TWI654856B - Network management system based on hybrid cloud platform - Google Patents

Network management system based on hybrid cloud platform

Info

Publication number
TWI654856B
TWI654856B TW105142079A TW105142079A TWI654856B TW I654856 B TWI654856 B TW I654856B TW 105142079 A TW105142079 A TW 105142079A TW 105142079 A TW105142079 A TW 105142079A TW I654856 B TWI654856 B TW I654856B
Authority
TW
Taiwan
Prior art keywords
cloud
private
subsystem
management system
public cloud
Prior art date
Application number
TW105142079A
Other languages
Chinese (zh)
Other versions
TW201729566A (en
Inventor
祖立軍
周雍愷
劉國寶
Original Assignee
中國銀聯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中國銀聯股份有限公司 filed Critical 中國銀聯股份有限公司
Publication of TW201729566A publication Critical patent/TW201729566A/en
Application granted granted Critical
Publication of TWI654856B publication Critical patent/TWI654856B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/131Protocols for games, networked simulations or virtual reality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本發明提出了基於混合雲平台的網路管理系統,其包括私有雲子系統和公有雲子系統,其中,所述私有雲子系統至少包括軟體定義控制器、私有雲物理交換機以及至少一個運行於物理機上的私有雲虛擬機器,所述公有雲子系統至少包括公有雲物理交換機、網路代理以及至少一個運行於物理機上的公有雲虛擬機器,所述私有雲子系統和公有雲子系統之間通過私人網路絡線路連接。本發明所公開的基於混合雲平台的網路管理系統易於操作和維護。 The present invention provides a hybrid cloud platform-based network management system including a private cloud subsystem and a public cloud subsystem, wherein the private cloud subsystem includes at least a software definition controller, a private cloud physical switch, and at least one running on a private cloud virtual machine on a physical machine, the public cloud subsystem including at least a public cloud physical switch, a network agent, and at least one public cloud virtual machine running on the physical machine, the private cloud subsystem and the public cloud subsystem Connected via a private network connection. The hybrid cloud platform-based network management system disclosed by the present invention is easy to operate and maintain.

Description

基於混合雲平台的網路管理系統 Network management system based on hybrid cloud platform

本發明涉及網路管理系統,更具體地,涉及基於混合雲平台的網路管理系統。 The present invention relates to a network management system, and more particularly to a hybrid cloud platform based network management system.

目前,隨著電腦和網路應用的日益廣泛以及不同領域的業務種類的日益豐富,針對包含私有雲子系統(即企業在自有資訊系統基礎之上建設的雲計算平台)和公有雲子系統(即由協力廠商)的混合雲平台的網路管理系統變得越來越重要。 At present, with the increasing popularity of computer and network applications and the growing variety of services in different fields, it is targeted at private cloud subsystems (that is, cloud computing platforms built on the basis of their own information systems) and public cloud subsystems. The network management system of the hybrid cloud platform (that is, by the third-party manufacturers) is becoming more and more important.

混合雲平台的優勢在於既具有私有雲所具有的安全性又具有公有雲所具有的良好的計算資源成本效益,因此獲得了廣泛的使用(例如,在金融領域中,電子支付的應用可以被劃分為兩部分,前端門戶頁面部分使用公有雲子系統提供的資源,而涉及重要資料的處理的後台交易部分使用自建設的私有雲子系統提供的資源)。現有的混合雲平台的技術方案典型地採用公有雲和私有雲之間的專線連接的方式實現公有雲的虛擬機器和私有雲的虛擬機器之間的資料通信,因此,例如,來自公有雲虛擬機器 的資料包通常需要經過公有雲物理交換機、公有雲防火牆、私人網路絡、私有雲防火牆以及私有雲物理交換機而到達私有雲虛擬機器。 The advantage of the hybrid cloud platform is that it has both the security of a private cloud and the good cost of computing resources of a public cloud, so it is widely used (for example, in the financial field, the application of electronic payment can be divided. In two parts, the front-end portal page portion uses the resources provided by the public cloud subsystem, while the back-end transaction portion that deals with the processing of important data uses the resources provided by the built-in private cloud subsystem). The existing hybrid cloud platform technical solution typically uses a dedicated line connection between the public cloud and the private cloud to implement data communication between the public cloud virtual machine and the private cloud virtual machine, and thus, for example, from a public cloud virtual machine. Packets typically need to reach a private cloud virtual machine via a public cloud physical switch, a public cloud firewall, a private network, a private cloud firewall, and a private cloud physical switch.

然而,上述現有的技術方案存在如下問題:在有新的公有雲的虛擬機器資源被動態產生後,由於無法控制公有雲的物理網路變更,故導致無法在新增的虛擬機器資源與私有雲的虛擬機器資源之間進行資料通信,即新增的虛擬機器資源無法與私有雲的虛擬機器資源連通。由此,為了使新增的虛擬機器資源無法與私有雲的虛擬機器資源能夠連通,需要對公有雲物理交換機、公有雲防火牆、私有雲防火牆以及私有雲物理交換機進行配置以使其包含新增的虛擬機器資源的位址資訊,從而導致操作繁瑣,系統效率較低。 However, the above existing technical solutions have the following problems: after the virtual machine resources with the new public cloud are dynamically generated, the physical network changes of the public cloud cannot be controlled, resulting in the inability to add virtual machine resources and private clouds. Data communication between the virtual machine resources, that is, the newly added virtual machine resources cannot communicate with the virtual machine resources of the private cloud. Therefore, in order to make the newly added virtual machine resources unable to communicate with the virtual machine resources of the private cloud, the public cloud physical switch, the public cloud firewall, the private cloud firewall, and the private cloud physical switch need to be configured to include new The address information of the virtual machine resources, resulting in cumbersome operations and low system efficiency.

因此,存在如下需求:提供易於操作和維護的基於混合雲平台的網路管理系統。 Therefore, there is a need to provide a hybrid cloud platform based network management system that is easy to operate and maintain.

為了解決上述現有技術方案所存在的問題,本發明提出了易於操作和維護的基於混合雲平台的網路管理系統。 In order to solve the problems of the above prior art solutions, the present invention proposes a network management system based on a hybrid cloud platform that is easy to operate and maintain.

本發明的目的是通過以下技術方案實現的:一種基於混合雲平台的網路管理系統,所述基於混合雲平台的網路管理系統包括私有雲子系統和公有雲子系統,其中,所述私有雲子系統至少包括軟體定義控制器、 私有雲物理交換機以及至少一個運行於物理機上的私有雲虛擬機器,所述公有雲子系統至少包括公有雲物理交換機、網路代理以及至少一個運行於物理機上的公有雲虛擬機器,所述私有雲子系統和公有雲子系統之間通過私人網路絡線路連接。 The object of the present invention is achieved by the following technical solutions: a hybrid cloud platform-based network management system, the hybrid cloud platform-based network management system includes a private cloud subsystem and a public cloud subsystem, wherein the private The cloud subsystem includes at least a software definition controller, a private cloud physical switch and at least one private cloud virtual machine running on the physical machine, the public cloud subsystem including at least a public cloud physical switch, a network proxy, and at least one public cloud virtual machine running on the physical machine, The private cloud subsystem and the public cloud subsystem are connected by a private network line.

在上面所公開的方案中,優選地,所述私有雲虛擬機器用於運行應用程式以處理來自公有雲子系統的請求資料包並向所述公有雲子系統返回指示對所述請求資料包的處理結果的回應資料包,所述公有雲虛擬機器用於運行應用程式以基於使用者指令發送所述請求資料包並處理來自私有雲子系統的回應資料包,所述網路代理用於接收來自所述公有雲虛擬機器的請求資料包並將其轉發至所述私有雲子系統,所述私有雲物理交換機用於在所述私用雲內路由所述請求資料包以及所述回應資料包,所述公有雲物理交換機用於在所述公用雲內路由所述請求資料包以及所述回應資料包,所述軟體定義控制器用於控制和管理所述私有雲物理交換機3以及所述網路代理。 In the solution disclosed above, preferably, the private cloud virtual machine is configured to run an application to process a request profile from the public cloud subsystem and return an indication to the public cloud subsystem to the request packet. Processing a response packet of the result, the public cloud virtual machine for running an application to send the request packet based on user instructions and processing a response packet from a private cloud subsystem, the network proxy for receiving from Requesting a data package of the public cloud virtual machine and forwarding it to the private cloud subsystem, the private cloud physical switch for routing the request data packet and the response data packet in the private cloud, The public cloud physical switch is configured to route the request data package and the response data package in the public cloud, where the software definition controller is used to control and manage the private cloud physical switch 3 and the network proxy .

在上面所公開的方案中,優選地,所述私有雲子系統進一步包括私有雲防火牆,以便在所述請求資料包進入所述私有雲物理交換機前被進行安全檢查。 In the solution disclosed above, preferably, the private cloud subsystem further includes a private cloud firewall to perform a security check before the request packet enters the private cloud physical switch.

在上面所公開的方案中,優選地,所述公有雲子系統進一步包括公有雲防火牆,以便在所述回應資料包進入所述公有雲物理交換機前被進行安全檢查。 In the solution disclosed above, preferably, the public cloud subsystem further includes a public cloud firewall to perform a security check before the response packet enters the public cloud physical switch.

在上面所公開的方案中,優選地,所述軟體 定義控制器至少通過如下操作控制和管理所述私有雲物理交換機以及所述網路代理:添加和/或修改和/或刪除網路路由;修改防火牆規則;發送針對流規則的控制命令。 In the solution disclosed above, preferably, the software The definition controller controls and manages the private cloud physical switch and the network proxy by at least: adding and/or modifying and/or deleting network routes; modifying firewall rules; and transmitting control commands for flow rules.

在上面所公開的方案中,優選地,所述至少一個公有雲虛擬機器中的每個均將意在發送至私有雲虛擬機器的請求資料包經由所述公有雲物理交換機發送至所述網路代理,其中,所述請求資料包包括目的私有雲虛擬機器的IP位址。 In the solution disclosed above, preferably, each of the at least one public cloud virtual machines sends a request packet intended to be sent to the private cloud virtual machine to the network via the public cloud physical switch. The proxy, wherein the request packet includes an IP address of the destination private cloud virtual machine.

在上面所公開的方案中,優選地,所述網路代理對接收到的請求資料包的進行重新封裝以將其自身的IP位址作為經修改的請求資料包的源IP位址,其中所述原始的請求資料包的全部內容被包含在所述經修改的請求資料包中,並且所述網路代理2隨之將所述經修改的請求資料包經由所述公有雲物理交換機4轉發至所述私有雲子系統。 In the solution disclosed above, preferably, the network proxy repackages the received request packet to use its own IP address as the source IP address of the modified request packet, where The entire contents of the original request package are included in the modified request package, and the network agent 2 then forwards the modified request package to the public cloud physical switch 4 via the public cloud physical switch 4 The private cloud subsystem.

在上面所公開的方案中,優選地,所述私有雲物理交換機在接收到所述經修改的請求資料包後將其路由到其目的地址欄位所指示的私有雲虛擬機器處。 In the solution disclosed above, preferably, the private cloud physical switch routes the modified request packet to the private cloud virtual machine indicated by its destination address field after receiving the modified request packet.

在上面所公開的方案中,優選地,在接收到來自所述公有雲子系統的回應資料包後,所述網路代理對其進行解析並將其轉發至發出與其對應的所述原始的請求資料包的公有雲虛擬機器。 In the solution disclosed above, preferably, after receiving the response packet from the public cloud subsystem, the network proxy parses it and forwards it to the original request corresponding thereto. The public cloud virtual machine of the data package.

在上面所公開的方案中,優選地,所述網路代理是被部署於公有雲虛擬機器之上的應用程式。 In the solution disclosed above, preferably, the network proxy is an application deployed on a public cloud virtual machine.

在上面所公開的方案中,優選地,所述網路代理具有用於接收控制命令的管理資料介面和用於收發業務資料的業務資料介面,以將控制資料流程和業務資料流程相分離。 In the solution disclosed above, preferably, the network proxy has a management data interface for receiving control commands and a business data interface for transmitting and receiving business data to separate the control data flow from the business data flow.

在上面所公開的方案中,優選地,所述網路代理能夠基於所接收的控制命令執行內部路由、QoS以及網路資料清洗功能。 In the solution disclosed above, preferably, the network proxy is capable of performing internal routing, QoS, and network data cleaning functions based on the received control commands.

在上面所公開的方案中,優選地,所述軟體定義控制器能夠通過控制和管理所述私有雲物理交換機3以及所述網路代理而實現特定的網路服務的開通與關閉。 In the solution disclosed above, preferably, the software definition controller is capable of enabling the opening and closing of a specific network service by controlling and managing the private cloud physical switch 3 and the network proxy.

本發明所公開的基於混合雲平台的網路管理系統具有下列優點:由於網路代理的IP位址固定,故在有新的公有雲的虛擬機器資源被動態產生後,無需對公有雲的物理網路配置進行變更,從而易於操作和維護,並能顯著地提高系統效率。 The network management system based on the hybrid cloud platform disclosed by the invention has the following advantages: since the IP address of the network proxy is fixed, after the virtual machine resource with the new public cloud is dynamically generated, the physical of the public cloud is not needed. Network configuration changes make it easy to operate and maintain, and significantly increase system efficiency.

1‧‧‧軟體定義控制器 1‧‧‧Software Definition Controller

2‧‧‧網路代理 2‧‧‧Network Agent

3‧‧‧私有雲物理交換機 3‧‧‧Private Cloud Physical Switch

4‧‧‧公有雲物理交換機 4‧‧‧ public cloud physical switch

5‧‧‧私有雲虛擬機器 5‧‧‧Private Cloud Virtual Machine

6‧‧‧公有雲虛擬機器 6‧‧‧public cloud virtual machine

結合附圖,本發明的技術特徵以及優點將會被本領域技術人員更好地理解,其中:圖1是根據本發明的實施例的基於混合雲平台的網路管理系統的示意性結構圖。 The technical features and advantages of the present invention will be better understood by those skilled in the art, in which: FIG. 1 is a schematic structural diagram of a hybrid cloud platform-based network management system according to an embodiment of the present invention.

圖1是根據本發明的實施例的基於混合雲平台的網路管理系統的示意性結構圖。如圖1所示,本發明所公開的基於混合雲平台的網路管理系統包括私有雲子系統和公有雲子系統,其中,所述私有雲子系統至少包括軟體定義控制器1、私有雲物理交換機3以及至少一個運行於物理機上的私有雲虛擬機器5,所述公有雲子系統至少包括公有雲物理交換機4、網路代理2以及至少一個運行於物理機上的公有雲虛擬機器6,所述私有雲子系統和公有雲子系統之間通過私人網路絡線路連接。 1 is a schematic structural diagram of a hybrid cloud platform based network management system in accordance with an embodiment of the present invention. As shown in FIG. 1 , the hybrid cloud platform-based network management system disclosed by the present invention includes a private cloud subsystem and a public cloud subsystem, wherein the private cloud subsystem includes at least a software definition controller and a private cloud physics. a switch 3 and at least one private cloud virtual machine 5 running on the physical machine, the public cloud subsystem comprising at least a public cloud physical switch 4, a network proxy 2, and at least one public cloud virtual machine 6 running on the physical machine. The private cloud subsystem and the public cloud subsystem are connected by a private network line.

優選地,在本發明所公開的基於混合雲平台的網路管理系統中,所述私有雲虛擬機器5用於運行應用程式以處理來自公有雲子系統的請求資料包並向所述公有雲子系統返回指示對所述請求資料包的處理結果的回應資料包。所述公有雲虛擬機器6用於運行應用程式以基於使用者指令發送所述請求資料包(例如,金融領域中的交易請求)並處理來自私有雲子系統的回應資料包。所述網路代理2用於接收來自所述公有雲虛擬機器6的請求資料包並將其轉發至所述私有雲子系統。所述私有雲物理交換機3用於在所述私用雲內路由所述請求資料包以及所述回應資料包。所述公有雲物理交換機4用於在所述公用雲內路由所述請求資料包以及所述回應資料包。所述軟體定義控制器1用於控制和管理所述私有雲物理交換機3以及所述網路代理2。 Preferably, in the hybrid cloud platform-based network management system disclosed by the present invention, the private cloud virtual machine 5 is configured to run an application to process a request packet from the public cloud subsystem and to the public cloud. The system returns a response packet indicating the processing result of the request packet. The public cloud virtual machine 6 is configured to run an application to send the request profile (eg, a transaction request in a financial domain) based on user instructions and process a response packet from a private cloud subsystem. The network proxy 2 is configured to receive a request profile from the public cloud virtual machine 6 and forward it to the private cloud subsystem. The private cloud physical switch 3 is configured to route the request data packet and the response data packet in the private cloud. The public cloud physical switch 4 is configured to route the request data packet and the response data packet in the public cloud. The software definition controller 1 is used to control and manage the private cloud physical switch 3 and the network proxy 2.

優選地,在本發明所公開的基於混合雲平台 的網路管理系統中,所述私有雲子系統進一步包括私有雲防火牆,以便在所述請求資料包進入所述私有雲物理交換機3前被進行安全檢查。 Preferably, the hybrid cloud platform is disclosed in the present invention. In the network management system, the private cloud subsystem further includes a private cloud firewall to perform security check before the request packet enters the private cloud physical switch 3.

優選地,在本發明所公開的基於混合雲平台的網路管理系統中,所述公有雲子系統進一步包括公有雲防火牆,以便在所述回應資料包進入所述公有雲物理交換機3前被進行安全檢查。 Preferably, in the hybrid cloud platform-based network management system disclosed by the present invention, the public cloud subsystem further includes a public cloud firewall to be performed before the response packet enters the public cloud physical switch 3. Security check.

優選地,在本發明所公開的基於混合雲平台的網路管理系統中,所述軟體定義控制器1至少通過如下操作控制和管理所述私有雲物理交換機3以及所述網路代理2:添加和/或修改和/或刪除網路路由;修改防火牆規則;發送針對流規則的控制命令。 Preferably, in the hybrid cloud platform-based network management system disclosed by the present invention, the software definition controller 1 controls and manages the private cloud physical switch 3 and the network proxy 2 by adding at least the following operations: adding And/or modify and/or delete network routes; modify firewall rules; send control commands for flow rules.

優選地,在本發明所公開的基於混合雲平台的網路管理系統中,所述至少一個公有雲虛擬機器6中的每個均將意在發送至私有雲虛擬機器5的請求資料包經由所述公有雲物理交換機4發送至所述網路代理2,其中,所述請求資料包包括目的私有雲虛擬機器的IP位址。 Preferably, in the hybrid cloud platform-based network management system disclosed in the present invention, each of the at least one public cloud virtual machine 6 will request a request packet sent to the private cloud virtual machine 5 via the The public cloud physical switch 4 is sent to the network proxy 2, wherein the request packet includes an IP address of the destination private cloud virtual machine.

優選地,在本發明所公開的基於混合雲平台的網路管理系統中,所述網路代理2對接收到的請求資料包的進行重新封裝以將其自身的IP位址作為經修改的請求資料包的源IP位址,其中所述原始的請求資料包的全部內容被包含在所述經修改的請求資料包中,並且所述網路代理2隨之將所述經修改的請求資料包經由所述公有雲物理交換機4轉發至所述私有雲子系統。 Preferably, in the hybrid cloud platform-based network management system disclosed by the present invention, the network proxy 2 repackages the received request packet to use its own IP address as a modified request. a source IP address of the data packet, wherein the entire contents of the original request data package are included in the modified request data package, and the network agent 2 subsequently includes the modified request data package Forwarded to the private cloud subsystem via the public cloud physical switch 4.

優選地,在本發明所公開的基於混合雲平台的網路管理系統中,所述私有雲物理交換機3在接收到所述經修改的請求資料包後將其路由到其目的地址欄位所指示的私有雲虛擬機器5處。 Preferably, in the hybrid cloud platform-based network management system disclosed by the present invention, the private cloud physical switch 3 routes the modified request packet to its destination address field after receiving the modified request packet. Private cloud virtual machine 5 places.

優選地,在本發明所公開的基於混合雲平台的網路管理系統中,在接收到來自所述公有雲子系統的回應資料包後,所述網路代理2對其進行解析並將其轉發至發出與其對應的所述原始的請求資料包的公有雲虛擬機器6。 Preferably, in the hybrid cloud platform-based network management system disclosed by the present invention, after receiving the response data packet from the public cloud subsystem, the network proxy 2 parses and forwards the response data packet. To the public cloud virtual machine 6 that issues the original request packet corresponding thereto.

優選地,在本發明所公開的基於混合雲平台的網路管理系統中,所述網路代理2是被部署於公有雲虛擬機器之上的應用程式。 Preferably, in the hybrid cloud platform-based network management system disclosed in the present invention, the network proxy 2 is an application deployed on a public cloud virtual machine.

優選地,在本發明所公開的基於混合雲平台的網路管理系統中,所述網路代理2具有用於接收控制命令的管理資料介面和用於收發業務資料的業務資料介面,以將控制資料流程和業務資料流程相分離。 Preferably, in the hybrid cloud platform-based network management system disclosed by the present invention, the network proxy 2 has a management data interface for receiving control commands and a service data interface for transmitting and receiving service data to be controlled. The data flow is separated from the business data process.

優選地,在本發明所公開的基於混合雲平台的網路管理系統中,所述網路代理2能夠基於所接收的控制命令執行內部路由、QoS以及網路資料清洗功能。 Preferably, in the hybrid cloud platform-based network management system disclosed in the present invention, the network proxy 2 is capable of performing internal routing, QoS, and network data cleaning functions based on the received control commands.

優選地,在本發明所公開的基於混合雲平台的網路管理系統中,所述軟體定義控制器1能夠通過控制和管理所述私有雲物理交換機3以及所述網路代理2而實現特定的網路服務的開通與關閉。 Preferably, in the hybrid cloud platform-based network management system disclosed by the present invention, the software definition controller 1 can implement specific by controlling and managing the private cloud physical switch 3 and the network proxy 2. Network services are turned on and off.

由上可見,本發明所公開的基於混合雲平台 的網路管理系統具有下列優點:由於網路代理的IP位址固定,故在有新的公有雲的虛擬機器資源被動態產生後,無需對公有雲的物理網路配置進行變更,從而易於操作和維護,並能顯著地提高系統效率。 As can be seen from the above, the hybrid cloud platform disclosed by the present invention is The network management system has the following advantages: since the IP address of the network proxy is fixed, it is easy to operate without changing the physical network configuration of the public cloud after the virtual machine resource with the new public cloud is dynamically generated. And maintenance, and can significantly improve system efficiency.

儘管本發明是通過上述的優選實施方式進行描述的,但是其實現形式並不局限於上述的實施方式。應該認識到:在不脫離本發明主旨和範圍的情況下,本領域技術人員可以對本發明做出不同的變化和修改。 Although the invention has been described in terms of the preferred embodiments described above, the implementation forms are not limited to the embodiments described above. It will be appreciated that various changes and modifications can be made in the present invention without departing from the spirit and scope of the invention.

Claims (12)

一種基於混合雲平台的網路管理系統,所述基於混合雲平台的網路管理系統包括私有雲子系統和公有雲子系統,其中,所述私有雲子系統至少包括軟體定義控制器、私有雲物理交換機以及至少一個運行於物理機上的私有雲虛擬機器,所述公有雲子系統至少包括公有雲物理交換機、網路代理以及至少一個運行於物理機上的公有雲虛擬機器,所述私有雲子系統和公有雲子系統之間通過私人網路絡線路連接,其中,所述私有雲虛擬機器用於運行應用程式以處理來自公有雲子系統的請求資料包並向所述公有雲子系統返回指示對所述請求資料包的處理結果的回應資料包,所述公有雲虛擬機器用於運行應用程式以基於使用者指令發送所述請求資料包並處理來自私有雲子系統的回應資料包,所述網路代理用於接收來自所述公有雲虛擬機器的請求資料包並將其轉發至所述私有雲子系統,所述私有雲物理交換機用於在所述私用雲內路由所述請求資料包以及所述回應資料包,所述公有雲物理交換機用於在所述公用雲內路由所述請求資料包以及所述回應資料包,所述軟體定義控制器用於控制和管理所述私有雲物理交換機以及所述網路代理。 A hybrid cloud platform-based network management system includes a private cloud subsystem and a public cloud subsystem, wherein the private cloud subsystem includes at least a software definition controller and a private cloud. a physical switch and at least one private cloud virtual machine running on the physical machine, the public cloud subsystem including at least a public cloud physical switch, a network proxy, and at least one public cloud virtual machine running on the physical machine, the private cloud The subsystem and the public cloud subsystem are connected by a private network line, wherein the private cloud virtual machine is used to run an application to process the request packet from the public cloud subsystem and return to the public cloud subsystem a response packet indicating a processing result of the request packet, the public cloud virtual machine being configured to run an application to send the request packet based on a user instruction and process a response packet from a private cloud subsystem, The network proxy is configured to receive and forward the request packet from the public cloud virtual machine The private cloud subsystem, the private cloud physical switch is configured to route the request data packet and the response data packet in the private cloud, where the public cloud physical switch is used to route in the public cloud The request profile and the response profile, the software definition controller is configured to control and manage the private cloud physical switch and the network proxy. 根據請求項1所述的基於混合雲平台的網路管理系統,其中,所述私有雲子系統進一步包括私有雲防火牆,以便在所述請求資料包進入所述私有雲物理交換機前 被進行安全檢查。 The hybrid cloud platform-based network management system according to claim 1, wherein the private cloud subsystem further comprises a private cloud firewall, so that before the request packet enters the private cloud physical switch A security check was performed. 根據請求項2所述的基於混合雲平台的網路管理系統,其中,所述公有雲子系統進一步包括公有雲防火牆,以便在所述回應資料包進入所述公有雲物理交換機前被進行安全檢查。 The hybrid cloud platform-based network management system of claim 2, wherein the public cloud subsystem further comprises a public cloud firewall to perform security check before the response packet enters the public cloud physical switch . 根據請求項3所述的基於混合雲平台的網路管理系統,其中,所述軟體定義控制器至少通過如下操作控制和管理所述私有雲物理交換機以及所述網路代理:添加和/或修改和/或刪除網路路由;修改防火牆規則;發送針對流規則的控制命令。 The hybrid cloud platform-based network management system according to claim 3, wherein the software definition controller controls and manages the private cloud physical switch and the network proxy by at least: adding and/or modifying And/or delete network routes; modify firewall rules; send control commands for flow rules. 根據請求項4所述的基於混合雲平台的網路管理系統,其中,所述至少一個公有雲虛擬機器中的每個均將意在發送至私有雲虛擬機器的請求資料包經由所述公有雲物理交換機發送至所述網路代理,其中,所述請求資料包包括目的私有雲虛擬機器的IP位址。 A hybrid cloud platform-based network management system according to claim 4, wherein each of said at least one public cloud virtual machine transmits a request packet intended for transmission to a private cloud virtual machine via said public cloud The physical switch is sent to the network proxy, wherein the request packet includes an IP address of the destination private cloud virtual machine. 根據請求項5所述的基於混合雲平台的網路管理系統,其中,所述網路代理對接收到的請求資料包的進行重新封裝以將其自身的IP位址作為經修改的請求資料包的源IP位址,其中所述原始的請求資料包的全部內容被包含在所述經修改的請求資料包中,並且所述網路代理隨之將所述經修改的請求資料包經由所述公有雲物理交換機轉發至所述私有雲子系統。 The hybrid cloud platform-based network management system according to claim 5, wherein the network proxy repackages the received request packet to use its own IP address as the modified request packet. Source IP address, wherein the entire contents of the original request profile are included in the modified request profile, and the network proxy then passes the modified request profile via the The public cloud physical switch is forwarded to the private cloud subsystem. 根據請求項6所述的基於混合雲平台的網路管理系統,其中,所述私有雲物理交換機在接收到所述經修改 的請求資料包後將其路由到其目的地址欄位所指示的私有雲虛擬機器處。 The hybrid cloud platform-based network management system according to claim 6, wherein the private cloud physical switch receives the modified After requesting the package, it is routed to the private cloud virtual machine indicated by its destination address field. 根據請求項7所述的基於混合雲平台的網路管理系統,其中,在接收到來自所述公有雲子系統的回應資料包後,所述網路代理對其進行解析並將其轉發至發出與其對應的所述原始的請求資料包的公有雲虛擬機器。 The hybrid cloud platform-based network management system according to claim 7, wherein after receiving the response packet from the public cloud subsystem, the network proxy parses and forwards the packet to the issuing The public cloud virtual machine of the original request packet corresponding thereto. 根據請求項8所述的基於混合雲平台的網路管理系統,其中,所述網路代理是被部署於公有雲虛擬機器之上的應用程式。 The hybrid cloud platform-based network management system of claim 8, wherein the network proxy is an application deployed on a public cloud virtual machine. 根據請求項9所述的基於混合雲平台的網路管理系統,其中,所述網路代理具有用於接收控制命令的管理資料介面和用於收發業務資料的業務資料介面,以將控制資料流程和業務資料流程相分離。 The hybrid cloud platform-based network management system according to claim 9, wherein the network proxy has a management data interface for receiving control commands and a service data interface for transmitting and receiving service data, to control the data flow. Separated from the business data process. 根據請求項10所述的基於混合雲平台的網路管理系統,其中,所述網路代理能夠基於所接收的控制命令執行內部路由、QoS以及網路資料清洗功能。 The hybrid cloud platform-based network management system of claim 10, wherein the network agent is capable of performing internal routing, QoS, and network data cleaning functions based on the received control commands. 根據請求項11所述的基於混合雲平台的網路管理系統,其中,所述軟體定義控制器能夠通過控制和管理所述私有雲物理交換機以及所述網路代理而實現特定的網路服務的開通與關閉。 The hybrid cloud platform-based network management system according to claim 11, wherein the software definition controller is capable of implementing a specific network service by controlling and managing the private cloud physical switch and the network proxy Open and close.
TW105142079A 2015-12-30 2016-12-19 Network management system based on hybrid cloud platform TWI654856B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201511009521.4A CN105681075B (en) 2015-12-30 2015-12-30 Network Management System based on mixing cloud platform
??201511009521.4 2015-12-30

Publications (2)

Publication Number Publication Date
TW201729566A TW201729566A (en) 2017-08-16
TWI654856B true TWI654856B (en) 2019-03-21

Family

ID=56297739

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105142079A TWI654856B (en) 2015-12-30 2016-12-19 Network management system based on hybrid cloud platform

Country Status (3)

Country Link
CN (1) CN105681075B (en)
TW (1) TWI654856B (en)
WO (1) WO2017114286A1 (en)

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681075B (en) * 2015-12-30 2019-06-14 中国银联股份有限公司 Network Management System based on mixing cloud platform
CN106209823B (en) * 2016-07-08 2019-04-23 西安电子科技大学 A kind of lightweight file remote encryption method under mobile cloud computing environment
CN107959654B (en) * 2016-10-14 2020-09-25 北京金山云网络技术有限公司 Data transmission method and device and mixed cloud system
WO2018095416A1 (en) * 2016-11-24 2018-05-31 腾讯科技(深圳)有限公司 Information processing method, device and system
CN108111473B (en) * 2016-11-24 2020-11-13 腾讯科技(深圳)有限公司 Unified management method, device and system for hybrid cloud
CN106651724A (en) * 2017-01-03 2017-05-10 山东浪潮商用系统有限公司 Mixed cloud-based electronic tax bureau system
CN106936923B (en) * 2017-04-10 2020-10-09 北京德威特电气科技股份有限公司 Cloud control method, device and system of intelligent switch
CN107295008A (en) * 2017-08-01 2017-10-24 广东云下汇金科技有限公司 A kind of connection method for building up under enterprise's mixing cloud computing environment
CN107770277A (en) * 2017-10-30 2018-03-06 上海土木信息科技有限公司 Big data collaborative platform based on mixed cloud
CN110505187B (en) * 2018-05-18 2022-06-21 深信服科技股份有限公司 Security rule management method, system, server and storage medium in hybrid cloud
CN110557332B (en) * 2018-05-31 2022-05-06 阿里巴巴集团控股有限公司 Network construction method, system and routing equipment
CN111130975B (en) * 2018-11-01 2022-01-18 深信服科技股份有限公司 Hybrid cloud network intercommunication system and method
CN110493349B (en) * 2019-08-26 2022-01-21 中国建设银行股份有限公司 Mobile processing method and device for service
CN111371830B (en) * 2019-11-26 2022-09-30 中国长峰机电技术研究设计院 Intelligent cooperative cloud architecture based on data driving under fusion scene of ten thousand networks
CN111371746B (en) * 2020-02-21 2021-10-08 北京京东尚科信息技术有限公司 Operation and maintenance system and operation and maintenance method for batch private cloud
CN113630314B (en) * 2020-05-09 2022-09-16 北京金山云网络技术有限公司 Disaster recovery method and device for hybrid cloud private line access network
CN111857685A (en) * 2020-07-16 2020-10-30 武汉秒开网络科技有限公司 Method and system for self-service software customization and remote automatic test
CN112738250B (en) * 2020-12-30 2022-07-08 中国建设银行股份有限公司 Hybrid cloud interconnection special line management system
CN114155969B (en) * 2021-11-16 2022-10-18 医渡云(北京)技术有限公司 Medical data acquisition method and device, electronic equipment and storage medium
CN114301665B (en) * 2021-12-27 2024-07-30 山石网科通信技术股份有限公司 Data processing method and device
CN114189391B (en) * 2022-02-14 2022-04-29 浙江易天云网信息科技有限公司 Privacy data control and management method suitable for hybrid cloud

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9313048B2 (en) * 2012-04-04 2016-04-12 Cisco Technology, Inc. Location aware virtual service provisioning in a hybrid cloud environment
US9392050B2 (en) * 2013-03-15 2016-07-12 Cisco Technology, Inc. Automatic configuration of external services based upon network activity
CN104270467B (en) * 2014-10-24 2017-09-29 冯斌 A kind of virtual machine management-control method for mixed cloud
CN104902005A (en) * 2015-04-13 2015-09-09 中国联合网络通信集团有限公司 Method and system for resource scheduling in hybrid cloud, and private cloud
CN105681075B (en) * 2015-12-30 2019-06-14 中国银联股份有限公司 Network Management System based on mixing cloud platform

Also Published As

Publication number Publication date
CN105681075A (en) 2016-06-15
TW201729566A (en) 2017-08-16
WO2017114286A1 (en) 2017-07-06
CN105681075B (en) 2019-06-14

Similar Documents

Publication Publication Date Title
TWI654856B (en) Network management system based on hybrid cloud platform
US9413554B2 (en) Virtual network overlays
US11252063B2 (en) System and method for obtaining micro-service telemetry data
US9800502B2 (en) Quantized congestion notification for computing environments
US9819643B2 (en) CCN name patterns
CN106331206B (en) Domain name management method and device
EP3327994B1 (en) Virtual network management
US20160241669A1 (en) Temporal caching for icn
US20200328977A1 (en) Reactive approach to resource allocation for micro-services based infrastructure
RU2660635C2 (en) Method and apparatus for controlling service chain of service flow
EP3821589B1 (en) Session management in a forwarding plane
CN106789725B (en) Method, device and system for realizing traffic redirection
WO2015149343A1 (en) In-network message processing method, in-network message forwarding equipment and in-network message processing system
CN108141384A (en) The automatic arranging of LISP two mobility networks
KR102020049B1 (en) Switch and method for supporting QOS of Multi-Tenant Cloud Service and System having the same switch
CN103428252A (en) Method for cloud computing virtual machine migration, equipment and system
CN105283864A (en) Governing bare metal guests
CN108111461B (en) Method, device, gateway and system for realizing virtual machine access management network
CN111800340B (en) Data packet forwarding method and device
TW201517655A (en) Transmission path control device
CN105765903B (en) A kind of topology discovery method and equipment
WO2015117380A1 (en) Method, device and system for remote desktop protocol gateway to conduct routing and switching
CN104219146B (en) Method and apparatus based on ANCP label allocations in access net
KR20160083973A (en) Apparatus and Method for providing virtual infra service
WO2016091014A1 (en) Data exchange method and system based on edge virtual bridging, and storage medium