CN115913824A - VPC-crossing virtual server communication method and system - Google Patents

VPC-crossing virtual server communication method and system Download PDF

Info

Publication number
CN115913824A
CN115913824A CN202310093291.2A CN202310093291A CN115913824A CN 115913824 A CN115913824 A CN 115913824A CN 202310093291 A CN202310093291 A CN 202310093291A CN 115913824 A CN115913824 A CN 115913824A
Authority
CN
China
Prior art keywords
virtual server
physical machine
identification information
packet
forwarding
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310093291.2A
Other languages
Chinese (zh)
Other versions
CN115913824B (en
Inventor
滕春金
宗明珠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Avic International Golden Net Beijing Technology Co ltd
Original Assignee
AVIC INTERNATIONAL E-BUSINESS Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by AVIC INTERNATIONAL E-BUSINESS Inc filed Critical AVIC INTERNATIONAL E-BUSINESS Inc
Priority to CN202310093291.2A priority Critical patent/CN115913824B/en
Publication of CN115913824A publication Critical patent/CN115913824A/en
Application granted granted Critical
Publication of CN115913824B publication Critical patent/CN115913824B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention relates to a cross-VPC virtual server communication method and a system, wherein the method comprises the following steps: the first virtual server sends a first encapsulation packet to the first physical machine; the first physical machine analyzes the first encapsulation packet to obtain a first forwarding instruction, first identification information and a second encapsulation packet; according to the first forwarding instruction, forwarding the second encapsulation packet to a second physical machine corresponding to the first identification information; the second physical machine analyzes the second encapsulation packet to obtain a second forwarding instruction, second identification information and a data packet; and forwarding the data packet to a second virtual server corresponding to the second identification information according to the second forwarding instruction. And establishing a communication bridge through the first physical machine and the second physical machine to realize the communication between the first virtual server and the second virtual server. The communication process does not break through a network isolation mechanism of the VPC, and specific data are transmitted through a special channel, so that the control of safety is facilitated.

Description

VPC-crossing virtual server communication method and system
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a cross-VPC virtual server communication method and a cross-VPC virtual server communication system.
Background
Different Virtual Private clouds (VPCs for short) are arranged in the Cloud platform, and each VPC is deployed with a plurality of Cloud desktops. And the cloud desktop management platform manages the cloud desktop. In the prior art, a cloud desktop in different VPCs needs to be managed by one cloud desktop management platform in consideration of a relatively common application scenario in the market. However, the management mode deviates from a VPC network isolation mechanism, and the isolation mechanism of the VPC network is to ensure network communication security, only cloud desktops under the same VPC can realize mutual communication, and cross-VPC communication is not allowed.
It is due to the network isolation mechanism of VPCs that cloud desktop products cannot be deployed and applied in multiple VPCs.
Disclosure of Invention
The application provides a cross-VPC virtual server communication method and a cross-VPC virtual server communication system, which are used for solving part or all of technical problems in the prior art.
In a first aspect, the present application provides a cross-VPC virtual server communication method, which is applicable to a cross-VPC virtual server communication system, where the cross-VPC virtual server communication system includes a first virtual server, a first physical machine where the first virtual server is located, a second virtual server, and a second physical machine where the second virtual server is located, and the first virtual server and the second virtual server belong to different VPCs, and the method includes:
the first virtual server sends a first encapsulation packet to the first physical machine;
the first physical machine analyzes the first encapsulation packet to obtain a first forwarding instruction, first identification information and a second encapsulation packet; according to the first forwarding instruction, forwarding the second encapsulation packet to a second physical machine corresponding to the first identification information;
the second physical machine analyzes the second encapsulation packet to obtain a second forwarding instruction, second identification information and a data packet; and forwarding the data packet to a second virtual server corresponding to the second identification information according to the second forwarding instruction.
Optionally, before the first virtual server sends the first encapsulation packet to the first physical machine, the method further includes:
acquiring a data packet to be processed and a data forwarding path;
determining first identification information and second identification information according to the data forwarding path, and generating a first forwarding instruction and a second forwarding instruction;
performing first-layer encapsulation on the data packet, the second identification information and the second forwarding instruction to obtain a second encapsulation packet;
and performing second-layer encapsulation on the second encapsulation packet, the first identification information and the first forwarding instruction to obtain the first encapsulation packet.
Optionally, when the first virtual server is a cloud desktop management platform, the second virtual server is a cloud desktop; or when the first virtual server is the cloud desktop, the second virtual server is the cloud desktop management platform.
Optionally, when the first virtual server is a cloud desktop management platform and the second virtual server is a cloud desktop, the method further includes:
after the second virtual server obtains the data packet, processing the data packet;
and feeding back the processing result to the second physical machine so that the second physical machine can forward to the first virtual server through the first physical machine.
Optionally, the data packet includes a data operation instruction and data to be processed; after the second virtual server obtains the data packet, processing the data packet, specifically including:
analyzing the data packet, and acquiring a data operation instruction and data to be processed;
and executing corresponding processing operation on the data to be processed according to the data operation instruction.
Optionally, the first identification information is IP address information corresponding to the first physical machine.
Optionally, the second identification information is ID information of the second virtual server, and/or name information of the second virtual server.
Optionally, the first virtual server and the first physical machine communicate with each other through a first virtual serial port; the second virtual server is communicated with the second physical machine through a second virtual serial port; the first physical machine and the second physical machine communicate through a TCP/IP protocol.
In a second aspect, the present application provides a virtual server communication system across VPCs, the system comprising:
the virtual control system comprises a first virtual server, a first physical machine where the first virtual server is located, a second virtual server, and a second physical machine where the second virtual server is located, wherein the first virtual server and the second virtual server belong to different VPCs;
the first virtual server is used for sending the first encapsulation packet to the first physical machine;
the first physical machine is used for analyzing the first encapsulation packet and acquiring a first forwarding instruction, first identification information and a second encapsulation packet; according to the first forwarding instruction, forwarding the second encapsulation packet to a second physical machine corresponding to the first identification information;
the second physical machine is used for analyzing the second encapsulation packet and acquiring a second forwarding instruction, second identification information and a data packet; and forwarding the data packet to a second virtual server corresponding to the second identification information according to the second forwarding instruction.
Optionally, the first virtual server is further configured to obtain a data packet to be processed and a data forwarding path;
determining first identification information and second identification information according to the data forwarding path, and generating a first forwarding instruction and a second forwarding instruction;
performing first-layer encapsulation on the data packet, the second identification information and the second forwarding instruction to obtain a second encapsulation packet;
and performing second-layer encapsulation on the second encapsulation packet, the first identification information and the first forwarding instruction to obtain a first encapsulation packet.
Compared with the prior art, the technical scheme provided by the embodiment of the application has the following advantages:
according to the method provided by the embodiment of the application, the data packet is encapsulated into two layers, the first virtual server sends the first encapsulation packet to the first physical machine, the first physical machine analyzes the first encapsulation packet, then obtains the first forwarding instruction, the first identification information and the second encapsulation packet, and then forwards the second encapsulation packet to the second physical machine corresponding to the first identification information according to the first forwarding instruction. And the second physical machine analyzes the second encapsulation packet to obtain a second forwarding instruction, second identification information and a data packet. And then forwarding the data packet to a second virtual server corresponding to the second identification information according to the second forwarding instruction. In the whole process, a communication bridge is established between the first physical machine and the second physical machine, and communication between the first virtual server and the second virtual server is achieved. The communication process does not break through a network isolation mechanism of the VPC, and specific data are transmitted through a special channel, so that the control of safety is facilitated. The method can be suitable for the cloud desktop management platform to manage the application scenes of the cloud desktops in different VPCs, so that the cloud desktop technology can be applied more widely.
Drawings
Fig. 1 is a schematic flowchart of a cross-VPC virtual server communication method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of another cross-VPC virtual server communication method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of another cross-VPC virtual server communication method according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating another cross-VPC virtual server communication method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a cross-VPC virtual server communication system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For the convenience of understanding of the embodiments of the present invention, the following description will be further explained with reference to specific embodiments, which are not to be construed as limiting the embodiments of the present invention.
To solve the technical problem mentioned in the background art, an embodiment of the present application provides a cross-VPC virtual server communication method, and specifically, as shown in fig. 1, fig. 1 is a schematic flow diagram of a cross-VPC virtual server communication method provided in an embodiment of the present invention. Before introducing the steps of the method, some specific communication modes of communication between the current cloud platform and the cloud desktop are described first. See specifically below:
the method I comprises the following steps: the cloud desktop management platform and the created cloud desktop are both in a basic network of the cloud platform, and the cloud platform basic network IP is used for ensuring the network intercommunication between the cloud desktop management platform and the created cloud desktop;
the second method comprises the following steps: the cloud desktop management platform and the created cloud desktop are both in the same VPC, and the private network IP of the VPC is used to ensure the network intercommunication between the cloud desktop management platform and the created cloud desktop;
the third method comprises the following steps: the cloud desktop management platform and the created cloud desktop are in different VPCs, and network intercommunication between the cloud desktop management platform and the created cloud desktop is ensured by binding an Extended IP (EIP) to the cloud desktop management platform and the created cloud desktop;
the method four comprises the following steps: the cloud desktop management platform and the created cloud desktop are in different VPCs, multi-VPC grid connection is carried out by creating a tunnel between VPCs, and network intercommunication between the cloud desktop management platform and the created cloud desktop is guaranteed;
the fifth mode is as follows: multiple sets of cloud desktop management platforms are deployed in different VPCs, and the cloud desktop management platform in each VPC only manages the cloud desktop in the VPC.
In the same way as the basic network IP, the priority is higher than the private network level of the VPC and is at a lower layer. The cloud desktop management platform and the cloud desktop communicate through a basic network IP, which is equivalent to communication in one network, and the communication mode has no isolation effect and conflicts with a network isolation mechanism of a VPC. For the second method, the security of the communication method is high, but the cloud desktop management platform cannot manage the cloud desktops in different VPCs. For the third mode, the EIP is used for realizing communication between the cloud desktop management platform and the cloud desktop, but the EIP belongs to public IP, and although communication connection can be established between a cross-VPC and other VPCs, the mode can make the cloud desktop insecure. In some application scenarios, the application scenario with high security requirements on the cloud desktop is still not applicable. In the fourth mode, multiple VPC synchronization is performed through a tunnel between VPCs, which still causes a problem that network isolation cannot be realized. The fifth mode has the problem that the management is inconvenient, and a plurality of sets of cloud desktop management platforms are deployed in different VPCs. However, in some scenarios, service intersections exist among multiple sets of cloud desktops, and once service intersections exist and service data changes, the cloud desktops in multiple VPCs need to be maintained at the same time, which is inconvenient to operate and maintain.
In the above, the application scenarios in two different VPCs can be seen in the following examples:
a first application scenario, such as a daily office desktop application scenario. In the application scene, the requirement on the security management and control level of the cloud desktop is low, the internet can be normally accessed, and various application system entries developed by the internet can be accessed. The second scenario is: the cloud platform operation uses Yun Zhuomian to access, operate and maintain the bottom layer of the cloud platform, and if a security problem occurs, the cloud platform is crashed. Therefore, the cloud desktop only can access the bottom layer of the cloud platform, and internet access is avoided. The two platforms need to be deployed in different VPCs, and the cloud platforms of the two application scenarios may also have some service intersections, so that cross-VPC communication is needed. Then, neither of the above communication methods is well suited for both application scenarios.
In the embodiment of the application, a network isolation mechanism which can ensure communication between cloud desktops and cloud desktop management platforms among different VPCs and can also maintain the VPCs is provided.
The method is applicable to a cross-VPC virtual server communication system, the cross-VPC virtual server communication system comprises a first virtual server, a first physical machine where the first virtual server is located, a second virtual server and a second physical machine where the second virtual server is located, and the first virtual server and the second virtual server belong to different VPCs, and the method comprises the following steps:
step 110, the first virtual server sends the first encapsulation packet to the first physical machine.
Specifically, the relationship between the first virtual server and the first physical machine is "belonging to and being belonged to". The first virtual server is borne on the first physical machine, so that the first virtual server and the first physical machine can realize communication with the virtual serial port according to the customized protocol. The first virtual server can send the first encapsulation packet to the first physical machine through the virtual serial port. The customized protocol is a data transmission protocol specified by the cloud platform.
And step 120, the first physical machine analyzes the first encapsulation packet, and acquires a first forwarding instruction, first identification information and a second encapsulation packet.
And step 130, the first physical machine forwards the second encapsulation packet to a second physical machine corresponding to the first identification information according to the first forwarding instruction.
Specifically, after the first physical machine parses the first encapsulation packet, the first forwarding instruction, the first identification information, and the second encapsulation packet may be extracted from the first encapsulation packet. The first forwarding instruction is used for instructing to forward the second encapsulation packet to the second physical machine corresponding to the first identification information.
Therefore, after the first physical machine acquires the first identification information, the second physical machine corresponding to the first identification information is determined first, and then the second encapsulation packet is forwarded to the second physical machine.
In one but optional example, the first identification information may be IP address information of the second physical machine. Of course, ID information, name information, and the like of the second physical device may be possible. And then, according to the ID information and/or the name information, determining the second physical machine, further acquiring the IP address information of the second physical machine, and forwarding the second encapsulation packet to the second physical machine according to the IP address information of the second physical machine. In the embodiment of the present application, the first identification information is preferably IP address information of the second physical device.
In step 140, the second physical machine parses the second encapsulation packet to obtain a second forwarding instruction, second identification information, and a data packet.
And 150, forwarding the data packet to a second virtual server corresponding to the second identification information according to the second forwarding instruction.
Specifically, after the second physical machine acquires the second encapsulation packet, the second physical machine analyzes the second encapsulation packet, and then acquires a second forwarding instruction, second identification information, and a data packet in the second encapsulation packet. The data packet is actually a data packet to be forwarded to the second virtual server corresponding to the second identification information.
And the second physical machine determines a second virtual server according to the second identification information. And then forwarding the data packet to a second virtual server according to the second forwarding instruction.
In an alternative example, the second identification information may be ID information and/or name information of the second virtual server.
After the second virtual server obtains the data packet, the second virtual server can analyze the data packet, then obtain a data operation instruction in the data packet, and further execute corresponding operation according to the data operation in the data packet.
In an optional example, the data packet may further include data to be processed, and if the data operation instruction is used to instruct to perform a certain operation on the data, the second virtual server is further configured to perform a corresponding operation on the data according to the data operation instruction.
The cross-VPC virtual server communication method provided by the embodiment of the invention encapsulates a data packet into two layers, the first virtual server sends a first encapsulation packet to a first physical machine, the first physical machine analyzes the first encapsulation packet, acquires a first forwarding instruction, first identification information and a second encapsulation packet, and then forwards the second encapsulation packet to a second physical machine corresponding to the first identification information according to the first forwarding instruction. And the second physical machine analyzes the second encapsulation packet to obtain a second forwarding instruction, second identification information and a data packet. And then forwarding the data packet to a second virtual server corresponding to the second identification information according to the second forwarding instruction. In the whole process, a communication bridge is established between the first physical machine and the second physical machine, and communication between the first virtual server and the second virtual server is realized. The communication process does not break through a network isolation mechanism of the VPC, and specific data are transmitted through a special channel, so that the security management and control are facilitated. The method can be suitable for the cloud desktop management platform to manage the application scenes of the cloud desktops in different VPCs, so that the cloud desktop technology can be applied more widely.
In an optional example, on the basis of the foregoing embodiment, the present embodiment further provides another method for virtual server communication across VPCs, where the method includes, in addition to the foregoing method steps, the following method steps that are performed before the first virtual server sends the first encapsulation packet to the first physical machine, and specifically referring to fig. 2, the method includes:
step 210, obtaining a data packet to be processed and a data forwarding path.
Step 220, determining the first identification information and the second identification information according to the data forwarding path, and generating a first forwarding instruction and a second forwarding instruction.
Specifically, when a first virtual server needs to transmit a data packet to a second virtual server, a data forwarding path, for example, a node through which data forwarding needs to pass needs to be determined in advance. Then, according to the data forwarding nodes, the identification information corresponding to each data forwarding node is determined, and the identification information is used for knowing where the next node is in the subsequent data forwarding process. In addition to the above, it is also necessary to generate a forwarding instruction, so as to determine an action to be performed according to the forwarding instruction after the next node receives data. Therefore, after the data packet to be processed and the data forwarding path are obtained, the first identification information and the second identification information are determined according to the data forwarding path, and the first forwarding instruction and the second forwarding instruction are generated. The specific data forwarding path and the identification information corresponding to each data forwarding node in the data forwarding path may be preconfigured in the first virtual server, or may be obtained by the first virtual server through other ways, for example, called from a certain database. The specific operation can be set according to actual conditions, and is not limited herein.
Step 230, performing a first layer encapsulation on the data packet, the second identification information, and the second forwarding instruction to obtain a second encapsulation packet.
And step 240, performing second-layer encapsulation on the second encapsulation packet, the first identification information and the first forwarding instruction to obtain a first encapsulation packet.
Specifically, in order to ensure the security of data transmission, data needs to be encapsulated. Each node may be configured with the authority to parse only one layer of the encapsulated packet. It is contemplated that the data forwarding node in embodiments of the present application includes a first physical machine and a second physical machine. Therefore, it is necessary to perform first-layer encapsulation on the data packet, the second identification information, and the second forwarding instruction to obtain a second encapsulation packet, and then perform second-layer encapsulation on the second encapsulation packet, the first identification information, and the first forwarding instruction to obtain a first encapsulation packet.
The first physical machine can only analyze the first layer to obtain the second encapsulation packet, the first identification information and the first forwarding instruction. And then performs the associated operations described above as being required to be performed for the first physical machine. The second phy may parse the second layer to obtain the to-be-processed data packet, the second identification information, and the second forwarding instruction, so as to perform the operations described above that need to be performed for the second phy.
Further optionally, in any embodiment, when the first virtual server is a cloud desktop management platform, the second virtual server is a cloud desktop; or when the first virtual server is the cloud desktop, the second virtual server is the cloud desktop management platform.
In an optional example, when the first virtual server is a cloud desktop management platform and the second virtual server is a cloud desktop, the method further includes the following method steps, specifically referring to fig. 3, where the method steps include:
and step 310, after the second virtual server obtains the data packet, processing the data packet.
In step 320, the processing result is fed back to the second physical machine, so that the second physical machine is forwarded to the first virtual server through the first physical machine.
That is, after the data packet is processed, the feedback result is only the first virtual server, so that the first virtual server can show the processing result to the user.
In an optional example, the data packet includes a data operation instruction and data to be processed; after acquiring the data packet, the second virtual server processes the data packet, which specifically includes the following method steps, specifically referring to fig. 4, the method includes:
step 410, after the data packet is analyzed, a data operation instruction and data to be processed are obtained.
And step 420, executing corresponding processing operation on the data to be processed according to the data operation instruction.
Further optionally, the first virtual server and the first physical machine communicate with each other through a first virtual serial port; the second virtual server is communicated with the second physical machine through a second virtual serial port; the first physical machine and the second physical machine communicate through a TCP/IP protocol.
Next, a specific work flow will be described by taking the first virtual server as a cloud desktop management platform and the second virtual server as a cloud desktop as an example. See specifically below:
step 1) the cloud desktop management platform conducts two-layer encapsulation on a required data packet, first identification information, second identification information, a first forwarding instruction and a second forwarding instruction according to a convention protocol format.
Step 2), the cloud desktop management platform sends the encapsulation package to a first physical machine where the cloud desktop management platform is located through a customized protocol and a virtual serial port;
step 3) after receiving the data packet, the daemon process in the first physical machine resolves the first layer of data packet to obtain first identification information corresponding to the second physical machine where the managed cloud desktop is located, and sends the resolved data packet to the second physical machine where the managed cloud desktop is located through a physical network (namely, a first data forwarding instruction and the resolved data packet are resolved);
step 4) after receiving the data packet, the second physical machine performs unpacking again to obtain second identification information and the data packet corresponding to the managed cloud desktop and a second forwarding instruction, and sends the unpacked data packet to the virtual computer where the managed cloud desktop is located through the customized protocol and the virtual serial port;
and 5) after the virtual machine daemon process where the managed cloud desktop is located receives the data packet, saving the file to a specified directory according to an instruction in the data packet, and executing the silent installation script according to requirements if the silent installation script is required to be executed.
In addition to performing the above operations, the method may further include:
step 6), feeding back an execution result to the cloud desktop management platform in the opposite direction of the steps 1 to 4;
and 7) after receiving the feedback information, the cloud desktop management platform feeds back the result of the operation to the user on the page.
In the above, for several embodiments of the cross-VPC virtual server communication method provided in the present application, other embodiments of the cross-VPC virtual server communication provided in the present application are described below, and specifically refer to the following.
Fig. 5 is a virtual server communication system across VPCs according to an embodiment of the present invention, where the system includes: the virtual server system comprises a first virtual server 10, a first physical machine 20 and a second virtual server 30 where the first virtual server 10 is located, and a second physical machine 40 where the second virtual server 30 is located, wherein the first virtual server 10 and the second virtual server 30 belong to different VPCs.
The first virtual server 10 is configured to send a first encapsulation packet to the first physical machine 20;
the first physical machine 20 is configured to parse the first encapsulation packet, and obtain a first forwarding instruction, first identification information, and a second encapsulation packet; forwarding the second encapsulation packet to a second physical machine 40 corresponding to the first identification information according to the first forwarding instruction;
the second physical machine 40 is configured to parse the second encapsulation packet, and obtain a second forwarding instruction, second identification information, and a data packet; and forwarding the data packet to the second virtual server 30 corresponding to the second identification information according to the second forwarding instruction.
Optionally, the first virtual server 10 is further configured to obtain a data packet to be processed and a data forwarding path;
determining first identification information and second identification information according to the data forwarding path, and generating a first forwarding instruction and a second forwarding instruction;
performing first-layer encapsulation on the data packet, the second identification information and the second forwarding instruction to obtain a second encapsulation packet;
and performing second-layer encapsulation on the second encapsulation packet, the first identification information and the first forwarding instruction to obtain the first encapsulation packet.
Optionally, when the first virtual server 10 is a cloud desktop management platform, the second virtual server 30 is a cloud desktop; alternatively, when the first virtual server 10 is a cloud desktop, the second virtual server 30 is a cloud desktop management platform.
Optionally, when the first virtual server 10 is a cloud desktop management platform and the second virtual server 30 is a cloud desktop, the second virtual server 30 is further configured to:
after the data packet is obtained, processing the data packet;
and feeds back the processing result to the second physical machine 40 so that the second physical machine 40 forwards to the first virtual server 10 through the first physical machine 20.
Optionally, the data packet includes a data operation instruction and data to be processed; the second virtual server 30 is specifically configured to, after analyzing the data packet, obtain a data operation instruction and data to be processed;
and executing corresponding processing operation on the data to be processed according to the data operation instruction.
Optionally, the first identification information is IP address information corresponding to the first physical machine 20.
Optionally, the second identification information is ID information of the second virtual server 30, and/or name information of the second virtual server 30.
Optionally, the first virtual server 10 and the first physical machine 20 communicate with each other through a first virtual serial port; the second virtual server 30 and the second physical machine 40 communicate through a second virtual serial port; the first physical machine 20 and the second physical machine 40 communicate with each other via the TCP/IP protocol.
The functions executed by each component in the cross-VPC virtual server communication system provided in the embodiments of the present invention have been described in detail in any of the above method embodiments, and therefore are not described herein again.
The cross-VPC virtual server communication system provided by the embodiment of the invention encapsulates data packets into two layers, the first virtual server sends a first encapsulation packet to a first physical machine, the first physical machine analyzes the first encapsulation packet, then a first forwarding instruction, first identification information and a second encapsulation packet are obtained, and then the second encapsulation packet is forwarded to a second physical machine corresponding to the first identification information according to the first forwarding instruction. And the second physical machine analyzes the second encapsulation packet to obtain a second forwarding instruction, second identification information and a data packet. And then forwarding the data packet to a second virtual server corresponding to the second identification information according to the second forwarding instruction. In the whole process, a communication bridge is established between the first physical machine and the second physical machine, and communication between the first virtual server and the second virtual server is realized. The communication process does not break through a network isolation mechanism of the VPC, and specific data are transmitted through a special channel, so that the security management and control are facilitated. The method can be suitable for the cloud desktop management platform to manage the application scenes of the cloud desktops in different VPCs, so that the cloud desktop technology can be applied more widely.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
The above are merely exemplary embodiments of the present invention, which can be understood and implemented by those skilled in the art. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A cross-VPC virtual server communication method is applicable to a cross-VPC virtual server communication system, and the cross-VPC virtual server communication system comprises a first virtual server, a first physical machine where the first virtual server is located, a second virtual server, and a second physical machine where the second virtual server is located, wherein the first virtual server and the second virtual server belong to different VPCs, and the method comprises the following steps:
the first virtual server sends a first encapsulation packet to a first physical machine;
the first physical machine analyzes the first encapsulation packet to obtain a first forwarding instruction, first identification information and a second encapsulation packet; according to the first forwarding instruction, forwarding the second encapsulation packet to a second physical machine corresponding to the first identification information;
the second physical machine analyzes the second encapsulation packet to obtain a second forwarding instruction, second identification information and a data packet; and forwarding the data packet to a second virtual server corresponding to the second identification information according to the second forwarding instruction.
2. The method of claim 1, wherein before the first virtual server sends the first encapsulation packet to the first physical machine, further comprising:
acquiring a data packet to be processed and a data forwarding path;
determining the first identification information and the second identification information according to the data forwarding path, and generating a first forwarding instruction and a second forwarding instruction;
performing first-layer encapsulation on the data packet, the second identification information and the second forwarding instruction to obtain a second encapsulation packet;
and performing second-layer encapsulation on the second encapsulation packet, the first identification information and the first forwarding instruction to obtain the first encapsulation packet.
3. The method of claim 1, wherein when the first virtual server is a cloud desktop management platform, the second virtual server is a cloud desktop; or when the first virtual server is a cloud desktop, the second virtual server is a cloud desktop management platform.
4. The method of claim 3, wherein when the first virtual server is a cloud desktop management platform and the second virtual server is a cloud desktop, the method further comprises:
after the second virtual server obtains the data packet, processing the data packet;
and feeding back a processing result to the second physical machine so that the second physical machine can forward the processing result to the first virtual server through the first physical machine.
5. The method of claim 4, wherein the data packet comprises a data operation command and data to be processed; after the second virtual server obtains the data packet, processing the data packet, specifically including:
after the data packet is analyzed, the data operation instruction and the data to be processed are obtained;
and executing corresponding processing operation on the data to be processed according to the data operation instruction.
6. The method of any of claims 1-5, wherein the first identification information is IP address information corresponding to the first physical machine.
7. The method according to any of claims 1-5, wherein the second identification information is ID information of the second virtual server and/or name information of the second virtual server.
8. The method according to any one of claims 1-5, wherein the first virtual server communicates with the first physical machine through a first virtual serial port; the second virtual server is communicated with the second physical machine through a second virtual serial port; and the first physical machine and the second physical machine communicate through a TCP/IP protocol.
9. A virtual server communication system across VPCs, the system comprising: the virtual control system comprises a first virtual server, a first physical machine where the first virtual server is located, a second virtual server and a second physical machine where the second virtual server is located, wherein the first virtual server and the second virtual server belong to different VPCs;
the first virtual server is used for sending a first encapsulation packet to a first physical machine;
the first physical machine is used for analyzing the first encapsulation packet and acquiring a first forwarding instruction, first identification information and a second encapsulation packet; according to the first forwarding instruction, forwarding the second encapsulation packet to a second physical machine corresponding to the first identification information;
the second physical machine is used for analyzing the second encapsulation packet and acquiring a second forwarding instruction, second identification information and a data packet; and forwarding the data packet to a second virtual server corresponding to the second identification information according to the second forwarding instruction.
10. The system of claim 9, wherein the first virtual server is further configured to obtain a data packet to be processed and a data forwarding path;
determining the first identification information and the second identification information according to the data forwarding path, and generating a first forwarding instruction and a second forwarding instruction;
performing first-layer encapsulation on the data packet, the second identification information and the second forwarding instruction to obtain a second encapsulation packet;
and performing second-layer encapsulation on the second encapsulation packet, the first identification information and the first forwarding instruction to obtain the first encapsulation packet.
CN202310093291.2A 2023-02-10 2023-02-10 Virtual server communication method and system crossing VPC Active CN115913824B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310093291.2A CN115913824B (en) 2023-02-10 2023-02-10 Virtual server communication method and system crossing VPC

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310093291.2A CN115913824B (en) 2023-02-10 2023-02-10 Virtual server communication method and system crossing VPC

Publications (2)

Publication Number Publication Date
CN115913824A true CN115913824A (en) 2023-04-04
CN115913824B CN115913824B (en) 2023-07-25

Family

ID=86489905

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310093291.2A Active CN115913824B (en) 2023-02-10 2023-02-10 Virtual server communication method and system crossing VPC

Country Status (1)

Country Link
CN (1) CN115913824B (en)

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075537A (en) * 2011-01-19 2011-05-25 华为技术有限公司 Method and system for realizing data transmission between virtual machines
CN102299929A (en) * 2011-09-15 2011-12-28 北京天地云箱科技有限公司 Access control method, system and device for virtual machine
CN103532815A (en) * 2013-10-09 2014-01-22 中国联合网络通信集团有限公司 Message transmission method and device based on virtual machine migration
CN104243566A (en) * 2014-05-14 2014-12-24 温武少 Cloud desktop management system for centralized management and dispersed service
CN105190557A (en) * 2012-10-16 2015-12-23 思杰系统有限公司 Systems and methods for bridging between public and private clouds through multi-level api integration
WO2016050109A1 (en) * 2014-09-29 2016-04-07 华为技术有限公司 Communication method, cloud management server and virtual switch
CN105591955A (en) * 2015-10-30 2016-05-18 杭州华三通信技术有限公司 Message transmission method and device
CN105591873A (en) * 2015-10-27 2016-05-18 杭州华三通信技术有限公司 Virtual machine isolation method and device
CN106470155A (en) * 2015-08-14 2017-03-01 中国电信股份有限公司 A kind of retransmission method of virtual-machine data, SDN controller and SDN system
CN107819811A (en) * 2016-09-14 2018-03-20 阿里巴巴集团控股有限公司 Data communications method, device and equipment
CN108632354A (en) * 2018-04-02 2018-10-09 新华三云计算技术有限公司 Physical machine receives pipe method, apparatus and cloud desktop management platform
CN109361764A (en) * 2018-11-29 2019-02-19 杭州数梦工场科技有限公司 The interior service access method across VPC, device, equipment and readable storage medium storing program for executing
CN113132201A (en) * 2019-12-30 2021-07-16 华为技术有限公司 Communication method and device between VPCs
CN114363334A (en) * 2021-12-30 2022-04-15 阿里巴巴(中国)有限公司 Network configuration method, device and equipment for cloud system and cloud desktop virtual machine
CN114844833A (en) * 2022-03-30 2022-08-02 阿里云计算有限公司 Message processing method and system, storage medium and computer terminal
CN115442367A (en) * 2022-08-23 2022-12-06 中国银联股份有限公司 Data transmission method, virtual private cloud, device, medium and product

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075537A (en) * 2011-01-19 2011-05-25 华为技术有限公司 Method and system for realizing data transmission between virtual machines
CN102299929A (en) * 2011-09-15 2011-12-28 北京天地云箱科技有限公司 Access control method, system and device for virtual machine
CN105190557A (en) * 2012-10-16 2015-12-23 思杰系统有限公司 Systems and methods for bridging between public and private clouds through multi-level api integration
CN103532815A (en) * 2013-10-09 2014-01-22 中国联合网络通信集团有限公司 Message transmission method and device based on virtual machine migration
CN104243566A (en) * 2014-05-14 2014-12-24 温武少 Cloud desktop management system for centralized management and dispersed service
WO2016050109A1 (en) * 2014-09-29 2016-04-07 华为技术有限公司 Communication method, cloud management server and virtual switch
CN106470155A (en) * 2015-08-14 2017-03-01 中国电信股份有限公司 A kind of retransmission method of virtual-machine data, SDN controller and SDN system
CN105591873A (en) * 2015-10-27 2016-05-18 杭州华三通信技术有限公司 Virtual machine isolation method and device
CN105591955A (en) * 2015-10-30 2016-05-18 杭州华三通信技术有限公司 Message transmission method and device
CN107819811A (en) * 2016-09-14 2018-03-20 阿里巴巴集团控股有限公司 Data communications method, device and equipment
CN108632354A (en) * 2018-04-02 2018-10-09 新华三云计算技术有限公司 Physical machine receives pipe method, apparatus and cloud desktop management platform
CN109361764A (en) * 2018-11-29 2019-02-19 杭州数梦工场科技有限公司 The interior service access method across VPC, device, equipment and readable storage medium storing program for executing
CN113132201A (en) * 2019-12-30 2021-07-16 华为技术有限公司 Communication method and device between VPCs
CN114363334A (en) * 2021-12-30 2022-04-15 阿里巴巴(中国)有限公司 Network configuration method, device and equipment for cloud system and cloud desktop virtual machine
CN114844833A (en) * 2022-03-30 2022-08-02 阿里云计算有限公司 Message processing method and system, storage medium and computer terminal
CN115442367A (en) * 2022-08-23 2022-12-06 中国银联股份有限公司 Data transmission method, virtual private cloud, device, medium and product

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
杨绍光;房秉毅;毋涛;: "基于SDN的虚拟私有云研究", 信息通信技术, no. 02 *
邹壮达;谭朔;谭建;: "云桌面技术在高校信息化建设中的应用研究", 中国管理信息化, no. 10 *

Also Published As

Publication number Publication date
CN115913824B (en) 2023-07-25

Similar Documents

Publication Publication Date Title
US11929945B2 (en) Managing network traffic in virtual switches based on logical port identifiers
CN111131037B (en) Data transmission method, device, medium and electronic equipment based on virtual gateway
US9385912B1 (en) Framework for stateless packet tunneling
US20130332601A1 (en) Dynamic logging
JP7045050B2 (en) Communication monitoring system and communication monitoring method
US10178068B2 (en) Translating network attributes of packets in a multi-tenant environment
CN112583618B (en) Method, device and computing equipment for providing network service for business
US10908970B1 (en) Data interface for secure analytic data system integration
WO2017000565A1 (en) User access control method and apparatus, relay device and server
CN111225070B (en) Flow control method, device and system and SDN controller
US11811884B1 (en) Topic subscription provisioning for communication protocol
CN111901357A (en) Remote network connection method, system, computer device and storage medium
US10862804B2 (en) Redirecting data packets between overlay network and underlay network
CN107995321A (en) A kind of VPN client acts on behalf of the method and device of DNS
EP3096492B1 (en) Page push method and system
CN107911496A (en) A kind of VPN service terminal acts on behalf of the method and device of DNS
CN110597783B (en) Database management method, device, equipment and storage medium
CN112559472B (en) File transmission method, device, computer equipment and storage medium
CN112395049A (en) Service server calling method, system, equipment and storage medium
CN115913824A (en) VPC-crossing virtual server communication method and system
CN110391922B (en) Version prompting method and device for service platform
CN113014664B (en) Gateway adaptation method, device, electronic equipment and storage medium
CN114765567B (en) Communication method and communication system
US11804986B2 (en) Method for the remote management of a device connected to a residential gateway
CN110266705B (en) Control method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 101, Floor 1-8, Building 8, Courtyard 13, Ronghua South Road, Beijing Economic and Technological Development Zone, Daxing District, Beijing 100176 (Yizhuang Group, High-end Industrial Zone, Beijing Pilot Free Trade Zone)

Patentee after: AVIC International Golden Net (Beijing) Technology Co.,Ltd.

Country or region after: China

Address before: Room 801, 8th Floor, Building 10, Yard 13, Ronghua South Road, Daxing District, Beijing, 100176

Patentee before: AVIC INTERNATIONAL E-BUSINESS Inc.

Country or region before: China