WO2016141749A1 - Port mapping implementation method and system for virtual machine, server and storage medium - Google Patents

Port mapping implementation method and system for virtual machine, server and storage medium Download PDF

Info

Publication number
WO2016141749A1
WO2016141749A1 PCT/CN2015/098201 CN2015098201W WO2016141749A1 WO 2016141749 A1 WO2016141749 A1 WO 2016141749A1 CN 2015098201 W CN2015098201 W CN 2015098201W WO 2016141749 A1 WO2016141749 A1 WO 2016141749A1
Authority
WO
WIPO (PCT)
Prior art keywords
port
virtual machine
server
mapping
security group
Prior art date
Application number
PCT/CN2015/098201
Other languages
French (fr)
Chinese (zh)
Inventor
刘磊
刘亮
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016141749A1 publication Critical patent/WO2016141749A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming

Definitions

  • the present invention relates to a related art for port mapping of a virtual machine in an Openstack cloud computing management platform, and in particular, to a method, a server, a system, and a storage medium for implementing virtual machine port mapping.
  • Openstack is an open source cloud platform management project jointly developed by NASA and Rackspace. It has been widely used in the construction of public and private clouds. Enterprises and individuals can quickly and easily deploy their own cloud computing environment using Openstack. .
  • multiple virtual hosts are virtualized on the basis of physical hosts through virtualization technology, and the resources are integrated and utilized through virtualization, and the private Internet protocol (IP, Internet Protocol) of the hosts in the local area network can be obtained through port mapping.
  • IP Internet Protocol
  • the address and the port are mapped to the public IP address of the NAT gateway and a free port of the Network Address Translation (NAT) gateway.
  • the NAT gateway records the port mapping rule, so that the host and the public network can communicate with each other.
  • the virtual machine When creating a virtual machine, the virtual machine is assigned a fixed IP and a floating IP.
  • the fixed IP is used for communication between the virtual machines
  • the floating IP is used for communication with the public network
  • the public network user wants to access the service of the virtual machine, If you assign a public network IP address to each virtual machine, the IP address will be wasted.
  • port mapping is performed on the VM, you need to manually add the port to the security group to open the port. However, this complicates the port mapping process of the virtual machine, resulting in waste of human resources.
  • embodiments of the present invention are expected to provide a method for implementing virtual machine port mapping.
  • the server, the system, and the storage medium can effectively save IP address resources, simplify the operation of virtual machine port mapping, and enhance the user experience.
  • the embodiment of the invention provides a method for implementing virtual machine port mapping, and the method includes:
  • the mapping port corresponding to the virtual machine open port is selected, and the open port information of the virtual machine and the mapping port information are added to the Default security group;
  • the port mapping request is used to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule.
  • the method further includes:
  • the default security group of the virtual machine is created, and the created default security group is associated with the virtual machine.
  • the default security group is named after the floating Internet Protocol IP of the virtual machine and the name of the virtual machine, and the first server determines that the default security group associated with the virtual machine that performs port mapping includes:
  • the first server searches for a security group named with the floating IP of the virtual machine and the virtual machine name in the security group associated with the virtual machine, and if yes, determines that the virtual machine has an associated default security group. .
  • the method further includes:
  • the first server deletes the port mapping of the virtual machine, the corresponding open port information in the default security group associated with the virtual machine is deleted at the same time;
  • the first server deletes the virtual machine
  • the default security group associated with the virtual machine is deleted, and the second server is notified to delete related information of the virtual machine.
  • the port mapping of the virtual machine by using the preset port mapping rule includes:
  • the second server maps the floating IP address of the virtual machine to its own IP address according to a preset port mapping rule, maps the open port to the mapped port, and configures the virtual machine in its own firewall. Port mapping rules.
  • mapping port corresponding to the open port of the virtual machine is selected:
  • the first server sets the port of the second server to be PORT_1 to PORT_n, and reads the maximum value PORT_max of the port number used by the second server stored in the database, and determines that the value of max is less than n, and selects the virtual machine.
  • the mapping port corresponding to the open port is PORT_(max+1); when it is determined that the value of max is not less than n, traverse all the ports of the second server, and determine that there is a port not included in the database, select one not
  • the port included in the database is a mapping port corresponding to the open port of the virtual machine; wherein the n and max are positive integers.
  • the embodiment of the present invention further provides a server, where the server includes: a processing module and a sending module;
  • the processing module is configured to determine a mapping port corresponding to the open port of the virtual machine when the virtual machine that performs the port mapping has an associated default security group, and the open port information of the virtual machine and the mapping port information Add to the default security group;
  • the sending module is configured to send a port mapping request of the virtual machine to the second server; the port mapping request is used to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule.
  • the processing module is further configured to: when the virtual machine does not have an associated default security group, create a default security group of the virtual machine, and associate the created default security group to the virtual machine.
  • the default security group is named after the floating IP of the virtual machine plus the name of the virtual machine;
  • the processing module is configured to search for a security group associated with the virtual machine.
  • a security group named with the floating IP of the virtual machine plus the virtual machine name, and if so, it is determined that the virtual machine has an associated default security group.
  • the server further includes a deletion module configured to delete the port mapping of the virtual machine, and simultaneously delete the corresponding open port information in the default security group associated with the virtual machine; and when deleting the virtual machine, The default security group associated with the virtual machine is deleted, and the second server is notified to delete related information of the virtual machine.
  • the processing module is configured to set the port of the second server to be PORT_1 to PORT_n, and read the maximum value PORT_max of the port number used by the second server stored in the database, and determine that the value of max is smaller than n, the mapping port corresponding to the open port of the virtual machine is selected as PORT_(max+1); when the value of max is determined to be not less than n, all the ports of the second server are traversed, and it is determined that the existence is not included in the database.
  • a port that is not included in the database is selected as a mapping port corresponding to the open port of the virtual machine; wherein n and max are positive integers.
  • An embodiment of the present invention further provides a system for implementing virtual machine port mapping, where the system includes: a first server and a second server;
  • the first server is configured to determine a mapping port corresponding to the open port of the virtual machine when the virtual machine that performs the port mapping has an associated default security group, and the open port information of the virtual machine and the mapping port Adding information to the default security group, and sending a port mapping request of the virtual machine to the second server;
  • the second server is configured to receive a port mapping request of the virtual machine sent by the first server, and perform port mapping on the virtual machine according to a preset port mapping rule.
  • the second server is configured to map the floating IP address of the virtual machine to its own IP address according to a preset port mapping rule, and map the open port to the mapping port, and
  • the port mapping rules of the virtual machine are configured in the firewall.
  • the embodiment of the invention further provides a computer storage medium, wherein the computer storage medium is stored There is stored a computer program configured to perform the above-described implementation of the virtual machine port mapping of the embodiment of the present invention.
  • the method for implementing the virtual machine port mapping, the server, the system, and the storage medium provided by the embodiment of the present invention.
  • the mapping corresponding to the open port of the virtual machine is selected. a port, and adding the open port information of the virtual machine and the mapping port information to the default security group; sending a port mapping request of the virtual machine to the second server; and the port mapping request is used to indicate the second
  • the server performs port mapping on the virtual machine according to a preset port mapping rule. In this way, the first server can automatically add the open port information of the virtual machine and the mapping port information to the default security group, which saves the trouble caused by manual addition in the prior art, and simplifies the operation of performing virtual machine port mapping. Improves the user experience.
  • FIG. 1 is a schematic flowchart of a method for implementing virtual machine port mapping according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a method for implementing virtual machine port mapping according to Embodiment 2 of the present invention
  • FIG. 3 is a schematic structural diagram of a server according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a system for implementing a virtual machine port mapping according to an embodiment of the present invention.
  • the mapping port corresponding to the open port of the virtual machine is selected, and the open port information of the virtual machine and the The mapping port information is added to the default security group, and the port mapping request of the virtual machine is sent to the second server; the second server receives the port mapping request sent by the first server, and the virtual port is configured according to a preset port mapping rule.
  • the machine performs port mapping.
  • FIG. 1 is a schematic flowchart of a method for implementing virtual machine port mapping according to an embodiment of the present invention. As shown in FIG. 1 , a method for implementing virtual machine port mapping according to an embodiment of the present invention includes:
  • Step 101 When the first server determines that the virtual machine that performs the port mapping has an associated default security group, the mapping port corresponding to the virtual machine open port is selected, and the open port information and the mapping port information of the virtual machine are added. To the default security group;
  • the first server is a server for managing the virtual machine, and may be a WEB server;
  • the first server further includes all the port mapping information about the virtual machine, such as a protocol name of the virtual machine. Add to the default security group.
  • the default security group of the virtual machine is created, and the floating IP of the virtual machine is added with the name of the virtual machine. Determining a default security group and associating the created default security group to the virtual machine; thus, naming the default security group with the floating IP of the virtual machine plus the name of the virtual machine, ensuring the default security group The uniqueness of the name; the default security group of the virtual machine is generated by the first server, and when the virtual machine is port mapped, the open port information of the virtual machine and the mapping port information and the like are automatically added to the default security. Group to implement the function of opening the virtual machine port.
  • the first server determines that the default security group associated with the virtual machine that performs port mapping includes:
  • the first server searches for a security group named with the floating IP of the virtual machine and the virtual machine name in the security group associated with the virtual machine, and if yes, determines that the virtual machine has an associated default security group. .
  • the selecting a mapping port corresponding to the open port of the virtual machine includes:
  • the first server selects an idle port of the second server as the mapping port corresponding to the virtual machine open port; the operation includes: the first server sets the port of the second server to be PORT_1 to PORT_n, and reads the database.
  • the stored second server has been used The maximum value of the port number PORT_max, when the value of max is less than n, the mapping port corresponding to the open port of the virtual machine is selected as PORT_(max+1); when the value of max is determined to be not less than n, the second server is traversed.
  • All ports are determined to have a port that is not included in the database, and a port that is not included in the database is selected as a mapping port corresponding to the virtual machine open port; wherein the n and max are positive An integer; here, when the first server reads the port number of the second server that has been stored in the database, if the port number included in the database is not found, PORT_1 is selected as the virtual machine.
  • an error message is sent to inform that the port mapping cannot be completed.
  • the method further includes: adding, by the first server, mapping port information corresponding to the open port of the virtual machine to the database; correspondingly, the database is configured to store the added by the first server
  • the port on which the second server has been used that is, the mapping port information corresponding to all the open ports of the virtual machine port mapped by the second server; the database may be stored on the second server or on other servers.
  • the first server reads the maximum value PORT_max of the port number used by the second server stored in the database, and locks the database to prevent the database from being accessed by multiple users at the same time. Cause conflicts.
  • the method further includes: when the first server deletes the port mapping of the virtual machine, deleting the corresponding open port information in the default security group associated with the virtual machine;
  • the first server deletes the virtual machine
  • the default security group associated with the virtual machine is deleted, and the second server is notified to delete related information of the virtual machine, where the related information of the virtual machine includes the Port mapping rules of the virtual machine configured by the second server, and the like.
  • Step 102 Send a port mapping request of the virtual machine to the second server.
  • the port mapping request includes: open port information of the virtual machine, mapping port information corresponding to the open port, a floating IP address of the virtual machine, and the like;
