CN117579314A - Method, device, equipment and medium for high-speed access in cloud network fusion environment - Google Patents
Method, device, equipment and medium for high-speed access in cloud network fusion environment Download PDFInfo
- Publication number
- CN117579314A CN117579314A CN202311464885.6A CN202311464885A CN117579314A CN 117579314 A CN117579314 A CN 117579314A CN 202311464885 A CN202311464885 A CN 202311464885A CN 117579314 A CN117579314 A CN 117579314A
- Authority
- CN
- China
- Prior art keywords
- network
- cloud
- equipment
- sdn controller
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000004927 fusion Effects 0.000 title claims abstract description 11
- 238000010276 construction Methods 0.000 claims description 12
- 238000003860 storage Methods 0.000 claims description 12
- 230000006855 networking Effects 0.000 claims description 10
- 230000002452 interceptive effect Effects 0.000 claims description 7
- 238000012795 verification Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 11
- 238000004590 computer program Methods 0.000 description 7
- 238000002955 isolation Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 230000006872 improvement Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a method, a device, equipment and a medium for high-speed access in a cloud network fusion environment, and relates to the technical field of computers. The method comprises the following steps: creating a cloud network virtual service on a cloud platform, and connecting the cloud platform with an SDN controller to enable the SDN controller to run the cloud network virtual service in a distributed mode, wherein the cloud network virtual service comprises the steps of constructing a virtual network and constructing a cloud private network; based on cloud network virtual service information received by the SDN controller, configuring the cloud network virtual service information to network equipment by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment; after the network equipment configures cloud network virtual service information, the service network virtual machine realizes high-speed access to the cloud private network based on the cloud network convergence environment. By the method, the service network virtual machine can access the cloud private line network at high speed in the firewall equipment bypass mode.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a medium for high-speed access in a cloud network convergence environment.
Background
A typical cloud converged environment includes two parts, a cloud platform and an SDN (Software Defined Network ) controller. The cloud platform manages server resources and provides relevant computing resources such as a CPU (Central Processing Unit ), a memory, storage and the like; the controller manages network equipment resources, is linked with the cloud platform, and issues virtual service configuration to the network equipment according to the virtual service condition of the cloud platform, so as to realize network connection of upper virtual service and access to external equipment.
In a cloud network convergence environment, an SDN controller can issue some basic configurations to network equipment when the SDN controller is initially connected with a cloud platform, and in a service operation stage, the SDN controller can issue service configurations to the network equipment according to virtual service conditions so as to ensure the communication of a network. In the actual operation process, when virtual machines of different service networks access to an external network, the virtual machines often access to the external network through a public port, so that the virtual machines share bandwidth.
Through the above analysis, the problems and defects existing in the prior art are as follows:
in the cloud network convergence environment, network isolation or high-speed access for accessing a certain network cannot be achieved.
Disclosure of Invention
The embodiment of the application provides a method, a device, equipment and a medium for high-speed access in a cloud network convergence environment, which solve the problem that network isolation or high-speed access in order to access a certain network cannot be achieved in the prior art.
In a first aspect, an embodiment of the present application provides a method for high-speed access in a cloud network convergence environment, including: creating a cloud network virtual service on a cloud platform, and connecting the cloud platform with an SDN controller to enable the SDN controller to run the cloud network virtual service in a distributed mode, wherein the cloud network virtual service comprises the steps of constructing a virtual network and constructing a cloud private network; based on cloud network virtual service information received by the SDN controller, configuring the cloud network virtual service information to network equipment by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment; after the network equipment configures cloud network virtual service information, the service network virtual machine realizes high-speed access to the cloud private network based on the cloud network convergence environment.
