WO2017162030A1 - Method and apparatus for generating virtual network - Google Patents

Method and apparatus for generating virtual network Download PDF

Info

Publication number
WO2017162030A1
WO2017162030A1 PCT/CN2017/076009 CN2017076009W WO2017162030A1 WO 2017162030 A1 WO2017162030 A1 WO 2017162030A1 CN 2017076009 W CN2017076009 W CN 2017076009W WO 2017162030 A1 WO2017162030 A1 WO 2017162030A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual network
template
network
node
generating
Prior art date
Application number
PCT/CN2017/076009
Other languages
French (fr)
Chinese (zh)
Inventor
王业科
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017162030A1 publication Critical patent/WO2017162030A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting

Definitions

  • the present application relates to, but is not limited to, mobile communication technologies, and more particularly to a method and apparatus for generating a virtual network.
  • the deployment of telecom mobile networks is becoming more and more complicated.
  • the telecommunication mobile network can be deployed, modified and displayed for the virtual network. .
  • HAT heat orchestration template
  • the embodiment of the invention provides a method and a device for generating a virtual network, which can provide a virtual network template for visualizing various charts, simplify the formation process of the virtual network, and meet the complex and diverse deployment requirements of the customization.
  • an embodiment of the present invention provides a method for generating a virtual network, where the method includes:
  • the virtual network template includes a visualization chart composed of a plurality of nodes through a connection;
  • An embodiment of the present invention provides a method for generating a virtual network, by generating a virtual network template, where the virtual network template includes a visualization chart composed of a plurality of nodes through a connection, and generating a corresponding virtual according to the virtual network template.
  • Network the embodiment of the present invention visualizes the virtual form of the chart
  • the proposed network template to generate a virtual network can simplify the creation of a virtual network and provide various customized virtual network templates to meet the deployment requirements of complex and diverse telecommunication mobile networks.
  • generating a corresponding virtual network according to the virtual network template may include:
  • Virtual network resources can be better utilized by creating stacks and creating corresponding nodes in a predetermined order.
  • the method may further include:
  • the status of the stack is periodically queried, and the generation status of the virtual network is determined by the state of the stack, wherein the status of the stack includes creation, success, failure, and update.
  • the generation progress of the virtual network can be known in time.
  • the foregoing method may further include:
  • the corresponding virtual network template is adjusted to regenerate the virtual network.
  • the architecture of the appropriate virtual network can be better provided to improve the service.
  • the foregoing method may further include:
  • the usage rights of the virtual network are set, so that the virtual network can be controlled and managed according to actual conditions, so as to provide better services.
  • planning the architecture of the virtual network may include:
  • Determining the necessity of a software-defined network controller is defined for each virtual local area network of the virtual network.
  • Determining the necessity of a software-defined network controller by delineating each virtual local area network of the virtual network helps to effectively monitor data in the virtual network, simplify network management, and improve the network. Security.
  • setting the usage rights of the virtual network may include:
  • the node includes: an external network node, a network node, a routing node, a firewall node, a load balancing node, a security group node, and a virtual host node.
  • the parameters of each node in the virtual network are set by the authority control allocation to control the usage rights of the node, so that the security of the network can be further improved.
  • an embodiment of the present invention provides a device for generating a virtual network, where the device includes: a template generation module and a virtual network generation module;
  • the template generation module is configured to generate a virtual network template, where the virtual network template includes a visualization chart composed of a plurality of nodes through a connection;
  • the virtual network generating module is configured to generate a corresponding virtual network according to the virtual network template.
  • An embodiment of the present invention provides a virtual network generating apparatus, where the apparatus includes: a template generating module and a virtual network generating module, where the template generating module generates a virtual network template, where the virtual network template includes connecting by multiple nodes.
  • the virtual network generating module generates a corresponding virtual network according to the virtual network template.
  • the virtual network is generated by visualizing the virtual network template of the chart, which can simplify the creation of the virtual network and provide various customizations.
  • the virtual network template meets the deployment requirements of complex and diverse telecom mobile networks.
  • the virtual network generating module may be configured to generate a corresponding virtual network according to the virtual network template by: creating a stack according to the virtual network template and generating a corresponding virtual network according to a predetermined order.
  • the virtual network generation module creates a stack and creates corresponding nodes in a predetermined order, so that the virtual network resources can be better utilized.
  • the virtual network generating module may further be configured to periodically query the state of the stack after creating a stack according to the virtual network template and generating a corresponding virtual network according to a predetermined order, and determining, by using a state of the stack The generation state of the virtual network, where the state of the stack includes creation, success, failure, and update.
  • the virtual network generation module periodically queries the status of the stack to reflect whether the virtual network is successfully created, so that the generation progress of the virtual network can be known in time.
  • the apparatus may further include: an adjustment module; the adjustment module may be configured to adjust the corresponding virtual network template and regenerate the virtual network according to a predetermined requirement or when it is determined that the generated virtual network parameter has an error.
  • the adjustment module adjusts the installed virtual network according to predetermined requirements or determines that the parameters of the generated virtual network are incorrect, the architecture of the suitable virtual network can be better provided to improve the service.
  • the apparatus may further include: a planning module; the planning module may be configured to plan an architecture of the virtual network, and set usage rights of nodes in the virtual network.
  • the planning module is used to plan the architecture of the virtual network, and the usage rights of the virtual network are set, so that the virtual network can be controlled and managed according to actual conditions, so as to provide better services.
  • the planning module can be configured to plan the architecture of the virtual network by delineating each virtual local area network of the virtual network to determine the necessity of a software defined network controller.
  • the planning module may be configured to set usage rights of nodes in the virtual network by setting parameters of each node in the virtual network to control usage rights of the node, where the node Including: external network nodes, network nodes, routing nodes, firewall nodes, load balancing nodes, security group nodes, and virtual host nodes.
  • the parameters of each node in the virtual network are set by the authority control allocation of the planning module to control the usage rights of the node, so that the security of the network can be further improved.
  • the embodiment of the invention further provides a computer readable storage medium storing computer executable instructions, which are implemented by the processor to implement the method for generating the virtual network of the first aspect.
  • FIG. 1 is a schematic flowchart of a method for generating a virtual network according to Embodiment 1 of the present application;
  • FIG. 2 is a schematic structural diagram of a virtual network system according to Embodiment 2 of the present application.
  • FIG. 3 is a schematic diagram of template generation according to Embodiment 2 of the present application.
  • FIG. 4 is a schematic diagram of virtual network generation according to Embodiment 2 of the present application.
  • FIG. 5 is a schematic diagram of a virtual network topology adjustment according to Embodiment 2 of the present application.
  • FIG. 6 is a schematic diagram of adjusting a virtual network service chain according to Embodiment 2 of the present application.
  • FIG. 7 is a schematic structural diagram of a device for generating a virtual network according to an embodiment of the present application.
  • the method according to the embodiment of the present invention can be applied to a platform that can provide deployment and management capabilities of a public cloud, a private cloud, and a hybrid cloud infrastructure, such as an open source cloud computing management platform such as OpenStack, which can be a server cluster or a computer cluster. There may be multiple virtual machines on the server or the computer.
  • OpenStack open source cloud computing management platform
  • the division of the following components belongs to a logical division, and the specific implementation is not particularly limited.
  • a method according to an embodiment of the present invention is directed to solving a related virtual network frame in a related art. It is unable to meet the technical problems of the deployment of complex and diverse telecommunication mobile networks.
  • FIG. 1 is a schematic flowchart diagram of Embodiment 1 of a method for generating a virtual network according to the present application. This embodiment relates to a specific process for implementing virtual network generation. As shown in Figure 1, the method includes:
  • the template generation module generates a virtual network template, and the generated virtual network template may include a connection between an external network node, a routing node, a network node, a load balancing node, a virtual host node, a firewall node, a security group node, and a node.
  • the external network node is a channel between the internal virtual network and the external physical network, and the host host of the external physical network accesses the device of the internal virtual network through a floating Internet Protocol (IP) assigned to the internal device.
  • IP Internet Protocol
  • the routing node has the function of grouping and forwarding IP packets, and also functions of NAT (Network Address Translation) and VPN (Virtual Private Network).
  • NAT is the mapping of internal and external IP addresses, and external physics.
  • the network host device allocates a floating IP address to the internal virtual device through the NAT protocol. It should be noted that, for security reasons, the external physical network host device first logs in to the VPN server and then accesses the intranet virtual network device.
  • the network node corresponds to the network and subnet resources.
  • the subnet must exist in the network.
  • a network can contain multiple subnets.
  • the subnet contains one or more virtual hosts.
  • the virtual hosts in the subnet can communicate with each other. Through the gateway.
  • the load balancing node needs to be under the subnet.
  • the protocol node of the Protocol over Secure Socket Layer protocol performs round_robin, least-connections, and source-ip policy load balancing, and can also support third-party service provider products, such as the a10 load balancing manufacturer.
  • the firewall node and the security group node belong to the transparent node. The firewall node has no outgoing line, and the security group node has neither incoming nor outgoing. The function of the firewall and security group node is to allow or deny the function of the data packet.
  • the firewall is allowed or denied through the router network:router_gateway and sub
  • the data packets of the network can be filtered by the source IP address or the destination IP address.
  • the firewall can introduce third-party service providers, such as the Hillstone Firewall and the Green League.
  • the firewall technology of the third-party vendor can be used to enhance the firewall capability of the virtual network.
  • the security group filters the network packets under the entire tenant, and can filter the packets through protocols or port ranges.
  • nodes such as external network nodes, network nodes, routing nodes, firewall nodes, load balancing nodes, security group nodes, and virtual host nodes are visual components in the virtual network template, and these nodes can be connected by practice to form a visualization chart.
  • the parameter information in the above node is included in the chart, and the virtual network template may be generated in the resource operation system (Iros), but is not limited thereto.
  • the virtual network template developer user enters the template editing interface, and according to the above node and node parameter requirements, a virtual network template is generated through the connection between multiple nodes and nodes, and is published on the Iros. Once the network template is released, it cannot be modified. If there is no instance installed, it can only be modified after the release, but it is not limited to this.
  • the virtual network generating module creates a corresponding virtual network in a predetermined order according to the visualization chart in the virtual network template.
  • the generating the virtual network may be performed on a service chain template generation system (Adtsc), and Adtsc sends a request to generate a corresponding virtual network to Opencos (secondary development system of OpenStack), and Opencos may call stack-create of heat to opencos.
  • Adtsc service chain template generation system
  • Opencos secondary development system of OpenStack
  • Opencos may call stack-create of heat to opencos.
  • the stack is created, the initial state of the stack is in the creation, and the state of the stack becomes successful after the virtual network is created. If the virtual network creation fails, the state of the stack changes from being created to failing.
  • a service chain needs to be created on an SDN (Software Defined Network) controller, and the SDN controller exposes a classifier and a portchain.
  • the rest interface is used to create and delete a service chain. After the service chain is created, the data packets that meet the service chain conditions in the subsequent virtual network are filtered, monitored, forwarded, and offloaded.
  • the method for generating a virtual network generates a virtual network template, where the virtual network template includes a visualization chart composed of a plurality of nodes through a connection, and generates a corresponding virtual according to the virtual network template.
  • the network can generate a virtual network by visualizing the virtual network template of the chart, which can simplify the creation of the virtual network, and can provide various customized virtual network templates to meet the deployment requirements of complex and diverse telecommunication mobile networks.
  • generating a corresponding virtual network according to the virtual network template may include:
  • the virtual network template generates a corresponding virtual network according to a predetermined sequence.
  • some resources in the virtual network are dependent. For example, the VPNService must wait for the creation of the RouterInterface and the RouterGateway to be created. You must wait for the creation of RouterGateway to be created, etc., but not limited to this.
  • a stack is created in the initial stage of generating the virtual network.
  • Opencos calls the stack-create of heat to create a stack on Opencos.
  • Each stack corresponds to a unique encoding.
  • the initial state of the general stack is in the process of creation. The state of the stack becomes successful after the creation of all the nodes of the virtual network template. If a node fails to be created, the state of the stack changes from being created to fail.
  • Opencos will return the code of the stack to Adtsc.
  • Adtsc returns the message to start the creation of the stack to Iros, but is not limited to this.
  • Virtual network resources can be better utilized by creating stacks and creating corresponding nodes in a predetermined order.
  • the method may further include:
  • the status of the stack is periodically queried, and the generation status of the virtual network is determined by the state of the stack, wherein the status of the stack includes creation, success, failure, and update.
  • a stack is created in the initial stage of generating the virtual network.
  • Opencos calls the stack-create of heat to create a stack on Opencos.
  • Each stack corresponds to a unique encoding.
  • the initial state of the general stack is in the process of creation. Until the creation of all the nodes of the virtual network template is completed, the state of the stack becomes successful. If a node fails to be created, the state of the stack changes from being created to fail.
  • Opencos will return the code of the stack to Adtsc, Adtsc.
  • the message that starts to create the stack is returned to Iros, and Adtsc can query the state of the stack every other cycle. The cycle can be configured according to the actual situation. After the state of the query stack is successful or failed, the state of the stack is returned to Iros.
  • the results of creating an instance can be viewed on Iros, but are not limited to this.
  • the method may further include:
  • the virtual network after the virtual network is installed, it can be put into use. If the original virtual network architecture and parameters are found to be incorrect when it is put into use, the installed virtual network can be adjusted with the correct virtual network architecture and parameters.
  • the predetermined requirement (the predetermined requirement is the requirement for adjustment in the virtual network and node parameters, which can be determined according to the actual situation), and the system administrator of Iros can enter the instance management to modify the virtual network architecture (addition, deletion Component node) and modify the component node parameters, Iros sends the modification message to Adtsc, Adtsc updates the template to Opencos to send the request, and queries the state of the update stack on Opencos every other cycle until the status of the stack is successful or failed.
  • Iros Opencos calls the function of the heat update stack to update the resource, and the state of the stack enters the update state.
  • the state of all the resources is updated successfully, the state of the stack changes from successful to successful; if a resource update fails, the state of the stack is updated. Becomes a failure.
  • you need to add, delete, modify, and adjust the service chain of the SDN controller for example, the secondary traffic is in the service chain
  • the service chain sequence adjustment can also be performed when the template has secondary drainage.
  • the architecture of the appropriate virtual network can be better provided to improve the service.
  • the foregoing method may further include:
  • the virtual network is first planned.
  • the architecture of the virtual network can be planned.
  • the VLAN is decoupled to implement network communication isolation, and the third-party service provider products are introduced into the virtual network.
  • Create a service chain to filter, monitor, forward, and offload data packets that meet the requirements of the service chain, and also set the usage rights through the system administrator user of Iros, which is used by the template developer to control the allocation.
  • Virtual Whether a node in a proposed network template can be used as a development node.
  • the usage rights of the virtual network are set, so that the virtual network can be controlled and managed according to actual conditions, so as to provide better services.
  • planning the architecture of the virtual network may include:
  • Determining the necessity of a software-defined network controller is defined for each virtual local area network of the virtual network.
  • VLAN virtual local area network
  • the devices in the local area network are logically and not physically divided into one network segment, thereby realizing the virtual working group, and the network administrator will have a physical LAN logic.
  • the ground is divided into different broadcast domains (or virtual LANs, ie VLANs).
  • Each VLAN contains a set of computer workstations with the same requirements, which have the same properties as the physically formed LAN, but because it is logical rather than Physically divided, so each workstation in the same VLAN does not need to be placed in the same physical space, that is, these workstations do not necessarily belong to the same physical LAN segment, and broadcast and unicast traffic inside a VLAN are not forwarded to In other VLANs, it helps control traffic, reduce equipment investment, simplify network management, and improve network security.
  • a service chain is created on the software-defined network (SDN) controller, so that the data packets satisfying the service chain condition are filtered, monitored, forwarded, and offloaded, for example, there is a green league or a firewall.
  • the node needs to create a service chain on the SDN controller.
  • the SDN controller exposes the rest interface of the classfier and the portchain to create and delete the service chain. After the service chain is created, the data packets that meet the service chain conditions are used in the subsequent virtual network. Filter, monitor, forward, and offload.
  • the setting the usage rights of the virtual network may include:
  • the node includes: an external network node, a network node, a routing node, a firewall node, a load balancing node, a security group node, and a virtual host node.
  • the seven nodes on the virtual network template are edited by adding, deleting, and modifying, and the seven nodes include: an external network node, a network node, a routing node, a firewall node, a load balancing node, a security group node, and a virtual host node. Fill in the parameters in these nodes, and set the parameters of each node in the virtual network to control the usage rights of the nodes through the authority control allocation, so as to further improve the security of the network.
  • the virtual network system includes: a resource operation system (Iros), a service chain template generation system (Adtsc), a system for secondary development of open source OpenStack (for example, Opencos), and a second open source SDN controller.
  • Secondary development system for example, SDN system.
  • FIG. 3 is a schematic diagram of template generation of a method for generating a virtual network according to Embodiment 2 of the present application.
  • you before the virtual network is deployed, you must first plan the network, plan the network architecture, demarcate the VLAN to implement network communication isolation, introduce third-party service provider products into the virtual network, and create a service chain on the SDN controller. Filter, monitor, forward, and offload packets that meet the conditions of the service chain.
  • the template developer interface from Iros enters the template editing interface, and 7 nodes (external network nodes, network nodes, routing nodes, firewall nodes, load balancing nodes, security groups) are edited by adding, deleting, and modifying.
  • Node virtual host node
  • fill in the parameters in the node and save the template, thus generating a virtual network template, in which the system administrator user of Iros can assign the template development node usage authority to the template developer through the permission control, otherwise the template development You cannot use a template to develop a node.
  • FIG. 4 is a schematic diagram of virtual network generation of a method for generating a virtual network according to Embodiment 2 of the present application.
  • the template is published on the Iros. Once the template is published, it cannot be modified (if the instance is not installed, it can be modified after the release is released). After the template is released, enter the system administrator user to install the template. Iros sends a request to install the template to Adtsc. Adtsc sends a request to Opencos to install the template. Opencos calls heat's stack-create to create a stack on Opencos. The state of the stack is in the process of creation. The state of the stack becomes successful after the creation of all the components of the template.
  • a component fails to be created, The state of the stack changes from being created to failing. Opencos returns the stack ID to Adtsc, which returns the message to start the stack to Iros, and then Adtsc queries the stack every other cycle (configurable). The state of the stack is returned to Iros until the state of the query stack is successful or failed. The results of creating an instance can be viewed on Iros. If the template contains a Green League or firewall node, you need to create a service chain on the SDN controller. The SDN controller exposes the rest interface of the classfier and the portchain to create and delete the service chain. After the service chain is created, the data packets that meet the service chain conditions in the subsequent virtual network are filtered, monitored, forwarded, and offloaded.
  • the VPNService must wait for the creation of the RouterInterface and RouterGateway to be created.
  • the Firewall must wait for the creation of the RouterGateway to be created.
  • FIG. 5 is a schematic diagram of a virtual network topology adjustment according to a method for generating a virtual network according to Embodiment 2 of the present application
  • FIG. 6 is a schematic diagram of a virtual network service chain adjustment method for generating a virtual network according to Embodiment 2 of the present application.
  • the service network of the virtual network and SDN controller can be put into use after it is successfully created. If the original virtual network architecture or parameters are found to be incorrect, you can use the system administrator of Iros.
  • the modification of the virtual network also includes the addition, deletion, modification, and sequence adjustment of the service chain (in the case of secondary traffic in the service chain).
  • the system administrator of the Iros enters the service chain management, and the service chain under the tenant can be viewed. Add, delete, and modify operations. When the template has secondary drainage, the business chain order adjustment can be performed.
  • the virtual network is generated by visualizing the virtual network template of the chart, thereby simplifying the creation of the virtual network, and providing various customized virtual network templates to meet the deployment requirements of complex and diverse telecommunication mobile networks.
  • FIG. 7 is a schematic structural diagram of a device for generating a virtual network according to the present application. As shown in FIG. 7, the device includes a template generating module 10 and a virtual network generating module 20;
  • the template generating module 10 is configured to generate a virtual network template, where the virtual network template includes a visualization chart composed of a plurality of nodes through a connection;
  • the virtual network generating module 20 is configured to generate a corresponding virtual network according to the virtual network template.
  • An apparatus for generating a virtual network includes: a template generation module and the virtual network generation module, and generates a virtual network template by using a template generation module, where the virtual network template includes multiple nodes A visual chart of the line composition, the virtual network generating module generates a corresponding virtual network according to the virtual network template; in this embodiment, the virtual network is generated by visualizing the virtual network template of the chart, which can simplify the creation of the virtual network, and can provide various self The defined virtual network template meets the deployment requirements of complex and diverse telecommunication mobile networks.
  • the virtual network generating module 20 may be configured to generate a corresponding virtual network according to the virtual network template by: creating a stack according to the virtual network template and following The predetermined order generates a corresponding virtual network.
  • the device provided by the embodiment of the present invention may perform the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again.
  • the virtual network generating module 20 may further be configured to periodically query the stack after creating a stack according to the virtual network template and generating corresponding nodes in a predetermined order.
  • the state of the virtual network is determined by the state of the stack, wherein the state of the stack includes creation, success, failure, and update.
  • the device provided by the embodiment of the present invention may perform the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again.
  • the apparatus provided in this embodiment may further include: an adjustment module 30;
  • the adjusting module 30 is configured to adjust a corresponding virtual network template and regenerate the virtual network according to a predetermined requirement or when it is determined that the generated virtual network has an error.
  • the device provided by the embodiment of the present invention may perform the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again.
  • the apparatus provided in this embodiment may further include: Planning module 40;
  • the planning module 40 is configured to plan an architecture of the virtual network, and set usage rights of the virtual network.
  • the device provided by the embodiment of the present invention may perform the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again.
  • the planning module 40 may be configured to plan an architecture of the virtual network by delineating each virtual local area network of the virtual network, and determining a software-defined network. The necessity of the controller.
  • the device provided by the embodiment of the present invention may perform the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again.
  • the planning module 40 may be configured to set usage rights of nodes in the virtual network by setting parameters of each node in the virtual network to control The usage rights of the node, wherein the node comprises: an external network node, a network node, a routing node, a firewall node, a load balancing node, a security group node, and a virtual host node.
  • the device provided by the embodiment of the present invention may perform the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again.
  • an embodiment of the present invention further provides a computer readable storage medium storing computer executable instructions, where the computer executable instructions are executed by a processor to implement the method for generating the virtual network.
  • computer storage medium includes volatile and nonvolatile, implemented in any method or technology for storing information, such as computer readable instructions, data structures, program modules or other data. Sex, removable and non-removable media.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storage, magnetic cartridge, magnetic tape, magnetic disk storage or other magnetic storage device, or may Any other medium used to store the desired information and that can be accessed by the computer.
  • communication media typically includes computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media. .
  • the embodiment of the present invention provides a method and a device for generating a virtual network.
  • a virtual network By creating a virtual network by visualizing a virtual network template of a chart, the virtual network can be simplified, and various customized virtual network templates can be provided to meet the complexity and diversity. Deployment requirements for telecom mobile networks.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed are a method and apparatus for generating a virtual network by generating a virtual network template, wherein the virtual network template comprises a visual diagramformed by connecting a plurality of nodes, and a corresponding virtual network is generated according to the virtual network template. According to the present application, since a virtual network is generated by the virtual network template comprising a visual diagram, the creation of the virtual network can be simplified; various user-defined virtual network templates can be provided; and the deployment requirements of complicated and varied telecommunications mobile networks can be satisfied.

Description

一种虚拟网络的生成方法和装置Method and device for generating virtual network 技术领域Technical field
本申请涉及但不限于移动通信技术,尤指一种虚拟网络的生成方法和装置。The present application relates to, but is not limited to, mobile communication technologies, and more particularly to a method and apparatus for generating a virtual network.
背景技术Background technique
目前,随着信息时代的发展,电信移动网络部署越来越复杂。为了满足复杂多变的电信移动业务,需要频繁对原有电信移动网络进行改造或者扩容,而通过在电信移动网络上应用虚拟网络技术,可以对虚拟网络组建、修改和展示等来部署电信移动网络。At present, with the development of the information age, the deployment of telecom mobile networks is becoming more and more complicated. In order to meet the complex and ever-changing telecom mobile services, it is necessary to frequently transform or expand the original telecommunication mobile network. By applying the virtual network technology on the telecommunication mobile network, the telecommunication mobile network can be deployed, modified and displayed for the virtual network. .
相关技术中,虚拟网络进行组建、修改和展示等功能都是通过heat模板(heat orchestration template,HOT)规范编码来实现的,然而,这些都是采用单一定义化的虚拟网络架构,无法满足复杂多样的电信移动网络的部署。In the related art, functions such as forming, modifying, and displaying a virtual network are implemented by using a heat orchestration template (HOT) specification code. However, these are all defined by a virtual network architecture, which cannot meet the complexity and diversity. Deployment of telecommunications mobile networks.
发明概述Summary of invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本发明实施例提供了一种虚拟网络的生成方法和装置,能够提供各种图表可视化的虚拟网络模板,简化了虚拟网络的组建过程,同时可以满足自定义的复杂多样的部署要求。The embodiment of the invention provides a method and a device for generating a virtual network, which can provide a virtual network template for visualizing various charts, simplify the formation process of the virtual network, and meet the complex and diverse deployment requirements of the customization.
第一方面,本发明实施例提供一种虚拟网络的生成方法,所述方法包括:In a first aspect, an embodiment of the present invention provides a method for generating a virtual network, where the method includes:
生成虚拟网络模板,其中,所述虚拟网络模板包括由多个节点通过连线组成的可视化图表;Generating a virtual network template, where the virtual network template includes a visualization chart composed of a plurality of nodes through a connection;
根据所述虚拟网络模板生成对应的虚拟网络。Generating a corresponding virtual network according to the virtual network template.
本发明实施例提供了一种虚拟网络的生成方法,通过生成虚拟网络模板,其中,所述虚拟网络模板包括由多个节点通过连线组成的可视化图表,根据所述虚拟网络模板生成对应的虚拟网络;本发明实施例通过可视化图表的虚 拟网络模板来生成虚拟网络,可以简化虚拟网络的创建,并可以提供各种自定义的虚拟网络模板,满足了复杂多样的电信移动网络的部署要求。An embodiment of the present invention provides a method for generating a virtual network, by generating a virtual network template, where the virtual network template includes a visualization chart composed of a plurality of nodes through a connection, and generating a corresponding virtual according to the virtual network template. Network; the embodiment of the present invention visualizes the virtual form of the chart The proposed network template to generate a virtual network can simplify the creation of a virtual network and provide various customized virtual network templates to meet the deployment requirements of complex and diverse telecommunication mobile networks.
如上所述,根据所述虚拟网络模板生成对应的虚拟网络,可以包括:As described above, generating a corresponding virtual network according to the virtual network template may include:
根据所述虚拟网络模板创建栈和按照预定的顺序生成对应的虚拟网络。Creating a stack according to the virtual network template and generating a corresponding virtual network in a predetermined order.
通过创建栈和按照预定的顺序创建对应的节点,这样可以更好地利用虚拟网络资源。Virtual network resources can be better utilized by creating stacks and creating corresponding nodes in a predetermined order.
如上所述,根据所述虚拟网络模板创建栈和按照预定的顺序生成对应的虚拟网络之后,上述方法还可以包括:As described above, after the virtual network template is created according to the virtual network template and the corresponding virtual network is generated in a predetermined order, the method may further include:
定期查询所述栈的状态,并通过栈的状态确定所述虚拟网络的生成状态,其中,栈的状态包括创建中、成功、失败和更新中。The status of the stack is periodically queried, and the generation status of the virtual network is determined by the state of the stack, wherein the status of the stack includes creation, success, failure, and update.
通过定期查询栈的状态来反映虚拟网络是否创建成功,从而可以及时获知该虚拟网络的生成进度。By periodically querying the status of the stack to reflect whether the virtual network is successfully created, the generation progress of the virtual network can be known in time.
如上所述,根据所述虚拟网络模板生成对应的虚拟网络之后,上述方法还可以包括:After the corresponding virtual network is generated according to the virtual network template, the foregoing method may further include:
根据预定的要求或者确定所生成的虚拟网络的参数有错误时,调整对应的虚拟网络模板,重新生成虚拟网络。If there is an error according to the predetermined requirement or the parameter of the generated virtual network is determined, the corresponding virtual network template is adjusted to regenerate the virtual network.
通过根据预定的要求或者确定所生成的虚拟网络的参数有错误时,调整所安装的虚拟网络,可以更好地提供适合的虚拟网络的架构来提高服务。By adjusting the installed virtual network according to predetermined requirements or determining that the parameters of the generated virtual network are erroneous, the architecture of the appropriate virtual network can be better provided to improve the service.
如上所述,生成虚拟网络模板之前,上述方法还可以包括:As described above, before the virtual network template is generated, the foregoing method may further include:
规划所述虚拟网络的架构,设置所述虚拟网络的使用权限。Planning an architecture of the virtual network, and setting usage rights of the virtual network.
通过规划所述虚拟网络的架构,设置所述虚拟网络的使用权限,从而使得该虚拟网络可以适应实际情况进行控制管理,便于提供更好的服务。By planning the architecture of the virtual network, the usage rights of the virtual network are set, so that the virtual network can be controlled and managed according to actual conditions, so as to provide better services.
如上所述,规划所述虚拟网络的架构,可以包括:As described above, planning the architecture of the virtual network may include:
划定所述虚拟网络的每个虚拟局域网,确定软件定义网络控制器的必要性。Determining the necessity of a software-defined network controller is defined for each virtual local area network of the virtual network.
通过划定所述虚拟网络的每个虚拟局域网,确定软件定义网络控制器的必要性,有助于对虚拟网络中数据进行有效监控、简化网络管理、提高网络 的安全性。Determining the necessity of a software-defined network controller by delineating each virtual local area network of the virtual network helps to effectively monitor data in the virtual network, simplify network management, and improve the network. Security.
如上所述,设置所述虚拟网络的使用权限,可以包括:As described above, setting the usage rights of the virtual network may include:
设置所述虚拟网络中每个节点的参数来控制所述节点的使用权限,其中,所述节点包括:外部网络节点、网络节点、路由节点、防火墙节点、负载均衡节点、安全组节点和虚拟主机节点。Setting parameters of each node in the virtual network to control usage rights of the node, where the node includes: an external network node, a network node, a routing node, a firewall node, a load balancing node, a security group node, and a virtual host node.
通过权限控制分配来设置虚拟网络中每个节点的参数来控制所述节点的使用权限,从而可以进一步地提高网络的安全性。The parameters of each node in the virtual network are set by the authority control allocation to control the usage rights of the node, so that the security of the network can be further improved.
第二方面,本发明实施例提供一种虚拟网络的生成装置,所述装置包括:模板生成模块和虚拟网络生成模块;In a second aspect, an embodiment of the present invention provides a device for generating a virtual network, where the device includes: a template generation module and a virtual network generation module;
所述模板生成模块设置为生成虚拟网络模板,其中,所述虚拟网络模板包括由多个节点通过连线组成的可视化图表;The template generation module is configured to generate a virtual network template, where the virtual network template includes a visualization chart composed of a plurality of nodes through a connection;
所述虚拟网络生成模块设置为根据所述虚拟网络模板生成对应的虚拟网络。The virtual network generating module is configured to generate a corresponding virtual network according to the virtual network template.
本发明实施例提供了一种虚拟网络的生成装置,该装置包括:模板生成模块和虚拟网络生成模块,模板生成模块生成虚拟网络模板,其中,所述虚拟网络模板包括由多个节点通过连线组成的可视化图表,虚拟网络生成模块根据所述虚拟网络模板生成对应的虚拟网络;本实施例通过可视化图表的虚拟网络模板来生成虚拟网络,可以简化虚拟网络的创建,并可以提供各种自定义的虚拟网络模板,满足了复杂多样的电信移动网络的部署要求。An embodiment of the present invention provides a virtual network generating apparatus, where the apparatus includes: a template generating module and a virtual network generating module, where the template generating module generates a virtual network template, where the virtual network template includes connecting by multiple nodes. The virtual network generating module generates a corresponding virtual network according to the virtual network template. In this embodiment, the virtual network is generated by visualizing the virtual network template of the chart, which can simplify the creation of the virtual network and provide various customizations. The virtual network template meets the deployment requirements of complex and diverse telecom mobile networks.
如上所述,所述虚拟网络生成模块可以设置为通过以下方式根据所述虚拟网络模板生成对应的虚拟网络:根据所述虚拟网络模板创建栈和按照预定的顺序生成对应的虚拟网络。As described above, the virtual network generating module may be configured to generate a corresponding virtual network according to the virtual network template by: creating a stack according to the virtual network template and generating a corresponding virtual network according to a predetermined order.
通过虚拟网络生成模块创建栈和按照预定的顺序创建对应的节点,这样可以更好地利用虚拟网络资源。The virtual network generation module creates a stack and creates corresponding nodes in a predetermined order, so that the virtual network resources can be better utilized.
如上所述,所述虚拟网络生成模块还可以设置为根据所述虚拟网络模板创建栈和按照预定的顺序生成对应的虚拟网络之后,定期查询所述栈的状态,并通过栈的状态确定所述虚拟网络的生成状态,其中,栈的状态包括创建中、成功、失败和更新中。 As described above, the virtual network generating module may further be configured to periodically query the state of the stack after creating a stack according to the virtual network template and generating a corresponding virtual network according to a predetermined order, and determining, by using a state of the stack The generation state of the virtual network, where the state of the stack includes creation, success, failure, and update.
通过虚拟网络生成模块定期查询栈的状态来反映虚拟网络是否创建成功,从而可以及时获知该虚拟网络的生成进度。The virtual network generation module periodically queries the status of the stack to reflect whether the virtual network is successfully created, so that the generation progress of the virtual network can be known in time.
如上所述,所述装置还可以包括:调整模块;所述调整模块可以设置为根据预定的要求或者确定所生成的虚拟网络的参数有错误时,调整对应的虚拟网络模板,重新生成虚拟网络。As described above, the apparatus may further include: an adjustment module; the adjustment module may be configured to adjust the corresponding virtual network template and regenerate the virtual network according to a predetermined requirement or when it is determined that the generated virtual network parameter has an error.
通过调整模块根据预定的要求或者确定所生成的虚拟网络的参数有错误时,调整所安装的虚拟网络,可以更好地提供适合的虚拟网络的架构来提高服务。When the adjustment module adjusts the installed virtual network according to predetermined requirements or determines that the parameters of the generated virtual network are incorrect, the architecture of the suitable virtual network can be better provided to improve the service.
如上所述,所述装置还可以包括:规划模块;所述规划模块可以设置为规划所述虚拟网络的架构,设置所述虚拟网络中节点的使用权限。As described above, the apparatus may further include: a planning module; the planning module may be configured to plan an architecture of the virtual network, and set usage rights of nodes in the virtual network.
通过规划模块规划所述虚拟网络的架构,设置所述虚拟网络的使用权限,从而使得该虚拟网络可以适应实际情况进行控制管理,便于提供更好的服务。The planning module is used to plan the architecture of the virtual network, and the usage rights of the virtual network are set, so that the virtual network can be controlled and managed according to actual conditions, so as to provide better services.
如上所述,所述规划模块可以设置为通过以下方式规划所述虚拟网络的架构:划定所述虚拟网络的每个虚拟局域网,确定软件定义网络控制器的必要性。As described above, the planning module can be configured to plan the architecture of the virtual network by delineating each virtual local area network of the virtual network to determine the necessity of a software defined network controller.
通过划定所述虚拟网络的每个虚拟局域网,确定软件定义网络控制器的必要性,有助于对虚拟网络中数据进行有效监控、简化网络管理、提高网络的安全性。By delineating each virtual local area network of the virtual network, determining the necessity of the software-defined network controller helps to effectively monitor data in the virtual network, simplify network management, and improve network security.
如上所述,所述规划模块可以设置为通过以下方式设置所述虚拟网络中节点的使用权限:设置所述虚拟网络中每个节点的参数来控制所述节点的使用权限,其中,所述节点包括:外部网络节点、网络节点、路由节点、防火墙节点、负载均衡节点、安全组节点和虚拟主机节点。As described above, the planning module may be configured to set usage rights of nodes in the virtual network by setting parameters of each node in the virtual network to control usage rights of the node, where the node Including: external network nodes, network nodes, routing nodes, firewall nodes, load balancing nodes, security group nodes, and virtual host nodes.
通过规划模块的权限控制分配来设置虚拟网络中每个节点的参数来控制所述节点的使用权限,从而可以进一步地提高网络的安全性。The parameters of each node in the virtual network are set by the authority control allocation of the planning module to control the usage rights of the node, so that the security of the network can be further improved.
本发明实施例还提供一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现上述第一方面的虚拟网络的生成方法。The embodiment of the invention further provides a computer readable storage medium storing computer executable instructions, which are implemented by the processor to implement the method for generating the virtual network of the first aspect.
本申请的其它特征和优点将在随后的说明书中阐述,并且,部分地从说 明书中变得显而易见,或者通过实施本申请而了解。本申请的目的和其他优点可通过在说明书、权利要求书以及附图中所特别指出的结构来实现和获得。Other features and advantages of the present application will be set forth in the description which follows, and, in part, from It becomes apparent in the specification or is understood by implementing this application. The objectives and other advantages of the present invention can be realized and obtained by the structure of the invention.
附图概述BRIEF abstract
附图用来提供对本申请技术方案的进一步理解,并且构成说明书的一部分,与本申请的实施例一起用于解释本申请的技术方案,并不构成对本申请技术方案的限制。The drawings are used to provide a further understanding of the technical solutions of the present application, and constitute a part of the specification, which is used together with the embodiments of the present application to explain the technical solutions of the present application, and does not constitute a limitation of the technical solutions of the present application.
图1为本申请实施例一提供的一种虚拟网络的生成方法的流程示意图;1 is a schematic flowchart of a method for generating a virtual network according to Embodiment 1 of the present application;
图2为本申请实施例二的虚拟网络系统结构示意图;2 is a schematic structural diagram of a virtual network system according to Embodiment 2 of the present application;
图3为本申请实施例二的模板生成示意图;3 is a schematic diagram of template generation according to Embodiment 2 of the present application;
图4为本申请实施例二的虚拟网络生成示意图;4 is a schematic diagram of virtual network generation according to Embodiment 2 of the present application;
图5为本申请实施例二的虚拟网络拓扑调整示意图;FIG. 5 is a schematic diagram of a virtual network topology adjustment according to Embodiment 2 of the present application;
图6为本申请实施例二的虚拟网络业务链调整示意图;6 is a schematic diagram of adjusting a virtual network service chain according to Embodiment 2 of the present application;
图7为本申请实施例提供的一种虚拟网络的生成装置的结构示意图。FIG. 7 is a schematic structural diagram of a device for generating a virtual network according to an embodiment of the present application.
详述Detailed
下文中将结合附图对本申请的实施例进行详细说明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。Embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.
在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行。并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。The steps illustrated in the flowchart of the figures may be executed in a computer system such as a set of computer executable instructions. Also, although logical sequences are shown in the flowcharts, in some cases the steps shown or described may be performed in a different order than the ones described herein.
本发明实施例涉及的方法可以应用于可以提供部署和管理公有云、私有云以及混合云基础架构能力的平台,例如:OpenStack这样开源的云计算管理平台,该平台可以是服务器集群或者是计算机集群,服务器或者计算机上可以设有多个虚拟机,以下多个组件的划分属于一种逻辑划分,具体实施并未特别限制。The method according to the embodiment of the present invention can be applied to a platform that can provide deployment and management capabilities of a public cloud, a private cloud, and a hybrid cloud infrastructure, such as an open source cloud computing management platform such as OpenStack, which can be a server cluster or a computer cluster. There may be multiple virtual machines on the server or the computer. The division of the following components belongs to a logical division, and the specific implementation is not particularly limited.
本发明实施例涉及的方法,旨在解决相关技术中采用单一的虚拟网络架 构,无法满足复杂多样的电信移动网络的部署的技术问题。A method according to an embodiment of the present invention is directed to solving a related virtual network frame in a related art. It is unable to meet the technical problems of the deployment of complex and diverse telecommunication mobile networks.
下面通过多个实施例对本申请的技术方案进行详细说明。下面这几个具体的实施例可以相互结合,对于相同或相似的概念或过程可能在某些实施例不再赘述。The technical solutions of the present application are described in detail below through various embodiments. The following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be described in some embodiments.
图1为本申请提供的一种虚拟网络的生成方法的实施例一的流程示意图。本实施例涉及的是实现虚拟网络生成的具体过程。如图1所示,该方法包括:FIG. 1 is a schematic flowchart diagram of Embodiment 1 of a method for generating a virtual network according to the present application. This embodiment relates to a specific process for implementing virtual network generation. As shown in Figure 1, the method includes:
S101、生成虚拟网络模板,其中,所述虚拟网络模板包括由多个节点通过连线组成的可视化图表。S101. Generate a virtual network template, where the virtual network template includes a visualization chart composed of a plurality of nodes by connecting lines.
其中,模板生成模块会生成虚拟网络模板,生成的该虚拟网络模板可以包括由外部网络节点、路由节点、网络节点、负载均衡节点、虚拟主机节点、防火墙节点、安全组节点和节点间的连线组成的可视化图表。其中,该外部网络节点是内部虚拟网络和外部物理网络之间的通道,外部物理网络的宿主主机通过分配给内部设备的浮动互联网协议(IP,Internet Protocol)访问内部虚拟网络的设备。路由节点具有IP数据包的分组和转发的功能,另外还有NAT(Network Address Translation,网络地址转换)和VPN(Virtual Private Network,虚拟专用网络)的功能,NAT是内外IP地址的映射,外部物理网络宿主设备通过NAT协议给设备分配浮动IP访问内部虚拟设备;这里需要说明的是,为了安全起见,外部物理网络宿主设备先登录VPN服务器,再访问内网虚拟网络设备。网络节点对应网络和子网资源,子网必须要存在在网络里,一个网络可以含有多个子网,子网下含有一个或者多个虚拟主机,子网内的虚拟主机可以相互通信,数据包不需要通过网关。负载均衡节点需要在子网下,可以对已经暴露的两个或者多个服务器的TCP(Transmission Control Protocol,传输控制协议)协议、HTTP(HyperText Transfer Protocol,超文本传输协议)协议、HTTPS(HyperText Transfer Protocol over Secure Socket Layer)协议的服务节点进行round_robin、least-connections、source-ip策略负载均衡,还可以支持第三方服务商产品,比如a10负载均衡产商。防火墙节点和安全组节点属于透明节点,防火墙节点只有入线没有出线,安全组节点既没入线也没有出线,防火墙和安全组节点的功能是允许或者拒绝数据包的功能。防火墙是允许或者拒绝通过路由器network:router_gateway和子 网的数据包,可以通过源IP地址或者目标IP地址进行过滤,该防火墙可以引入第三方服务商,比如山石防火墙、绿盟等,借助第三方厂商成熟的防火墙技术来增强虚拟网络的防火墙能力。安全组是对于整个租户下的网络数据包进行过滤,可以通过协议或者端口范围来对数据包进行过滤。其中,外部网络节点、网络节点、路由节点、防火墙节点、负载均衡节点、安全组节点、虚拟主机节点等节点在虚拟网络模板中为可视化组件,可以通过练习将这些节点连接起来形成可视化图表,该图表中包括上述节点里的参数信息,可以在资源运营系统(Iros)中生成所述虚拟网络模板,但并不限于此。The template generation module generates a virtual network template, and the generated virtual network template may include a connection between an external network node, a routing node, a network node, a load balancing node, a virtual host node, a firewall node, a security group node, and a node. A visual chart of the composition. The external network node is a channel between the internal virtual network and the external physical network, and the host host of the external physical network accesses the device of the internal virtual network through a floating Internet Protocol (IP) assigned to the internal device. The routing node has the function of grouping and forwarding IP packets, and also functions of NAT (Network Address Translation) and VPN (Virtual Private Network). NAT is the mapping of internal and external IP addresses, and external physics. The network host device allocates a floating IP address to the internal virtual device through the NAT protocol. It should be noted that, for security reasons, the external physical network host device first logs in to the VPN server and then accesses the intranet virtual network device. The network node corresponds to the network and subnet resources. The subnet must exist in the network. A network can contain multiple subnets. The subnet contains one or more virtual hosts. The virtual hosts in the subnet can communicate with each other. Through the gateway. The load balancing node needs to be under the subnet. It can transmit TCP (Transmission Control Protocol) protocol, HTTP (HyperText Transfer Protocol) protocol, HTTPS (HyperText Transfer) to two or more servers that have been exposed. The protocol node of the Protocol over Secure Socket Layer protocol performs round_robin, least-connections, and source-ip policy load balancing, and can also support third-party service provider products, such as the a10 load balancing manufacturer. The firewall node and the security group node belong to the transparent node. The firewall node has no outgoing line, and the security group node has neither incoming nor outgoing. The function of the firewall and security group node is to allow or deny the function of the data packet. The firewall is allowed or denied through the router network:router_gateway and sub The data packets of the network can be filtered by the source IP address or the destination IP address. The firewall can introduce third-party service providers, such as the Hillstone Firewall and the Green League. The firewall technology of the third-party vendor can be used to enhance the firewall capability of the virtual network. The security group filters the network packets under the entire tenant, and can filter the packets through protocols or port ranges. Among them, nodes such as external network nodes, network nodes, routing nodes, firewall nodes, load balancing nodes, security group nodes, and virtual host nodes are visual components in the virtual network template, and these nodes can be connected by practice to form a visualization chart. The parameter information in the above node is included in the chart, and the virtual network template may be generated in the resource operation system (Iros), but is not limited thereto.
需要说明的是,虚拟网络模板开发者用户进入模板编辑界面,按照上述的节点和节点参数要求,通过多个节点和节点间的连线,生成虚拟网络模板,并发布在Iros上,此时虚拟网络模板一旦发布就不能修改,如果在没有安装实例的情况下,只能取消发布后才能修改,但并不限于此。It should be noted that the virtual network template developer user enters the template editing interface, and according to the above node and node parameter requirements, a virtual network template is generated through the connection between multiple nodes and nodes, and is published on the Iros. Once the network template is released, it cannot be modified. If there is no instance installed, it can only be modified after the release, but it is not limited to this.
S102、根据所述虚拟网络模板生成对应的虚拟网络。S102. Generate a corresponding virtual network according to the virtual network template.
其中,虚拟网络生成模块根据虚拟网络模板中的可视化图表,按照预定的顺序创建对应的虚拟网络。其中,生成所述虚拟网络可以在业务链模板生成系统(Adtsc)上进行,Adtsc向Opencos(OpenStack的二次开发系统)发送生成对应虚拟网络的请求,Opencos可以调用heat的stack-create来在Opencos上创建栈,该栈的初始状态处于创建中,直到虚拟网络创建完成之后栈的状态才由创建中变为成功,如果虚拟网络创建失败,则栈的状态由创建中变为失败。其中,如果虚拟网络模板里含有绿盟或者防火墙节点,则需要在SDN(Software Defined Network,软件定义网络)控制器上创建业务链,该SDN控制器暴露分类器(classfier)和端口链(portchain)的rest接口用于创建、删除业务链,创建该业务链后,为后续虚拟网络里对符合业务链条件的数据包进行过滤、监控、转发和分流。The virtual network generating module creates a corresponding virtual network in a predetermined order according to the visualization chart in the virtual network template. The generating the virtual network may be performed on a service chain template generation system (Adtsc), and Adtsc sends a request to generate a corresponding virtual network to Opencos (secondary development system of OpenStack), and Opencos may call stack-create of heat to opencos. The stack is created, the initial state of the stack is in the creation, and the state of the stack becomes successful after the virtual network is created. If the virtual network creation fails, the state of the stack changes from being created to failing. If the virtual network template contains a green league or a firewall node, a service chain needs to be created on an SDN (Software Defined Network) controller, and the SDN controller exposes a classifier and a portchain. The rest interface is used to create and delete a service chain. After the service chain is created, the data packets that meet the service chain conditions in the subsequent virtual network are filtered, monitored, forwarded, and offloaded.
本发明实施例提供的一种虚拟网络的生成方法,通过生成虚拟网络模板,其中,所述虚拟网络模板包括由多个节点通过连线组成的可视化图表,根据所述虚拟网络模板生成对应的虚拟网络;本实施例通过可视化图表的虚拟网络模板来生成虚拟网络,可以简化虚拟网络的创建,并可以提供各种自定义的虚拟网络模板,满足了复杂多样的电信移动网络的部署要求。 The method for generating a virtual network according to an embodiment of the present invention generates a virtual network template, where the virtual network template includes a visualization chart composed of a plurality of nodes through a connection, and generates a corresponding virtual according to the virtual network template. The network can generate a virtual network by visualizing the virtual network template of the chart, which can simplify the creation of the virtual network, and can provide various customized virtual network templates to meet the deployment requirements of complex and diverse telecommunication mobile networks.
在示例性实施方式中,在上述实施例的基础上,根据所述虚拟网络模板生成对应的虚拟网络,可以包括:In an exemplary embodiment, on the basis of the foregoing embodiment, generating a corresponding virtual network according to the virtual network template may include:
根据所述虚拟网络模板创建栈并按照预定的顺序生成对应的虚拟网络。Creating a stack according to the virtual network template and generating a corresponding virtual network in a predetermined order.
其中,根据虚拟网络模板按照预定的顺序生成对应的虚拟网络;在生成虚拟网络过程中,虚拟网络中有些资源是有依赖关系的,比如,VPNService必须要等待RouterInterface和RouterGateway创建完成之后才能创建,Firewall必须要等待RouterGateway创建完成之后才能创建等等,但并不限于此。The virtual network template generates a corresponding virtual network according to a predetermined sequence. In the process of generating a virtual network, some resources in the virtual network are dependent. For example, the VPNService must wait for the creation of the RouterInterface and the RouterGateway to be created. You must wait for the creation of RouterGateway to be created, etc., but not limited to this.
其中,在生成虚拟网络的初始阶段就会创建一个栈,例如:Opencos调用heat的stack-create来在Opencos上创建栈,每个栈对应一个唯一的编码,一般栈的初始状态是处于创建中,直到虚拟网络模板的所有节点创建完成之后栈的状态才由创建中变为成功,如果某个节点创建失败,则栈的状态由创建中变为失败,其中,Opencos会把栈的编码返回给Adtsc,Adtsc把开始创建栈的消息返回给Iros,但并不限于此。Among them, a stack is created in the initial stage of generating the virtual network. For example, Opencos calls the stack-create of heat to create a stack on Opencos. Each stack corresponds to a unique encoding. The initial state of the general stack is in the process of creation. The state of the stack becomes successful after the creation of all the nodes of the virtual network template. If a node fails to be created, the state of the stack changes from being created to fail. Opencos will return the code of the stack to Adtsc. Adtsc returns the message to start the creation of the stack to Iros, but is not limited to this.
通过创建栈和按照预定的顺序创建对应的节点,这样可以更好地利用虚拟网络资源。Virtual network resources can be better utilized by creating stacks and creating corresponding nodes in a predetermined order.
在示例性实施方式中,在上述实施例的基础上,根据所述虚拟网络模板创建栈和按照预定的顺序生成对应的虚拟网络之后,上述方法还可以包括:In an exemplary embodiment, after the creation of the stack according to the virtual network template and the generation of the corresponding virtual network in a predetermined order, the method may further include:
定期查询所述栈的状态,并通过栈的状态确定所述虚拟网络的生成状态,其中,栈的状态包括创建中、成功、失败和更新中。The status of the stack is periodically queried, and the generation status of the virtual network is determined by the state of the stack, wherein the status of the stack includes creation, success, failure, and update.
其中,在生成虚拟网络的初始阶段就会创建一个栈,例如:Opencos调用heat的stack-create来在Opencos上创建栈,每个栈对应一个唯一的编码,一般栈的初始状态是处于创建中,直到虚拟网络模板的所有节点创建完成之后栈的状态才由创建中变为成功,如果某个节点创建失败,则栈的状态由创建中变为失败,Opencos会把栈的编码返回给Adtsc,Adtsc把开始创建栈的消息返回给Iros,并且Adtsc可以每隔一个周期查询栈的状态,该周期可以根据实际情况来配置,直到查询栈的状态为成功或者失败后,把栈的状态返回给Iros,在Iros上可以查看到创建实例的结果,但并不限于此。Among them, a stack is created in the initial stage of generating the virtual network. For example, Opencos calls the stack-create of heat to create a stack on Opencos. Each stack corresponds to a unique encoding. The initial state of the general stack is in the process of creation. Until the creation of all the nodes of the virtual network template is completed, the state of the stack becomes successful. If a node fails to be created, the state of the stack changes from being created to fail. Opencos will return the code of the stack to Adtsc, Adtsc. The message that starts to create the stack is returned to Iros, and Adtsc can query the state of the stack every other cycle. The cycle can be configured according to the actual situation. After the state of the query stack is successful or failed, the state of the stack is returned to Iros. The results of creating an instance can be viewed on Iros, but are not limited to this.
通过定期查询栈的状态来反映虚拟网络是否创建成功,从而可以及时获 知该虚拟网络的生成进度。By periodically querying the status of the stack to reflect whether the virtual network is successfully created, it can be obtained in time. Know the progress of the virtual network generation.
在示例性实施方式中,在上述实施例的基础上,根据所述虚拟网络模板生成对应的虚拟网络之后,上述方法还可以包括:In an exemplary embodiment, after the corresponding virtual network is generated according to the virtual network template, the method may further include:
根据预定的要求或者确定所生成的虚拟网络的参数有错误时,调整对应的虚拟网络模板,重新生成虚拟网络Adjust the corresponding virtual network template and regenerate the virtual network according to the predetermined requirements or when it is determined that the parameters of the generated virtual network are incorrect.
其中,安装好虚拟网络后就可以投入使用了,如果在投入使用中发现原来设计的虚拟网络架构和参数不对时,则以正确的虚拟网络架构和参数来调整所安装的虚拟网络,还可以根据预定的要求(该预定的要求是对虚拟网络和节点参数中需要进行调整的要求,可以根据实际情况来定),可以通过Iros的系统管理员进入实例管理进行修改虚拟网络架构(新增、删除组件节点)和修改组件节点参数,Iros把修改消息发送Adtsc,Adtsc更新模板往Opencos发送请求,并每隔一个周期查询Opencos上更新栈的状态,直到栈的状态为成功或者失败才把结果返回给Iros,Opencos调用heat更新栈的功能更新资源,栈的状态进入更新状态,其中,当所有资源更新成功后栈的状态由更新中变为成功;如果某个资源更新失败则栈的状态由更新中变为失败。如果需要对SDN控制器的业务链进行新增、删除、修改和顺序调整(例如:该业务链出现二级引流的情况),可以通过Iros的系统管理员进入业务链管理,可对该租户下的业务链进行查看、新增、删除和修改的操作,模板有二级引流的时候,也可以进行业务链顺序调整。Among them, after the virtual network is installed, it can be put into use. If the original virtual network architecture and parameters are found to be incorrect when it is put into use, the installed virtual network can be adjusted with the correct virtual network architecture and parameters. The predetermined requirement (the predetermined requirement is the requirement for adjustment in the virtual network and node parameters, which can be determined according to the actual situation), and the system administrator of Iros can enter the instance management to modify the virtual network architecture (addition, deletion Component node) and modify the component node parameters, Iros sends the modification message to Adtsc, Adtsc updates the template to Opencos to send the request, and queries the state of the update stack on Opencos every other cycle until the status of the stack is successful or failed. Iros, Opencos calls the function of the heat update stack to update the resource, and the state of the stack enters the update state. When the state of all the resources is updated successfully, the state of the stack changes from successful to successful; if a resource update fails, the state of the stack is updated. Becomes a failure. If you need to add, delete, modify, and adjust the service chain of the SDN controller (for example, the secondary traffic is in the service chain), you can enter the service chain management through the system administrator of Iros, and you can enter the tenant. When the service chain is viewed, added, deleted, and modified, the service chain sequence adjustment can also be performed when the template has secondary drainage.
通过根据预定的要求或者确定所生成的虚拟网络的参数有错误时,调整所安装的虚拟网络,可以更好地提供适合的虚拟网络的架构来提高服务。By adjusting the installed virtual network according to predetermined requirements or determining that the parameters of the generated virtual network are erroneous, the architecture of the appropriate virtual network can be better provided to improve the service.
在示例性实施方式中,在上述实施例的基础上,生成虚拟网络模板之前,上述方法还可以包括:In an exemplary embodiment, on the basis of the foregoing embodiment, before the generating the virtual network template, the foregoing method may further include:
规划所述虚拟网络的架构,设置所述虚拟网络的使用权限。Planning an architecture of the virtual network, and setting usage rights of the virtual network.
其中,在虚拟网络模板生成部署之前,首先要进行虚拟网络的规划,可以规划该虚拟网络的架构,例如:划定VLAN实现网络通信隔离,引入第三方服务厂商产品进入虚拟网络,在SDN控制器上创建业务链,使得满足业务链条件的数据包进行过滤、监控、转发和分流等等,并且还可以通过Iros的系统管理员用户设置使用权限,该使用权限是给模板开发者来控制分配该虚 拟网络模板中的节点能不能用来作为开发节点。Before the virtual network template is generated and deployed, the virtual network is first planned. The architecture of the virtual network can be planned. For example, the VLAN is decoupled to implement network communication isolation, and the third-party service provider products are introduced into the virtual network. Create a service chain to filter, monitor, forward, and offload data packets that meet the requirements of the service chain, and also set the usage rights through the system administrator user of Iros, which is used by the template developer to control the allocation. Virtual Whether a node in a proposed network template can be used as a development node.
通过规划所述虚拟网络的架构,设置所述虚拟网络的使用权限,从而使得该虚拟网络可以适应实际情况进行控制管理,便于提供更好的服务。By planning the architecture of the virtual network, the usage rights of the virtual network are set, so that the virtual network can be controlled and managed according to actual conditions, so as to provide better services.
在示例性实施方式中,在上述实施例的基础上,规划所述虚拟网络的架构,可以包括:In an exemplary embodiment, on the basis of the foregoing embodiment, planning the architecture of the virtual network may include:
划定所述虚拟网络的每个虚拟局域网,确定软件定义网络控制器的必要性。Determining the necessity of a software-defined network controller is defined for each virtual local area network of the virtual network.
其中,通过提前划定虚拟网络的每个虚拟局域网(VLAN),将局域网内的设备逻辑地而不是物理地划分成一个个网段,从而实现虚拟工作组,网络管理者将一个物理的LAN逻辑地划分成不同的广播域(或称虚拟LAN,即VLAN),每一个VLAN都包含一组有着相同需求的计算机工作站,与物理上形成的LAN有着相同的属性,但由于它是逻辑地而不是物理地划分,所以同一个VLAN内的每个工作站无须被放置在同一个物理空间里,即这些工作站不一定属于同一个物理LAN网段,一个VLAN内部的广播和单播流量都不会转发到其他VLAN中,从而有助于控制流量、减少设备投资、简化网络管理、提高网络的安全性。Wherein, by delineating each virtual local area network (VLAN) of the virtual network in advance, the devices in the local area network are logically and not physically divided into one network segment, thereby realizing the virtual working group, and the network administrator will have a physical LAN logic. The ground is divided into different broadcast domains (or virtual LANs, ie VLANs). Each VLAN contains a set of computer workstations with the same requirements, which have the same properties as the physically formed LAN, but because it is logical rather than Physically divided, so each workstation in the same VLAN does not need to be placed in the same physical space, that is, these workstations do not necessarily belong to the same physical LAN segment, and broadcast and unicast traffic inside a VLAN are not forwarded to In other VLANs, it helps control traffic, reduce equipment investment, simplify network management, and improve network security.
当确定有第三方服务厂商产品进入虚拟网络,在软件定义网络(SDN)控制器上创建业务链,使得满足业务链条件的数据包进行过滤、监控、转发和分流,例如:有绿盟或者防火墙节点,则需要在SDN控制器上创建业务链,SDN控制器暴露classfier和portchain的rest接口用于创建、删除业务链,创建业务链后,为后续虚拟网络里对符合业务链条件的数据包进行过滤、监控、转发和分流。When it is determined that a third-party service provider product enters the virtual network, a service chain is created on the software-defined network (SDN) controller, so that the data packets satisfying the service chain condition are filtered, monitored, forwarded, and offloaded, for example, there is a green league or a firewall. The node needs to create a service chain on the SDN controller. The SDN controller exposes the rest interface of the classfier and the portchain to create and delete the service chain. After the service chain is created, the data packets that meet the service chain conditions are used in the subsequent virtual network. Filter, monitor, forward, and offload.
通过划定所述虚拟网络的每个虚拟局域网,确定软件定义网络控制器的必要性,有助于对虚拟网络中数据进行有效监控、简化网络管理、提高网络的安全性。By delineating each virtual local area network of the virtual network, determining the necessity of the software-defined network controller helps to effectively monitor data in the virtual network, simplify network management, and improve network security.
在示例性实施方式中,在上述实施例的基础上,所述设置所述虚拟网络的使用权限,可以包括:In an exemplary embodiment, on the basis of the foregoing embodiment, the setting the usage rights of the virtual network may include:
设置所述虚拟网络中每个节点的参数来控制所述节点的使用权限,其中, 所述节点包括:外部网络节点、网络节点、路由节点、防火墙节点、负载均衡节点、安全组节点和虚拟主机节点。Setting parameters of each node in the virtual network to control usage rights of the node, where The node includes: an external network node, a network node, a routing node, a firewall node, a load balancing node, a security group node, and a virtual host node.
其中,通过新增、删除、修改编辑虚拟网络模板上的7个节点,该7个节点包括:外部网络节点、网络节点、路由节点、防火墙节点、负载均衡节点、安全组节点和虚拟主机节点,填写这些节点里的参数,并通过权限控制分配来设置虚拟网络中每个节点的参数来控制所述节点的使用权限,从而可以进一步地提高网络的安全性。The seven nodes on the virtual network template are edited by adding, deleting, and modifying, and the seven nodes include: an external network node, a network node, a routing node, a firewall node, a load balancing node, a security group node, and a virtual host node. Fill in the parameters in these nodes, and set the parameters of each node in the virtual network to control the usage rights of the nodes through the authority control allocation, so as to further improve the security of the network.
下面将列举实施例进行详细说明。The embodiments will be described in detail below.
图2为本申请实施例二的一种虚拟网络的生成方法的虚拟网络系统结构示意图。如图2所示,该虚拟网络系统包括:资源运营系统(Iros)、业务链模板生成系统(Adtsc)、对开源OpenStack进行二次开发的系统(比如,Opencos)和对开源SDN控制器进行二次开发的系统(比如,SDN系统)。2 is a schematic structural diagram of a virtual network system for generating a virtual network according to Embodiment 2 of the present application. As shown in FIG. 2, the virtual network system includes: a resource operation system (Iros), a service chain template generation system (Adtsc), a system for secondary development of open source OpenStack (for example, Opencos), and a second open source SDN controller. Secondary development system (for example, SDN system).
图3为本申请实施例二的一种虚拟网络的生成方法的模板生成示意图。如图3所示,在虚拟网络生成部署之前,首先要进行网络规划,规划网络架构,划定VLAN实现网络通信隔离,引入第三方服务厂商产品进入虚拟网络,在SDN控制器上创建业务链,使得满足业务链条件的数据包进行过滤、监控、转发和分流。网络基本架构确定后,开始从Iros的模板开发者用户进入模板编辑界面,通过新增、删除、修改编辑7个节点(外部网络节点、网络节点、路由节点、防火墙节点、负载均衡节点、安全组节点、虚拟主机节点),填写节点里的参数,并保存模板,从而生成了虚拟网络模板,其中,Iros的系统管理员用户可以通过权限控制分配模板开发节点使用权限给模板开发者,否则模板开发者不能使用模板开发节点。FIG. 3 is a schematic diagram of template generation of a method for generating a virtual network according to Embodiment 2 of the present application. As shown in Figure 3, before the virtual network is deployed, you must first plan the network, plan the network architecture, demarcate the VLAN to implement network communication isolation, introduce third-party service provider products into the virtual network, and create a service chain on the SDN controller. Filter, monitor, forward, and offload packets that meet the conditions of the service chain. After the basic network architecture is determined, the template developer interface from Iros enters the template editing interface, and 7 nodes (external network nodes, network nodes, routing nodes, firewall nodes, load balancing nodes, security groups) are edited by adding, deleting, and modifying. Node, virtual host node), fill in the parameters in the node, and save the template, thus generating a virtual network template, in which the system administrator user of Iros can assign the template development node usage authority to the template developer through the permission control, otherwise the template development You cannot use a template to develop a node.
图4为本申请实施例二的一种虚拟网络的生成方法的虚拟网络生成示意图。如图4所示,虚拟网络模板生成之后,在Iros上进行发布模板,模板一旦发布就不能修改(在没有安装实例的情况下,取消发布后才能修改)。模板发布后进入系统管理员用户进行模板的安装。Iros向Adtsc发送安装模板的请求。Adtsc向Opencos发送安装模板的请求。Opencos调用heat的stack-create来在Opencos上创建栈,栈的状态处于创建中,直到模板的所有组件创建完成之后栈的状态才由创建中变为成功,如果某个组件创建失败则 栈的状态由创建中变为失败。Opencos把栈的ID返回给Adtsc,Adtsc把开始创建栈的消息返回给Iros,之后Adtsc每隔一个周期(可配置)查询栈的状态。直到查询栈的状态为成功或者失败后,把栈的状态返回给Iros。在Iros上可以查看到创建实例的结果。如果模板里含有绿盟或者防火墙节点,则需要在SDN控制器上创建业务链。SDN控制器暴露classfier和portchain的rest接口用于创建、删除业务链。创建业务链后,为后续虚拟网络里对符合业务链条件的数据包进行过滤、监控、转发和分流。在安装虚拟网络过程中,虚拟网络有些资源是有依赖关系的,比如,VPNService必须要等待RouterInterface和RouterGateway创建完成之后才能创建;Firewall必须要等待RouterGateway创建完成之后才能创建等等。FIG. 4 is a schematic diagram of virtual network generation of a method for generating a virtual network according to Embodiment 2 of the present application. As shown in Figure 4, after the virtual network template is generated, the template is published on the Iros. Once the template is published, it cannot be modified (if the instance is not installed, it can be modified after the release is released). After the template is released, enter the system administrator user to install the template. Iros sends a request to install the template to Adtsc. Adtsc sends a request to Opencos to install the template. Opencos calls heat's stack-create to create a stack on Opencos. The state of the stack is in the process of creation. The state of the stack becomes successful after the creation of all the components of the template. If a component fails to be created, The state of the stack changes from being created to failing. Opencos returns the stack ID to Adtsc, which returns the message to start the stack to Iros, and then Adtsc queries the stack every other cycle (configurable). The state of the stack is returned to Iros until the state of the query stack is successful or failed. The results of creating an instance can be viewed on Iros. If the template contains a Green League or firewall node, you need to create a service chain on the SDN controller. The SDN controller exposes the rest interface of the classfier and the portchain to create and delete the service chain. After the service chain is created, the data packets that meet the service chain conditions in the subsequent virtual network are filtered, monitored, forwarded, and offloaded. In the process of installing a virtual network, some resources of the virtual network are dependent. For example, the VPNService must wait for the creation of the RouterInterface and RouterGateway to be created. The Firewall must wait for the creation of the RouterGateway to be created.
图5为本申请实施例二的一种虚拟网络的生成方法的虚拟网络拓扑调整示意图,图6为本申请实施例二的一种虚拟网络的生成方法的虚拟网络业务链调整示意图。如图5、图6所示,虚拟网络和SDN控制器的业务链创建成功后就能投入使用了,在投入使用中发现原来设计的虚拟网络架构或者参数不对,则可以通过Iros的系统管理员进入实例管理进行修改虚拟网络架构(新增、删除组件节点)和修改组件节点参数,Iros把修改消息发送给Adtsc,Adtsc更新模板向Opencos发送请求,并每隔一个周期(可配置)查询Opencos上更新栈的状态,直到栈的状态为成功或者失败才把结果返回给iros。Opencos调用heat更新栈的功能更新资源,栈的状态进入更新状态,当所有资源更新成功后栈的状态由更新中变为成功;如果某个资源更新失败则栈的状态由更新中变为失败;修改虚拟网络还包括业务链的新增、删除、修改和顺序调整(业务链出现二级引流的情况),通过Iros的系统管理员进入业务链管理,可对该租户下的业务链进行查看、新增、删除和修改的操作。模板有二级引流的时候,可以进行业务链顺序调整。FIG. 5 is a schematic diagram of a virtual network topology adjustment according to a method for generating a virtual network according to Embodiment 2 of the present application, and FIG. 6 is a schematic diagram of a virtual network service chain adjustment method for generating a virtual network according to Embodiment 2 of the present application. As shown in Figure 5 and Figure 6, the service network of the virtual network and SDN controller can be put into use after it is successfully created. If the original virtual network architecture or parameters are found to be incorrect, you can use the system administrator of Iros. Enter the instance management to modify the virtual network architecture (add, delete component nodes) and modify the component node parameters, Iros send the modification message to Adtsc, Adtsc update template sends a request to Opencos, and query Opencos every other cycle (configurable) Update the state of the stack until the state of the stack is successful or failed before returning the result to iros. Opencos calls the function of the heat update stack to update the resource. The state of the stack enters the update state. When all resources are successfully updated, the state of the stack changes from successful to successful. If a resource update fails, the state of the stack changes from update to failure. The modification of the virtual network also includes the addition, deletion, modification, and sequence adjustment of the service chain (in the case of secondary traffic in the service chain). The system administrator of the Iros enters the service chain management, and the service chain under the tenant can be viewed. Add, delete, and modify operations. When the template has secondary drainage, the business chain order adjustment can be performed.
通过上述实施例通过可视化图表的虚拟网络模板来生成虚拟网络,从而简化了虚拟网络的创建,并可以提供各种自定义的虚拟网络模板,满足了复杂多样的电信移动网络的部署要求。Through the above embodiment, the virtual network is generated by visualizing the virtual network template of the chart, thereby simplifying the creation of the virtual network, and providing various customized virtual network templates to meet the deployment requirements of complex and diverse telecommunication mobile networks.
图7为本申请的一种虚拟网络的生成装置的结构示意图,如图7所示,该装置包括模板生成模块10和虚拟网络生成模块20; FIG. 7 is a schematic structural diagram of a device for generating a virtual network according to the present application. As shown in FIG. 7, the device includes a template generating module 10 and a virtual network generating module 20;
所述模板生成模块10设置为生成虚拟网络模板,其中,所述虚拟网络模板包括由多个节点通过连线组成的可视化图表;The template generating module 10 is configured to generate a virtual network template, where the virtual network template includes a visualization chart composed of a plurality of nodes through a connection;
所述虚拟网络生成模块20设置为根据所述虚拟网络模板生成对应的虚拟网络。The virtual network generating module 20 is configured to generate a corresponding virtual network according to the virtual network template.
本发明实施例提供的一种虚拟网络的生成装置,包括:模板生成模块和所述虚拟网络生成模块,通过模板生成模块生成虚拟网络模板,其中,所述虚拟网络模板包括由多个节点通过连线组成的可视化图表,虚拟网络生成模块根据所述虚拟网络模板生成对应的虚拟网络;本实施例通过可视化图表的虚拟网络模板来生成虚拟网络,可以简化虚拟网络的创建,并可以提供各种自定义的虚拟网络模板,满足了复杂多样的电信移动网络的部署要求。An apparatus for generating a virtual network according to an embodiment of the present invention includes: a template generation module and the virtual network generation module, and generates a virtual network template by using a template generation module, where the virtual network template includes multiple nodes A visual chart of the line composition, the virtual network generating module generates a corresponding virtual network according to the virtual network template; in this embodiment, the virtual network is generated by visualizing the virtual network template of the chart, which can simplify the creation of the virtual network, and can provide various self The defined virtual network template meets the deployment requirements of complex and diverse telecommunication mobile networks.
在示例性实施方式中,在上述实施例的基础上,所述虚拟网络生成模块20可以设置为通过以下方式根据所述虚拟网络模板生成对应的虚拟网络:根据所述虚拟网络模板创建栈和按照预定的顺序生成对应的虚拟网络。In an exemplary embodiment, based on the foregoing embodiment, the virtual network generating module 20 may be configured to generate a corresponding virtual network according to the virtual network template by: creating a stack according to the virtual network template and following The predetermined order generates a corresponding virtual network.
本发明实施例提供的装置,可以执行上述方法实施例,其实现原理和技术效果类似,在此不再赘述。The device provided by the embodiment of the present invention may perform the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again.
在示例性实施方式中,在上述实施例的基础上,所述虚拟网络生成模块20还可以设置为根据所述虚拟网络模板创建栈和按照预定的顺序生成对应的节点之后,定期查询所述栈的状态,并通过栈的状态确定所述虚拟网络的生成状态,其中,栈的状态包括创建中、成功、失败和更新中。In an exemplary embodiment, on the basis of the foregoing embodiment, the virtual network generating module 20 may further be configured to periodically query the stack after creating a stack according to the virtual network template and generating corresponding nodes in a predetermined order. The state of the virtual network is determined by the state of the stack, wherein the state of the stack includes creation, success, failure, and update.
本发明实施例提供的装置,可以执行上述方法实施例,其实现原理和技术效果类似,在此不再赘述。The device provided by the embodiment of the present invention may perform the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again.
如图7所示,在上述实施例的基础上,本实施例提供的装置还可以包括:调整模块30;As shown in Figure 7, on the basis of the above embodiments, the apparatus provided in this embodiment may further include: an adjustment module 30;
所述调整模块30设置为根据预定的要求或者确定所生成的虚拟网络的参数有错误时,调整对应的虚拟网络模板,重新生成虚拟网络。The adjusting module 30 is configured to adjust a corresponding virtual network template and regenerate the virtual network according to a predetermined requirement or when it is determined that the generated virtual network has an error.
本发明实施例提供的装置,可以执行上述方法实施例,其实现原理和技术效果类似,在此不再赘述。The device provided by the embodiment of the present invention may perform the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again.
如图7所示,在上述实施例的基础上,本实施例提供的装置还可以包括: 规划模块40;As shown in FIG. 7, the apparatus provided in this embodiment may further include: Planning module 40;
所述规划模块40设置为规划所述虚拟网络的架构,设置所述虚拟网络的使用权限。The planning module 40 is configured to plan an architecture of the virtual network, and set usage rights of the virtual network.
本发明实施例提供的装置,可以执行上述方法实施例,其实现原理和技术效果类似,在此不再赘述。The device provided by the embodiment of the present invention may perform the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again.
在示例性实施方式中,在上述实施例的基础上,所述规划模块40可以设置为通过以下方式规划所述虚拟网络的架构,划定所述虚拟网络的每个虚拟局域网,确定软件定义网络控制器的必要性。In an exemplary embodiment, based on the foregoing embodiment, the planning module 40 may be configured to plan an architecture of the virtual network by delineating each virtual local area network of the virtual network, and determining a software-defined network. The necessity of the controller.
本发明实施例提供的装置,可以执行上述方法实施例,其实现原理和技术效果类似,在此不再赘述。The device provided by the embodiment of the present invention may perform the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again.
在示例性实施方式中,在上述实施例的基础上,所述规划模块40可以设置为通过以下方式设置所述虚拟网络中节点的使用权限:设置所述虚拟网络中每个节点的参数来控制所述节点的使用权限,其中,所述节点包括:外部网络节点、网络节点、路由节点、防火墙节点、负载均衡节点、安全组节点和虚拟主机节点。In an exemplary embodiment, based on the foregoing embodiment, the planning module 40 may be configured to set usage rights of nodes in the virtual network by setting parameters of each node in the virtual network to control The usage rights of the node, wherein the node comprises: an external network node, a network node, a routing node, a firewall node, a load balancing node, a security group node, and a virtual host node.
本发明实施例提供的装置,可以执行上述方法实施例,其实现原理和技术效果类似,在此不再赘述。The device provided by the embodiment of the present invention may perform the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again.
此外,本发明实施例还提供一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现上述虚拟网络的生成方法。In addition, an embodiment of the present invention further provides a computer readable storage medium storing computer executable instructions, where the computer executable instructions are executed by a processor to implement the method for generating the virtual network.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理单元的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些组件或所有组件可以被实施为由处理器,如数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质) 和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。Those of ordinary skill in the art will appreciate that all or some of the steps, systems, and functional blocks/units of the methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical units; for example, one physical component may have multiple functions, or one function or step may be composed of several physical The components work together. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on a computer readable medium, which may comprise a computer storage medium (or non-transitory medium) And communication medium (or temporary medium). As is well known to those of ordinary skill in the art, the term computer storage medium includes volatile and nonvolatile, implemented in any method or technology for storing information, such as computer readable instructions, data structures, program modules or other data. Sex, removable and non-removable media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storage, magnetic cartridge, magnetic tape, magnetic disk storage or other magnetic storage device, or may Any other medium used to store the desired information and that can be accessed by the computer. Moreover, it is well known to those skilled in the art that communication media typically includes computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media. .
虽然本申请所揭露的实施方式如上,但所述的内容仅为便于理解本申请而采用的实施方式,并非用以限定本申请。任何本申请所属领域内的技术人员,在不脱离本申请所揭露的精神和范围的前提下,可以在实施的形式及细节上进行任何的修改与变化,但本申请的专利保护范围,仍须以所附的权利要求书所界定的范围为准。The embodiments disclosed in the present application are as described above, but the description is only for the purpose of understanding the present application, and is not intended to limit the present application. Any modifications and changes in the form and details of the embodiments may be made by those skilled in the art without departing from the spirit and scope of the disclosure. The scope defined by the appended claims shall prevail.
工业实用性Industrial applicability
本申请实施例提供一种虚拟网络的生成方法和装置,通过可视化图表的虚拟网络模板来生成虚拟网络,可以简化虚拟网络的创建,并可以提供各种自定义的虚拟网络模板,满足了复杂多样的电信移动网络的部署要求。 The embodiment of the present invention provides a method and a device for generating a virtual network. By creating a virtual network by visualizing a virtual network template of a chart, the virtual network can be simplified, and various customized virtual network templates can be provided to meet the complexity and diversity. Deployment requirements for telecom mobile networks.

Claims (15)

  1. 一种虚拟网络的生成方法,包括:A method for generating a virtual network, comprising:
    生成虚拟网络模板,其中,所述虚拟网络模板包括由多个节点通过连线组成的可视化图表;Generating a virtual network template, where the virtual network template includes a visualization chart composed of a plurality of nodes through a connection;
    根据所述虚拟网络模板生成对应的虚拟网络。Generating a corresponding virtual network according to the virtual network template.
  2. 根据权利要求1所述的方法,其中,所述根据所述虚拟网络模板生成对应的虚拟网络,包括:The method of claim 1, wherein the generating the corresponding virtual network according to the virtual network template comprises:
    根据所述虚拟网络模板创建栈和按照预定的顺序生成对应的虚拟网络。Creating a stack according to the virtual network template and generating a corresponding virtual network in a predetermined order.
  3. 根据权利要求2所述的方法,所述根据所述虚拟网络模板创建栈和按照预定的顺序生成对应的虚拟网络之后,所述方法还包括:定期查询所述栈的状态,并通过栈的状态确定所述虚拟网络的生成状态,其中,栈的状态包括创建中、成功、失败和更新中。The method according to claim 2, after the generating a stack according to the virtual network template and generating a corresponding virtual network according to a predetermined order, the method further comprises: periodically querying a state of the stack, and passing the state of the stack A generation status of the virtual network is determined, wherein the status of the stack includes creation, success, failure, and update.
  4. 根据权利要求3所述的方法,所述根据所述虚拟网络模板生成对应的虚拟网络之后,所述方法还包括:根据预定的要求或者确定所生成的虚拟网络的参数有错误时,调整对应的虚拟网络模板,重新生成虚拟网络。The method according to claim 3, after the generating the corresponding virtual network according to the virtual network template, the method further comprises: adjusting the corresponding when the parameter of the generated virtual network is incorrect according to a predetermined requirement or determining A virtual network template that regenerates the virtual network.
  5. 根据权利要求1所述的方法,所述生成虚拟网络模板之前,所述方法还包括:规划所述虚拟网络的架构,设置所述虚拟网络的使用权限。The method according to claim 1, before the generating a virtual network template, the method further comprises: planning an architecture of the virtual network, and setting usage rights of the virtual network.
  6. 根据权利要求5所述的方法,其中,所述规划所述虚拟网络的架构,包括:划定所述虚拟网络的每个虚拟局域网,确定软件定义网络控制器的必要性。The method of claim 5, wherein the planning the architecture of the virtual network comprises delineating each virtual local area network of the virtual network to determine the necessity of a software defined network controller.
  7. 根据权利要求5所述的方法,其中,所述设置所述虚拟网络的使用权限,包括:设置所述虚拟网络中每个节点的参数来控制所述节点的使用权限,其中,所述节点包括:外部网络节点、网络节点、路由节点、防火墙节点、负载均衡节点、安全组节点和虚拟主机节点。The method of claim 5, wherein the setting the usage rights of the virtual network comprises: setting parameters of each node in the virtual network to control usage rights of the node, wherein the node comprises : External network nodes, network nodes, routing nodes, firewall nodes, load balancing nodes, security group nodes, and virtual host nodes.
  8. 一种虚拟网络的生成装置,包括:模板生成模块和虚拟网络生成模块;A device for generating a virtual network, comprising: a template generation module and a virtual network generation module;
    所述模板生成模块设置为生成虚拟网络模板,其中,所述虚拟网络模板 包括由多个节点通过连线组成的可视化图表;The template generating module is configured to generate a virtual network template, where the virtual network template Includes a visualization chart consisting of multiple nodes connected by wires;
    所述虚拟网络生成模块设置为根据所述虚拟网络模板生成对应的虚拟网络。The virtual network generating module is configured to generate a corresponding virtual network according to the virtual network template.
  9. 根据权利要求8所述的装置,其中,所述虚拟网络生成模块设置为通过以下方式根据所述虚拟网络模板生成对应的虚拟网络:The apparatus according to claim 8, wherein the virtual network generating module is configured to generate a corresponding virtual network according to the virtual network template by:
    根据所述虚拟网络模板创建栈和按照预定的顺序生成对应的虚拟网络。Creating a stack according to the virtual network template and generating a corresponding virtual network in a predetermined order.
  10. 根据权利要求9所述的装置,其特征在于,所述虚拟网络生成模块还设置为根据所述虚拟网络模板创建栈和按照预定的顺序生成对应的虚拟网络之后,定期查询所述栈的状态,并通过栈的状态确定所述虚拟网络的生成状态,其中,栈的状态包括创建中、成功、失败和更新中。The device according to claim 9, wherein the virtual network generating module is further configured to periodically query the state of the stack after creating a stack according to the virtual network template and generating a corresponding virtual network in a predetermined order, And determining a generation state of the virtual network by a state of the stack, where the state of the stack includes creation, success, failure, and update.
  11. 根据权利要求10所述的装置,所述装置还包括:调整模块;其中,所述调整模块设置为根据预定的要求或者确定所生成的虚拟网络的参数有错误时,调整对应的虚拟网络模板,重新生成虚拟网络。The apparatus according to claim 10, further comprising: an adjustment module; wherein the adjustment module is configured to adjust the corresponding virtual network template according to a predetermined requirement or when it is determined that the generated virtual network parameter has an error, Regenerate the virtual network.
  12. 根据权利要求8所述的装置,所述装置还包括:规划模块;其中,所述规划模块设置为规划所述虚拟网络的架构,设置所述虚拟网络中节点的使用权限。The apparatus according to claim 8, further comprising: a planning module; wherein the planning module is configured to plan an architecture of the virtual network, and set usage rights of nodes in the virtual network.
  13. 根据权利要求12所述的装置,其中,所述规划模块设置为通过以下方式规划所述虚拟网络的架构:The apparatus of claim 12, wherein the planning module is configured to plan an architecture of the virtual network in the following manner:
    划定所述虚拟网络的每个虚拟局域网,确定软件定义网络控制器的必要性。Determining the necessity of a software-defined network controller is defined for each virtual local area network of the virtual network.
  14. 根据权利要求12所述的装置,其中,所述规划模块设置为通过以下方式设置所述虚拟网络中节点的使用权限:The apparatus of claim 12, wherein the planning module is configured to set usage rights of nodes in the virtual network in the following manner:
    设置所述虚拟网络中每个节点的参数来控制所述节点的使用权限,其中,所述节点包括:外部网络节点、网络节点、路由节点、防火墙节点、负载均衡节点、安全组节点和虚拟主机节点。Setting parameters of each node in the virtual network to control usage rights of the node, where the node includes: an external network node, a network node, a routing node, a firewall node, a load balancing node, a security group node, and a virtual host node.
  15. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现权利要求1至7任一项所述的虚拟网络的生成方法。 A computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the method of generating a virtual network according to any one of claims 1 to 7.
PCT/CN2017/076009 2016-03-22 2017-03-08 Method and apparatus for generating virtual network WO2017162030A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610165315.0 2016-03-22
CN201610165315.0A CN107222325A (en) 2016-03-22 2016-03-22 The generation method and device of a kind of virtual network

Publications (1)

Publication Number Publication Date
WO2017162030A1 true WO2017162030A1 (en) 2017-09-28

Family

ID=59899326

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/076009 WO2017162030A1 (en) 2016-03-22 2017-03-08 Method and apparatus for generating virtual network

Country Status (2)

Country Link
CN (1) CN107222325A (en)
WO (1) WO2017162030A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021027652A1 (en) * 2019-08-09 2021-02-18 烽火通信科技股份有限公司 Virtual component-based scene-type cutover method and system
CN112636988A (en) * 2020-12-31 2021-04-09 中电长城网际安全技术研究院(北京)有限公司 Network topology generation method, electronic device and computer readable medium
CN114244650A (en) * 2021-11-25 2022-03-25 茂名市速网网络科技有限公司 Virtual network architecture method, storage medium and computer device
CN114443428A (en) * 2022-01-19 2022-05-06 山东新一代信息产业技术研究院有限公司 Program internal running state monitoring method and device based on IROS

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108199889A (en) * 2018-01-11 2018-06-22 上海有云信息技术有限公司 Creation method, device, server and the storage medium of service chaining
CN108989174A (en) * 2018-07-09 2018-12-11 郑州云海信息技术有限公司 A kind of detection method based on Open Stack network system VPN
CN108965021B (en) * 2018-07-26 2021-09-07 平安科技(深圳)有限公司 Method and device for creating virtual drilling network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808030A (en) * 2010-03-01 2010-08-18 浙江大学 Logical network construction method based on virtual routers
CN103096030A (en) * 2011-11-03 2013-05-08 中国移动通信集团江苏有限公司 Video monitoring multi-service convergence platform and solution
CN105283865A (en) * 2013-04-29 2016-01-27 亚马逊技术股份有限公司 Automated creation of private virtual networks in a service provider network
CN105337775A (en) * 2015-11-20 2016-02-17 南京未来网络产业创新有限公司 Novel Web-based virtual network topology establishing method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103106097B (en) * 2013-03-12 2016-02-10 无锡江南计算技术研究所 Stack operation optimization method in a kind of Just-In-Time system
WO2015143610A1 (en) * 2014-03-24 2015-10-01 华为技术有限公司 Service implementation method for nfv system, and communications unit
CN105278935B (en) * 2014-06-25 2018-06-22 成都普中软件有限公司 A kind of visual interface modeling editing machine of structural interface model
CN104363159B (en) * 2014-07-02 2018-04-06 北京邮电大学 A kind of opening virtual network constructing system and method based on software defined network
CN104636184B (en) * 2014-12-29 2018-05-01 上海华为技术有限公司 The dispositions method and device and equipment of virtual machine instance

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808030A (en) * 2010-03-01 2010-08-18 浙江大学 Logical network construction method based on virtual routers
CN103096030A (en) * 2011-11-03 2013-05-08 中国移动通信集团江苏有限公司 Video monitoring multi-service convergence platform and solution
CN105283865A (en) * 2013-04-29 2016-01-27 亚马逊技术股份有限公司 Automated creation of private virtual networks in a service provider network
CN105337775A (en) * 2015-11-20 2016-02-17 南京未来网络产业创新有限公司 Novel Web-based virtual network topology establishing method

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021027652A1 (en) * 2019-08-09 2021-02-18 烽火通信科技股份有限公司 Virtual component-based scene-type cutover method and system
CN112636988A (en) * 2020-12-31 2021-04-09 中电长城网际安全技术研究院(北京)有限公司 Network topology generation method, electronic device and computer readable medium
CN112636988B (en) * 2020-12-31 2023-04-07 中电长城网际安全技术研究院(北京)有限公司 Network topology generation method, electronic device and computer readable medium
CN114244650A (en) * 2021-11-25 2022-03-25 茂名市速网网络科技有限公司 Virtual network architecture method, storage medium and computer device
CN114244650B (en) * 2021-11-25 2023-06-27 茂名市速网网络科技有限公司 Virtual network architecture method, storage medium, and computer device
CN114443428A (en) * 2022-01-19 2022-05-06 山东新一代信息产业技术研究院有限公司 Program internal running state monitoring method and device based on IROS

Also Published As

Publication number Publication date
CN107222325A (en) 2017-09-29

Similar Documents

Publication Publication Date Title
WO2017162030A1 (en) Method and apparatus for generating virtual network
US11082304B2 (en) Methods, systems, and computer readable media for providing a multi-tenant software-defined wide area network (SD-WAN) node
US11683386B2 (en) Systems and methods for protecting an identity in network communications
CN107409089B (en) Method implemented in network engine and virtual network function controller
US9787632B2 (en) Centralized configuration with dynamic distributed address management
CN111492627B (en) Controller-based service policy mapping to establish different tunnels for different applications
EP3509256A1 (en) Determining routing decisions in a software-defined wide area network
EP2725737B1 (en) Network policy configuration method, management device and network management centre device
WO2017036288A1 (en) Network element upgrading method and device
WO2016180181A1 (en) Service function deployment method and apparatus
CN112688814B (en) Equipment access method, device, equipment and machine readable storage medium
US20130297752A1 (en) Provisioning network segments based on tenant identity
WO2017032300A1 (en) Data transmission method, virtual network management apparatus, and data transmission system
WO2014166247A1 (en) Implementation method and system for virtual network management
US20190132152A1 (en) Dynamic customer vlan identifiers in a telecommunications network
US20220255837A1 (en) Routing Information Transmission Method and Apparatus, and Data Center Interconnection Network
US20210377164A1 (en) Data center tenant network isolation using logical router interconnects for virtual network route leaking
CN110336730B (en) Network system and data transmission method
WO2017143695A1 (en) Sub-network intercommunication method and device
KR102237299B1 (en) Traffic Engineering Service Mapping
CN112385194B (en) State packet transmission between remote networks
US10944665B1 (en) Auto-discovery and provisioning of IP fabric underlay networks for data centers
CN112671811B (en) Network access method and equipment
CN117201135B (en) Service following method, device, computer equipment and storage medium
CN108259292B (en) Method and device for establishing tunnel

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17769307

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17769307

Country of ref document: EP

Kind code of ref document: A1