  • the second server is a server dedicated to port mapping the virtual machine, that is, IP address and port translation.
  • the port mapping request is used to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule
  • the port mapping of the virtual machine by the second server according to the preset port mapping rule includes:
  • the second server maps the floating IP address of the virtual machine corresponding to the open port to its own IP address according to a preset port mapping rule, maps the open port to the mapped port, and configures the virtual The port mapping rule of the machine; the second server can map the floating IP addresses of the multiple virtual machines to their own IP addresses, thereby avoiding the allocation of a public network IP address for each virtual machine in the prior art.
  • the IP address is wasted.
  • the second server includes three rules when configuring the port mapping rule of the virtual machine in the firewall: input (INPUT), network address translation (NAT), and source address translation (SNAT, Source). Network Address Translation, and the fault-tolerant processing is performed when the port mapping rule of the VM is configured. If any of the above three rules is added with an error, the remaining related rules are also deleted.
  • FIG. 2 is a schematic flowchart of a method for implementing virtual machine port mapping according to Embodiment 2 of the present invention; as shown in FIG. 2, the method for implementing virtual machine port mapping in the embodiment of the present invention includes:
  • Step 201 The first server determines whether there is an associated default security group for the port mapping virtual machine, if there is an execution step 202; if not, step 203;
  • the default security group is named after the floating IP of the virtual machine plus the name of the virtual machine, thus ensuring the uniqueness of the default security group name;
  • Determining, by the first server, that the virtual machine that performs port mapping has an associated default security package include:
  • the first server searches for a security group named with the floating IP of the virtual machine and the virtual machine name in the security group associated with the virtual machine, and if yes, determines that the virtual machine has an associated default security group. .
  • Step 202 The first server selects the mapping port corresponding to the virtual machine open port, and adds the open port information of the virtual machine and the mapping port information to the default security group, and step 204 is performed;
  • the selecting the mapping port corresponding to the open port of the virtual machine includes:
  • the first server selects an idle port of the second server as the mapping port corresponding to the virtual machine open port; the operation includes: the first server sets the port of the second server to be PORT_1 to PORT_n, and reads the database.
  • the stored maximum value of the port number of the second server is PORT_max, and when the value of max is determined to be less than n, the mapping port corresponding to the open port of the virtual machine is selected as PORT_(max+1); the value of max is determined.
  • n and max are both positive integers; here, when the first server reads the port number of the second server stored in the database that has been used, it is not found to be included in the database.
  • PORT_1 is selected as the mapping port corresponding to the open port of the virtual machine;
  • an error message is sent to inform that the port mapping cannot be completed.
  • the first server further includes all the port mapping information about the virtual machine, such as a protocol name of the virtual machine. Add to the default security group, thus implementing the open virtual The function of the machine port;
  • the database While the first server reads the maximum value PORT_max of the port number used by the second server stored in the database, the database is locked to prevent the database from being conflicted by multiple users at the same time.
  • Step 203 The first server creates a default security group of the virtual machine, and associates the created default security group to the virtual machine, and performs step 206;
  • the default security group is named by the floating IP of the virtual machine plus the name of the virtual machine;
  • the default security group of the virtual machine is generated by the first server, and the port information of the virtual machine is automatically added to the default security group to implement the function of opening the virtual machine port. .
  • Step 204 The first server sends a port mapping request of the virtual machine to the second server.
  • the port mapping request includes: open port information of the virtual machine, mapping port information corresponding to an open port of the virtual machine, a floating IP address of the virtual machine, and the like;
  • the port mapping request is used to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule.
  • Step 205 The second server receives the port mapping request, and performs port mapping on the virtual machine according to a preset port mapping rule.
  • the method includes: mapping, by the second server, the floating IP address of the virtual machine corresponding to the open port to its own IP address according to a preset port mapping rule, mapping the open port to the mapping port, and in the firewall
  • the port mapping rule of the virtual machine is configured.
  • the second server can map the floating IP addresses of the multiple virtual machines to their own IP addresses, thereby avoiding assigning a public network to each virtual machine in the prior art.
  • the IP address caused by the IP address is wasted.
  • Step 206 End this process flow.
  • FIG. 3 is a schematic structural diagram of a server according to an embodiment of the present invention; as shown in FIG. 3, the present invention
  • the composition of the embodiment server includes: a processing module 31 and a sending module 32;
  • the processing module 31 is configured to: when the virtual machine that performs the port mapping has an associated default security group, select a mapping port corresponding to the virtual machine open port, and open the port information of the virtual machine and the mapping port. Information is added to the default security group;
  • the sending module 32 is configured to send a port mapping request of the virtual machine to the second server; the port mapping request is used to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule.
  • the processing module 31 is further configured to add information such as a protocol name of the virtual machine to the default security group.
  • the processing module 31 is further configured to: when determining that the virtual machine does not have an associated default security group, create a default security group of the virtual machine, and add the floating IP of the virtual machine.
  • the name of the virtual machine names the default security group and associates the created default security group to the virtual machine.
  • the default security group is named after the floating IP of the virtual machine plus the name of the virtual machine;
  • the processing module 31 determines that the virtual machine that performs port mapping has an associated default security group, including:
  • the processing module 31 searches for a security group named with the floating IP of the virtual machine and the virtual machine name in the security group associated with the virtual machine, and if yes, determines that the virtual machine has an associated default security group. .
  • the server further includes a deletion module 33 configured to delete the port mapping of the virtual machine, delete the corresponding open port information in the default security group associated with the virtual machine, and delete the virtual At the same time, the default security group associated with the virtual machine is deleted, and the second server is notified to delete related information of the virtual machine.
  • the related information includes: the virtual machine configured by the second server Port mapping rules, etc.
  • the port mapping request includes: open port information of the virtual machine, mapping port information corresponding to the open port, a floating IP address of the virtual machine, and the like.
  • the port mapping of the virtual machine by the second server according to the preset port mapping rule includes:
  • the second server maps the floating IP address of the virtual machine corresponding to the open port to its own IP address according to a preset port mapping rule, maps the open port to the mapped port, and configures the virtual The port mapping rule of the machine; the second server can map the floating IP addresses of the multiple virtual machines to their own IP addresses, thereby avoiding the allocation of a public network IP address for each virtual machine in the prior art.
  • the IP address is wasted.
  • the processing module 31 selects a mapping port corresponding to the open port of the virtual machine, and includes:
  • the processing module 31 sets the port of the second server to be PORT_1 to PORT_n, reads the maximum value PORT_max of the port number used by the second server stored in the database, and determines that the value of max is less than n, and selects The mapping port corresponding to the open port of the virtual machine is PORT_(max+1); when it is determined that the value of max is not less than n, traversing all the ports of the second server, determining that there is a port not included in the database And selecting a port that is not included in the database as a mapping port corresponding to the open port of the virtual machine; where n and max are positive integers;
  • the processing module 31 is further configured to add the selected mapping port to the database;
  • the database is configured to store a port number of a port used by the second server, and may be stored in the second On the server, it can also be located on other servers.
  • the processing module 31 reads the second server stored in the database. At the same time as the maximum value of the port number PORT_max that has been used, the database is locked, preventing the database from being simultaneously accessed by multiple users to cause a collision.
  • FIG. 4 is a schematic structural diagram of a system for implementing a port mapping of a virtual machine according to an embodiment of the present invention
  • the component of the system for implementing virtual port port mapping in the embodiment of the present invention includes: a first server 41 and a second server 42. ;among them,
  • the first server 41 is configured to determine a mapping port corresponding to the open port of the virtual machine when the virtual machine that performs port mapping has an associated default security group, and the open port information of the virtual machine and the mapping Port information is added to the default security group, and the port mapping request of the virtual machine is sent to the second server 42;
  • the second server 42 is configured to receive the port mapping request sent by the first server 41, and perform port mapping on the virtual machine according to a preset port mapping rule.
  • the default security group is named after the floating internet protocol IP of the virtual machine plus the name of the virtual machine;
  • the first server 41 determines that the default security group associated with the virtual machine that performs port mapping includes:
  • the first server 41 searches for a security group named with the floating IP of the virtual machine and the virtual machine name in the security group associated with the virtual machine, and if yes, determines that the virtual machine has an associated default security. group.
  • the default security group of the virtual machine is created, and the floating IP of the virtual machine is added with the name of the virtual machine.
  • the default security group and associates the created default security group to the virtual machine.
  • the first server 41 selects a mapping port corresponding to the open port of the virtual machine, including:
  • the first server 41 sets the port of the second server 42 to be PORT_1 to PORT_n, and reads the maximum value of the port number used by the second server 42 stored in the database.
  • PORT_max when it is determined that the value of max is less than n, the mapping port corresponding to the open port of the virtual machine is selected as PORT_(max+1); when the value of max is determined to be not less than n, all ports of the second server 42 are traversed.
  • a port that is not included in the database is selected as a mapping port corresponding to the open port of the virtual machine; wherein, n and max are positive integers.
  • the first server is further configured to add the mapping port information to the database; correspondingly, the database is used to store a port number of a port that the second server 42 has been used, and may be stored. On the second server, it can also be located on other servers.
  • the first server 41 reads the maximum value PORT_max of the port number used by the second server 42 stored in the database, and locks the database to prevent the database from being simultaneously multiple. User access creates a conflict.
  • the first server 41 when the first server 41 deletes the port mapping of the virtual machine, the corresponding open port information in the default security group associated with the virtual machine is deleted at the same time;
  • the first server 41 deletes the virtual machine
  • the default security group associated with the virtual machine is deleted, and the second server is notified to delete related information of the virtual machine.
  • the port mapping of the virtual machine by the second server 42 according to the preset port mapping rule includes:
  • the second server 42 maps the floating IP address of the virtual machine to its own IP address according to a preset port mapping rule, maps the open port to the mapped port, and configures the virtual machine in its own firewall. Port mapping rules.
  • the processing module 31, the sending module 32, and the deleting module 33 proposed in the embodiments of the present invention may all be implemented by a processor, and may also be implemented by a specific logic circuit;
  • the processor can be a central processing unit (CPU), a microprocessor (MPU), or a field programmable gate array (FPGA).
  • the implementation method of the virtual machine port mapping described above is implemented in the form of a software function module, and is sold or used as an independent product, it may also be stored in a computer readable storage medium.
  • the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions.
  • a computer device (which may be a personal computer, server, or network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes various media that can store program codes, such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk.
  • program codes such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk.
  • the embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores a computer program, and the computer program is used to implement the virtual machine port mapping implementation method of the embodiment of the present invention.
  • the mapping port corresponding to the virtual machine open port is selected, and the open port information of the virtual machine and the mapping port are The information is added to the default security group; the port mapping request of the virtual machine is sent to the second server; the port mapping request is configured to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule.
  • the first server can automatically add the open port information of the virtual machine and the mapping port information to the default security group, which saves the trouble caused by manual addition in the prior art, and simplifies the operation of performing virtual machine port mapping. Improves the user experience.

Abstract

Disclosed is a port mapping implementation method for a virtual machine, comprising: a first server, when determining that an associated default security group exists in a virtual machine for port mapping, selects a mapping port corresponding to an open port of the virtual machine, and adds open port information and mapping port information of the virtual machine to the default security group; and send a port mapping request of the virtual machine to a second server, the port mapping request being used for instructing the second server to perform port mapping on the virtual machine according to a pre-set port mapping rule. Also disclosed are a port mapping implementation system for a virtual machine, a server and a storage medium.

Description

虚拟机端口映射的实现方法、服务器、系统及存储介质Method, server, system and storage medium for implementing virtual machine port mapping 技术领域Technical field
本发明涉及Openstack云计算管理平台中虚拟机进行端口映射的相关技术,尤其涉及一种虚拟机端口映射的实现方法、服务器、系统及存储介质。The present invention relates to a related art for port mapping of a virtual machine in an Openstack cloud computing management platform, and in particular, to a method, a server, a system, and a storage medium for implementing virtual machine port mapping.
背景技术Background technique
Openstack是一个由美国国家航空航天局与Rackspace合作开发的开源云平台管理项目,目前已经被广泛应用到公有云与私有云的搭建上,企业和个人可以使用Openstack快速方便的部署自己的云计算环境。Openstack is an open source cloud platform management project jointly developed by NASA and Rackspace. It has been widely used in the construction of public and private clouds. Enterprises and individuals can quickly and easily deploy their own cloud computing environment using Openstack. .
在云平台中通过虚拟化技术在物理主机的基础上虚拟出多个虚拟主机,通过虚拟化实现了对资源的整合利用,通过端口映射可将局域网中主机的私有互联网协议(IP,Internet Protocol)地址与端口映射为NAT网关的公网IP地址与网络地址转换(NAT,Network Address Translation)网关的一个空闲端口,同时NAT网关记录下端口映射规则,如此可实现主机与公网的相互通信。In the cloud platform, multiple virtual hosts are virtualized on the basis of physical hosts through virtualization technology, and the resources are integrated and utilized through virtualization, and the private Internet protocol (IP, Internet Protocol) of the hosts in the local area network can be obtained through port mapping. The address and the port are mapped to the public IP address of the NAT gateway and a free port of the Network Address Translation (NAT) gateway. The NAT gateway records the port mapping rule, so that the host and the public network can communicate with each other.
在创建虚拟机时会对虚拟机分配固定IP与浮动IP,固定IP用于虚拟机之间的通信,浮动IP用于与公网的通信,而当公网用户要访问虚拟机的服务时,如果为每个虚拟机都分配一个公网的IP地址将会造成IP地址的浪费;而且,对虚拟机进行端口映射时,需要人工手动添加端口至安全组,以实现对所述端口的开放,然而这令虚拟机的端口映射过程复杂,造成了人力资源的浪费。When creating a virtual machine, the virtual machine is assigned a fixed IP and a floating IP. The fixed IP is used for communication between the virtual machines, the floating IP is used for communication with the public network, and when the public network user wants to access the service of the virtual machine, If you assign a public network IP address to each virtual machine, the IP address will be wasted. In addition, when port mapping is performed on the VM, you need to manually add the port to the security group to open the port. However, this complicates the port mapping process of the virtual machine, resulting in waste of human resources.
发明内容Summary of the invention
有鉴于此,本发明实施例期望提供一种虚拟机端口映射的实现方法、 服务器、系统及存储介质,能够有效的节约IP地址资源,简化进行虚拟机端口映射的操作,增强用户体验感。In view of this, embodiments of the present invention are expected to provide a method for implementing virtual machine port mapping. The server, the system, and the storage medium can effectively save IP address resources, simplify the operation of virtual machine port mapping, and enhance the user experience.
为达到上述目的,本发明实施例的技术方案是这样实现的:To achieve the above objective, the technical solution of the embodiment of the present invention is implemented as follows:
本发明实施例提供了一种虚拟机端口映射的实现方法,所述方法包括:The embodiment of the invention provides a method for implementing virtual machine port mapping, and the method includes:
第一服务器确定进行端口映射的虚拟机存在关联的默认安全组时,选取所述虚拟机开放端口对应的映射端口,并将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组;When the first server determines that the virtual machine that performs port mapping has an associated default security group, the mapping port corresponding to the virtual machine open port is selected, and the open port information of the virtual machine and the mapping port information are added to the Default security group;
发送所述虚拟机的端口映射请求给第二服务器;所述端口映射请求用于指示第二服务器依据预设的端口映射规则对所述虚拟机进行端口映射。Sending a port mapping request of the virtual machine to the second server; the port mapping request is used to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule.
上述方案中,所述方法还包括:In the above solution, the method further includes:
第一服务器确定所述虚拟机不存在关联的默认安全组时,创建所述虚拟机的默认安全组,并将创建的默认安全组关联至所述虚拟机。When the first server determines that the virtual machine does not have an associated default security group, the default security group of the virtual machine is created, and the created default security group is associated with the virtual machine.
上述方案中,所述默认安全组以所述虚拟机的浮动互联网协议IP加所述虚拟机的名称命名,所述第一服务器确定进行端口映射的虚拟机存在关联的默认安全组包括:In the above solution, the default security group is named after the floating Internet Protocol IP of the virtual machine and the name of the virtual machine, and the first server determines that the default security group associated with the virtual machine that performs port mapping includes:
所述第一服务器查找所述虚拟机关联的安全组中是否存在以所述虚拟机的浮动IP加所述虚拟机名称命名的安全组,如果存在则确定所述虚拟机存在关联的默认安全组。The first server searches for a security group named with the floating IP of the virtual machine and the virtual machine name in the security group associated with the virtual machine, and if yes, determines that the virtual machine has an associated default security group. .
上述方案中,所述方法还包括:In the above solution, the method further includes:
第一服务器删除所述虚拟机的端口映射时,同时删除所述虚拟机关联的默认安全组中对应的开放端口信息;When the first server deletes the port mapping of the virtual machine, the corresponding open port information in the default security group associated with the virtual machine is deleted at the same time;
第一服务器删除所述虚拟机时,同时删除所述虚拟机关联的默认安全组,并通知所述第二服务器删除所述虚拟机的相关信息。When the first server deletes the virtual machine, the default security group associated with the virtual machine is deleted, and the second server is notified to delete related information of the virtual machine.
上述方案中,所述第二服务器依据预设的端口映射规则对所述虚拟机进行端口映射包括: In the above solution, the port mapping of the virtual machine by using the preset port mapping rule includes:
第二服务器依据预设的端口映射规则将所述虚拟机的浮动IP地址映射为自身的IP地址,将所述开放端口映射为所述映射端口,并在自身的防火墙中配置所述虚拟机的端口映射规则。The second server maps the floating IP address of the virtual machine to its own IP address according to a preset port mapping rule, maps the open port to the mapped port, and configures the virtual machine in its own firewall. Port mapping rules.
上述方案中,所述选取所述虚拟机开放端口对应的映射端口包括:In the foregoing solution, the mapping port corresponding to the open port of the virtual machine is selected:
第一服务器设定第二服务器的端口为PORT_1至PORT_n,读取数据库中存储的所述第二服务器已被使用的端口号的最大值PORT_max,确定max的值小于n时,选取所述虚拟机的开放端口对应的映射端口为PORT_(max+1);确定max的值不小于n时,遍历所述第二服务器的所有端口,确定存在未包含在所述数据库中的端口时,选取一个未包含在所述数据库中的端口作为所述虚拟机开放端口对应的映射端口;其中,所述n、max均为正整数。The first server sets the port of the second server to be PORT_1 to PORT_n, and reads the maximum value PORT_max of the port number used by the second server stored in the database, and determines that the value of max is less than n, and selects the virtual machine. The mapping port corresponding to the open port is PORT_(max+1); when it is determined that the value of max is not less than n, traverse all the ports of the second server, and determine that there is a port not included in the database, select one not The port included in the database is a mapping port corresponding to the open port of the virtual machine; wherein the n and max are positive integers.
本发明实施例还提供了一种服务器,所述服务器包括:处理模块及发送模块;其中,The embodiment of the present invention further provides a server, where the server includes: a processing module and a sending module;
所述处理模块,配置为确定进行端口映射的虚拟机存在关联的默认安全组时,选取所述虚拟机开放端口对应的映射端口,并将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组;The processing module is configured to determine a mapping port corresponding to the open port of the virtual machine when the virtual machine that performs the port mapping has an associated default security group, and the open port information of the virtual machine and the mapping port information Add to the default security group;
所述发送模块,配置为发送所述虚拟机的端口映射请求给第二服务器;所述端口映射请求用于指示第二服务器依据预设的端口映射规则对所述虚拟机进行端口映射。The sending module is configured to send a port mapping request of the virtual machine to the second server; the port mapping request is used to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule.
上述方案中,所述处理模块,还配置为确定所述虚拟机不存在关联的默认安全组时,创建所述虚拟机的默认安全组,并将创建的默认安全组关联至所述虚拟机。In the above solution, the processing module is further configured to: when the virtual machine does not have an associated default security group, create a default security group of the virtual machine, and associate the created default security group to the virtual machine.
上述方案中,所述默认安全组以所述虚拟机的浮动IP加所述虚拟机的名称命名;In the above solution, the default security group is named after the floating IP of the virtual machine plus the name of the virtual machine;
相应的,所述处理模块,配置为查找所述虚拟机关联的安全组中是否 存在以所述虚拟机的浮动IP加所述虚拟机名称命名的安全组,如果存在则确定所述虚拟机存在关联的默认安全组。Correspondingly, the processing module is configured to search for a security group associated with the virtual machine. There is a security group named with the floating IP of the virtual machine plus the virtual machine name, and if so, it is determined that the virtual machine has an associated default security group.
上述方案中,所述服务器还包括删除模块,配置为删除所述虚拟机的端口映射时,同时删除所述虚拟机关联的默认安全组中对应的开放端口信息;以及删除所述虚拟机时,同时删除所述虚拟机关联的默认安全组,并通知所述第二服务器删除所述虚拟机的相关信息。In the above solution, the server further includes a deletion module configured to delete the port mapping of the virtual machine, and simultaneously delete the corresponding open port information in the default security group associated with the virtual machine; and when deleting the virtual machine, The default security group associated with the virtual machine is deleted, and the second server is notified to delete related information of the virtual machine.
上述方案中,所述处理模块,配置为设定第二服务器的端口为PORT_1至PORT_n,读取数据库中存储的所述第二服务器已被使用的端口号的最大值PORT_max,确定max的值小于n时,选取所述虚拟机的开放端口对应的映射端口为PORT_(max+1);确定max的值不小于n时,遍历所述第二服务器的所有端口,确定存在未包含在所述数据库中的端口时,选取一个未包含在所述数据库中的端口作为所述虚拟机开放端口对应的映射端口;其中,所述n、max均为正整数。In the above solution, the processing module is configured to set the port of the second server to be PORT_1 to PORT_n, and read the maximum value PORT_max of the port number used by the second server stored in the database, and determine that the value of max is smaller than n, the mapping port corresponding to the open port of the virtual machine is selected as PORT_(max+1); when the value of max is determined to be not less than n, all the ports of the second server are traversed, and it is determined that the existence is not included in the database. A port that is not included in the database is selected as a mapping port corresponding to the open port of the virtual machine; wherein n and max are positive integers.
本发明实施例还提供了一种虚拟机端口映射的实现系统,所述系统包括:第一服务器及第二服务器;其中,An embodiment of the present invention further provides a system for implementing virtual machine port mapping, where the system includes: a first server and a second server;
所述第一服务器,配置为确定进行端口映射的虚拟机存在关联的默认安全组时,选取所述虚拟机开放端口对应的映射端口,并将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组,并发送所述虚拟机的端口映射请求给第二服务器;The first server is configured to determine a mapping port corresponding to the open port of the virtual machine when the virtual machine that performs the port mapping has an associated default security group, and the open port information of the virtual machine and the mapping port Adding information to the default security group, and sending a port mapping request of the virtual machine to the second server;
所述第二服务器,配置为接收第一服务器发送的所述虚拟机的端口映射请求,并依据预设的端口映射规则对所述虚拟机进行端口映射。The second server is configured to receive a port mapping request of the virtual machine sent by the first server, and perform port mapping on the virtual machine according to a preset port mapping rule.
上述方案中,所述第二服务器,配置为依据预设的端口映射规则将所述虚拟机的浮动IP地址映射为自身的IP地址,将所述开放端口映射为所述映射端口,并在自身的防火墙中配置所述虚拟机的端口映射规则。In the above solution, the second server is configured to map the floating IP address of the virtual machine to its own IP address according to a preset port mapping rule, and map the open port to the mapping port, and The port mapping rules of the virtual machine are configured in the firewall.
本发明实施例还提供了一种计算机存储介质,所述计算机存储介质存 储有计算机程序,该计算机程序配置为执行本发明实施例的上述虚拟机端口映射的实现方法。The embodiment of the invention further provides a computer storage medium, wherein the computer storage medium is stored There is stored a computer program configured to perform the above-described implementation of the virtual machine port mapping of the embodiment of the present invention.
本发明实施例所提供的虚拟机端口映射的实现方法、服务器、系统及存储介质,第一服务器确定进行端口映射的虚拟机存在关联的默认安全组时,选取所述虚拟机开放端口对应的映射端口,并将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组;发送所述虚拟机的端口映射请求给第二服务器;所述端口映射请求用于指示第二服务器依据预设的端口映射规则对所述虚拟机进行端口映射。如此,第一服务器可自动将虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组,省去了现有技术中手动添加造成的麻烦,简化了进行虚拟机端口映射的操作,提高了用户体验感。The method for implementing the virtual machine port mapping, the server, the system, and the storage medium provided by the embodiment of the present invention. When the first server determines that the virtual machine associated with the port mapping has an associated default security group, the mapping corresponding to the open port of the virtual machine is selected. a port, and adding the open port information of the virtual machine and the mapping port information to the default security group; sending a port mapping request of the virtual machine to the second server; and the port mapping request is used to indicate the second The server performs port mapping on the virtual machine according to a preset port mapping rule. In this way, the first server can automatically add the open port information of the virtual machine and the mapping port information to the default security group, which saves the trouble caused by manual addition in the prior art, and simplifies the operation of performing virtual machine port mapping. Improves the user experience.
附图说明DRAWINGS
图1为本发明实施例一虚拟机端口映射的实现方法流程示意图;1 is a schematic flowchart of a method for implementing virtual machine port mapping according to an embodiment of the present invention;
图2为本发明实施例二虚拟机端口映射的实现方法流程示意图;2 is a schematic flowchart of a method for implementing virtual machine port mapping according to Embodiment 2 of the present invention;
图3为本发明实施例服务器的组成结构示意图;3 is a schematic structural diagram of a server according to an embodiment of the present invention;
图4为本发明实施例虚拟机端口映射的实现系统的组成结构示意图。FIG. 4 is a schematic structural diagram of a system for implementing a virtual machine port mapping according to an embodiment of the present invention.
具体实施方式detailed description
在本发明实施例中,第一服务器确定进行端口映射的虚拟机存在关联的默认安全组时,选取所述虚拟机开放端口对应的映射端口,并将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组,并发送所述虚拟机的端口映射请求给第二服务器;第二服务器接收第一服务器发送的端口映射请求,依据预设的端口映射规则对所述虚拟机进行端口映射。In the embodiment of the present invention, when the first server determines that the virtual machine that performs port mapping has an associated default security group, the mapping port corresponding to the open port of the virtual machine is selected, and the open port information of the virtual machine and the The mapping port information is added to the default security group, and the port mapping request of the virtual machine is sent to the second server; the second server receives the port mapping request sent by the first server, and the virtual port is configured according to a preset port mapping rule. The machine performs port mapping.
图1所示为本发明实施例虚拟机端口映射的实现方法流程示意图,如图1所示,本发明实施例虚拟机端口映射的实现方法包括: FIG. 1 is a schematic flowchart of a method for implementing virtual machine port mapping according to an embodiment of the present invention. As shown in FIG. 1 , a method for implementing virtual machine port mapping according to an embodiment of the present invention includes:
步骤101:第一服务器确定进行端口映射的虚拟机存在关联的默认安全组时,选取所述虚拟机开放端口对应的映射端口,并将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组;Step 101: When the first server determines that the virtual machine that performs the port mapping has an associated default security group, the mapping port corresponding to the virtual machine open port is selected, and the open port information and the mapping port information of the virtual machine are added. To the default security group;
这里,所述第一服务器为用于管理所述虚拟机的服务器,可以为一台WEB服务器;Here, the first server is a server for managing the virtual machine, and may be a WEB server;
将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组的同时,所述第一服务器还将所述虚拟机的协议名称等所有有关所述虚拟机的端口映射信息添加至所述默认安全组。Adding the open port information of the virtual machine and the mapping port information to the default security group, the first server further includes all the port mapping information about the virtual machine, such as a protocol name of the virtual machine. Add to the default security group.
在一实施例中,第一服务器确定所述虚拟机不存在关联的默认安全组时,创建所述虚拟机的默认安全组,以所述虚拟机的浮动IP加所述虚拟机的名称命名所述默认安全组,并将创建的默认安全组关联至所述虚拟机;如此,以所述虚拟机的浮动IP加所述虚拟机的名称命名所述默认安全组,保证了所述默认安全组名称的唯一性;通过第一服务器生成虚拟机的默认安全组,并在对虚拟机进行端口映射时,自动将所述虚拟机的开放端口信息及所述映射端口信息等添加至所述默认安全组,以实现开放所述虚拟机端口的功能。In an embodiment, when the first server determines that the virtual machine does not have an associated default security group, the default security group of the virtual machine is created, and the floating IP of the virtual machine is added with the name of the virtual machine. Determining a default security group and associating the created default security group to the virtual machine; thus, naming the default security group with the floating IP of the virtual machine plus the name of the virtual machine, ensuring the default security group The uniqueness of the name; the default security group of the virtual machine is generated by the first server, and when the virtual machine is port mapped, the open port information of the virtual machine and the mapping port information and the like are automatically added to the default security. Group to implement the function of opening the virtual machine port.
在一实施例中,所述第一服务器确定进行端口映射的虚拟机存在关联的默认安全组包括:In an embodiment, the first server determines that the default security group associated with the virtual machine that performs port mapping includes:
所述第一服务器查找所述虚拟机关联的安全组中是否存在以所述虚拟机的浮动IP加所述虚拟机名称命名的安全组,如果存在则确定所述虚拟机存在关联的默认安全组。The first server searches for a security group named with the floating IP of the virtual machine and the virtual machine name in the security group associated with the virtual machine, and if yes, determines that the virtual machine has an associated default security group. .
在一实施例中,所述选取所述虚拟机开放端口对应的映射端口包括:In an embodiment, the selecting a mapping port corresponding to the open port of the virtual machine includes:
第一服务器选取所述第二服务器的一个空闲端口作为所述虚拟机开放端口对应的映射端口;本操作包括:所述第一服务器设定第二服务器的端口为PORT_1至PORT_n,读取数据库中存储的所述第二服务器已被使用的 端口号的最大值PORT_max,确定max的值小于n时,选取所述虚拟机的开放端口对应的映射端口为PORT_(max+1);确定max的值不小于n时,遍历所述第二服务器的所有端口,确定存在未包含在所述数据库中的端口时,选取一个未包含在所述数据库中的端口作为所述虚拟机开放端口对应的映射端口;其中,所述n、max均为正整数;这里,当第一服务器读取数据库中存储的所述第二服务器已被使用的端口号时,未找到包含在所述数据库中已被使用的端口号时,选取PORT_1作为所述虚拟机的开放端口对应的映射端口;The first server selects an idle port of the second server as the mapping port corresponding to the virtual machine open port; the operation includes: the first server sets the port of the second server to be PORT_1 to PORT_n, and reads the database. The stored second server has been used The maximum value of the port number PORT_max, when the value of max is less than n, the mapping port corresponding to the open port of the virtual machine is selected as PORT_(max+1); when the value of max is determined to be not less than n, the second server is traversed. All ports are determined to have a port that is not included in the database, and a port that is not included in the database is selected as a mapping port corresponding to the virtual machine open port; wherein the n and max are positive An integer; here, when the first server reads the port number of the second server that has been stored in the database, if the port number included in the database is not found, PORT_1 is selected as the virtual machine. The mapped port corresponding to the open port;
在一实施例中,当第一服务器遍历所述第二服务器的所有端口,确定所述第二服务器所有端口均已包含在所述数据库中时,发出错误提示,告知无法完成此次端口映射。In an embodiment, when the first server traverses all ports of the second server and determines that all ports of the second server are already included in the database, an error message is sent to inform that the port mapping cannot be completed.
这里,本步骤之后,所述方法还包括:第一服务器添加所述虚拟机的开放端口对应的映射端口信息至所述数据库;相应的,所述数据库用于存储所述第一服务器添加的所述第二服务器已被使用的端口,即存储所有被第二服务器进行端口映射后的虚拟机开放端口对应的映射端口信息;所述数据库既可以存储在第二服务器上,也可以位于其它服务器上。Here, after the step, the method further includes: adding, by the first server, mapping port information corresponding to the open port of the virtual machine to the database; correspondingly, the database is configured to store the added by the first server The port on which the second server has been used, that is, the mapping port information corresponding to all the open ports of the virtual machine port mapped by the second server; the database may be stored on the second server or on other servers. .
在一实施例中,所述第一服务器读取数据库中存储的所述第二服务器已被使用的端口号的最大值PORT_max的同时,锁定所述数据库,防止所述数据库同时被多个用户访问造成冲突。In an embodiment, the first server reads the maximum value PORT_max of the port number used by the second server stored in the database, and locks the database to prevent the database from being accessed by multiple users at the same time. Cause conflicts.
在一实施例中,所述方法还包括:第一服务器删除所述虚拟机的端口映射时,同时删除所述虚拟机关联的默认安全组中对应的开放端口信息等;In an embodiment, the method further includes: when the first server deletes the port mapping of the virtual machine, deleting the corresponding open port information in the default security group associated with the virtual machine;
第一服务器删除所述虚拟机时,同时删除所述虚拟机关联的默认安全组,并通知所述第二服务器删除所述虚拟机的相关信息;其中,所述虚拟机的相关信息包括所述第二服务器配置的所述虚拟机的端口映射规则等。When the first server deletes the virtual machine, the default security group associated with the virtual machine is deleted, and the second server is notified to delete related information of the virtual machine, where the related information of the virtual machine includes the Port mapping rules of the virtual machine configured by the second server, and the like.
步骤102:发送所述虚拟机的端口映射请求给第二服务器; Step 102: Send a port mapping request of the virtual machine to the second server.
这里,所述端口映射请求包括:所述虚拟机的开放端口信息、所述开放端口对应的映射端口信息、所述虚拟机的浮动IP地址等;Here, the port mapping request includes: open port information of the virtual machine, mapping port information corresponding to the open port, a floating IP address of the virtual machine, and the like;
所述第二服务器为一台专用于实现对所述虚拟机进行端口映射,即IP地址与端口转换的服务器。The second server is a server dedicated to port mapping the virtual machine, that is, IP address and port translation.
在一实施例中,所述端口映射请求用于指示第二服务器依据预设的端口映射规则对所述虚拟机进行端口映射;其中,In an embodiment, the port mapping request is used to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule;
第二服务器依据预设的端口映射规则对所述虚拟机进行端口映射包括:The port mapping of the virtual machine by the second server according to the preset port mapping rule includes:
第二服务器依据预设的端口映射规则将所述开放端口对应的虚拟机的浮动IP地址映射为自身的IP地址,将所述开放端口映射为所述映射端口,并在防火墙中配置所述虚拟机的端口映射规则;如此,所述第二服务器可将多个虚拟机的浮动IP地址映射为自身的IP地址,避免了现有技术中为每一个虚拟机都分配一个公网IP地址而造成的IP地址浪费。The second server maps the floating IP address of the virtual machine corresponding to the open port to its own IP address according to a preset port mapping rule, maps the open port to the mapped port, and configures the virtual The port mapping rule of the machine; the second server can map the floating IP addresses of the multiple virtual machines to their own IP addresses, thereby avoiding the allocation of a public network IP address for each virtual machine in the prior art. The IP address is wasted.
在一实施例中,第二服务器在防火墙中配置所述虚拟机的端口映射规则时主要包括三条规则:输入(INPUT)、网络地址转换(NAT,Network Address Translation)及源地址转换(SNAT,Source Network Address Translation),并在配置虚拟机的端口映射规则时进行容错处理,上述三条规则中任一条添加错误,则剩余已添加的相关规则也会被删除。In an embodiment, the second server includes three rules when configuring the port mapping rule of the virtual machine in the firewall: input (INPUT), network address translation (NAT), and source address translation (SNAT, Source). Network Address Translation, and the fault-tolerant processing is performed when the port mapping rule of the VM is configured. If any of the above three rules is added with an error, the remaining related rules are also deleted.
图2为本发明实施例二虚拟机端口映射的实现方法流程示意图;如图2所示,本发明实施例虚拟机端口映射的实现方法包括:2 is a schematic flowchart of a method for implementing virtual machine port mapping according to Embodiment 2 of the present invention; as shown in FIG. 2, the method for implementing virtual machine port mapping in the embodiment of the present invention includes:
步骤201:第一服务器判断进行端口映射的虚拟机是否存在关联的默认安全组,如果存在执行步骤202;如果不存在,执行步骤203;Step 201: The first server determines whether there is an associated default security group for the port mapping virtual machine, if there is an execution step 202; if not, step 203;
这里,所述默认安全组以所述虚拟机的浮动IP加所述虚拟机的名称命名,如此,保证了所述默认安全组名称的唯一性;Here, the default security group is named after the floating IP of the virtual machine plus the name of the virtual machine, thus ensuring the uniqueness of the default security group name;
所述第一服务器确定进行端口映射的虚拟机存在关联的默认安全组包 括:Determining, by the first server, that the virtual machine that performs port mapping has an associated default security package include:
所述第一服务器查找所述虚拟机关联的安全组中是否存在以所述虚拟机的浮动IP加所述虚拟机名称命名的安全组,如果存在则确定所述虚拟机存在关联的默认安全组。The first server searches for a security group named with the floating IP of the virtual machine and the virtual machine name in the security group associated with the virtual machine, and if yes, determines that the virtual machine has an associated default security group. .
步骤202:第一服务器选取所述虚拟机开放端口对应的映射端口,并将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组,并执行步骤204;Step 202: The first server selects the mapping port corresponding to the virtual machine open port, and adds the open port information of the virtual machine and the mapping port information to the default security group, and step 204 is performed;
这里,所述选取所述虚拟机开放端口对应的映射端口包括:Here, the selecting the mapping port corresponding to the open port of the virtual machine includes:
第一服务器选取所述第二服务器的一个空闲端口作为所述虚拟机开放端口对应的映射端口;本操作包括:所述第一服务器设定第二服务器的端口为PORT_1至PORT_n,读取数据库中存储的所述第二服务器已被使用的端口号的最大值PORT_max,确定max的值小于n时,选取所述虚拟机的开放端口对应的映射端口为PORT_(max+1);确定max的值不小于n时,遍历所述第二服务器的所有端口,确定存在未包含在所述数据库中的端口时,选取一个未包含在所述数据库中的端口作为所述虚拟机开放端口对应的映射端口;其中,所述n、max均为正整数;这里,当第一服务器读取数据库中存储的所述第二服务器已被使用的端口号时,未找到包含在所述数据库中已被使用的端口号时,选取PORT_1作为所述虚拟机的开放端口对应的映射端口;The first server selects an idle port of the second server as the mapping port corresponding to the virtual machine open port; the operation includes: the first server sets the port of the second server to be PORT_1 to PORT_n, and reads the database. The stored maximum value of the port number of the second server is PORT_max, and when the value of max is determined to be less than n, the mapping port corresponding to the open port of the virtual machine is selected as PORT_(max+1); the value of max is determined. When not less than n, traversing all ports of the second server, determining that there is a port not included in the database, selecting a port not included in the database as a mapping port corresponding to the open port of the virtual machine Wherein, n and max are both positive integers; here, when the first server reads the port number of the second server stored in the database that has been used, it is not found to be included in the database. When the port number is selected, PORT_1 is selected as the mapping port corresponding to the open port of the virtual machine;
在一实施例中,当第一服务器遍历所述第二服务器的所有端口,确定所述第二服务器所有端口均已包含在所述数据库中时,发出错误提示,告知无法完成此次端口映射。In an embodiment, when the first server traverses all ports of the second server and determines that all ports of the second server are already included in the database, an error message is sent to inform that the port mapping cannot be completed.
将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组的同时,所述第一服务器还将所述虚拟机的协议名称等所有有关所述虚拟机的端口映射信息添加至所述默认安全组,如此,实现了开放所述虚 拟机端口的功能;Adding the open port information of the virtual machine and the mapping port information to the default security group, the first server further includes all the port mapping information about the virtual machine, such as a protocol name of the virtual machine. Add to the default security group, thus implementing the open virtual The function of the machine port;
所述第一服务器读取数据库中存储的所述第二服务器已被使用的端口号的最大值PORT_max的同时,锁定所述数据库,防止所述数据库同时被多个用户访问造成冲突。While the first server reads the maximum value PORT_max of the port number used by the second server stored in the database, the database is locked to prevent the database from being conflicted by multiple users at the same time.
步骤203:第一服务器创建所述虚拟机的默认安全组,并将创建的默认安全组关联至所述虚拟机,并执行步骤206;Step 203: The first server creates a default security group of the virtual machine, and associates the created default security group to the virtual machine, and performs step 206;
这里,第一服务器创建所述虚拟机的默认安全组后,以所述虚拟机的浮动IP加所述虚拟机的名称命名所述默认安全组;Here, after the first server creates the default security group of the virtual machine, the default security group is named by the floating IP of the virtual machine plus the name of the virtual machine;
通过第一服务器生成虚拟机的默认安全组,并在对虚拟机进行端口映射时,自动将所述虚拟机的开放端口信息添加至所述默认安全组,以实现开放所述虚拟机端口的功能。The default security group of the virtual machine is generated by the first server, and the port information of the virtual machine is automatically added to the default security group to implement the function of opening the virtual machine port. .
步骤204:第一服务器发送所述虚拟机的端口映射请求给第二服务器;Step 204: The first server sends a port mapping request of the virtual machine to the second server.
这里,所述端口映射请求包括:所述虚拟机的开放端口信息、所述虚拟机的开放端口对应的映射端口信息、所述虚拟机的浮动IP地址等;Here, the port mapping request includes: open port information of the virtual machine, mapping port information corresponding to an open port of the virtual machine, a floating IP address of the virtual machine, and the like;
在一实施例中,所述端口映射请求用于指示第二服务器依据预设的端口映射规则对所述虚拟机进行端口映射。In an embodiment, the port mapping request is used to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule.
步骤205:第二服务器接收所述端口映射请求,并依据预设的端口映射规则对所述虚拟机进行端口映射;Step 205: The second server receives the port mapping request, and performs port mapping on the virtual machine according to a preset port mapping rule.
本步骤包括:第二服务器依据预设的端口映射规则将所述开放端口对应的虚拟机的浮动IP地址映射为自身的IP地址,将所述开放端口映射为所述映射端口,并在防火墙中配置所述虚拟机的端口映射规则;如此,所述第二服务器可将多个虚拟机的浮动IP地址映射为自身的IP地址,避免了现有技术中为每一个虚拟机都分配一个公网IP地址而造成的IP地址浪费。The method includes: mapping, by the second server, the floating IP address of the virtual machine corresponding to the open port to its own IP address according to a preset port mapping rule, mapping the open port to the mapping port, and in the firewall The port mapping rule of the virtual machine is configured. In this manner, the second server can map the floating IP addresses of the multiple virtual machines to their own IP addresses, thereby avoiding assigning a public network to each virtual machine in the prior art. The IP address caused by the IP address is wasted.
步骤206:结束本次处理流程。Step 206: End this process flow.
图3为本发明实施例服务器的组成结构示意图;如图3所示,本发明 实施例服务器的组成结构包括:处理模块31及发送模块32;其中,3 is a schematic structural diagram of a server according to an embodiment of the present invention; as shown in FIG. 3, the present invention The composition of the embodiment server includes: a processing module 31 and a sending module 32;
所述处理模块31,配置为确定进行端口映射的虚拟机存在关联的默认安全组时,选取所述虚拟机开放端口对应的映射端口,并将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组;The processing module 31 is configured to: when the virtual machine that performs the port mapping has an associated default security group, select a mapping port corresponding to the virtual machine open port, and open the port information of the virtual machine and the mapping port. Information is added to the default security group;
所述发送模块32,配置为发送所述虚拟机的端口映射请求给第二服务器;所述端口映射请求用于指示第二服务器依据预设的端口映射规则对所述虚拟机进行端口映射。The sending module 32 is configured to send a port mapping request of the virtual machine to the second server; the port mapping request is used to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule.
在一实施例中,所述处理模块31,还配置为将所述虚拟机的协议名称等信息添加至所述默认安全组。In an embodiment, the processing module 31 is further configured to add information such as a protocol name of the virtual machine to the default security group.
在一实施例中,所述处理模块31,还配置为确定所述虚拟机不存在关联的默认安全组时,创建所述虚拟机的默认安全组,以所述虚拟机的浮动IP加所述虚拟机的名称命名所述默认安全组,并将创建的默认安全组关联至所述虚拟机。In an embodiment, the processing module 31 is further configured to: when determining that the virtual machine does not have an associated default security group, create a default security group of the virtual machine, and add the floating IP of the virtual machine. The name of the virtual machine names the default security group and associates the created default security group to the virtual machine.
在一实施例中,所述默认安全组以所述虚拟机的浮动IP加所述虚拟机的名称命名;In an embodiment, the default security group is named after the floating IP of the virtual machine plus the name of the virtual machine;
相应的,所述处理模块31确定进行端口映射的虚拟机存在关联的默认安全组,包括:Correspondingly, the processing module 31 determines that the virtual machine that performs port mapping has an associated default security group, including:
所述处理模块31查找所述虚拟机关联的安全组中是否存在以所述虚拟机的浮动IP加所述虚拟机名称命名的安全组,如果存在则确定所述虚拟机存在关联的默认安全组。The processing module 31 searches for a security group named with the floating IP of the virtual machine and the virtual machine name in the security group associated with the virtual machine, and if yes, determines that the virtual machine has an associated default security group. .
在一实施例中,所述服务器还包括删除模块33,配置为删除所述虚拟机的端口映射时,同时删除所述虚拟机关联的默认安全组中对应的开放端口信息;以及删除所述虚拟机时,同时删除所述虚拟机关联的默认安全组,并通知所述第二服务器删除所述虚拟机的相关信息;这里,所述相关信息包括:所述第二服务器配置的所述虚拟机的端口映射规则等。 In an embodiment, the server further includes a deletion module 33 configured to delete the port mapping of the virtual machine, delete the corresponding open port information in the default security group associated with the virtual machine, and delete the virtual At the same time, the default security group associated with the virtual machine is deleted, and the second server is notified to delete related information of the virtual machine. Here, the related information includes: the virtual machine configured by the second server Port mapping rules, etc.
在一实施例中,所述端口映射请求包括:所述虚拟机的开放端口信息、所述开放端口对应的映射端口信息、所述虚拟机的浮动IP地址等。In an embodiment, the port mapping request includes: open port information of the virtual machine, mapping port information corresponding to the open port, a floating IP address of the virtual machine, and the like.
在一实施例中,第二服务器依据预设的端口映射规则对所述虚拟机进行端口映射包括:In an embodiment, the port mapping of the virtual machine by the second server according to the preset port mapping rule includes:
第二服务器依据预设的端口映射规则将所述开放端口对应的虚拟机的浮动IP地址映射为自身的IP地址,将所述开放端口映射为所述映射端口,并在防火墙中配置所述虚拟机的端口映射规则;如此,所述第二服务器可将多个虚拟机的浮动IP地址映射为自身的IP地址,避免了现有技术中为每一个虚拟机都分配一个公网IP地址而造成的IP地址浪费。The second server maps the floating IP address of the virtual machine corresponding to the open port to its own IP address according to a preset port mapping rule, maps the open port to the mapped port, and configures the virtual The port mapping rule of the machine; the second server can map the floating IP addresses of the multiple virtual machines to their own IP addresses, thereby avoiding the allocation of a public network IP address for each virtual machine in the prior art. The IP address is wasted.
在一实施例中,所述处理模块31选取所述虚拟机开放端口对应的映射端口,包括:In an embodiment, the processing module 31 selects a mapping port corresponding to the open port of the virtual machine, and includes:
所述处理模块31设定所述第二服务器的端口为PORT_1至PORT_n,读取数据库中存储的所述第二服务器已被使用的端口号的最大值PORT_max,确定max的值小于n时,选取所述虚拟机的开放端口对应的映射端口为PORT_(max+1);确定max的值不小于n时,遍历所述第二服务器的所有端口,确定存在未包含在所述数据库中的端口时,选取一个未包含在所述数据库中的端口作为所述虚拟机的开放端口对应的映射端口;其中,所述n、max均为正整数;The processing module 31 sets the port of the second server to be PORT_1 to PORT_n, reads the maximum value PORT_max of the port number used by the second server stored in the database, and determines that the value of max is less than n, and selects The mapping port corresponding to the open port of the virtual machine is PORT_(max+1); when it is determined that the value of max is not less than n, traversing all the ports of the second server, determining that there is a port not included in the database And selecting a port that is not included in the database as a mapping port corresponding to the open port of the virtual machine; where n and max are positive integers;
在一实施例中,当所述处理模块31遍历所述第二服务器的所有端口,确定不存在未包含在所述数据库中的端口时,发出错误提示,告知无法完成此次端口映射;In an embodiment, when the processing module 31 traverses all ports of the second server and determines that there is no port not included in the database, an error message is sent to inform that the port mapping cannot be completed;
这里,所述处理模块31,还配置为将选取的所述映射端口添加至所述数据库;所述数据库用于存储所述第二服务器已被使用的端口的端口号,既可以存储在第二服务器上,也可以位于其它服务器上。Here, the processing module 31 is further configured to add the selected mapping port to the database; the database is configured to store a port number of a port used by the second server, and may be stored in the second On the server, it can also be located on other servers.
在一实施例中,所述处理模块31读取数据库中存储的所述第二服务器 已被使用的端口号的最大值PORT_max的同时,锁定所述数据库,防止所述数据库同时被多个用户访问造成冲突。In an embodiment, the processing module 31 reads the second server stored in the database. At the same time as the maximum value of the port number PORT_max that has been used, the database is locked, preventing the database from being simultaneously accessed by multiple users to cause a collision.
图4为本发明实施例虚拟机端口映射的实现系统的组成结构示意图;如图4所示,本发明实施例虚拟机端口映射的实现系统的组成结构包括:第一服务器41及第二服务器42;其中,4 is a schematic structural diagram of a system for implementing a port mapping of a virtual machine according to an embodiment of the present invention; as shown in FIG. 4, the component of the system for implementing virtual port port mapping in the embodiment of the present invention includes: a first server 41 and a second server 42. ;among them,
所述第一服务器41,配置为确定进行端口映射的虚拟机存在关联的默认安全组时,选取所述虚拟机开放端口对应的映射端口,并将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组,并发送所述虚拟机的端口映射请求给第二服务器42;The first server 41 is configured to determine a mapping port corresponding to the open port of the virtual machine when the virtual machine that performs port mapping has an associated default security group, and the open port information of the virtual machine and the mapping Port information is added to the default security group, and the port mapping request of the virtual machine is sent to the second server 42;
所述第二服务器42,配置为接收第一服务器41发送的所述端口映射请求,并依据预设的端口映射规则对所述虚拟机进行端口映射;The second server 42 is configured to receive the port mapping request sent by the first server 41, and perform port mapping on the virtual machine according to a preset port mapping rule.
这里,所述默认安全组以所述虚拟机的浮动互联网协议IP加所述虚拟机的名称命名;Here, the default security group is named after the floating internet protocol IP of the virtual machine plus the name of the virtual machine;
所述第一服务器41确定进行端口映射的虚拟机存在关联的默认安全组包括:The first server 41 determines that the default security group associated with the virtual machine that performs port mapping includes:
所述第一服务器41查找所述虚拟机关联的安全组中是否存在以所述虚拟机的浮动IP加所述虚拟机名称命名的安全组,如果存在则确定所述虚拟机存在关联的默认安全组。The first server 41 searches for a security group named with the floating IP of the virtual machine and the virtual machine name in the security group associated with the virtual machine, and if yes, determines that the virtual machine has an associated default security. group.
在一实施例中,第一服务器41确定所述虚拟机不存在关联的默认安全组时,创建所述虚拟机的默认安全组,以所述虚拟机的浮动IP加所述虚拟机的名称命名所述默认安全组,并将创建的默认安全组关联至所述虚拟机。In an embodiment, when the first server 41 determines that the virtual machine does not have an associated default security group, the default security group of the virtual machine is created, and the floating IP of the virtual machine is added with the name of the virtual machine. The default security group and associates the created default security group to the virtual machine.
在一实施例中,所述第一服务器41选取所述虚拟机开放端口对应的映射端口包括:In an embodiment, the first server 41 selects a mapping port corresponding to the open port of the virtual machine, including:
所述第一服务器41设定第二服务器42的端口为PORT_1至PORT_n,读取数据库中存储的所述第二服务器42已被使用的端口号的最大值 PORT_max,确定max的值小于n时,选取所述虚拟机的开放端口对应的映射端口为PORT_(max+1);确定max的值不小于n时,遍历所述第二服务器42的所有端口,确定存在未包含在所述数据库中的端口时,选取一个未包含在所述数据库中的端口作为所述虚拟机开放端口对应的映射端口;其中,所述n、max均为正整数。The first server 41 sets the port of the second server 42 to be PORT_1 to PORT_n, and reads the maximum value of the port number used by the second server 42 stored in the database. PORT_max, when it is determined that the value of max is less than n, the mapping port corresponding to the open port of the virtual machine is selected as PORT_(max+1); when the value of max is determined to be not less than n, all ports of the second server 42 are traversed. When it is determined that there is a port that is not included in the database, a port that is not included in the database is selected as a mapping port corresponding to the open port of the virtual machine; wherein, n and max are positive integers.
当第一服务器41遍历所述第二服务器42的所有端口,确定不存在未包含在所述数据库中的端口时,发出错误提示,告知无法完成此次端口映射;When the first server 41 traverses all the ports of the second server 42 and determines that there is no port not included in the database, an error message is sent to inform that the port mapping cannot be completed;
这里,所述第一服务器,还配置为将所述映射端口信息添加至所述数据库;相应的,所述数据库用于存储所述第二服务器42已被使用的端口的端口号,既可以存储在第二服务器上,也可以位于其它服务器上。Here, the first server is further configured to add the mapping port information to the database; correspondingly, the database is used to store a port number of a port that the second server 42 has been used, and may be stored. On the second server, it can also be located on other servers.
在一实施例中,所述第一服务器41读取数据库中存储的所述第二服务器42已被使用的端口号的最大值PORT_max的同时,锁定所述数据库,防止所述数据库同时被多个用户访问造成冲突。In an embodiment, the first server 41 reads the maximum value PORT_max of the port number used by the second server 42 stored in the database, and locks the database to prevent the database from being simultaneously multiple. User access creates a conflict.
在一实施例中,第一服务器41删除所述虚拟机的端口映射时,同时删除所述虚拟机关联的默认安全组中对应的开放端口信息;In an embodiment, when the first server 41 deletes the port mapping of the virtual machine, the corresponding open port information in the default security group associated with the virtual machine is deleted at the same time;
第一服务器41删除所述虚拟机时,同时删除所述虚拟机关联的默认安全组,并通知所述第二服务器删除所述虚拟机的相关信息。When the first server 41 deletes the virtual machine, the default security group associated with the virtual machine is deleted, and the second server is notified to delete related information of the virtual machine.
在一实施例中,所述第二服务器42依据预设的端口映射规则对所述虚拟机进行端口映射包括:In an embodiment, the port mapping of the virtual machine by the second server 42 according to the preset port mapping rule includes:
第二服务器42依据预设的端口映射规则将所述虚拟机的浮动IP地址映射为自身的IP地址,将所述开放端口映射为所述映射端口,并在自身的防火墙中配置所述虚拟机的端口映射规则。The second server 42 maps the floating IP address of the virtual machine to its own IP address according to a preset port mapping rule, maps the open port to the mapped port, and configures the virtual machine in its own firewall. Port mapping rules.
本发明实施例中提出的所述处理模块31、发送模块32及删除模块33均可以通过处理器来实现,当然也可通过具体的逻辑电路实现;在实际应 用中,处理器可以为中央处理器(CPU)、微处理器(MPU)或现场可编程门阵列(FPGA)等。The processing module 31, the sending module 32, and the deleting module 33 proposed in the embodiments of the present invention may all be implemented by a processor, and may also be implemented by a specific logic circuit; In use, the processor can be a central processing unit (CPU), a microprocessor (MPU), or a field programmable gate array (FPGA).
本发明实施例中,如果以软件功能模块的形式实现上述虚拟机端口映射的实现方法,并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明实施例的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机、服务器、或者网络设备等)执行本发明各个实施例所述方法的全部或部分。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read Only Memory,ROM)、磁碟或者光盘等各种可以存储程序代码的介质。这样,本发明实施例不限制于任何特定的硬件和软件结合。In the embodiment of the present invention, if the implementation method of the virtual machine port mapping described above is implemented in the form of a software function module, and is sold or used as an independent product, it may also be stored in a computer readable storage medium. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions. A computer device (which may be a personal computer, server, or network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention. The foregoing storage medium includes various media that can store program codes, such as a USB flash drive, a mobile hard disk, a read only memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the invention are not limited to any specific combination of hardware and software.
相应地,本发明实施例还提供一种计算机存储介质,该计算机存储介质中存储有计算机程序,该计算机程序用于执行本发明实施例的上述虚拟机端口映射的实现方法。Correspondingly, the embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores a computer program, and the computer program is used to implement the virtual machine port mapping implementation method of the embodiment of the present invention.
以上所述仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.
工业实用性Industrial applicability
本发明实施例在第一服务器确定进行端口映射的虚拟机存在关联的默认安全组时,选取所述虚拟机开放端口对应的映射端口,并将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组;发送所述虚拟机的端口映射请求给第二服务器;所述端口映射请求配置为指示第二服务器依据预设的端口映射规则对所述虚拟机进行端口映射。如此,第一服务器可自动将虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组,省去了现有技术中手动添加造成的麻烦,简化了进行虚拟机端口映射的操作,提高了用户体验感。 In the embodiment of the present invention, when the first server determines that the port-mapped virtual machine has an associated default security group, the mapping port corresponding to the virtual machine open port is selected, and the open port information of the virtual machine and the mapping port are The information is added to the default security group; the port mapping request of the virtual machine is sent to the second server; the port mapping request is configured to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule. In this way, the first server can automatically add the open port information of the virtual machine and the mapping port information to the default security group, which saves the trouble caused by manual addition in the prior art, and simplifies the operation of performing virtual machine port mapping. Improves the user experience.

Claims (14)

  1. 一种虚拟机端口映射的实现方法,所述方法包括:A method for implementing virtual machine port mapping, the method comprising:
    第一服务器确定进行端口映射的虚拟机存在关联的默认安全组时,选取所述虚拟机开放端口对应的映射端口,并将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组;When the first server determines that the virtual machine that performs port mapping has an associated default security group, the mapping port corresponding to the virtual machine open port is selected, and the open port information of the virtual machine and the mapping port information are added to the Default security group;
    发送所述虚拟机的端口映射请求给第二服务器;所述端口映射请求用于指示第二服务器依据预设的端口映射规则对所述虚拟机进行端口映射。Sending a port mapping request of the virtual machine to the second server; the port mapping request is used to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule.
  2. 根据权利要求1所述方法,其中,所述方法还包括:The method of claim 1 wherein said method further comprises:
    第一服务器确定所述虚拟机不存在关联的默认安全组时,创建所述虚拟机的默认安全组,并将创建的默认安全组关联至所述虚拟机。When the first server determines that the virtual machine does not have an associated default security group, the default security group of the virtual machine is created, and the created default security group is associated with the virtual machine.
  3. 根据权利要求1或2所述方法,其中,所述默认安全组以所述虚拟机的浮动互联网协议IP加所述虚拟机的名称命名;The method according to claim 1 or 2, wherein the default security group is named after a floating internet protocol IP of the virtual machine plus a name of the virtual machine;
    所述第一服务器确定进行端口映射的虚拟机存在关联的默认安全组包括:The first server determines that the default security group associated with the virtual machine that performs port mapping includes:
    所述第一服务器查找所述虚拟机关联的安全组中是否存在以所述虚拟机的浮动IP加所述虚拟机名称命名的安全组,如果存在则确定所述虚拟机存在关联的默认安全组。The first server searches for a security group named with the floating IP of the virtual machine and the virtual machine name in the security group associated with the virtual machine, and if yes, determines that the virtual machine has an associated default security group. .
  4. 根据权利要求1或2所述方法,其中,所述方法还包括:The method of claim 1 or 2, wherein the method further comprises:
    第一服务器删除所述虚拟机的端口映射时,同时删除所述虚拟机关联的默认安全组中对应的开放端口信息;When the first server deletes the port mapping of the virtual machine, the corresponding open port information in the default security group associated with the virtual machine is deleted at the same time;
    第一服务器删除所述虚拟机时,同时删除所述虚拟机关联的默认安全组,并通知所述第二服务器删除所述虚拟机的相关信息。When the first server deletes the virtual machine, the default security group associated with the virtual machine is deleted, and the second server is notified to delete related information of the virtual machine.
  5. 根据权利要求1或2所述方法,其中,所述选取所述虚拟机开放端口对应的映射端口包括:The method of claim 1 or 2, wherein the selecting a mapping port corresponding to the virtual machine open port comprises:
    第一服务器设定第二服务器的端口为PORT_1至PORT_n,读取数据库 中存储的所述第二服务器已被使用的端口号的最大值PORT_max,确定max的值小于n时,选取所述虚拟机的开放端口对应的映射端口为PORT_(max+1);确定max的值不小于n时,遍历所述第二服务器的所有端口,确定存在未包含在所述数据库中的端口时,选取一个未包含在所述数据库中的端口作为所述虚拟机开放端口对应的映射端口;其中,所述n、max均为正整数。The first server sets the port of the second server to PORT_1 to PORT_n, and reads the database. The maximum value of the port number used by the second server is PORT_max, and when the value of max is determined to be less than n, the mapping port corresponding to the open port of the virtual machine is selected as PORT_(max+1); When the value is not less than n, traversing all ports of the second server, determining that there is a port not included in the database, selecting a port not included in the database as a mapping corresponding to the open port of the virtual machine a port; wherein the n and max are positive integers.
  6. 根据权利要求1或2所述方法,其中,所述第二服务器依据预设的端口映射规则对所述虚拟机进行端口映射包括:The method according to claim 1 or 2, wherein the port mapping of the virtual machine by the second server according to a preset port mapping rule comprises:
    第二服务器依据预设的端口映射规则将所述虚拟机的浮动IP地址映射为自身的IP地址,将所述开放端口映射为所述映射端口,并在自身的防火墙中配置所述虚拟机的端口映射规则。The second server maps the floating IP address of the virtual machine to its own IP address according to a preset port mapping rule, maps the open port to the mapped port, and configures the virtual machine in its own firewall. Port mapping rules.
  7. 一种服务器,所述服务器包括:处理模块及发送模块;其中,A server, the server comprising: a processing module and a sending module; wherein
    所述处理模块,配置为确定进行端口映射的虚拟机存在关联的默认安全组时,选取所述虚拟机开放端口对应的映射端口,并将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组;The processing module is configured to determine a mapping port corresponding to the open port of the virtual machine when the virtual machine that performs the port mapping has an associated default security group, and the open port information of the virtual machine and the mapping port information Add to the default security group;
    所述发送模块,配置为发送所述虚拟机的端口映射请求给第二服务器;所述端口映射请求用于指示第二服务器依据预设的端口映射规则对所述虚拟机进行端口映射。The sending module is configured to send a port mapping request of the virtual machine to the second server; the port mapping request is used to instruct the second server to perform port mapping on the virtual machine according to a preset port mapping rule.
  8. 根据权利要求7所述服务器,其中,所述处理模块,还配置为确定所述虚拟机不存在关联的默认安全组时,创建所述虚拟机的默认安全组,并将创建的默认安全组关联至所述虚拟机。The server according to claim 7, wherein the processing module is further configured to: when the virtual machine does not have an associated default security group, create a default security group of the virtual machine, and associate the created default security group. To the virtual machine.
  9. 根据权利要求7或8所述服务器,其中,所述默认安全组以所述虚拟机的浮动IP加所述虚拟机的名称命名;The server according to claim 7 or 8, wherein the default security group is named after a floating IP of the virtual machine plus a name of the virtual machine;
    相应的,所述处理模块,配置为查找所述虚拟机关联的安全组中是否存在以所述虚拟机的浮动IP加所述虚拟机名称命名的安全组,如果存在则 确定所述虚拟机存在关联的默认安全组。Correspondingly, the processing module is configured to: search for a security group named with the floating IP of the virtual machine and the virtual machine name in the security group associated with the virtual machine, if yes, Determine that the virtual machine has an associated default security group.
  10. 根据权利要求7或8所述服务器,其中,所述服务器还包括删除模块,配置为删除所述虚拟机的端口映射时,同时删除所述虚拟机关联的默认安全组中对应的开放端口信息;以及删除所述虚拟机时,同时删除所述虚拟机关联的默认安全组,并通知所述第二服务器删除所述虚拟机的相关信息。The server according to claim 7 or 8, wherein the server further includes a deletion module configured to delete the port mapping of the virtual machine, and simultaneously delete the corresponding open port information in the default security group associated with the virtual machine; And deleting the virtual machine, deleting the default security group associated with the virtual machine, and notifying the second server to delete related information of the virtual machine.
  11. 根据权利要求7或8所述服务器,其中,所述处理模块,配置为设定第二服务器的端口为PORT_1至PORT_n,读取数据库中存储的所述第二服务器已被使用的端口号的最大值PORT_max,确定max的值小于n时,选取所述虚拟机的开放端口对应的映射端口为PORT_(max+1);确定max的值不小于n时,遍历所述第二服务器的所有端口,确定存在未包含在所述数据库中的端口时,选取一个未包含在所述数据库中的端口作为所述虚拟机开放端口对应的映射端口;其中,所述n、max均为正整数。The server according to claim 7 or 8, wherein the processing module is configured to set the port of the second server to be PORT_1 to PORT_n, and read the maximum port number of the second server stored in the database. The value PORT_max, when it is determined that the value of max is less than n, the mapping port corresponding to the open port of the virtual machine is selected as PORT_(max+1); when the value of max is determined to be not less than n, all ports of the second server are traversed. When it is determined that there is a port that is not included in the database, a port that is not included in the database is selected as a mapping port corresponding to the open port of the virtual machine; wherein, n and max are positive integers.
  12. 一种虚拟机端口映射的实现系统,所述系统包括:第一服务器及第二服务器;其中,An implementation system of a virtual machine port mapping, the system comprising: a first server and a second server; wherein
    所述第一服务器,配置为确定进行端口映射的虚拟机存在关联的默认安全组时,选取所述虚拟机开放端口对应的映射端口,并将所述虚拟机的开放端口信息及所述映射端口信息添加至所述默认安全组,并发送所述虚拟机的端口映射请求给第二服务器;The first server is configured to determine a mapping port corresponding to the open port of the virtual machine when the virtual machine that performs the port mapping has an associated default security group, and the open port information of the virtual machine and the mapping port Adding information to the default security group, and sending a port mapping request of the virtual machine to the second server;
    所述第二服务器,配置为接收第一服务器发送的所述虚拟机的端口映射请求,并依据预设的端口映射规则对所述虚拟机进行端口映射。The second server is configured to receive a port mapping request of the virtual machine sent by the first server, and perform port mapping on the virtual machine according to a preset port mapping rule.
  13. 根据权利要求12所述系统,其中,所述第二服务器,配置为依据预设的端口映射规则将所述虚拟机的浮动IP地址映射为自身的IP地址,将所述开放端口映射为所述映射端口,并在自身的防火墙中配置所述虚拟机的端口映射规则。 The system of claim 12, wherein the second server is configured to map the floating IP address of the virtual machine to its own IP address according to a preset port mapping rule, and map the open port to the Map the port and configure the port mapping rules for the virtual machine in its own firewall.
  14. 一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,该计算机可执行指令用于执行权利要求1至6任一项所述的虚拟机端口映射的实现方法。 A computer storage medium storing computer executable instructions for performing the method of implementing virtual machine port mapping according to any one of claims 1 to 6.
PCT/CN2015/098201 2015-03-06 2015-12-22 Port mapping implementation method and system for virtual machine, server and storage medium WO2016141749A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510101153.XA CN105991789A (en) 2015-03-06 2015-03-06 Method for realizing virtual machine port mapping, servers and system
CN201510101153.X 2015-03-06

Publications (1)

Publication Number Publication Date
WO2016141749A1 true WO2016141749A1 (en) 2016-09-15

Family

ID=56878917

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/098201 WO2016141749A1 (en) 2015-03-06 2015-12-22 Port mapping implementation method and system for virtual machine, server and storage medium

Country Status (2)

Country Link
CN (1) CN105991789A (en)
WO (1) WO2016141749A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114024772A (en) * 2022-01-05 2022-02-08 北京赛宁网安科技有限公司 Network attack and defense platform port mapping method and system
CN115622815B (en) * 2022-12-19 2023-02-24 苏州浪潮智能科技有限公司 Port isolation implementation method, device, equipment and medium based on virtualization environment

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878482B (en) * 2017-01-03 2020-01-03 新华三技术有限公司 Network address translation method and device
CN114978890B (en) * 2022-05-16 2024-01-23 南京信息职业技术学院 Port mapping system and mapping method thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120324442A1 (en) * 2011-06-14 2012-12-20 Futurewei Technologies, Inc. System and Method for an In-Server Virtual Switch
CN103412519A (en) * 2013-04-24 2013-11-27 昆山三泰新电子科技有限公司 Remote peripheral control system, method and remote server thereof
US8639783B1 (en) * 2009-08-28 2014-01-28 Cisco Technology, Inc. Policy based configuration of interfaces in a virtual machine environment
CN103825954A (en) * 2014-03-10 2014-05-28 中国联合网络通信集团有限公司 OpenFlow control method and corresponding insert, platform and network thereof

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8363656B2 (en) * 2010-09-15 2013-01-29 International Business Machines Corporation Multiple virtual machines sharing a single IP address
CN102594660B (en) * 2012-01-19 2015-09-09 华为技术有限公司 A kind of virtual interface exchange method, Apparatus and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8639783B1 (en) * 2009-08-28 2014-01-28 Cisco Technology, Inc. Policy based configuration of interfaces in a virtual machine environment
US20120324442A1 (en) * 2011-06-14 2012-12-20 Futurewei Technologies, Inc. System and Method for an In-Server Virtual Switch
CN103412519A (en) * 2013-04-24 2013-11-27 昆山三泰新电子科技有限公司 Remote peripheral control system, method and remote server thereof
CN103825954A (en) * 2014-03-10 2014-05-28 中国联合网络通信集团有限公司 OpenFlow control method and corresponding insert, platform and network thereof

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114024772A (en) * 2022-01-05 2022-02-08 北京赛宁网安科技有限公司 Network attack and defense platform port mapping method and system
CN114024772B (en) * 2022-01-05 2022-04-26 北京赛宁网安科技有限公司 Network attack and defense platform port mapping method and system
CN115622815B (en) * 2022-12-19 2023-02-24 苏州浪潮智能科技有限公司 Port isolation implementation method, device, equipment and medium based on virtualization environment

Also Published As

Publication number Publication date
CN105991789A (en) 2016-10-05

Similar Documents

Publication Publication Date Title
EP3401783B1 (en) Method and apparatus for determining virtual machine migration
US10659471B2 (en) Method for virtual machine to access physical server in cloud computing system, apparatus, and system
US11102079B2 (en) Cross-regional virtual network peering
US10560318B2 (en) System and method for correlating fabric-level group membership with subnet-level partition membership in a high-performance computing environment
US10698739B2 (en) Multitenant access to multiple desktops on host machine partitions in a service provider network
TWI752939B (en) Method and device for processing user request
WO2018120800A1 (en) Load balancing method, device and system
WO2018095138A1 (en) Container deployment method, communication method between services and related devices
JP7135260B2 (en) Computer-implemented method and system
US11496436B2 (en) Migration of virtual machine located on its own network
CN109981493B (en) Method and device for configuring virtual machine network
US20160255118A1 (en) Network traffic control device, and security policy configuration method and apparatus thereof
US10333901B1 (en) Policy based data aggregation
WO2016141749A1 (en) Port mapping implementation method and system for virtual machine, server and storage medium
US11822970B2 (en) Identifier (ID) allocation in a virtualized computing environment
US10853126B2 (en) Reprogramming network infrastructure in response to VM mobility
CN111585887A (en) Communication method and device based on multiple networks, electronic equipment and storage medium
US11483284B2 (en) Recommending network NANO-segmentation for micro-services using flow analysis
US20200403915A1 (en) Using a route server to distribute group address associations
US10929169B2 (en) Reprogramming network infrastructure in response to VM mobility
US20240007386A1 (en) Route aggregation for virtual datacenter gateway

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15884427

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15884427

Country of ref document: EP

Kind code of ref document: A1