In one implementation manner of the present application, cloud network virtual service information includes: service information of the cloud private line network and service information of the virtual network; the cloud network virtual service information is configured to the network equipment through the SDN controller, and specifically comprises the following steps: configuring BGP EVPN for a Spine-Leaf networking through an SDN controller, and opening a bottom network, wherein the Spine-Leaf networking is a data center network consisting of a Spine exchange layer and a Leaf exchange layer, and the bottom network is a basic network for establishing a VXLAN tunnel; configuring a VXLAN tunnel for a Spine-Leaf networking through an SDN controller to open a virtual network, wherein the virtual network is established on a bottom network; configuring service information of a cloud private network to network equipment through an SDN controller so as to open a special port of the cloud private network in the network equipment; and configuring service information of the binding virtual network and the cloud private network to the network equipment through the SDN controller so that the service network virtual machine realizes high-speed access to the cloud private network based on the virtual network.
In one implementation manner of the present application, configuring, by an SDN controller, a VXLAN tunnel for a Spine-Leaf network to open a virtual network, specifically includes: creating a sub-network of a virtual network on a cloud platform; the subnetwork is guided through the port of the BorderLeaf switch to the port of the firewall device by the VXLAN tunnel.
In one implementation manner of the present application, service information of a cloud private network is configured to a network device through an SDN controller, and specifically includes: synchronizing the cloud private network to an SDN controller, and issuing configuration for creating the cloud private for the firewall equipment through the SDN controller; and the configuration of the created cloud private line is guided to the port of the external equipment through the port of the BorderLeaf switch.
In one implementation of the present application, the method further includes: the SDN controller configures policy routing for limiting traffic to the firewall device to limit traffic through the policy routing.
In one implementation of the present application, the method further includes: the SDN controller applies for an interactive interface in the network equipment so as to perform timing configuration verification through the interactive interface.
In one implementation of the present application, the switch layer is comprised of switches, and the Leaf switch layer comprises a BorderLeaf switch.
In a second aspect, an embodiment of the present application further provides a device for high-speed access in a cloud network convergence environment, where the device includes: creating a management module, a configuration management module and a device management module; the cloud network virtual service comprises a virtual network construction and cloud private line construction; the configuration management module is used for configuring cloud network virtual service information to network equipment through the SDN controller based on the cloud network virtual service information received by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment; and the equipment management module is used for realizing high-speed access to the cloud private line network by the service network virtual machine based on the cloud network fusion environment after the network equipment configures the cloud network virtual service information.
In a third aspect, an embodiment of the present application further provides a device for high-speed access in a cloud network convergence environment, where the device includes at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executable by the at least one processor to enable the at least one processor to: creating a cloud network virtual service on a cloud platform, and connecting the cloud platform with an SDN controller to enable the SDN controller to run the cloud network virtual service in a distributed mode, wherein the cloud network virtual service comprises the steps of constructing a virtual network and constructing a cloud private network; based on cloud network virtual service information received by the SDN controller, configuring the cloud network virtual service information to network equipment by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment; after the network equipment configures cloud network virtual service information, the service network virtual machine realizes high-speed access to the cloud private network based on the cloud network convergence environment.
In a fourth aspect, embodiments of the present application further provide a nonvolatile computer storage medium with high-speed access in a cloud network convergence environment, where computer executable instructions are stored, where the computer executable instructions are configured to: creating a cloud network virtual service on a cloud platform, and connecting the cloud platform with an SDN controller to enable the SDN controller to run the cloud network virtual service in a distributed mode, wherein the cloud network virtual service comprises the steps of constructing a virtual network and constructing a cloud private network; based on cloud network virtual service information received by the SDN controller, configuring the cloud network virtual service information to network equipment by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment; after the network equipment configures cloud network virtual service information, the service network virtual machine realizes high-speed access to the cloud private network based on the cloud network convergence environment.
According to the method, the device, the equipment and the medium for high-speed access in the cloud network convergence environment, cloud network virtual service information is configured to network equipment through the SDN controller, a cloud private network occupies an independent port and a VLAN, a service network virtual machine or a tenant network can realize the fast access to the cloud private network in the cloud network convergence environment in a firewall side hanging mode, network isolation and bandwidth improvement are realized, and the like.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
fig. 1 is a flowchart of a method for high-speed access in a cloud network convergence environment according to an embodiment of the present application;
fig. 2 is a schematic diagram of a topology structure of a Spine-Leaf networking in a cloud network convergence environment provided in an embodiment of the present application;
fig. 3 is a schematic diagram of a cloud private network traffic model in a cloud network convergence environment provided in an embodiment of the present application;
fig. 4 is a schematic structural diagram of a device with high-speed access in a cloud network convergence environment according to an embodiment of the present application;
fig. 5 is a schematic diagram of an internal structure of a device with high-speed access in a cloud network convergence environment according to an embodiment of the present application.
Detailed Description
For the purposes, technical solutions and advantages of the present application, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The embodiment of the application provides a method, a device, equipment and a medium for high-speed access in a cloud network convergence environment, which solve the problem that network isolation or high-speed access in order to access a certain network cannot be achieved in the prior art.
The following describes in detail the technical solution proposed in the embodiments of the present application through the accompanying drawings.
Fig. 1 is a flow chart of a method for high-speed access in a cloud network convergence environment according to an embodiment of the present application. As shown in fig. 1, a method for high-speed access in a cloud network convergence environment provided in an embodiment of the present application specifically includes the following steps:
step 10: creating a cloud network virtual service on a cloud platform, and connecting the cloud platform with an SDN controller to enable the SDN controller to run the cloud network virtual service in a distributed mode, wherein the cloud network virtual service comprises the steps of constructing a virtual network and constructing a cloud private network;
in the step, the cloud platform is connected with the SDN controller through a networking-odl plug-in.
Step 20: based on cloud network virtual service information received by the SDN controller, configuring the cloud network virtual service information to network equipment by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment;
it can be understood that, in the embodiment of the present application, fast access to a cloud private network can be implemented in a cloud network convergence environment, and access to the cloud private network is implemented in a firewall side-hanging mode, because cloud network virtual service information is configured to network devices through an SDN controller, the cloud private network occupies a separate port and a VLAN (Virtual Local Area Network ), as shown in fig. 2, the switch device, the firewall device, and the external device occupy separate ports, thereby implementing network isolation and bandwidth improvement.
As an alternative embodiment, the cloud network virtual service information may include: service information of the cloud private line network and service information of the virtual network;
the configuring cloud network virtual service information to the network device through the SDN controller may specifically include:
step 201: configuring BGP EVPN for a Spine-Leaf networking through an SDN controller, and opening a bottom network, wherein the Spine-Leaf networking is a data center network consisting of a Spine exchange layer and a Leaf exchange layer, and the bottom network is a basic network for establishing a VXLAN tunnel;
further, the switching layer may be comprised of switches, and the Leaf switching layer may comprise a BorderLeaf switch. For ease of understanding, the following explanation is made for the two paragraphs: spine is Spine, leaf is Leaf, and here it is understood that the Spine layer switches and Leaf layer switches represent the upper layer switches and the lower layer switches, respectively; the switches of the leaf layer are divided into three major classes, namely a ServerLeaf switch, a ServerLeaf switch and a BorderLeaf switch, wherein the ServerLeaf switch can be used for connecting a server, the ServerLeaf switch can be used for connecting firewall equipment, and the BorderLeaf switch can be used for connecting a router or external equipment; BGP (Border Gateway Protocol) is a border gateway protocol, EVPN (Ethernet Virtual Private Network) is an ethernet virtual private network; in the process of managing network equipment by the SDN controller, some BGP EVPN basic configuration is issued, and a bottom layer network (underlay network) is opened; VXLAN (Virtual eXtensible Local Area Network), is a virtual extensible local area network.
Step 202: configuring a VXLAN tunnel for a Spine-Leaf networking through an SDN controller to open a virtual network, wherein the virtual network is established on a bottom network;
in this step, each switch of the Spine exchange layer and each switch of the Leaf exchange layer build VXLAN tunnels, and multiple VXLAN tunnels are overlapped to obtain a tunnel network—a virtual network (i.e., overlay network).
As another optional embodiment, configuring, by the SDN controller, a VXLAN tunnel for a Spine-Leaf network to open a virtual network may specifically include:
step 2021: creating a sub-network of a virtual network on a cloud platform;
in this step, for ease of understanding, the present application provides an embodiment as shown in fig. 3, where a subnet VNI (Network Identifier —vxlan network identifier) 12001 of the virtual network is created on the cloud platform, and a subnet segment 10.1.1.1 is created, and a VLAN 1001 is allocated.
Step 2022: the subnetwork is guided through the port of the BorderLeaf switch to the port of the firewall device by the VXLAN tunnel.
In this step, the flow is guided to the BorderLeaf switch through the VXLAN tunnel, and then is guided to the firewall device port Vsys local2501 through the SVI (Switch Virtual Interface ) 2501 interface.
Step 203: configuring service information of a cloud private network to network equipment through an SDN controller so as to open a special port of the cloud private network in the network equipment;
in the step, a cloud private network is created on a cloud platform, a physical outlet or a aggregation port of equipment is designated, and configuration is issued for network equipment through an SDN controller.
As another optional embodiment, the configuring, by the SDN controller, service information of the cloud private network to the network device may specifically include:
step 2031: synchronizing the cloud private network to an SDN controller, and issuing configuration for creating the cloud private for the firewall equipment through the SDN controller;
in this step, the cloud private network is synchronized to the SDN controller, a cloud private vsys yunzhuanxnian is created for the firewall device by the SDN controller, and the cloud private vsys yunzhuanxnian is guided to the BorderLeaf switch by the port of the firewall device subef 2601.
Step 2032: and the configuration of the created cloud private line is guided to the port of the external equipment through the port of the BorderLeaf switch.
In this step, the SDN controller applies for allocation of VLAN 2601, creates VRF (Virtual Routing Forwarding, virtual routing) 13001 at the BorderLeaf switch, creates traffic on the SVI 2601 port and the firewall device, and creates traffic on the SVI 3001 port and the external device (i.e. ExtSwitch in the figure).
Step 204: and configuring service information of the binding virtual network and the cloud private network to the network equipment through the SDN controller so that the service network virtual machine realizes high-speed access to the cloud private network based on the virtual network.
In this step, the traffic between vsys local2501 and vsys yunzhuanxian is opened by configuring the service information of the binding virtual network and the cloud private network on the firewall device based on the vwanif port. When the tenant network or the service network virtual machine needs to access the cloud private line network, the virtual network and the cloud private line network are bound on the cloud platform, and configuration is issued for the switch equipment and the firewall equipment through the SDN controller.
Step 30: after the network equipment configures cloud network virtual service information, the service network virtual machine realizes high-speed access to the cloud private network based on the cloud network fusion environment.
As yet another alternative embodiment, the method may further comprise:
the SDN controller configures policy routing for limiting traffic to the firewall device to limit traffic through the policy routing.
When the flow needs to be limited, according to the policy that the user needs to limit the flow to the firewall device through the SDN controller, for example, each subnet may be isolated, that is: adjusting the routing configuration between vsys local2501 and vsys yunzhuanxian to prevent traffic between different subnets from being opened; for another example, the packet is forwarded according to a policy specified by the user. In the embodiment provided by the application, a default static routing mode is provided, and no traffic filtering effect is provided.
Further, the method may further include:
the SDN controller applies for an interactive interface in the network equipment so as to perform timing configuration verification through the interactive interface.
Preferably, some additional operations can be performed based on the method, for example, the SDN controller can apply for related interaction interfaces in the network device based on the method, including but not limited to interfaces, command lines, etc., and freely select a service to be checked for checking; the SDN controller can apply for the interactive interface in the network equipment based on the method, including but not limited to interfaces, command lines and the like, and freely set the timing to perform configuration verification; the verification results may be generated based on the present method as a verification report including, but not limited to, web pages, files, mail, etc.
In summary, in the method for high-speed access in the cloud network convergence environment of the embodiment of the application, first, a cloud network virtual service is created on a cloud platform, and the cloud platform is connected with an SDN controller, so that the SDN controller can run the cloud network virtual service in a distributed manner, and the cloud network virtual service comprises the steps of constructing a virtual network and constructing a cloud private network; then based on the cloud network virtual service information received by the SDN controller, configuring the cloud network virtual service information to network equipment by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment; and finally, after the network equipment configures cloud network virtual service information, the service network virtual machine realizes high-speed access to the cloud private network based on the cloud network fusion environment.
In this way, in the embodiment of the present application, cloud network virtual service information is configured to the network device through the SDN controller, the cloud private network occupies an independent port and a VLAN, and the service network virtual machine or tenant network can realize fast access to the cloud private network in a cloud network convergence environment and in a mode of hanging beside a firewall, thereby realizing network isolation and bandwidth improvement.
The embodiment of the application also provides a device for high-speed access in the cloud network fusion environment, and the structure of the device is shown in fig. 4.
Fig. 4 is a device for high-speed access in a cloud network convergence environment provided in an embodiment of the present application. As shown in fig. 4, the apparatus includes: creating a management module, a configuration management module and a device management module;
the cloud network virtual service comprises a virtual network construction and cloud private line construction;
the configuration management module is used for configuring cloud network virtual service information to network equipment through the SDN controller based on the cloud network virtual service information received by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment;
and the equipment management module is used for realizing high-speed access to the cloud private network by the service network virtual machine based on the cloud network fusion environment after the network equipment configures the cloud network virtual service information.
In concrete implementation, the creation management module abstracts out the attribute concerned by the SDN controller according to the service attribute and manages the attribute, including a service (virtual) network, a cloud private line network and the like; the configuration management module can be mainly used for managing service information, has different service attributes for different service types, and can be responsible for carrying out command configuration on network equipment according to equipment types, service information and the like; the device management module can be mainly used for managing device information, and when operations such as adding, deleting and modifying the device are performed, the device information needs to be maintained, and common attributes of the device comprise types, IP, user names, passwords, support functions and the like;
the foregoing is a method embodiment presented herein. Based on the same inventive concept, the embodiment of the application also provides a device for high-speed access in a cloud network fusion environment, and the structure of the device is shown in fig. 5.
Fig. 5 is a schematic diagram of an internal structure of a device with high-speed access in a cloud network convergence environment according to an embodiment of the present application. As shown in fig. 5, the apparatus includes:
at least one processor 501;
and a memory 502 communicatively coupled to the at least one processor;
wherein the memory 502 stores instructions executable by the at least one processor, the instructions being executable by the at least one processor 501 to enable the at least one processor 501 to:
creating a cloud network virtual service on a cloud platform, and connecting the cloud platform with an SDN controller to enable the SDN controller to run the cloud network virtual service in a distributed mode, wherein the cloud network virtual service comprises the steps of constructing a virtual network and constructing a cloud private network;
based on cloud network virtual service information received by the SDN controller, configuring the cloud network virtual service information to network equipment by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment;
after the network equipment configures cloud network virtual service information, the service network virtual machine realizes high-speed access to the cloud private network based on the cloud network fusion environment.
Some embodiments of the present application provide a non-volatile computer storage medium corresponding to high-speed access in a cloud converged environment of fig. 1, storing computer executable instructions, where the computer executable instructions are configured to:
creating a cloud network virtual service on a cloud platform, and connecting the cloud platform with an SDN controller to enable the SDN controller to run the cloud network virtual service in a distributed mode, wherein the cloud network virtual service comprises the steps of constructing a virtual network and constructing a cloud private network;
based on cloud network virtual service information received by the SDN controller, configuring the cloud network virtual service information to network equipment by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment; after the network equipment configures cloud network virtual service information, the service network virtual machine realizes high-speed access to the cloud private network based on the cloud network convergence environment.
All embodiments in the application are described in a progressive manner, and identical and similar parts of all embodiments are mutually referred, so that each embodiment mainly describes differences from other embodiments. In particular, for the internet of things device and the medium embodiment, since they are substantially similar to the method embodiment, the description is relatively simple, and the relevant points are referred to in the description of the method embodiment.
The systems and media and the methods provided in the embodiments of the present application are in one-to-one correspondence, so that the systems and media also have similar beneficial technical effects to the corresponding methods, and since the beneficial technical effects of the methods have been described in detail above, the beneficial technical effects of the systems and media are not described here again.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.
Claims (10)
1. A method for high-speed access in a cloud network convergence environment, the method comprising:
creating a cloud network virtual service on a cloud platform, and connecting the cloud platform with an SDN controller so that the SDN controller can run the cloud network virtual service in a distributed manner, wherein the cloud network virtual service comprises a virtual network construction and a cloud private line construction;
based on cloud network virtual service information received by the SDN controller, configuring the cloud network virtual service information to network equipment by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment;
after the network equipment configures the cloud network virtual service information, the service network virtual machine realizes high-speed access to a cloud private network based on the cloud network convergence environment.
2. The method for high-speed access in a cloud network convergence environment according to claim 1, wherein the cloud network virtual service information comprises: service information of the cloud private line network and service information of the virtual network;
the cloud network virtual service information is configured to network equipment through the SDN controller, and the cloud network virtual service information specifically comprises:
configuring BGP EVPN for a Spine-Leaf networking through the SDN controller, and opening a bottom network, wherein the Spine-Leaf networking is a data center network consisting of a Spine exchange layer and a Leaf exchange layer, and the bottom network is a basic network for establishing a VXLAN tunnel;
configuring a VXLAN tunnel for the Spine-Leaf networking through the SDN controller to open the virtual network, wherein the virtual network is established on the bottom network;
configuring service information of a cloud private line network to the network equipment through the SDN controller so as to open a special port of the cloud private line network in the network equipment;
and configuring and binding service information of the virtual network and the cloud private network to the network equipment through the SDN controller so that the service network virtual machine realizes high-speed access to the cloud private network based on the virtual network.
3. The method for high-speed access in a cloud network convergence environment according to claim 2, wherein configuring, by the SDN controller, a VXLAN tunnel for the Spine-Leaf network to open the virtual network, specifically comprises:
creating a sub-network of the virtual network on a cloud platform;
and the subnet is guided to the port of the firewall equipment through the port of the BorderLeaf switch by the VXLAN tunnel.
4. The method for high-speed access in a cloud network convergence environment according to claim 3, wherein the configuring, by the SDN controller, service information of a cloud private network to the network device specifically includes:
synchronizing the cloud private line network to the SDN controller, and issuing configuration of the cloud private line creation to the firewall device through the SDN controller;
and the configuration of the created cloud private line is guided to the port of the external equipment through the port of the BorderLeaf switch.
5. A method of high speed access in a cloud converged environment as claimed in claim 3, wherein said method further comprises:
the SDN controller configures a policy route for limiting the flow to the firewall device so as to limit the flow through the policy route.
6. The method for high-speed access in a cloud converged environment of claim 1, further comprising:
the SDN controller applies for an interactive interface on the network equipment so as to perform timing configuration verification through the interactive interface.
7. The method for high-speed access in a cloud network convergence environment of claim 2, wherein said switch layer comprises a switch, and said Leaf switch layer comprises a BorderLeaf switch.
8. A device for high-speed access in a cloud network convergence environment, the device comprising: creating a management module, a configuration management module and a device management module;
the creation management module is used for creating a cloud network virtual service on a cloud platform and connecting the cloud platform with an SDN controller so that the SDN controller can run the cloud network virtual service in a distributed mode, and the cloud network virtual service comprises a virtual network construction and a cloud private line construction;
the configuration management module configures cloud network virtual service information to network equipment through the SDN controller based on the cloud network virtual service information received by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment;
and the equipment management module is used for realizing high-speed access to the cloud private line network based on the cloud network fusion environment by the service network virtual machine after the network equipment configures the cloud network virtual service information.
9. A device for high-speed access in a cloud converged environment, the device comprising:
at least one processor;
and a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to:
creating a cloud network virtual service on a cloud platform, and connecting the cloud platform with an SDN controller so that the SDN controller can run the cloud network virtual service in a distributed manner, wherein the cloud network virtual service comprises a virtual network construction and a cloud private line construction;
based on cloud network virtual service information received by the SDN controller, configuring the service information to network equipment by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment;
after the network equipment configures the cloud network virtual service information, the service network virtual machine realizes high-speed access to a cloud private network based on the cloud network convergence environment.
10. A non-volatile computer storage medium storing computer executable instructions for high speed access in a cloud converged environment, the computer executable instructions configured to:
creating a cloud network virtual service on a cloud platform, and connecting the cloud platform with an SDN controller so that the SDN controller can run the cloud network virtual service in a distributed manner, wherein the cloud network virtual service comprises a virtual network construction and a cloud private line construction;
based on cloud network virtual service information received by the SDN controller, configuring the service information to network equipment by the SDN controller, wherein the network equipment comprises switch equipment, firewall equipment and external equipment;
after the network equipment configures the cloud network virtual service information, the service network virtual machine realizes high-speed access to a cloud private network based on the cloud network convergence environment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311464885.6A CN117579314A (en) | 2023-11-03 | 2023-11-03 | Method, device, equipment and medium for high-speed access in cloud network fusion environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311464885.6A CN117579314A (en) | 2023-11-03 | 2023-11-03 | Method, device, equipment and medium for high-speed access in cloud network fusion environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117579314A true CN117579314A (en) | 2024-02-20 |
Family
ID=89861561
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311464885.6A Pending CN117579314A (en) | 2023-11-03 | 2023-11-03 | Method, device, equipment and medium for high-speed access in cloud network fusion environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117579314A (en) |
-
2023
- 2023-11-03 CN CN202311464885.6A patent/CN117579314A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11621869B2 (en) | Enabling access to dedicated resources in a virtual network using top of rack switches | |
| US11683386B2 (en) | Systems and methods for protecting an identity in network communications | |
| US20210152632A1 (en) | Managing replication of computing nodes for provided computer networks | |
| US11563602B2 (en) | Method and apparatus for providing a point-to-point connection over a network | |
| CN112688814B (en) | Equipment access method, device, equipment and machine readable storage medium | |
| CN104426680B (en) | Data transmission method, device and system | |
| CN109716717A (en) | From software-defined network controller management virtual port channel switching equipment peer-to-peer | |
| CN111478846B (en) | Method, device and medium for realizing multi-tenant network in cloud network environment | |
| CN107733795B (en) | Ethernet virtual private network EVPN and public network intercommunication method and device | |
| WO2017162030A1 (en) | Method and apparatus for generating virtual network | |
| US20210266255A1 (en) | Vrf segregation for shared services in multi-fabric cloud networks | |
| CN103607432A (en) | Network establishment method and system, and network control center | |
| CN103428061A (en) | Access substrate node and method for forwarding data by using access substrate node | |
| JP2022507436A (en) | Data center traffic sharing methods, equipment, devices and storage media | |
| CN107659484A (en) | From the method, apparatus and system of vlan network access VXLAN networks | |
| CN114172865B (en) | IPv6 dual stack implementation method under cloud network | |
| CN115955456A (en) | IPv 6-based enterprise campus network and networking method | |
| CN108512737B (en) | Data center IP layer interconnection method and SDN controller | |
| CN117579314A (en) | Method, device, equipment and medium for high-speed access in cloud network fusion environment | |
| CN117201135B (en) | Service following method, device, computer equipment and storage medium | |
| CN112737933B (en) | Gateway system based on cloud scene and gateway communication method | |
| US20240291756A1 (en) | Specifying routes to enable layer-2 mobility in hybrid-cloud environments | |
| CN118555166A (en) | Cross-resource-pool two-layer intercommunication method and device in cloud network | |
| CN114125596A (en) | PON-SDWAN intelligent terminal normalization control method and device | |
| CN115334108A (en) | Fusion deployment system of financial industry IDC |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |