CN116866183A - Cloud network topology generation method, device, equipment and medium - Google Patents

Cloud network topology generation method, device, equipment and medium Download PDF

Info

Publication number
CN116866183A
CN116866183A CN202310787161.9A CN202310787161A CN116866183A CN 116866183 A CN116866183 A CN 116866183A CN 202310787161 A CN202310787161 A CN 202310787161A CN 116866183 A CN116866183 A CN 116866183A
Authority
CN
China
Prior art keywords
network
information
cloud
area
network topology
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310787161.9A
Other languages
Chinese (zh)
Inventor
陈继辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCB Finetech Co Ltd
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202310787161.9A priority Critical patent/CN116866183A/en
Publication of CN116866183A publication Critical patent/CN116866183A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies

Abstract

The disclosure provides a method, a device, equipment and a medium for generating network topology on cloud, which can be applied to the technical field of cloud computing. The method comprises the following steps: obtaining server resource information and network connection information of a network created by a target tenant, wherein the network is composed of network segments, the network segments correspond to at least one router, the router is used for collecting routing strategy information, and the network connection information is used for representing association relations among server resources in the network; respectively configuring server resource information and routing strategy information to a preset network topology area, wherein the preset network topology area is constructed according to network segments and the routing strategy information; and based on the network connection information, respectively performing directed connection on the server resource information and the routing strategy information in the preset network topology area to generate a network topology graph.

Description

Cloud network topology generation method, device, equipment and medium
Technical Field
The disclosure relates to the technical field of cloud computing, and in particular relates to a method, a device, equipment and a medium for generating network topology on a cloud.
Background
The cloud service provider can open up private networks (Virtual Private Cloud, VPC) for tenants on public cloud, namely virtual private cloud, which is a self-defined logic isolation network space on public cloud and is a network space which can be self-defined by the tenants. The tenant can completely master the environment of the private network, flexibly deploy the nodes on the cloud, and form complex network topology among the nodes.
In the implementation process of the present disclosure, it is found that, in relatively many existing solutions for generating a network topology of an application system, for a traditional data center, such a network facility is relatively single, and in a cloud environment with a wider current application, the network topology on the cloud cannot be generated, and the network topology relationship of each node on the cloud cannot be intuitively displayed.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a method, apparatus, device, medium, and program product for generating a network topology on a cloud.
According to a first aspect of the present disclosure, there is provided a method for generating a network topology on a cloud, including:
obtaining server resource information and network connection information of a network created by a target tenant, wherein the network is composed of network segments, the network segments correspond to at least one router, the router is used for collecting routing strategy information, and the network connection information is used for representing association relations among server resources in the network;
respectively configuring server resource information and routing strategy information to a preset network topology area, wherein the preset network topology area is constructed according to network segments and the routing strategy information; and
based on the network connection information, the server resource information and the routing strategy information in the preset network topology area are connected in a directed mode respectively, and a network topology graph is generated.
According to an embodiment of the present disclosure, the preset network topology area is composed of a cloud network area and a non-cloud network area, and the network includes N, where N is an integer greater than or equal to 2;
wherein the method further comprises:
constructing N cloud network areas according to network segments corresponding to N networks;
and constructing different types of non-cloud network areas according to the type of the routing strategy information.
According to an embodiment of the present disclosure, server resource information and routing policy information are respectively configured on a preset network topology area, including:
under the condition that the address of the server resource related to the server resource information is matched with the network segment, the server resource information is configured to the corresponding network-on-cloud area;
and under the condition that the type of the routing strategy information is matched with the type of the non-cloud network area, configuring the routing strategy information to the corresponding non-cloud network area.
According to an embodiment of the disclosure, the network comprises a virtual private cloud, and the server resource information comprises information of a cloud host;
the method for obtaining the server resource information and the network connection information of the network created by the target tenant comprises the following steps:
acquiring information of a cloud host of a virtual private cloud created by a target tenant through a cloud interface;
And acquiring network connection information in real time by deploying proxy supervision on the cloud host.
According to an embodiment of the present disclosure, the network connection information includes: source address information and destination address information; the routing strategy information comprises private network segment information;
based on network connection information, the method respectively performs directed connection on server resource information and routing strategy information in a preset network topology area to generate a network topology graph, and comprises the following steps:
determining a connection direction according to the source address information and the destination address information;
and according to the connection direction, utilizing the directed line segments to carry out directed connection on the information of the cloud host and the information of the special line network segment, and generating a network topology graph.
According to an embodiment of the present disclosure, the network connection information further includes: destination port information and protocol information;
based on the network connection information, the method respectively performs directed connection on server resource information and routing policy information in a preset network topology area to generate a network topology graph, and further includes:
and marking the directed line segment by utilizing the destination port information and the protocol information.
According to an embodiment of the present disclosure, a non-cloud-on network area includes: an internet area, a private line area and a virtual private network area; the routing strategy information comprises Internet network segment information, private line network segment information and virtual private network segment information;
Under the condition that the type of the routing strategy information is matched with the type of the non-cloud network area, the routing strategy information is configured to the corresponding non-cloud network area, and the method comprises the following steps:
configuring the Internet network segment information to an Internet area;
configuring private line segment information to a private line area;
and configuring the virtual private network segment information to the virtual private network area.
A second aspect of the present disclosure provides an on-cloud network topology generation apparatus, including:
the system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring server resource information and network connection information of a network created by a target tenant, the network is composed of network segments, the network segments correspond to at least one router, the router is used for acquiring routing strategy information, and the network connection information is used for representing the association relation among server resources in the network;
the configuration module is used for respectively configuring the server resource information and the routing strategy information to a preset network topology area, wherein the preset network topology area is constructed according to the network segment and the routing strategy information; and
the generation module is used for carrying out directed connection on the server resource information and the routing strategy information in the preset network topology area respectively based on the network connection information to generate a network topology graph.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the above-described network topology on cloud generation method.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described network topology on cloud generation method.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described network topology generation method on a cloud.
According to the embodiment of the disclosure, the server resource information of the network created by the target tenant is obtained, the characteristics of the network architecture on the cloud are fully combined, the preset network topology area is constructed through the routing strategy information and the network segments collected by the routers of the network segments, the obtained network connection information is combined with the server resource information and the routing strategy information, a more accurate and visual network topology graph is drawn, the configuration of the network access relationship on the cloud by operation and maintenance personnel is facilitated, the failure problem that the network access is not enabled to be conducted by the operation and maintenance personnel can be guided to be checked, information support and the like can be provided for the scenes of migration, capacity expansion, planning and splitting of the application system, and the like of the application system, and the problems that the network topology on the cloud cannot be generated and the network topology relationship of each node on the cloud cannot be visually displayed in the current network topology scheme of the current generation application system under the cloud environment with wider application are at least partially solved.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of a network topology generation method, apparatus, device, medium and program product on a cloud according to an embodiment of the present disclosure;
fig. 2 schematically illustrates a flowchart of a method of network topology generation on a cloud according to an embodiment of the present disclosure;
fig. 3 schematically illustrates a flowchart of a method of generating a network topology on a cloud according to another embodiment of the present disclosure;
fig. 4 schematically illustrates a schematic diagram of a network topology according to an embodiment of the present disclosure;
fig. 5 schematically illustrates a block diagram of a network topology generation apparatus on a cloud according to an embodiment of the present disclosure;
fig. 6 schematically illustrates a schematic diagram of an acquisition module of a network topology generation apparatus on a cloud according to an embodiment of the present disclosure; and
fig. 7 schematically illustrates a block diagram of an electronic device adapted to implement a network topology generation method on a cloud according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
In the technical scheme of the disclosure, the related data (such as including but not limited to personal information of a user) are collected, stored, used, processed, transmitted, provided, disclosed, applied and the like, all conform to the regulations of related laws and regulations, necessary security measures are adopted, and the public welcome is not violated.
In the technical scheme of the embodiment of the disclosure, the authorization or consent of the user is obtained before the personal information of the user is obtained or acquired.
In the implementation process of the present disclosure, it is found that a cloud network architecture network is divided into two layers of an underlay and an overlay, where the underlay provides physical network architecture support and carries physical machine nodes; the overlay is a virtual network layer constructed based on the overlay, the network of the cloud tenant side is in the overlay layer, after the cloud tenant plans to create the VPC network segment, various cloud resources (cloud hosts, bare metal, load balancing, cloud databases and the like) can be built, after the cloud hosts are created, an intranet IP address is randomly generated in the selected VPC network segment, and all the networks on the cloud forward traffic through the IP address.
Under the traditional data center architecture, a group of physical machine deployment is provided by taking a set of application systems as a unit, each machine is managed to an operation and maintenance management platform and uniformly collects network connection data, and a network topology graph can be conveniently realized by combining Configuration Management Database (CMDB) information of the operation and maintenance management platform.
Wherein overlay is a logical network built on top of a physical network. overlay refers to a virtualization technology mode overlaid on a network architecture in the network technology field, and an overlay network is also a network, but is a network built on an underley network. The overlay network nodes communicate through virtual or logical links, and the implementation is based on an IP technology base network. overlay network technologies are various, and tunneling technologies such as TRILL, vxLan, GRE, NVGRE are generally adopted.
An underly is a realistic physical base layer network device, a network of data center infrastructure forwarding architecture. The Ethernet is originally designed as a distributed network architecture, no central control node exists, and nodes in the network transmit reachability information of the learning network through a protocol. The underly is the infrastructure of the data center scene, ensures that any two point routes are reachable, and comprises the traditional network technology.
The embodiment of the disclosure provides a method for generating network topology on cloud, comprising the following steps: obtaining server resource information and network connection information of a network created by a target tenant, wherein the network is composed of network segments, the network segments correspond to at least one router, the router is used for collecting routing strategy information, and the network connection information is used for representing association relations among server resources in the network; respectively configuring server resource information and routing strategy information to a preset network topology area, wherein the preset network topology area is constructed according to network segments and the routing strategy information; and based on the network connection information, respectively performing directed connection on the server resource information and the routing strategy information in the preset network topology area to generate a network topology graph.
Fig. 1 schematically illustrates an application scenario diagram of a network topology generation method, apparatus, device, medium and program product on a cloud according to an embodiment of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment may include a first terminal device 101, a second terminal device 102, a third terminal device 103, a network 104, and a server 105. The network 104 is a medium used to provide a communication link between the first terminal device 101, the second terminal device 102, the third terminal device 103, and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 through the network 104 using at least one of the first terminal device 101, the second terminal device 102, the third terminal device 103, to receive or send messages, etc. Various communication client applications, such as a shopping class application, a web browser application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only) may be installed on the first terminal device 101, the second terminal device 102, and the third terminal device 103.
The first terminal device 101, the second terminal device 102, the third terminal device 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by the user using the first terminal device 101, the second terminal device 102, and the third terminal device 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that, the method for generating the network topology on the cloud provided by the embodiments of the present disclosure may be generally performed by the server 105. Accordingly, the network topology generation device on the cloud provided by the embodiments of the present disclosure may be generally disposed in the server 105. The network topology on cloud generation method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and/or the server 105. Accordingly, the network topology generation apparatus on cloud provided by the embodiments of the present disclosure may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The network topology generation method on the cloud of the disclosed embodiment will be described in detail below with reference to fig. 2 to 4 based on the scenario described in fig. 1.
Fig. 2 schematically illustrates a flowchart of a method of network topology generation on a cloud according to an embodiment of the present disclosure.
As shown in fig. 2, the network topology on cloud generation method 200 of this embodiment includes operations S210 to S230.
In operation S210, server resource information and network connection information of a network created by a target tenant are obtained, wherein the network is composed of network segments, the network segments correspond to at least one router, the router is used for collecting routing policy information, and the network connection information is used for representing an association relationship between server resources in the network.
According to the embodiment of the disclosure, the network connection information can be obtained by adopting a network packet capturing method, and a network packet capturing common tool is tcpdump, wireshark. The network connection information can also be obtained in real time by deploying proxy supervision on the cloud host. Server resource information may be obtained through a configuration interface. The server resource information may include, for example, at least one of: information of a cloud host, information of a load balancer, information of a cloud database and information of a file storage. The network connection information may include, for example, source address information, destination port information, and protocol information. The routing policy information may include: the destination address information and the next hop type information, for example, the next hop type information may be network segment information including the opposite tenant network, information of a network address translation (Network Address Translation, NAT) gateway, information of a private line gateway, and information of a virtual private network (Virtual Private Network, VPN) gateway.
In operation S220, the server resource information and the routing policy information are respectively configured on a preset network topology area, where the preset network topology area is constructed according to the network segment and the routing policy information.
According to an embodiment of the present disclosure, server resource information is configured to an area associated with the server resource information of a preset network topology area. And configuring the routing strategy information to an area which is associated with the routing strategy information and is in a preset network topology area.
For example, the network may include a virtual private cloud VPC. All the VPCs created by the target tenant can be obtained, all the VPCs are respectively used as an area, and each piece of information corresponding to the routing policy information can be respectively used as an area to jointly form a preset network topology area. Server resource information of the corresponding VPC is configured to the respective areas. Routing policy information is also configured to the respective areas. Or mapping the address numbers of the server resource information and the routing strategy information to the preset network topology area respectively.
In operation S230, based on the network connection information, directional connection is performed on the server resource information and the routing policy information in the preset network topology area, respectively, to generate a network topology graph.
According to the embodiment of the disclosure, according to the network connection information, the directional connection can be performed between the server resource information, the directional connection can be performed between the routing policy information, and the directional connection can be performed between the server resource information and the routing policy information.
According to the embodiment of the disclosure, the characteristics of the network architecture on the cloud are fully combined by acquiring the server resource information of the network created by the target tenant, the preset network topology area is constructed by the routing strategy information acquired by the router of the network segment and the network segment, the acquired network connection information is combined with the server resource information and the routing strategy information, a more accurate and visual network topology graph is drawn, the configuration of the network access relationship on the cloud by operation and maintenance personnel is facilitated, the failure problem that the network access is not feasible is guided to be checked by the operation and maintenance personnel, information support and the like can be provided for the scenes of migration, capacity expansion, planning and splitting of the application system, and the like of the application system, and the problems that the network topology on the cloud cannot be generated and the network topology relationship of each node on the cloud cannot be intuitively displayed in the current cloud environment are at least partially solved.
Fig. 3 schematically illustrates a flowchart of a method of generating a network topology on a cloud according to another embodiment of the present disclosure.
As shown in fig. 3, the network topology on cloud generation method 300 of this embodiment may further include operations S310 to S320 in addition to operations S210 to S230.
It should be noted that, the preset network topology area is composed of a cloud network area and a non-cloud network area, and the network includes N, where N is an integer greater than or equal to 2.
In operation S310, N network-on-cloud areas are constructed according to network segments corresponding to the N networks.
According to the embodiment of the disclosure, network segments corresponding to each network can be respectively used as an area, and an on-cloud network area can be obtained.
In operation S320, different types of non-cloud network areas are constructed according to the type to which the routing policy information belongs.
According to the embodiment of the disclosure, according to the type to which the routing policy information belongs, the routing policy information of each type is taken as one area, and different types of non-cloud network areas are obtained.
According to the embodiment of the disclosure, the N cloud network areas and the different types of non-cloud network areas are constructed, so that the cloud network topology is divided into the areas, and the drawing of a more accurate and visual network topology graph is facilitated.
According to an embodiment of the present disclosure, configuring server resource information and routing policy information to a preset network topology area respectively may include:
under the condition that the address of the server resource related to the server resource information is matched with the network segment, the server resource information is configured to the corresponding network-on-cloud area; and under the condition that the type of the routing strategy information is matched with the type of the non-cloud network area, configuring the routing strategy information to the corresponding non-cloud network area.
According to the embodiment of the disclosure, each cloud network area and each non-cloud network area in the preset network topology area correspond to a section of IP network segment, and the IP network segments of each area are not overlapped with each other.
According to the embodiments of the present disclosure, the addresses related to the server resource information and the routing policy information may be mapped to corresponding respective areas. The configuration may also be performed by matching the addresses of the server resources associated with the server resource information to the IP network segments, if they match. The configuration can also be performed by matching the type to which the routing policy information belongs and the type of the network area on the non-cloud if the types are matched.
According to the embodiment of the disclosure, by determining whether the address of the server resource related to the server resource information is matched with the network segment and determining whether the type of the routing strategy information is matched with the type of the network area on the non-cloud network, the network topology map can be accurately configured on a preset network topology area, and the generation of an accurate network topology map is facilitated.
According to an embodiment of the disclosure, the network may include a virtual private cloud, and the server resource information may include information of a cloud host.
The obtaining the server resource information and the network connection information of the network created by the target tenant may include:
acquiring information of a cloud host of a virtual private cloud created by a target tenant through a cloud interface; and acquiring network connection information in real time by deploying proxy supervision on the cloud host.
According to the embodiment of the disclosure, the cloud host information of all virtual private clouds created by the target tenant can be obtained through configuration of the cloud interface. Meanwhile, the router can collect the routing strategy information in the routing table. And an agent supervision agent can be deployed on each cloud host, and network connection information is acquired in real time through a netstat command at regular time.
According to the embodiment of the disclosure, the information of the cloud host of the virtual private cloud created by the target tenant can be accurately acquired through the cloud interface, and the network connection information can be acquired in real time by deploying agent supervision on the cloud host, so that the network topology graph can be generated.
According to an embodiment of the present disclosure, the network connection information may include: source address information and destination address information; the routing policy information may include private network segment information.
Based on the network connection information, the server resource information and the routing policy information in the preset network topology area are connected in a directed manner, and the generating of the network topology graph may include:
determining a connection direction according to the source address information and the destination address information; and according to the connection direction, utilizing the directed line segments to carry out directed connection on the information of the cloud host and the information of the special line network segment, and generating a network topology graph.
According to embodiments of the present disclosure, private line segment information may include a name of the private line segment and an IP address to which the private line segment corresponds. The information of the cloud host may include a name of the cloud host and an IP address corresponding to the cloud host.
For example, the information of the cloud host and the private network segment information may be connected in a directed manner through a peer-to-peer connection.
According to the embodiment of the disclosure, the connection direction is determined, the directed connection is performed, and the generated network topology graph can intuitively show the relationship among all nodes in the network topology graph.
According to an embodiment of the present disclosure, the network connection information may further include: destination port information and protocol information.
Based on the network connection information, the method respectively performs directed connection on server resource information and routing policy information in a preset network topology area to generate a network topology graph, and may further include: and marking the directed line segment by utilizing the destination port information and the protocol information.
According to an embodiment of the present disclosure, the marking may be to mark the protocol information and the destination port information on the directed line segment after the connection is performed using the connector.
According to the embodiment of the disclosure, the directed line segments are marked, so that the configuration of the network access relationship on the cloud by operation and maintenance personnel is facilitated, the operation and maintenance personnel is helped to check the fault problem that the network access is not feasible, and information support and the like can be provided for the scenes of application system migration, capacity expansion, planning and splitting and the like.
According to an embodiment of the present disclosure, the non-cloud-on network area may include: an internet area, a private line area and a virtual private network area; the routing policy information may include internet segment information, private line segment information, and virtual private line segment information.
In the case that the type to which the routing policy information belongs is determined to be matched with the type of the non-cloud network area, configuring the routing policy information to the corresponding non-cloud network area may include:
configuring the Internet network segment information to an Internet area; configuring private line segment information to a private line area; and configuring the virtual private network segment information to the virtual private network area.
According to the embodiment of the disclosure, the generated network topology graph can be intuitively displayed by configuring the corresponding type of information to the corresponding area, and further application of the network topology graph is facilitated.
According to an embodiment of the present disclosure, the non-cloud-on-network area may further include: an unrerley region.
Fig. 4 schematically illustrates a schematic diagram of a network topology according to an embodiment of the present disclosure.
As shown in fig. 4, N VPC network segments (e.g., VPC1, VPC2 … VPCN) created by the tenant a and corresponding server resource information, such as information of a load balancer, information of a cloud host, information of a cloud database, and information of a file storage, may be acquired. The N VPC network segments correspond to N network-on-cloud areas. The routing policy information may include internet segment information, private line segment information, and virtual private line segment information. The internet network segment information belongs to the NAT gateway and corresponds to the internet area. The private network segment information belongs to a private gateway and corresponds to a private area. The virtual private network segment information belongs to a VPN gateway and corresponds to a VPN area. The routing policy information may also include VPC network segment information of the correspondent tenant.
Network access among different VPCs can be realized through peer-to-peer connection, an internet access cloud host is accessed through a public network load equalizer, internet access is realized through a NAT gateway, a private line gateway and a VPN gateway can be respectively connected with a private line and a VPN network of an environment under a cloud, the private line gateway and the VPN gateway can be respectively connected with the cloud host and a third party client in a peer-to-peer manner, and tenant A can be connected with the VPC of tenant B in a peer-to-peer manner.
It should be noted that the peer-to-peer connection may represent a bidirectional directional connection, which may be illustrated by double arrows in the figure. The directional connection may be illustrated by a single arrow in the figure.
According to the embodiment of the disclosure, the application scene is expanded to a cloud environment with a wider application range, and network element information of nodes such as a VPC (virtual private network), a load balance, a cloud host, a cloud database, a private line, a NAT (network Address translation) gateway, peer-to-peer connection, a VPN (virtual private network) gateway and the like of the cloud environment is added to the network topology diagram on the basis of the original network topology diagram aiming at the characteristics of the cloud environment, so that the generated network topology diagram can more intuitively display the network architecture of the cloud environment.
Based on the above method for generating the network topology on the cloud, the present disclosure also provides a device for generating the network topology on the cloud. The device will be described in detail with reference to fig. 5 to 6.
Fig. 5 schematically shows a block diagram of a network topology generation apparatus on a cloud according to an embodiment of the present disclosure.
As shown in fig. 5, the network topology generation apparatus on cloud 500 of this embodiment includes an acquisition module 510, a configuration module 520, and a generation module 530.
The obtaining module 510 is configured to obtain server resource information and network connection information of a network created by a target tenant, where the network is composed of network segments, the network segments correspond to at least one router, the router is configured to collect routing policy information, and the network connection information is configured to characterize an association relationship between server resources in the network. In an embodiment, the obtaining module 510 may be configured to perform the operation S210 described above, which is not described herein.
The configuration module 520 is configured to configure the server resource information and the routing policy information to a preset network topology area, where the preset network topology area is constructed according to the network segment and the routing policy information. In an embodiment, the configuration module 520 may be configured to perform the operation S220 described above, which is not described herein.
The generating module 530 is configured to perform directed connection on server resource information and routing policy information in a preset network topology area based on the network connection information, so as to generate a network topology map. In an embodiment, the generating module 530 may be configured to perform the operation S230 described above, which is not described herein.
According to an embodiment of the present disclosure, the network topology generation apparatus 500 on the cloud may further include a first construction module and a second construction module. The preset network topology area consists of a cloud network area and a non-cloud network area, wherein the network comprises N pieces, and N is an integer greater than or equal to 2
The first construction module is used for constructing N cloud network areas according to network segments corresponding to N networks.
The second construction module is used for constructing different types of non-cloud network areas according to the type of the routing strategy information.
According to an embodiment of the present disclosure, the configuration module 520 may further include a first sub-configuration unit, a second sub-configuration unit.
The first sub-configuration unit is used for configuring the server resource information to the corresponding cloud network area under the condition that the address of the server resource related to the server resource information is determined to be matched with the network segment.
The second sub-configuration unit is configured to configure the routing policy information to the corresponding non-cloud network area if it is determined that the type to which the routing policy information belongs matches the type of the non-cloud network area.
According to an embodiment of the present disclosure, the acquisition module 510 may further include a first sub-acquisition unit and a second sub-acquisition unit. Wherein, the network may include a virtual private cloud, and the server resource information may include information of a cloud host.
The first sub-acquisition unit is used for acquiring information of a cloud host of the virtual private cloud created by the target tenant through the cloud interface.
The second sub-acquisition unit is used for acquiring network connection information in real time by deploying proxy supervision on the cloud host.
According to an embodiment of the present disclosure, the generating module 530 may further include a first sub-generating unit and a second sub-generating unit. The network connection information may include: source address information and destination address information; the routing policy information may include private network segment information.
The first sub-generating unit is used for determining the connection direction according to the source address information and the destination address information.
The second sub-generating unit is used for utilizing the directed line segments to conduct directed connection on the information of the cloud host and the information of the special line network segment according to the connection direction, and generating a network topological graph.
Any of the plurality of modules in the acquisition module 510, the configuration module 520, and the generation module 530 may be combined in one module to be implemented, or any of the plurality of modules may be split into a plurality of modules according to embodiments of the present disclosure. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the acquisition module 510, the configuration module 520, and the generation module 530 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or in hardware or firmware, such as any other reasonable manner of integrating or packaging the circuitry, or in any one of or a suitable combination of any of three implementations of software, hardware, and firmware. Alternatively, at least one of the acquisition module 510, the configuration module 520 and the generation module 530 may be at least partially implemented as a computer program module, which when executed, may perform the respective functions.
Fig. 6 schematically illustrates a schematic diagram of an acquisition module of a network topology generation apparatus on a cloud according to an embodiment of the present disclosure.
As shown in fig. 6, the acquisition module may include a first sub-acquisition module and a second sub-acquisition module.
The first sub-acquisition module can acquire network connection information in real time through netstat commands at regular time by deploying agent supervision agents on each cloud host. The second sub-acquisition module can acquire information of cloud hosts, cloud databases, load balancers and file storages of all VPCs created by the target tenant through configuring the cloud interface. The router policy information in the routing table can also be collected through the router corresponding to the VPC network segment. The routing policy information may be next hop type (peer-to-peer connection, NAT gateway, private gateway, VPN gateway) information.
Fig. 7 schematically illustrates a block diagram of an electronic device adapted to implement a network topology generation method on a cloud according to an embodiment of the present disclosure.
As shown in fig. 7, an electronic device 700 according to an embodiment of the present disclosure includes a processor 701 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. The processor 701 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 701 may also include on-board memory for caching purposes. The processor 701 may comprise a single processing unit or a plurality of processing units for performing different actions of the method flows according to embodiments of the disclosure.
In the RAM 703, various programs and data necessary for the operation of the electronic apparatus 700 are stored. The processor 701, the ROM 702, and the RAM 703 are connected to each other through a bus 704. The processor 701 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 702 and/or the RAM 703. Note that the program may be stored in one or more memories other than the ROM 702 and the RAM 703. The processor 701 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in one or more memories.
According to an embodiment of the present disclosure, the electronic device 700 may further include an input/output (I/O) interface 705, the input/output (I/O) interface 705 also being connected to the bus 704. The electronic device 700 may also include one or more of the following components connected to the I/O interface 705: an input section 706 including a keyboard, a mouse, and the like; an output portion 707 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 708 including a hard disk or the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. The drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read therefrom is mounted into the storage section 708 as necessary.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 702 and/or RAM 703 and/or one or more memories other than ROM 702 and RAM 703 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to perform the methods provided by embodiments of the present disclosure.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 701. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed over a network medium in the form of signals, downloaded and installed via the communication section 709, and/or installed from the removable medium 711. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 709, and/or installed from the removable medium 711. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 701. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (11)

1. A method for generating network topology on a cloud, comprising:
obtaining server resource information and network connection information of a network created by a target tenant, wherein the network is composed of network segments, the network segments correspond to at least one router, the router is used for collecting routing strategy information, and the network connection information is used for representing association relations among server resources in the network;
respectively configuring the server resource information and the routing strategy information to a preset network topology area, wherein the preset network topology area is constructed according to the network segment and the routing strategy information; and
And based on the network connection information, respectively performing directed connection on the server resource information and the routing strategy information in the preset network topology area to generate a network topology graph.
2. The method of claim 1, wherein the preset network topology region is composed of a network-on-cloud region and a network-on-non-cloud region, the network comprises N, N is an integer greater than or equal to 2;
wherein the method further comprises:
constructing N cloud network areas according to the network segments corresponding to the N networks;
and constructing different types of non-cloud network areas according to the type of the routing strategy information.
3. The method of claim 2, wherein the configuring the server resource information and the routing policy information on the preset network topology area respectively includes:
under the condition that the address of the server resource related to the server resource information is matched with the network segment, configuring the server resource information to the corresponding network area on the cloud;
and under the condition that the type of the routing strategy information is matched with the type of the non-cloud network area, configuring the routing strategy information to the corresponding non-cloud network area.
4. The method of claim 1, wherein the network comprises a virtual private cloud and the server resource information comprises information of a cloud host;
the obtaining server resource information and network connection information of the network created by the target tenant includes:
acquiring information of the cloud host of the virtual private cloud created by the target tenant through a cloud interface;
and acquiring the network connection information in real time by deploying proxy supervision on the cloud host.
5. The method of claim 4, wherein the network connection information comprises: source address information and destination address information; the routing strategy information comprises private network segment information;
the generating a network topology graph based on the network connection information by performing directional connection on the server resource information and the routing policy information in the preset network topology area, includes:
determining a connection direction according to the source address information and the destination address information;
and according to the connection direction, utilizing a directed line segment to conduct directed connection on the information of the cloud host and the private line network segment information, and generating the network topological graph.
6. The method of claim 5, wherein the network connection information further comprises: destination port information and protocol information;
the method includes the steps of generating a network topology graph by performing directed connection on the server resource information and the routing policy information in the preset network topology area based on the network connection information, and further includes:
and marking the directed line segment by utilizing the destination port information and the protocol information.
7. The method of claim 3, wherein the non-cloud-on-network region comprises: an internet area, a private line area and a virtual private network area; the routing strategy information comprises Internet network segment information, private line network segment information and virtual private network segment information;
wherein, when determining that the type to which the routing policy information belongs matches the type of the non-cloud network area, configuring the routing policy information to the corresponding non-cloud network area includes:
configuring the Internet network segment information to the Internet area;
configuring the special line network segment information to the special line area;
and configuring the virtual private network segment information to the virtual private network region.
8. An on-cloud network topology generation apparatus, comprising:
the system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring server resource information and network connection information of a network created by a target tenant, the network is composed of network segments, the network segments correspond to at least one router, the router is used for acquiring routing strategy information, and the network connection information is used for representing the association relation between server resources in the network;
the configuration module is used for respectively configuring the server resource information and the routing strategy information to a preset network topology area, wherein the preset network topology area is constructed according to the network segment and the routing strategy information; and
and the generation module is used for carrying out directed connection on the server resource information and the routing strategy information in the preset network topology area respectively based on the network connection information to generate a network topology graph.
9. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-7.
10. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-7.
11. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 7.
CN202310787161.9A 2023-06-29 2023-06-29 Cloud network topology generation method, device, equipment and medium Pending CN116866183A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310787161.9A CN116866183A (en) 2023-06-29 2023-06-29 Cloud network topology generation method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310787161.9A CN116866183A (en) 2023-06-29 2023-06-29 Cloud network topology generation method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN116866183A true CN116866183A (en) 2023-10-10

Family

ID=88224474

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310787161.9A Pending CN116866183A (en) 2023-06-29 2023-06-29 Cloud network topology generation method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN116866183A (en)

Similar Documents

Publication Publication Date Title
CN112470436B (en) Systems, methods, and computer-readable media for providing multi-cloud connectivity
US11765057B2 (en) Systems and methods for performing end-to-end link-layer and IP-layer health checks between a host machine and a network virtualization device
US20240049108A1 (en) Network provisioning
CN103179192B (en) The message forwarding method that virtual server moves, system and NAT service equipment
US9660895B1 (en) Geolocation routing and simulation of network conditions
US11777848B2 (en) Scalable routing and forwarding of packets in cloud infrastructure
US11362947B2 (en) Interconnecting multiple separate openflow domains
US11671401B2 (en) Providing persistent external internet protocol address for extra-cluster services
US20150278523A1 (en) Method and system for testing cloud based applications and services in a production environment using segregated backend systems
US11165672B2 (en) Application performance management integration with network assurance
US9894144B2 (en) Application level mirroring in distributed overlay virtual networks
US20200322181A1 (en) Scalable cloud switch for integration of on premises networking infrastructure with networking services in the cloud
US10735370B1 (en) Name based internet of things (IoT) data discovery
US20230216828A1 (en) Providing persistent external internet protocol address for extra-cluster services
CN113691608B (en) Traffic distribution method, device, electronic equipment and medium
CN116866183A (en) Cloud network topology generation method, device, equipment and medium
CN114979128A (en) Cross-region communication method and device and electronic equipment
CN114553707A (en) Method and device for generating topology information of network and delimiting network fault
CN114666249A (en) Traffic collection method and device on cloud platform and computer-readable storage medium
CN107124411B (en) Virtual private cloud implementation method, device and system under classic network environment
US20240095809A1 (en) Cloud infrastructure-based online publishing platforms for virtual private label clouds
US11936558B1 (en) Dynamic evaluation and implementation of network mutations
US20230412567A1 (en) Globally available vpn as a service
CN106385355B (en) The method, apparatus and system of operation are submitted to hadoop cluster
CN116032995A (en) Data communication method and device, electronic equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination