CN117596043A - SDN-based tenant RoCE queue management method, equipment and medium - Google Patents
SDN-based tenant RoCE queue management method, equipment and medium Download PDFInfo
- Publication number
- CN117596043A CN117596043A CN202311561528.1A CN202311561528A CN117596043A CN 117596043 A CN117596043 A CN 117596043A CN 202311561528 A CN202311561528 A CN 202311561528A CN 117596043 A CN117596043 A CN 117596043A
- Authority
- CN
- China
- Prior art keywords
- roce
- tenant
- service
- switch
- configuration information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 70
- 238000000034 method Methods 0.000 claims abstract description 28
- 239000002071 nanotube Substances 0.000 claims abstract description 26
- 238000003860 storage Methods 0.000 claims description 14
- 230000002452 interceptive effect Effects 0.000 claims description 7
- 230000001960 triggered effect Effects 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000000835 fiber Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000010076 replication Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0895—Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The application discloses a tenant RoCE queue management method, equipment and medium based on SDN, and belongs to the technical field of software defined networks. The method comprises the following steps: performing nano-tube on the switch to be nano-tube through the SDN controller; creating a tenant to be applied in an SDN controller based on the service requirement to be applied, and determining RoCE service configuration information of the tenant to be applied; constructing a certificate file corresponding to the tenant to be applied through the SDN controller based on the RoCE service configuration information, and sending the certificate file to a corresponding RoCE service switch; analyzing the certificate file, and configuring the RoCE service switch based on the RoCE service configuration information contained in the certificate file so as to realize issuing of the RoCE service of the tenant to be applied. According to the method, when a plurality of tenants use the RoCE related service, service traffic among the tenants is isolated from each other and is not affected with each other.
Description
Technical Field
The present disclosure relates to the field of software defined networking technologies, and in particular, to a method, an apparatus, and a medium for managing a RoCE queue of a tenant based on SDN.
Background
With the continuous change of network technology in recent years, the network demand is increasing, and the storage network in the data center does not only use a mesh Channel (fiber Channel) or other IP-SAN modes to transmit storage traffic, and the RoCE (RDMA over Converged Ethernet) technology has the characteristics of zero replication, high-efficiency transmission, cost saving and the like, so that the network is a mainstream storage traffic bearing mode in the data center soon. In addition, the RoCE provides a lossless network foundation for storing traffic, solves the problems of delay, CPU consumption and the like existing in the original TCP mode, and in order to achieve the characteristics, the RoCE is matched with a switch forwarding chip, introduces Priority-based traffic control PFC (Priority-based Flow Control) to perform 2-layer network traffic control, and reduces the packet loss phenomenon in a lossy network or the congestion propagation phenomenon in the lossless network through explicit congestion control ECN (Explicit Congestion Notification).
In a data center, there is a multi-tenant concept, that is, a user obtains internal resources of the data center for providing service leasing services externally through leasing, purchasing and other modes, and uses physical or virtual resources thereof. For multiple tenants, security and privacy among the tenants are important points to be considered by operation and maintenance personnel of a data center, and when a plurality of tenants use the RoCE related service, how to separate service traffic among the tenants without affecting each other becomes a problem to be solved urgently.
Disclosure of Invention
The embodiment of the application provides a tenant RoCE queue management method, equipment and medium based on SDN, which are used for solving the following technical problems: when there are multiple tenants using the RoCE related services, how to isolate inter-tenant traffic from each other and not to affect each other.
In a first aspect, an embodiment of the present application provides an SDN-based tenant RoCE queue management method, where the method includes: performing nano-tube on the switch to be nano-tube through the SDN controller; creating a tenant to be applied in an SDN controller based on the service requirement to be applied, and determining RoCE service configuration information of the tenant to be applied; constructing a certificate file corresponding to the tenant to be applied through the SDN controller based on the RoCE service configuration information, and sending the certificate file to a corresponding RoCE service switch; analyzing the certificate file, and configuring the RoCE service switch based on the RoCE service configuration information contained in the certificate file so as to realize issuing of the RoCE service of the tenant to be applied.
In one implementation of the present application, before the performing, by the SDN controller, the nanotube switch on the to-be-nanotube, the method further includes: acquiring management information of a switch to be managed; constructing a physical link and a management network of a switch to be managed and an SDN controller; and initializing and configuring the to-be-managed switch so that the SDN controller can be connected with the to-be-managed switch through a preset network management protocol.
In one implementation manner of the present application, performing, by an SDN controller, a nanotube treatment on a nanotube switch, specifically includes: accessing a front-end interactive interface of the SDN controller, and inputting management information of the switch to be managed into the front-end interactive interface; under the condition that a connection verification control preset by a front-end interaction interface is triggered, the SDN controller is connected with the standby network management switch through a preset network management protocol based on management information, and under the condition that connection success is determined, the management information is stored in a database of the standby network management switch.
In one implementation manner of the present application, creating a tenant to be applied in an SDN controller based on a service requirement to be applied, and determining RoCE service configuration information of the tenant to be applied, specifically including: based on the service requirement to be applied, configuring service management information required by the tenant to be applied; wherein, the service management information includes: available switches, available IP, number of available network entries, user rights; determining whether the tenant to be applied applies the RoCE network service, and determining the RoCE service configuration information of the tenant to be applied under the condition that the tenant to be applied applies the RoCE network service; the RoCE service configuration information includes: the RoCE network may use IP, belonging queues, PFC waterline, and ECN waterline.
In one implementation manner of the present application, based on RoCE service configuration information, a certificate file corresponding to a tenant to be applied is constructed by an SDN controller, which specifically includes: based on a preset encryption private key, the SDN controller encrypts the RoCE service configuration information through a preset key tool, and stores the encrypted RoCE service configuration information in a lic format certificate file; wherein the certificate file is named to generate a time.
In one implementation manner of the present application, sending the certificate file to the corresponding RoCE service switch specifically includes: and the SDN controller sends the certificate file to a designated directory of the corresponding RoCE service switch in an ftp mode.
In one implementation manner of the present application, resolving the certificate file specifically includes: decrypting the certificate file based on a private key of a preset switch version in the RoCE service switch to obtain RoCE service configuration information; the RoCE service switch cannot directly view the RoCE service configuration information through the command line.
In one implementation of the present application, the management information includes: managing network IP, managing user name and password, and managing protocol related configuration; the network management protocol is an SSH network management protocol or an SNMP network management protocol.
In a second aspect, an embodiment of the present application further provides an SDN-based tenant RoCE queue management device, where the device includes: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executable by the at least one processor to enable the at least one processor to: performing nano-tube on the switch to be nano-tube through the SDN controller; creating a tenant to be applied in an SDN controller based on the service requirement to be applied, and determining RoCE service configuration information of the tenant to be applied; constructing a certificate file corresponding to the tenant to be applied through the SDN controller based on the RoCE service configuration information, and sending the certificate file to a corresponding RoCE service switch; analyzing the certificate file, and configuring the RoCE service switch based on the RoCE service configuration information contained in the certificate file so as to realize issuing of the RoCE service of the tenant to be applied.
In a third aspect, an embodiment of the present application further provides a non-volatile computer storage medium for managing a RoCE queue of a tenant based on SDN, storing computer executable instructions, where the computer executable instructions are configured to: performing nano-tube on the switch to be nano-tube through the SDN controller; creating a tenant to be applied in an SDN controller based on the service requirement to be applied, and determining RoCE service configuration information of the tenant to be applied; constructing a certificate file corresponding to the tenant to be applied through the SDN controller based on the RoCE service configuration information, and sending the certificate file to a corresponding RoCE service switch; analyzing the certificate file, and configuring the RoCE service switch based on the RoCE service configuration information contained in the certificate file so as to realize issuing of the RoCE service of the tenant to be applied.
According to the tenant RoCE queue management method, device and medium based on SDN, when a RoCE related service is provided for a plurality of tenants in a data center, the method, device and medium are matched with a tenant management function brought by an SDN controller, so that resources among the tenants are isolated from each other, and an automatic configuration issuing function of the RoCE service is provided for the tenants. Meanwhile, the SDN controller is used for generating and distributing the encrypted RoCE configuration information file to the specific switch, and the security and privacy of the operation and maintenance of the data center are enhanced by matching with the protection function of the switch on the configuration information file, so that the information security of the tenant is ensured.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
fig. 1 is a flowchart of a tenant RoCE queue management method based on SDN provided in an embodiment of the present application;
fig. 2 is an internal structure schematic diagram of a tenant RoCE queue management device based on SDN provided in an embodiment of the present application.
Detailed Description
For the purposes, technical solutions and advantages of the present application, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The embodiment of the application provides a tenant RoCE queue management method, equipment and medium based on SDN, which are used for solving the following technical problems: when there are multiple tenants using the RoCE related services, how to isolate inter-tenant traffic from each other and not to affect each other.
The following describes in detail the technical solution proposed in the embodiments of the present application through the accompanying drawings.
Fig. 1 is a flowchart of a tenant RoCE queue management method based on SDN provided in an embodiment of the present application. As shown in fig. 1, the method for managing a RoCE queue of a tenant based on SDN provided in the embodiment of the present application specifically includes the following steps:
step 101, performing nano-tube treatment on the switch to be nano-tube through the SDN controller.
In one embodiment of the present application, to implement an SDN-based tenant RoCE queue management method, after a nanotube switch is managed by an SDN controller, a nanotube preparation work needs to be completed first.
Specifically, acquiring management information of a to-be-managed switch; then, building a physical link and a management network of the switch to be managed and the SDN controller; and finally, initializing and configuring the to-be-managed switch so that the SDN controller can be connected with the to-be-managed switch through a preset network management protocol.
It should be noted that, the management information in the present application includes: managing network IP, managing user name and password, and managing protocol related configuration; the network management protocol is an SSH network management protocol or an SNMP network management protocol.
Further, the switch to be managed is managed by the SDN controller.
Specifically, accessing a front-end interactive interface of the SDN controller, and inputting management information of the switch to be managed into the front-end interactive interface; under the condition that a connection verification control preset by a front-end interaction interface is triggered, the SDN controller is connected with the standby network management switch through a preset network management protocol based on management information, and under the condition that connection success is determined, the management information is stored in a database of the standby network management switch.
It should be noted that, in the subsequent use process, the SDN controller uses the stored management information, and uses a preset network management protocol to the to-be-managed switch to enable the FTP related function, so as to transfer the tenant certificate file created in the SDN controller by the operation and maintenance personnel.
Step 102, creating a tenant to be applied in the SDN controller based on the service requirement to be applied, and determining RoCE service configuration information of the tenant to be applied.
In one embodiment of the present application, after a to-be-managed switch is managed by an SDN controller, creating a tenant to be applied in the SDN controller based on a service requirement to be applied, and determining RoCE service configuration information of the tenant to be applied.
Specifically, service management information required by the tenant to be applied is configured based on the service requirement to be applied; wherein, the service management information includes: available switches, available IP, number of available network entries, user rights; determining whether the tenant to be applied applies the RoCE network service, and determining the RoCE service configuration information of the tenant to be applied under the condition that the tenant to be applied applies the RoCE network service; the RoCE service configuration information includes: the RoCE network may use IP, belonging queues, PFC waterline, and ECN waterline.
It should be noted that, the RoCE network available IP is a service IP range that the tenant to be applied can allow to use in the RoCE network service, that is, the actual user can only use the IP within the given range of the tenant to be applied. The queue is a forwarding chip matched with the RoCE service switch, 8 queues are provided in the inlet direction, lossless forwarding is realized by introducing various flow control mechanisms, and the queue is a queue available in the actual networking of the tenant to be applied. The PFC waterline and the ECN waterline are triggering waterlines of Priority-based flow control PFC (Priority-based Flow Control) and explicit congestion control ECN (Explicit Congestion Notification) in the RoCE network, that is, according to the waterline parameter setting, whether the corresponding queue congestion degree of the current RoCE network needs to regulate and control the flow is judged.
Step 103, based on the RoCE service configuration information, constructing a certificate file corresponding to the tenant to be applied through the SDN controller, and sending the certificate file to the corresponding RoCE service switch.
In one embodiment of the present application, after determining the RoCE service configuration information of the tenant to be applied, a certificate file corresponding to the tenant to be applied is constructed by the SDN controller based on the RoCE service configuration information.
Specifically, based on a preset encryption private key, the SDN controller encrypts the RoCE service configuration information through a preset key tool, and stores the encrypted RoCE service configuration information in a lic format certificate file; wherein the certificate file is named to generate a time.
Further, the certificate file is sent to the corresponding RoCE service switch.
Specifically, the SDN controller sends the certificate file to a designated directory of the corresponding RoCE service switch in an ftp manner.
Step 104, analyzing the certificate file, and configuring the RoCE service switch based on the RoCE service configuration information contained in the certificate file, so as to realize issuing of the RoCE service of the tenant to be applied.
In one embodiment of the present application, the certificate file is parsed after being sent to the corresponding RoCE service switch.
Specifically, the certificate file is decrypted based on a private key of a preset switch version in the RoCE service switch, so as to obtain RoCE service configuration information.
It should be noted that, in consideration of security of tenant information to be applied, the decrypted RoCE service configuration information cannot be directly checked through a command line in the RoCE service switch, only the name of lic and the name of the corresponding tenant cannot be directly checked, the corresponding RoCE service configuration information of lic cannot be directly checked, and information confidentiality carried in lic is ensured.
The foregoing is a method embodiment presented herein. Based on the same inventive concept, the embodiment of the application also provides a tenant RoCE queue management device based on SDN, and the structure of the tenant RoCE queue management device is shown in fig. 2.
Fig. 2 is an internal structure schematic diagram of a tenant RoCE queue management device based on SDN provided in an embodiment of the present application. As shown in fig. 2, the apparatus includes:
at least one processor 201;
and a memory 202 communicatively coupled to the at least one processor;
wherein the memory 202 stores instructions executable by the at least one processor, the instructions being executable by the at least one processor 201 to enable the at least one processor 201 to:
performing nano-tube on the switch to be nano-tube through the SDN controller;
creating a tenant to be applied in an SDN controller based on the service requirement to be applied, and determining RoCE service configuration information of the tenant to be applied;
constructing a certificate file corresponding to the tenant to be applied through the SDN controller based on the RoCE service configuration information, and sending the certificate file to a corresponding RoCE service switch;
analyzing the certificate file, and configuring the RoCE service switch based on the RoCE service configuration information contained in the certificate file so as to realize issuing of the RoCE service of the tenant to be applied.
Some embodiments of the present application provide a non-volatile computer storage medium corresponding to SDN-based tenant RoCE queue management of fig. 1, storing computer-executable instructions configured to:
performing nano-tube on the switch to be nano-tube through the SDN controller;
creating a tenant to be applied in an SDN controller based on the service requirement to be applied, and determining RoCE service configuration information of the tenant to be applied;
constructing a certificate file corresponding to the tenant to be applied through the SDN controller based on the RoCE service configuration information, and sending the certificate file to a corresponding RoCE service switch;
analyzing the certificate file, and configuring the RoCE service switch based on the RoCE service configuration information contained in the certificate file so as to realize issuing of the RoCE service of the tenant to be applied.
All embodiments in the application are described in a progressive manner, and identical and similar parts of all embodiments are mutually referred, so that each embodiment mainly describes differences from other embodiments. In particular, for the internet of things device and the medium embodiment, since they are substantially similar to the method embodiment, the description is relatively simple, and the relevant points are referred to in the description of the method embodiment.
The systems and media and the methods provided in the embodiments of the present application are in one-to-one correspondence, so that the systems and media also have similar beneficial technical effects to the corresponding methods, and since the beneficial technical effects of the methods have been described in detail above, the beneficial technical effects of the systems and media are not described here again.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.
Claims (10)
1. A method for managing a RoCE queue of a tenant based on SDN, the method comprising:
performing nano-tube on the switch to be nano-tube through the SDN controller;
creating a tenant to be applied in the SDN controller based on the service requirement to be applied, and determining the RoCE service configuration information of the tenant to be applied;
based on the RoCE service configuration information, constructing a certificate file corresponding to the tenant to be applied through the SDN controller, and sending the certificate file to a corresponding RoCE service switch;
analyzing the certificate file, and configuring the RoCE service switch based on the RoCE service configuration information contained in the certificate file so as to realize issuing of the RoCE service of the tenant to be applied.
2. The SDN-based tenant RoCE queue management method of claim 1, wherein prior to hosting a managed switch by an SDN controller, the method further comprises:
acquiring management information of the switch to be managed;
building a physical link and a management network of the switch to be managed and the SDN controller;
and initializing and configuring the switch to be received so that the SDN controller can be connected with the switch to be received through a preset network management protocol.
3. The SDN-based tenant RoCE queue management method of claim 1, wherein the means for hosting the switch to be hosted by the SDN controller specifically comprises:
accessing a front-end interactive interface of the SDN controller, and inputting management information of the switch to be received into the front-end interactive interface;
and under the condition that a connection verification control preset by the front-end interactive interface is triggered, the SDN controller is connected with the switch to be managed through a preset network management protocol based on the management information, and under the condition that the connection is determined to be successful, the management information is stored in a database of the switch to be managed.
4. The method for managing a RoCE queue of a tenant based on SDN of claim 1, wherein creating a tenant to be applied in the SDN controller based on a service requirement to be applied and determining RoCE service configuration information of the tenant to be applied specifically includes:
based on the service requirement to be applied, configuring service management information required by the tenant to be applied; wherein the service management information includes: available switches, available IP, number of available network entries, user rights;
determining whether the tenant to be applied applies the RoCE network service, and determining RoCE service configuration information of the tenant to be applied under the condition that the tenant to be applied applies the RoCE network service; wherein, the RoCE service configuration information includes: the RoCE network may use IP, belonging queues, PFC waterline, and ECN waterline.
5. The SDN-based tenant RoCE queue management method of claim 1, wherein constructing, by the SDN controller, a certificate file corresponding to the tenant to be applied based on the RoCE service configuration information specifically includes:
based on a preset encryption private key, the SDN controller encrypts the RoCE service configuration information through a preset key tool, and stores the encrypted RoCE service configuration information in a lic format certificate file; wherein the certificate file is named in order to generate a time.
6. The SDN-based tenant RoCE queue management method of claim 1, wherein sending the certificate file to a corresponding RoCE service switch specifically includes:
and the SDN controller sends the certificate file to a designated directory of a corresponding RoCE service switch in an ftp mode.
7. The SDN-based tenant RoCE queue management method of claim 1, wherein parsing the credential file specifically comprises:
decrypting the certificate file based on a private key of a preset switch version in the RoCE service switch to obtain the RoCE service configuration information;
the RoCE service switch cannot directly view the RoCE service configuration information through a command line.
8. The SDN-based tenant RoCE queue management method of claim 3, wherein the management information comprises: managing network IP, managing user name and password, and managing protocol related configuration; the network management protocol is SSH network management protocol or SNMP network management protocol.
9. An SDN-based tenant RoCE queue management device, the device comprising:
at least one processor;
and a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to:
performing nano-tube on the switch to be nano-tube through the SDN controller;
creating a tenant to be applied in the SDN controller based on the service requirement to be applied, and determining the RoCE service configuration information of the tenant to be applied;
based on the RoCE service configuration information, constructing a certificate file corresponding to the tenant to be applied through the SDN controller, and sending the certificate file to a corresponding RoCE service switch;
analyzing the certificate file, and configuring the RoCE service switch based on the RoCE service configuration information contained in the certificate file so as to realize issuing of the RoCE service of the tenant to be applied.
10. A non-volatile computer storage medium storing computer executable instructions for SDN-based tenant RoCE queue management, the computer executable instructions configured to:
performing nano-tube on the switch to be nano-tube through the SDN controller;
creating a tenant to be applied in the SDN controller based on the service requirement to be applied, and determining the RoCE service configuration information of the tenant to be applied;
based on the RoCE service configuration information, constructing a certificate file corresponding to the tenant to be applied through the SDN controller, and sending the certificate file to a corresponding RoCE service switch;
analyzing the certificate file, and configuring the RoCE service switch based on the RoCE service configuration information contained in the certificate file so as to realize issuing of the RoCE service of the tenant to be applied.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311561528.1A CN117596043A (en) | 2023-11-21 | 2023-11-21 | SDN-based tenant RoCE queue management method, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311561528.1A CN117596043A (en) | 2023-11-21 | 2023-11-21 | SDN-based tenant RoCE queue management method, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117596043A true CN117596043A (en) | 2024-02-23 |
Family
ID=89919449
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311561528.1A Pending CN117596043A (en) | 2023-11-21 | 2023-11-21 | SDN-based tenant RoCE queue management method, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117596043A (en) |
-
2023
- 2023-11-21 CN CN202311561528.1A patent/CN117596043A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2018095416A1 (en) | Information processing method, device and system | |
| US10659441B2 (en) | Dynamically managing, from a centralized service, valid cipher suites allowed for secured sessions | |
| WO2021115449A1 (en) | Cross-domain access system, method and device, storage medium, and electronic device | |
| US8856317B2 (en) | Secure data transfer in a virtual environment | |
| US20210185039A1 (en) | Information synchronization method, authentication method, and apparatus | |
| US20200374127A1 (en) | Blockchain-powered cloud management system | |
| WO2018058579A1 (en) | Method for managing network slice and management unit | |
| CN110971626B (en) | Enterprise branch office access request processing method, device and system | |
| EP2965465B1 (en) | Handling of digital certificates | |
| US20130042106A1 (en) | Security Management In A Group Based Environment | |
| US10944646B2 (en) | Enabling multiple provider software defined network programming using blockchain distributed ledgers | |
| US11134067B1 (en) | Token management in a managed directory service | |
| US20180115552A1 (en) | Methods, systems, and apparatuses of service provisioning for resource management in a constrained environment | |
| WO2023197942A1 (en) | Public cloud extension method, device, system and storage medium | |
| EP3288235B1 (en) | System and apparatus for enforcing a service level agreement (sla) in a cloud environment using digital signatures | |
| CN116746114A (en) | Secure data movement | |
| US20190229896A1 (en) | Lightweight cryptographic service for simplified key life-cycle management | |
| CN116886309A (en) | Slice security mapping method and system for intelligent identification network | |
| CN117596043A (en) | SDN-based tenant RoCE queue management method, equipment and medium | |
| CN108111461B (en) | Method, device, gateway and system for realizing virtual machine access management network | |
| JP2024501168A (en) | Secure memory sharing method | |
| JP2023551837A (en) | Authenticity evaluation of request source based on communication request | |
| WO2016082363A1 (en) | User data management method and apparatus | |
| KR20230027140A (en) | Distribution of encrypted data objects | |
| US20190149513A1 (en) | Packet transmission method, apparatus, and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |