networks are isolated from each other, i.e., the host in lan1 cannot access the host in lan2, and cannot access the bastion in lan2, the user needs to log in to the respective bastion systems in the different networks to access the host in the networks.
In the prior art, with the development of services, the number of lans can be increased to hundreds of thousands, and the number of hosts in each lan can also be increased to hundreds of thousands, but the problem exists that a great number of bastion machine systems need to be deployed because one bastion machine system needs to be deployed in each network. Firstly, hardware resources are wasted, hardware cost is increased, and each bastion machine system needs to be specially deployed on one host; secondly, the management cost is increased, a user needs to manage and maintain a large number of fort machine systems at the same time, particularly when the fort machine systems need to be upgraded, each fort machine needs to be upgraded one by one independently, and a large amount of time and labor are spent; thirdly, the expansibility is poor, a fortress system needs to be deployed again when a network is added, and in addition, if a bug occurs in the fortress system, the fortress system needs to repair each fortress one by one independently.
Disclosure of Invention
In view of the above defects or shortcomings in the prior art, embodiments of the present invention aim to provide a bastion system and a bastion access method based on a multi-local area network environment, wherein a bastion system is shared under the multi-local area network environment, and a user finds a local area network where a target host is located through a proxy gateway stored in the bastion and finally reaches the target host, thereby not only saving hardware resources, but also increasing network access speed, reducing traffic overhead, and improving host access efficiency.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
in a first aspect, an embodiment of the present invention provides a bastion machine access method based on a multi-local area network environment, including the following steps:
step S1, setting a proxy gateway and a corresponding IP address for each local area network, setting a single fort machine for a multi-local area network environment, and simultaneously connecting all the proxy gateways with the fort machines;
s2, setting a database under the IP address of each proxy gateway in the bastion machine, partitioning the database, wherein each partition corresponds to a host IP in the current local area network, and storing the associated information of the current host IP access user in the partition;
s3, after the user logs in the bastion machine system through the client, the bastion machine system directly calls the associated information in the database according to the login information of the user to generate request data, the request data at least comprises the associated information of the access user, a proxy gateway IP and a target host IP, and the request data is sent to a corresponding proxy gateway according to the proxy gateway IP;
and S4, the proxy gateway modifies the target IP in the TCP data packet message of the transmission layer into the target host IP and modifies the source IP into the proxy gateway IP according to the received request data, at the moment, the client of the user is directly connected with the target host through the connection between the bastion machine and the proxy gateway, and the user realizes the access to the target host.
As a preferred embodiment of the invention, the security guards have corresponding extensibility, and when the number of local area networks is increased, corresponding proxy gateway connections are added directly to the unique bastion machine.
As a preferred embodiment of the present invention, the step S2 further includes: and storing the association information of the newly registered user.
As a preferred embodiment of the present invention, the storing the association information of the new registered user specifically includes:
the user registers in the current bastion machine system, and the user indicates the identity of the user when registering, and simultaneously determines which proxy gateway local area network and which host under the local area network the user needs to access; and after the bastion machine system carries out identity authentication, the current user is added into the corresponding partition of the corresponding database.
As a preferred embodiment of the present invention, the association information includes identity authentication information and access authority of the access user.
As a preferred embodiment of the present invention, the generating request information in step S3 specifically includes: and the bastion machine directly calls the stored associated information of the corresponding access user through the login information of the user, and generates request data according to the associated information and the storage path.
In a second aspect, an embodiment of the present invention further provides a bastion machine system based on a multi-local area network environment, where the bastion machine system includes: one bastion machine and the same number of proxy gateways as the local area network; wherein the content of the first and second substances,
each proxy gateway corresponds to a local area network, and sets a corresponding IP address for each proxy gateway, wherein each local area network comprises a plurality of hosts;
a plurality of databases are arranged in the bastion machine, and each database corresponds to the IP address of one proxy gateway; each database is divided into a plurality of partitions, and each partition corresponds to a host IP in the local area network corresponding to the current proxy gateway; the partition stores the associated information of the current host access user;
when a user accesses a target host in a multi-local area network environment through the bastion machine system, the bastion machine system executes the following procedures:
the bastion machine system directly calls the associated information in the database according to the login information of the user to generate request data, wherein the request data at least comprises the associated information of the access user, a proxy gateway IP and a target host IP, and the request data is sent to a corresponding proxy gateway according to the proxy gateway IP;
and the proxy gateway modifies the target IP in the TCP data packet message of the transmission layer into the IP of the target host according to the received request data, modifies the source IP into the proxy gateway IP, and at the moment, the client of the user is directly connected with the target host through the connection between the bastion machine and the proxy gateway, so that the user can access the target host.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
the bastion machine system based on the multi-local area network environment and the bastion machine access method readjust the network deployment structure, replace the traditional proxy gateway program, reduce the prior multiple bastion machine systems needing to be deployed under multiple independent networks to only one bastion machine system needing to be deployed, only need allocate one hardware resource to deploy and install the bastion machine, only need manage and maintain one bastion machine system, and only need upgrade one bastion machine system; meanwhile, when the bastion system has a bug, only one bastion system needs to be subjected to bug repair, the hardware quantity is reduced, the hardware cost is saved, the management cost is reduced, the expansibility is increased, and then the traditional proxy gateway needs to analyze a data protocol and forward and transmit data, needs to establish connection with a target host, and has low efficiency.
Of course, not all of the advantages described above need to be achieved at the same time in the practice of any one product or method of the invention.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Figure 1 is a schematic diagram of a network deployment structure of a bastion machine in the prior art;
FIG. 2 is a flow chart of a bastion machine access method based on a multi-local area network environment in the embodiment of the invention;
fig. 3 is a schematic diagram of a network deployment structure of the bastion machine system based on the multi-local area network environment in the embodiment of the invention.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It is to be understood that the described embodiments are merely a few embodiments of the invention, and not all embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. It should be noted that the embodiments and features of the embodiments of the present invention may be combined with each other without conflict.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. In the description of the present invention, the terms "first," "second," "third," and the like are used solely to distinguish one from another and are not to be construed as merely or implying relative importance.
Aiming at the problem that a plurality of bastion machine systems need to be deployed under the complex network environment of a plurality of independent networks in the prior art, the invention provides a bastion machine system based on a multi-local area network environment and a bastion machine access method, wherein a network deployment structure is readjusted, proxy gateways are arranged between the bastion machine and a plurality of different networks, host IPs under the proxy gateways are stored in the bastion machine, a database partition is arranged for each corresponding host, and associated information of an access user is stored in the database partition; when a user accesses, the bastion machine directly calls corresponding associated information in the database and sends the associated information to the proxy gateway, the proxy gateway directly connects the user and the target host through modifying a TCP data packet target IP, connection is not required to be established between the proxy gateway and the target host, access among different networks is realized under the condition that the user does not sense, and therefore the bastion machine system shared by a plurality of local area networks is realized. The invention only needs one bastion machine system hardware, thereby reducing the hardware quantity and saving the cost; when other local area networks are added, the corresponding databases are added in the bastion machine system, other hardware equipment is not needed, and the expansion performance of the equipment is improved; meanwhile, the bastion machine is combined with the proxy gateway, and when a user accesses, the proxy gateway does not need to analyze the protocol, so that the network access speed is increased, and the flow overhead is reduced.
Referring to fig. 2, the bastion machine access method based on the multi-local area network environment provided by the embodiment of the invention comprises the following steps:
step S1, setting a proxy gateway and a corresponding IP address for each local area network, setting a unique bastion machine for a multi-local area network environment, and simultaneously connecting all the proxy gateways with the bastion machines.
In the step, the security devices have corresponding expansibility, and when the number of local area networks is increased, corresponding proxy gateway connection can be added in the bastion devices without increasing the number of the bastion devices.
Meanwhile, the IP address of the proxy gateway corresponding to each local area network is unique; the IP address of the proxy gateway is an entry address and does not contain a specific host address.
And S2, setting a database under the IP address of each proxy gateway in the bastion machine, partitioning the database, wherein each partition corresponds to a host IP in the current local area network, and storing the associated information of the current host IP access user in the partition.
In this step, the associated information of the current host IP access user may be stored when the user performs initial access or registration, or may be directly imported, where the associated information includes the identity authentication information, the authority, other registration information, and the like of the access user.
The step also comprises storing the associated information of the new registered user. When the users register, the data created by each user are mutually independent, namely different users can only see the data created by themselves when logging in the system and store the data in the corresponding database partition. When a user needs to be added, the user registers in the current bastion machine system, and the user indicates the identity of the user when registering, and simultaneously, the user determines which local area network of the proxy gateway and which host under the local area network need to be accessed; and after the identity authentication is carried out by the bastion machine system, the current user is added into the corresponding partition of the corresponding database.
And S3, after the user logs in the bastion machine system through the client, the bastion machine system directly calls the associated information in the database according to the login information of the user to generate request data, the request data at least comprises the associated information of the access user, the proxy gateway IP and the target host IP, and the request data is sent to the corresponding proxy gateway according to the proxy gateway IP.
In this step, the request data generated by the bastion machine also includes the authority information in the associated information. The bastion machine manages users in different networks through user authority control, and each user can only manage and check a corresponding host under the local area network where the user is located. The bastion machine directly calls the stored associated information of the corresponding access user through the login information of the user, and directly generates request data according to the storage path of the associated information.
And S4, modifying the target IP in the TCP data packet message of the transmission layer into the IP of the target host by the proxy gateway according to the received request data, modifying the source IP into the IP of the proxy gateway, and at the moment, directly establishing connection between the client of the user and the target host through the connection between the bastion machine and the proxy gateway so that the user can access the target host.
In the step, the proxy gateway modifies the TCP data packet message of the transmission layer through the request data of the bastion machine, and a connection channel is established between the client of the user and the target host through modifying the head of the OSI fourth layer protocol, so that the client does not need to establish connection with the proxy gateway independently, and the proxy gateway does not need to establish connection with the target host independently; because the connection is not needed to be established independently, and the protocol analysis and data forwarding are not needed, the client is directly connected with the target host, so that an intermediate link is omitted, the network access speed is increased, the flow overhead is reduced and the host access efficiency is improved through the combination of the bastion machine and the proxy gateway.
The proxy gateway now acts as a proxy jump and these steps are automatic, so the proxy gateway address need not contain the target host address.
Based on the same idea, the embodiment of the invention also provides a bastion machine system based on a multi-local area network environment, and referring to fig. 3, the bastion machine system comprises: the system comprises a bastion machine and proxy gateways with the same number as the local area networks, wherein each proxy gateway corresponds to one local area network and is provided with a corresponding IP address, and each local area network comprises a plurality of hosts; a plurality of databases are arranged in the bastion machine, and each database corresponds to the IP address of one proxy gateway; each database is divided into a plurality of partitions, and each partition corresponds to a host IP in the local area network corresponding to the current proxy gateway; and the partition stores the associated information of the current host access user.
When a user accesses a target host in a multi-local area network environment through the bastion machine system, the bastion machine system executes the following procedures:
the bastion machine system directly calls the associated information in the database according to the login information of the user to generate request data, wherein the request data at least comprises the associated information of the access user, the proxy gateway IP and the target host IP, and sends the request data to the corresponding proxy gateway according to the proxy gateway IP;
and the proxy gateway modifies the target IP in the TCP data packet message of the transmission layer into the IP of the target host according to the received request data, modifies the source IP into the IP of the proxy gateway, and at the moment, the client of the user is directly connected with the target host through the connection between the bastion machine and the proxy gateway, so that the user can access the target host.
According to the technical scheme, the method for sharing the bastion machines in the multi-network environment provided by the embodiment of the invention has the advantages that the network deployment structure is readjusted, the system that a plurality of bastion machines need to be deployed under a plurality of conventional independent networks is reduced to the system that only one bastion machine needs to be deployed, only one hardware resource needs to be allocated to deploy and install the bastion machines, only one bastion machine system needs to be managed and maintained, and only one bastion machine system needs to be upgraded; meanwhile, when the fortress system has a bug, only one fortress system needs to be subjected to bug repairing, so that the number of hardware is reduced, the hardware cost is saved, the management cost is reduced, and the expansibility of the fortress system is improved; meanwhile, the combination of the bastion machine and the proxy gateway enables the client to be directly connected with the target host, thereby increasing the network access speed, reducing the flow cost and improving the host access efficiency.
The above description is only a preferred embodiment of the invention and an illustration of the applied technical principle and is not intended to limit the scope of the claimed invention but only to represent a preferred embodiment of the invention. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Claims (7)
1. A bastion machine access method based on a multi-local area network environment is characterized by comprising the following steps:
step S1, setting a proxy gateway and a corresponding IP address for each local area network, setting a single fort machine for a multi-local area network environment, and simultaneously connecting all the proxy gateways with the fort machines;
s2, setting a database under the IP address of each proxy gateway in the bastion machine, partitioning the database, wherein each partition corresponds to a host IP in the current local area network, and storing the associated information of the current host IP access user in the partition;
s3, after the user logs in the bastion machine system through the client, the bastion machine system directly calls the associated information in the database according to the login information of the user to generate request data, the request data at least comprises the associated information of the access user, a proxy gateway IP and a target host IP, and the request data is sent to a corresponding proxy gateway according to the proxy gateway IP;
and S4, the proxy gateway modifies the target IP in the TCP data packet message of the transmission layer into the target host IP and modifies the source IP into the proxy gateway IP according to the received request data, at the moment, the client of the user is directly connected with the target host through the connection between the bastion machine and the proxy gateway, and the user realizes the access to the target host.
2. The multi-local area network environment based bastion machine access method of claim 1, wherein the bastion machine has a corresponding extensibility, and when the number of local area networks is increased, a corresponding proxy gateway connection is directly added to the unique bastion machine.
3. The multi-local area network environment-based bastion access method according to claim 1, wherein the step S2 further comprises: and storing the association information of the newly registered user.
4. The bastion machine access method based on the multi-local area network environment as claimed in claim 3, wherein the storing of the association information of the new registered user specifically includes:
the user registers in the current bastion machine system, and the user indicates the identity of the user when registering, and simultaneously determines which proxy gateway local area network and which host under the local area network the user needs to access; and after the identity authentication is carried out by the bastion machine system, the current user is added into the corresponding partition of the corresponding database.
5. The multi-local area network environment-based bastion machine access method according to any one of claims 1-4, wherein the associated information comprises identity authentication information and access authority of an access user.
6. The bastion machine access method based on the multi-local area network environment according to claim 1, wherein the step S3 of generating request information specifically includes: and the bastion machine directly calls the stored associated information of the corresponding access user through the login information of the user, and generates request data according to the associated information and the storage path.
7. The utility model provides a fort machine system based on many local area network environment which characterized in that, fort machine system includes: one bastion machine and the same number of proxy gateways as the local area network; wherein the content of the first and second substances,
each proxy gateway corresponds to a local area network, and sets a corresponding IP address for each proxy gateway, wherein each local area network comprises a plurality of hosts;
a plurality of databases are arranged in the bastion machine, and each database corresponds to the IP address of one proxy gateway; each database is divided into a plurality of subareas, and each subarea corresponds to a host IP in a local area network corresponding to the current proxy gateway; the partition stores the associated information of the current host access user;
when a user accesses a target host under a multi-local area network environment through a bastion machine system, the bastion machine system executes the following programs:
the bastion machine system directly calls the associated information in the database according to the login information of the user to generate request data, wherein the request data at least comprises the associated information of the access user, the proxy gateway IP and the target host IP, and sends the request data to the corresponding proxy gateway according to the proxy gateway IP;
and the proxy gateway modifies the target IP in the TCP data packet message of the transmission layer into the IP of the target host according to the received request data, modifies the source IP into the IP of the proxy gateway, and directly establishes connection between the client of the user and the target host through the contact between the bastion machine and the proxy gateway at the moment so that the user realizes the access to the target host.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210790944.8A CN115296848B (en) | 2022-07-05 | 2022-07-05 | Multi-local area network environment-based fort system and fort access method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210790944.8A CN115296848B (en) | 2022-07-05 | 2022-07-05 | Multi-local area network environment-based fort system and fort access method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115296848A true CN115296848A (en) | 2022-11-04 |
| CN115296848B CN115296848B (en) | 2023-08-25 |
Family
ID=83821585
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210790944.8A Active CN115296848B (en) | 2022-07-05 | 2022-07-05 | Multi-local area network environment-based fort system and fort access method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115296848B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115941766A (en) * | 2022-11-22 | 2023-04-07 | 京东科技信息技术有限公司 | Operation and maintenance data processing method and device |
| CN116032611A (en) * | 2022-12-28 | 2023-04-28 | 北京深盾科技股份有限公司 | Login method, system and storage medium of network equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10511584B1 (en) * | 2016-09-29 | 2019-12-17 | Amazon Technologies, Inc. | Multi-tenant secure bastion |
| CN111490981A (en) * | 2020-04-01 | 2020-08-04 | 广州虎牙科技有限公司 | Access management method and device, bastion machine and readable storage medium |
| CN112769808A (en) * | 2020-12-31 | 2021-05-07 | 章和技术(广州)有限公司 | Mobile fort machine for industrial local area network, operation and maintenance method thereof and computer equipment |
| CN113645213A (en) * | 2021-08-03 | 2021-11-12 | 南方电网国际有限责任公司 | Multi-terminal network management monitoring system based on VPN technology |
| CN114244604A (en) * | 2021-12-16 | 2022-03-25 | 杭州乒乓智能技术有限公司 | Integrated authority management method and system suitable for bastion machine, electronic device and readable storage medium |
-
2022
- 2022-07-05 CN CN202210790944.8A patent/CN115296848B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10511584B1 (en) * | 2016-09-29 | 2019-12-17 | Amazon Technologies, Inc. | Multi-tenant secure bastion |
| CN111490981A (en) * | 2020-04-01 | 2020-08-04 | 广州虎牙科技有限公司 | Access management method and device, bastion machine and readable storage medium |
| CN112769808A (en) * | 2020-12-31 | 2021-05-07 | 章和技术(广州)有限公司 | Mobile fort machine for industrial local area network, operation and maintenance method thereof and computer equipment |
| CN113645213A (en) * | 2021-08-03 | 2021-11-12 | 南方电网国际有限责任公司 | Multi-terminal network management monitoring system based on VPN technology |
| CN114244604A (en) * | 2021-12-16 | 2022-03-25 | 杭州乒乓智能技术有限公司 | Integrated authority management method and system suitable for bastion machine, electronic device and readable storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115941766A (en) * | 2022-11-22 | 2023-04-07 | 京东科技信息技术有限公司 | Operation and maintenance data processing method and device |
| CN116032611A (en) * | 2022-12-28 | 2023-04-28 | 北京深盾科技股份有限公司 | Login method, system and storage medium of network equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115296848B (en) | 2023-08-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108650182B (en) | Network communication method, system, device, equipment and storage medium | |
| US11909586B2 (en) | Managing communications in a virtual network of virtual machines using telecommunications infrastructure systems | |
| US11063819B2 (en) | Managing use of alternative intermediate destination computing nodes for provided computer networks | |
| US10911528B2 (en) | Managing replication of computing nodes for provided computer networks | |
| US10187459B2 (en) | Distributed load balancing system, health check method, and service node | |
| US10911398B2 (en) | Packet generation method based on server cluster and load balancer | |
| US9736016B2 (en) | Managing failure behavior for computing nodes of provided computer networks | |
| CN115296848B (en) | Multi-local area network environment-based fort system and fort access method | |
| US11252126B1 (en) | Domain name resolution in environment with interconnected virtual private clouds | |
| US11625280B2 (en) | Cloud-native proxy gateway to cloud resources | |
| US10771309B1 (en) | Border gateway protocol routing configuration | |
| KR20140057553A (en) | - virtualization gateway between virtualized and non-virtualized networks | |
| CN111756830A (en) | Internal network load balancing implementation method of public cloud network | |
| US10237235B1 (en) | System for network address translation | |
| US20050125511A1 (en) | Intelligent local proxy for transparent network access from multiple physical locations | |
| CN110855488A (en) | Virtual machine access method and device | |
| CN115955456A (en) | IPv 6-based enterprise campus network and networking method | |
| CN113839862B (en) | Method, system, terminal and storage medium for synchronizing ARP information between MCLAG neighbors | |
| CN110851238A (en) | Implementation method of openstack fully-distributed dhcp service | |
| US20160342401A1 (en) | Inter-instance communication in a containered clustered server environment | |
| US10021066B2 (en) | Clustered server sharing | |
| CN114024971B (en) | Service data processing method, kubernetes cluster and medium | |
| CN112073503A (en) | High-performance load balancing method based on flow control mechanism | |
| CN111147345B (en) | Cloud environment network isolation device and method and cloud system | |
| KR101006962B1 (en) | System for allotting a dynamic private network path in a logical network and the method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |