WO2017215483A1 - Networking system, and network sharing method and system - Google Patents

Networking system, and network sharing method and system Download PDF

Info

Publication number
WO2017215483A1
WO2017215483A1 PCT/CN2017/087179 CN2017087179W WO2017215483A1 WO 2017215483 A1 WO2017215483 A1 WO 2017215483A1 CN 2017087179 W CN2017087179 W CN 2017087179W WO 2017215483 A1 WO2017215483 A1 WO 2017215483A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
tenant
virtual machine
nat
management terminal
Prior art date
Application number
PCT/CN2017/087179
Other languages
French (fr)
Chinese (zh)
Inventor
徐昊
蒋天超
刘波
杨开印
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017215483A1 publication Critical patent/WO2017215483A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2521Translation architectures other than single NAT servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Definitions

  • This document relates to, but is not limited to, the field of cloud virtual network communication, and in particular, to a networking system, a network sharing method and system.
  • a tenant's limitation on the network topology cannot meet the current requirements.
  • a tenant creates a route and binds it.
  • To set the external gateway choose whether to go through NAT mode (Network Address Translation) or non-NAT mode.
  • NAT mode Network Address Translation
  • non-NAT mode Network Address Translation
  • a tenant can only create a network mode route.
  • the routing mode that is, NAT and non-NAT compatibility, cannot meet the requirements under the traditional virtualized network architecture.
  • the embodiments of the present invention provide a networking system, a network sharing method, and a system, which are compatible with two networks in one tenant.
  • An embodiment of the present invention provides a networking system, including a management end and at least one tenant end, where the tenant end includes at least one virtual machine.
  • Each of the tenants includes one of a NAT mode network and a non-NAT mode network
  • the management end includes at least one of the two networks, and the tenant is set to be at least one of the tenant terminals.
  • a virtual machine provides a network of the tenant, and the management end is configured to provide a network different from the tenant for at least one of the tenants.
  • the embodiment of the present invention further provides a network sharing system, including a management end and at least one tenant end, each tenant includes at least one virtual machine; each tenant establishes a NAT mode network and a non-NAT mode network. a network in which the management terminal establishes at least one of the two networks; the tenant is configured to provide the network of the tenant at least one virtual machine in the tenant, and the management terminal is set to At least one of the tenant terminals provides a network different from the tenant.
  • the embodiment of the present invention further provides a network sharing method, including:
  • Each tenant establishes one of a NAT mode network and a non-NAT mode network
  • the management terminal establishes at least one of the above two networks
  • the tenant provides a network of the tenant at least one virtual machine in the tenant, and the management provides a network different from the tenant in at least one virtual machine in the tenant.
  • the embodiment of the present invention provides a networking system, a network sharing method, and a system, where each tenant includes one of a NAT mode network and a non-NAT mode network, and the management end includes at least one of the foregoing two networks.
  • the tenant provides the network of the tenant at least one virtual machine in the tenant, and the management side provides the network different from the tenant for at least one virtual machine in the tenant.
  • the tenant has its own network and the network provided by the management terminal, which realizes compatibility between the two networks in one tenant, and improves the flexible application of the system.
  • FIG. 1 is a flowchart of a network sharing method according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a network sharing system according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of a method for establishing a NAT network in a tenant end according to an embodiment of the present invention
  • FIG. 4 is a method for creating a non-NAT network in a tenant end according to an embodiment of the present invention. flow chart;
  • FIG. 5 is a flowchart of a method for establishing a non-NAT network on a management end according to an embodiment of the present invention
  • FIG. 6 is a flowchart of a method for a management terminal to share a non-NAT network established to a tenant by using a management terminal according to an embodiment of the present invention
  • FIG. 7 is a flowchart of a method for establishing a NAT mode network on a tenant side according to an embodiment of the present invention
  • FIG. 8 is a schematic diagram of a network sharing system according to an embodiment of the present invention.
  • Embodiments of the present invention consider that in a network system, each tenant can only create one network in a NAT and non-NAT mode network; by creating a respective network on each tenant, creating at least one network on the management end, Then, each tenant provides the network of the tenant to the virtual machine in the tenant, and the management end provides the virtual machine in the tenant with a network different from the tenant, so that the virtual machine in the tenant can be implemented.
  • the network of the tenant interacts with the external network, or the network of the management end interacts with the external network, and the network of the tenant and the network of the management end are different, thereby achieving the purpose of compatibility between the two network modes and improving the flexible application of the system.
  • This embodiment provides a networking system, including a management end and at least one tenant end, where the tenant end includes at least one virtual machine.
  • Each tenant includes one of a NAT mode network and a non-NAT mode network.
  • the management end includes at least one of the two types of networks.
  • the tenant provides the tenant network for at least one virtual machine in the tenant.
  • the management terminal provides a network different from the tenant at least one virtual machine in the tenant.
  • a network system includes a management terminal and a tenant terminal; a tenant end corresponds to an independent hardware structure in which multiple virtual machines can be simulated, and A tenant includes a virtual machine. There can only be one mode in the network of this tenant, that is, only one of the NAT mode network and the non-NAT mode network.
  • a network in the NAT mode refers to a host that has been assigned a local IP (Internet Protocol) protocol in the private network.
  • IP Internet Protocol
  • a non-NAT mode network unlike NAT, the local IP address of the host in non-NAT mode can directly interact with the external network without source address translation.
  • the hosts in the NAT mode network and the non-NAT mode network have different local IP addresses, and the IP number segments of various uses in each area are related internationally.
  • a tenant includes any one of the above two modes.
  • the tenant can provide the network to the virtual machine in the tenant.
  • the virtual machine can interact with the external network in the network mode of the tenant.
  • the network mode of the management side includes at least one of a NAT mode and a non-NAT mode.
  • the management terminal selectively shares the network different from the tenant to the tenant according to the network of each tenant, so that the virtual machine in the tenant can interact with the external network through the network provided by the management terminal.
  • the management terminal can share the non-NAT mode network to the tenant; correspondingly, when the tenant includes the non-NAT mode network, the management terminal can share the NAT mode network to the tenant. .
  • the virtual machine in the tenant can interact with the external network through the network of the tenant, or interact with the external network through a network different from the tenant shared by the management terminal.
  • the network of each tenant in the embodiment is the same network.
  • the management end may only include a network different from the tenant.
  • the management terminal may only include a non-NAT mode network; when each tenant includes a non-NAT mode network, the management terminal may include only the NAT mode network.
  • the network of each tenant may include any one of two networks, that is, in the network of each tenant, there is a NAT mode network or a non-NAT mode network.
  • the network of the management side may also include two types of networks, including a NAT mode network and a non-NAT mode network.
  • Each virtual machine in the tenant can be provided through the network and/or management provided by the tenant.
  • the network different from this tenant interacts with the external network.
  • the virtual machine in the tenant can interact with the external network through the network of the tenant; in the second solution, the virtual machine in the tenant can pass through the network provided by the management terminal. The external network interacts.
  • the virtual machine in the tenant can interact with the external network through the network provided by the tenant and the network provided by the management terminal.
  • the solution 1 is a virtual machine in the tenant, and interacts with the external network according to the local IP address assigned by the tenant and the network mode of the tenant. If the mode is NAT, the source address is translated and the local IP address is converted.
  • Solution 2 For the public network IP that can interact with the Internet, and then interact with the external network; if it is in the non-NAT mode, it directly interacts with the external network according to the local IP address provided by the tenant.
  • Solution 2 The virtual machine in the tenant side interacts with the external network according to the IP address provided by the management terminal and the network mode of the management end. At this time, the tenant does not need to allocate a local IP address for the virtual machine; the third solution is the tenant.
  • the virtual machine in the end can interact with the external network through the local IP allocated by the tenant and the network mode of the tenant, or interact with the external network through the IP address provided by the management terminal and the network mode of the management end.
  • the virtual machine that can interact with the external network through the network of the tenant and the management end has at least the local IP provided by the tenant and the IP provided by the management end. Two different IPs interact with the external network according to different IP addresses and corresponding networks when interacting with the external network.
  • Each tenant includes its own virtual machine.
  • the management terminal can also include a virtual machine.
  • the management terminal can be a tenant. It has the same hardware structure as the tenant.
  • the management terminal can also include virtual machines. These virtual machines can interact with the external network through the management network.
  • the management terminal shares its own network different from the tenant to the tenant.
  • the tenant can also share the network of the tenant to other tenants or management terminals.
  • the management terminal is configured to provide a shared network for each tenant. For management purposes, the management terminal can provide different interfaces, and each of the tenants provides a network for the management end.
  • the management terminal can also have multiple, respectively. Provide different tenants with different networks than the tenant.
  • the embodiment provides a networking system, including a management terminal and at least one tenant.
  • the tenant includes at least one virtual machine.
  • the tenant has its own network and a network different from the tenant provided by the management terminal.
  • the tenant is compatible with both networks, which improves the flexible application of the system.
  • This embodiment provides a network sharing method. Referring to FIG. 1, the method includes:
  • the tenant provides a network of the tenant at least one virtual machine in the tenant, and the management end provides a network different from the tenant in the virtual machine of the tenant.
  • a network system includes a management terminal and a tenant; a tenant corresponds to an independent hardware structure in which multiple virtual machines can be simulated, and one tenant includes a virtual machine.
  • a tenant When a tenant establishes a network, it can only select one of the NAT mode and the non-NAT mode. That is, one tenant has only one network.
  • the tenant After a tenant establishes a network of any mode, the tenant provides the tenant network to at least one virtual machine in the tenant. That is, the virtual machine in the tenant can use the network mode of the tenant.
  • the network interacts.
  • the management side also establishes at least one of a network of a NAT mode and a non-NAT mode.
  • the management terminal selectively shares the network different from the tenant to the tenant according to the network of each tenant, so that the virtual machine in the tenant can pass the network provided by the management terminal. Interact with the external network.
  • the management terminal can share the non-NAT mode network to the tenant; correspondingly, when the tenant establishes a non-NAT mode network, the management terminal can set the NAT mode.
  • the network is shared with the tenant.
  • the timing between the establishment of the network between the tenant and the management terminal is not limited in this embodiment.
  • the network may be established on the tenant side, then the network may be established on the management end, or the network may be established on the management end first, and then established on the tenant side.
  • the network, or both, is possible in this embodiment.
  • the virtual machine in the tenant can interact with the external network through the network established by the tenant, and can also share the network different from the tenant through the management terminal.
  • the network interacts.
  • the networks established for each tenant in this embodiment are the same network, that is, the network in the NAT mode, or the network in the non-NAT mode. In this case, since the network modes of all tenants are the same, it is only necessary to establish another network different from the tenant for the management.
  • NAT is established on each tenant side.
  • the management terminal can only establish a non-NAT mode network; when each tenant establishes a non-NAT network, the management terminal can only establish a NAT mode network.
  • the network established here is different from the tenant in terms of the management end, it does not mean that the tenant establishes the network before the management establishes the network, nor can it be said that the tenant establishes the network after the network is established on the management side;
  • the order in which the tenant and the management end establishes the network may be arbitrary, as long as the management terminal can provide the tenant with a different network from the tenant after the network is established, and establish the network sequence with the tenant and the management end. There is no necessary connection.
  • the network established for each tenant may include any of the two networks, that is, in the network established by the tenant, there is a NAT mode network or a non-NAT mode network.
  • the network established for the management terminal may also include two types of networks, including a NAT mode network and a non-NAT mode network. Similar to the above situation, although the description is made here that the network is established for the tenant, and the management establishes the network, this does not limit the timing between the establishment of the network by the tenant and the establishment of the network by the management. The timing between the parties can be arbitrary.
  • each virtual machine in the tenant can interact with the external network through the network provided by the tenant and/or the network provided by the management terminal different from the tenant.
  • the virtual machine in the tenant can interact with the external network through the network of the tenant; in the second solution, the virtual machine in the tenant can pass through the network provided by the management terminal. The external network interacts.
  • the virtual machine in the tenant can interact with the external network through the network provided by the tenant and the network provided by the management terminal.
  • the solution 1 is a virtual machine in the tenant side, and interacts with the external network according to the local IP address assigned by the tenant and the network mode of the tenant.
  • the source address translation can be performed, and the local IP address is used. It is converted to a public network IP that can interact with the Internet, and then interacts with the external network; if it is in a non-NAT mode, it directly interacts with the external network according to the local IP address provided by the tenant.
  • Solution 2 The virtual machine in the tenant side interacts with the external network according to the IP address provided by the management terminal and the network mode of the management end. At this time, the tenant does not need to allocate a local IP address for the virtual machine; the third solution is the tenant.
  • the virtual machine in the end can interact with the external network through the local IP allocated by the tenant and the network mode of the tenant, or interact with the external network through the IP address provided by the management terminal and the network mode of the management end. Because the network mode of the tenant is different from the network mode provided by the management terminal, the virtual machine that can interact with the external network through the network of the tenant and the management end has at least the local IP provided by the tenant. And the IP provided by the management terminal, two different IPs, interact with the external network according to different IP addresses and corresponding networks when interacting with the external network.
  • Each tenant includes its own virtual machine.
  • the management terminal can also include a virtual machine.
  • the management terminal can be a tenant. It has the same hardware structure as the tenant.
  • the management terminal can also include virtual machines. These virtual machines can interact with the external network through the management network.
  • the management terminal shares its own network different from the tenant to the tenant.
  • the tenant can also share the network established by the tenant to other tenants or management terminals.
  • the management terminal is configured to provide a shared network for each tenant. For management purposes, the management terminal can provide different interfaces, and each of the tenants provides a network established by the management terminal.
  • the management terminal can also have multiple Provide different tenants with different networks than the tenant.
  • the embodiment provides a network sharing method, in which a network in a NAT and a non-NAT is established on the tenant, and at least one of a NAT and a non-NAT is established on the management end, and the tenant is in the tenant.
  • the virtual machine provides the network of the tenant
  • the management side provides a network different from the tenant in the virtual machine in the tenant, thereby implementing compatibility between the NAT mode network and the non-NAT mode network on the tenant, thereby improving the flexibility of the system.
  • Application Under the current openstack (OpenStack cloud computing management platform) technology, a hardware device (a tenant can only create a network mode route), so that its virtual machine can have a network of NAT and non-NAT coexistence, thereby reaching a tenant, two Network modes coexist.
  • OpenStack OpenStack cloud computing management platform
  • This embodiment provides a network sharing system. Referring to FIG. 2, the method includes:
  • each of the tenants 20 includes at least one virtual machine 202; each tenant 20 establishes one of a NAT mode network and a non-NAT mode network, and the management terminal 10 establishes the above two networks. At least one of the networks; the tenant 20 provides the network of the tenant 20 to the at least one virtual machine 202 of the tenant 20, and the management 10 provides the non-virtual machine 202 of the tenant 20 for the tenant. 20 networks.
  • a network system includes a management terminal 10 and a tenant terminal 20; a tenant terminal 20 corresponds to an independent hardware structure in which a plurality of virtual machines 202 can be simulated, and a tenant terminal 20 includes a virtual machine. 202.
  • a tenant 20 can only be in NAT mode when establishing a network. Select one of the non-NAT modes to create, that is, one tenant 20 has only one type of network.
  • the tenant 20 After a tenant 20 establishes a network of any mode, the tenant 20 provides the network of the tenant 20 to at least one virtual machine 202 of the tenant 20, that is, the virtual machine 202 in the tenant 20 can The network mode of the tenant 20 interacts with the external network.
  • the management terminal 10 can also establish at least one of a network of a NAT mode and a non-NAT mode. After the management terminal 10 establishes the network, the management terminal 10 selectively shares the network different from the tenant 20 to the tenant 20 according to the network of each tenant 20, so that the virtual machine in the tenant 20 202 can interact with the external network through the network provided by the management terminal 10. For example, when the tenant 20 establishes a NAT mode network, the management terminal 10 can share the non-NAT mode network to the tenant 20; correspondingly, when the tenant 20 establishes a non-NAT mode network, the management terminal 10 The NAT mode network can be shared to the tenant 20 .
  • the virtual machine 202 in the tenant 20 can interact with the external network through the network established by the tenant 20, and can also be shared by the management terminal 10.
  • the network at the tenant 20 interacts with the external network.
  • the network established by each tenant 20 in this embodiment is the same network. In this case, since the network modes of all the tenants 20 are the same, the tenant is established and tenant for the management terminal 10.
  • the other end of the network 20 can be another network.
  • the network established by each tenant 20 may include any one of two networks, that is, in the network established by the tenant 20, there is a NAT mode network or a non-NAT mode network.
  • the network established by the management terminal 10 may also include two types of networks, that is, both a NAT mode network and a non-NAT mode network.
  • the network establishment of the tenant 20 and the management 10 may be arbitrary in any of the above manners, and the order of execution is not limited in this embodiment.
  • each virtual machine 202 in the tenant 20 can be different from the tenant 20 provided by the network and/or the management terminal 10 provided by the tenant 20
  • the network interacts with the external network.
  • the virtual machine 202 in the tenant 20 can interact with the external network through the network of the tenant; in the second solution, the virtual machine 202 in the tenant 20 can pass through the management terminal. 10 provides a network to interact with the external network; scheme 3, the virtual machine 202 in the tenant 20 can be provided by the network provided by the tenant and the management terminal 10 The network interacts with the external network.
  • Each tenant 20 includes a respective virtual machine 202, and similarly, the management 10 may also include a virtual machine 202.
  • the management terminal 10 can be the tenant 20 and has the same hardware interface as the tenant 20, and the management terminal 10 can also include the virtual machine 202.
  • the virtual machine 202 can interact with the external network through the network of the management terminal 10.
  • the management terminal 10 shares its own network different from the tenant 20 to the tenant 20, and the tenant 20 can also share the network established by the tenant 20 to the other tenant 20 or the management terminal 10.
  • the management terminal 10 is configured to provide a shared network for each tenant 20.
  • the management terminal 10 can provide different interfaces, and each of the tenant terminals 20 is provided with a network established by the management terminal 10; There may also be more than 10, respectively providing different tenant terminals 20 with a different network than the tenant 20 .
  • the embodiment provides a network sharing system, including a management terminal and at least one tenant.
  • the tenant includes at least one virtual machine, and establishes at least one of NAT and non-NAT on the tenant, and establishes at least one on the management end.
  • Compatible with non-NAT mode networks improving the flexible application of the system.
  • This embodiment provides a method for establishing a NAT network in a tenant.
  • the method includes:
  • the NAT external network can interact with the Internet; the NAT internal network is a local area network, and cannot connect to the Internet without going through the NAT external network, but can only interact between nodes inside the NAT.
  • S302 Create a route in the tenant, connect the NAT internal network to the route, and bind the routed external gateway to the NAT external network.
  • routing is the path selection. Routers connect to multiple networks, so they must be gateways to multiple networks. After the external gateway of the route is bound to the external network of the NAT, the route can interact with the Internet; since the network of the tenant is a NAT network, the local IP cannot be The Internet interacts, so you can set SNAT (source address translation) to true, that is, source address translation.
  • SNAT source address translation
  • the local IP address of the virtual machine can be manually set or automatically configured.
  • the local IP of each virtual machine in a tenant should be different. If the local IP addresses of all virtual machines are the same, An IP address conflict will occur and the network will not connect properly.
  • the local IP address of the virtual machine cannot directly interact with the Internet. You can configure the corresponding public IP address for the virtual machine. Therefore, apply for the external public IP address for the virtual machine.
  • the local IP of the virtual machine is converted into a public network IP that can interact with the Internet through SNAT.
  • the NAT mode network of the tenant is established, and the interaction between the virtual machine and the Internet can be further implemented.
  • the way to create a NAT network on the management side is similar to that created on the tenant side. It is worth mentioning that you do not need to create a virtual machine on the management side.
  • the virtual machine can be created only in the tenant.
  • This embodiment also provides a method for creating a non-NAT network in the tenant. Referring to FIG. 4, the method includes:
  • S402. Create a route in the tenant, access the non-NAT network to the route, and bind the routed external gateway to a non-NAT external network.
  • the route can interact with the Internet; since the network of the tenant is a non-NAT network, the local IP can directly interact with the Internet, so SNAT can be set as False, that is, source address translation is prohibited.
  • the IP address of the virtual machine can directly interact with the external network. No source address translation is required, and no additional public IP address is required.
  • the non-NAT mode network of the tenant is established, and Further realize the interaction between the virtual machine and the Internet.
  • the way to create a non-NAT network on the management side is similar to that created on the tenant side. It is worth mentioning that you do not need to create a virtual machine on the management side.
  • the virtual machine can be created only in the tenant.
  • FIG. 5 shows a flow chart of establishing a non-NAT network on the management end.
  • Non-NAT external networks can interact with the Internet.
  • the route can interact with the Internet; since the network of the management terminal is a non-NAT network, the local IP can directly interact with the Internet, so SNAT can be set as False, that is, source address translation is prohibited.
  • a non-NAT internal network is established with the non-NAT external network, and the non-NAT internal network can interact with the Internet through the non-NAT external network.
  • FIG. 6 is a flowchart of a method for the management terminal to share the established non-NAT network to the tenant, including:
  • the tenant does not necessarily have a NAT mode, only the non-NAT network in the management terminal needs to be shared with the tenant.
  • the virtual machine can directly interact with the Internet through the non-NAT network of the management terminal.
  • the virtual machine can be further To provide a non-NAT internal network for selection, you do not need to create a virtual machine, but only bind the IP address under the non-NAT internal network to the existing virtual machine.
  • FIG. 7 shows a flow chart of establishing a NAT mode network on the tenant side, including:
  • the NAT external network can interact with the Internet.
  • the route can interact with the Internet. Since the network of the tenant is a NAT network, the local IP cannot directly interact with the Internet. Therefore, SNAT can be set to True, that is, source address translation.
  • NAT internal network After the NAT internal network is associated with the route, a connection is established between the NAT internal network and the NAT external network, and the NAT internal network can interact with the Internet through the NAT external network.
  • S705 Create a virtual machine in the tenant, and bind the local IP address to the virtual machine.
  • the local IP address of the virtual machine can be manually set or automatically configured.
  • the local IP of each virtual machine in a tenant should be different. If the local IP addresses of all virtual machines are the same, An IP address conflict will occur and the network will not connect properly.
  • the local IP address of the virtual machine cannot directly interact with the Internet. You can configure the corresponding public IP address for the virtual machine. Therefore, apply for the external public IP address for the virtual machine.
  • the local IP of the virtual machine is converted into a public network IP that can interact with the Internet through SNAT.
  • This embodiment provides a network sharing method.
  • the tenant provides a NAT network for the virtual machine in the tenant by using the NAT network on the tenant side and the non-NAT network on the management end.
  • the management end is the virtual network in the tenant.
  • the machine provides a non-NAT network to implement the NAT mode on the tenant. The compatibility of the network and the non-NAT mode network improves the flexible application of the system.
  • the network sharing system in this embodiment includes a tenant 20 and a management terminal 10.
  • the tenant 20 includes multiple virtual machines.
  • the tenant 20 establishes a NAT mode network, and the management terminal 10 establishes a non-NAT mode.
  • the internet ;
  • the process of establishing a NAT mode network by the tenant 20 is as follows:
  • a NAT external network is created on the tenant side 20; the NAT external network of the tenant 20 is connected to the Internet to implement interaction with the Internet, and the interaction here includes any operations that need to be completed by networking.
  • the tenant route 201 is created on the tenant side 20, and the NAT external network is bound to the external gateway of the tenant route 201. After the external gateway of the tenant route 201 is bound to the NAT external network, the tenant route 201 can be implemented with the Internet. Inter-exchange; since the network of the tenant 20 is a NAT network, the local IP cannot interact with the Internet. Therefore, SNAT (Source Address Translation) can be set to true, that is, source address translation is performed.
  • SNAT Source Address Translation
  • a NAT intranet is a local area network. It cannot connect to the Internet without going through a NAT external network, but can only interact between nodes inside the NAT.
  • the intranet of the NAT is associated with the tenant route 201. After the intranet of the NAT is associated with the tenant route 201, a connection is established between the intranet and the extranet of the NAT, and the intranet can interact with the Internet through the NAT intranet. At this point, the NAT network in the tenant 20 has been created, and each virtual machine in the tenant 20 can interact with the Internet through the NAT network.
  • the process of the management terminal 10 establishing a non-NAT mode network is as follows:
  • a non-NAT external network is created on the management terminal 10; the non-NAT external network is connected to the Internet to implement interaction with the Internet, and the interaction here includes any operations that need to be completed by networking.
  • the management route 101 can implement interaction with the Internet; since the network of the management terminal 10 is a non-NAT network, the local IP can directly interact with the Internet. Therefore, you can set SNAT to false, that is, source address translation is prohibited.
  • non-NAT intranet After the non-NAT intranet is associated with the management route 101, a non-NAT intranet and a non-NAT extranet are established to communicate with each other through the non-NAT intranet through the non-NAT external network. So far, the non-NAT network in the management terminal 10 has been created, and the management terminal 10 can share the non-NAT network to other tenant terminals 20.
  • the tenant 20 provides a NAT mode network for the virtual machine in the tenant 20; the virtual machine interacts with the Internet through the NAT network, and the local IP of the virtual machine cannot be used; the virtual machine can convert the local IP through SNAT. Convert IP to a public IP that the Internet can recognize.
  • the management terminal 10 provides a non-NAT mode network for the virtual machine in the tenant 20; the virtual machine interacts with the Internet through a non-NAT network, and the IP address in the non-NAT mode is available, and the IP address in the non-NAT mode Can interact directly with the Internet.
  • each virtual machine in the tenant 20 can be performed by the NAT network provided by the tenant 20 and/or the non-NAT network provided by the management terminal 10 and the Internet.
  • the virtual machine in the tenant terminal 20 includes: a first virtual machine 2021, a second virtual machine 2022, and a third virtual machine 2023.
  • the first virtual machine 2021 is configured to interact with the Internet through the tenant's NAT network;
  • the machine 2022 is configured to interact with the Internet through a non-NAT network provided by the management terminal 10;
  • the third virtual machine 2023 is configured to interact with the Internet through a NAT network provided by the tenant and a non-NAT network provided by the management terminal 10.
  • the first virtual machine 2021 is configured to convert to the public network IP through the SNAT of the tenant route 201 according to the local IP address allocated by the tenant 20, and then implement interaction with the Internet; the second virtual machine 2022 is set to follow the management terminal 10
  • the provided IP address can be exchanged with the Internet through the non-NAT mode network of the management terminal 10 without converting the IP address;
  • the third virtual machine 2023 has both the local IP provided by the tenant 20 and the non-administrator 10
  • the IP address provided by the NAT network, the third virtual machine 2023 is set to be converted by the local IP, and then interacts with the Internet through the NAT network of the tenant 20, and the IP address provided by the non-NAT network directly passes through the non-NAT network of the management terminal 10. versus Internet interaction. Because the NAT and non-NAT modes are different, the IP addresses provided by the local IP and the non-NAT network in the third virtual machine 2023 are different, and the two IPs can be used to implement interaction in a corresponding manner.
  • the embodiment provides a network sharing system, including a management terminal and a tenant.
  • the tenant includes multiple virtual machines, and establishes at least one network in the NAT and non-NAT on the tenant.
  • the tenant is configured to provide the network in the tenant to the virtual machine in the tenant, and the management end is configured to provide a network different from the tenant in the virtual machine in the tenant, thereby implementing NAT on the tenant.
  • the compatibility of the mode network and the non-NAT mode network improves the flexible application of the system.
  • the embodiment of the invention further provides a computer readable storage medium storing computer executable instructions, which are implemented by the processor to implement the method described in the foregoing embodiments.
  • computer storage medium includes volatile and nonvolatile implemented in any method or technique for storing information, such as computer readable instructions, data structures, program modules or other data. Sex, removable and non-removable media.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storage, magnetic cartridge, magnetic tape, magnetic disk storage or other magnetic storage device, or may Any other medium used to store the desired information and that can be accessed by the computer.
  • communication media typically includes computer readable instructions, data structures, program modules or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media.
  • the above technical solution can enable the tenant to have a network established by itself and a network provided by the management end, thereby implementing compatibility between the two networks in one tenant, thereby improving the flexible application of the system.

Abstract

A networking system, and a network sharing method and system. The method comprises: each tenant end establishing one of a network address translation (NAT) mode network and a non-NAT mode network (S101); a management end establishing at least one network of the two networks (S102); and the tenant end providing a network of the tenant end for at least one virtual machine in the tenant end, and the management end providing a network different from that of the tenant end for the at least one virtual machine in the tenant end (S103).

Description

一种组网系统、网络共享方法和系统Networking system, network sharing method and system 技术领域Technical field
本文涉及但不限于云虚拟网络通信领域,尤其涉及一种组网系统、网络共享方法和系统。This document relates to, but is not limited to, the field of cloud virtual network communication, and in particular, to a networking system, a network sharing method and system.
背景技术Background technique
随着云计算技术的发展,云计算虚拟运营中的网络虚拟化场景中,一个租户对于网络拓扑的限制已经不能满足当前需求,在现有的网络虚拟架构中,一个租户下,创建路由,绑定外部网关,要选择是走NAT模式(Network Address Translation,网络地址转换)还是非NAT模式。而当前一些硬件设备环境下,一个租户只能创建一种网络模式的路由,实际运营过程中出于安全等多种因素考虑,有的租户需要在自己的虚机中根据应用的不同实现不同的路由模式,也即NAT和非NAT兼容,在传统虚拟化网络架构下无法满足要求。With the development of cloud computing technology, in a network virtualization scenario in cloud computing virtual operation, a tenant's limitation on the network topology cannot meet the current requirements. In the existing network virtual architecture, a tenant creates a route and binds it. To set the external gateway, choose whether to go through NAT mode (Network Address Translation) or non-NAT mode. In the current hardware environment, a tenant can only create a network mode route. In actual operation, due to various factors such as security, some tenants need to implement different virtual machines according to different applications. The routing mode, that is, NAT and non-NAT compatibility, cannot meet the requirements under the traditional virtualized network architecture.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本发明实施例提供了一种组网系统、网络共享方法和系统,能够实现在一个租户端中兼容两种网络。The embodiments of the present invention provide a networking system, a network sharing method, and a system, which are compatible with two networks in one tenant.
本发明实施例提供了一种组网系统,包括管理端和至少一个租户端,所述租户端包括至少一个虚机;An embodiment of the present invention provides a networking system, including a management end and at least one tenant end, where the tenant end includes at least one virtual machine.
每个所述租户端包括NAT模式网络和非NAT模式网络中的一种网络,所述管理端包括上述两种网络中的至少一种网络,所述租户端设置为为本租户端中的至少一个虚机提供本租户端的网络,所述管理端设置为为所述租户端中的至少一个虚机提供不同于所述租户端的网络。 Each of the tenants includes one of a NAT mode network and a non-NAT mode network, and the management end includes at least one of the two networks, and the tenant is set to be at least one of the tenant terminals. A virtual machine provides a network of the tenant, and the management end is configured to provide a network different from the tenant for at least one of the tenants.
可选的,本发明实施例还提供了一种网络共享系统,包括管理端和至少一个租户端,每个租户端包括至少一个虚机;每个租户端建立NAT模式网络和非NAT模式网络中的一种网络,所述管理端建立上述两种网络中的至少一种网络;所述租户端设置为为本租户端中的至少一个虚机提供本租户端的网络,所述管理端设置为为所述租户端中的至少一个虚机提供不同于所述租户端的网络。Optionally, the embodiment of the present invention further provides a network sharing system, including a management end and at least one tenant end, each tenant includes at least one virtual machine; each tenant establishes a NAT mode network and a non-NAT mode network. a network in which the management terminal establishes at least one of the two networks; the tenant is configured to provide the network of the tenant at least one virtual machine in the tenant, and the management terminal is set to At least one of the tenant terminals provides a network different from the tenant.
可选的,本发明实施例还提供了一种网络共享方法,包括:Optionally, the embodiment of the present invention further provides a network sharing method, including:
每个租户端建立NAT模式网络和非NAT模式网络中的一种网络;Each tenant establishes one of a NAT mode network and a non-NAT mode network;
管理端建立上述两种网络中的至少一种网络;The management terminal establishes at least one of the above two networks;
所述租户端为本租户端中的至少一个虚机提供本租户端的网络,所述管理端为租户端中的至少一个虚机提供不同于所述租户端的网络。The tenant provides a network of the tenant at least one virtual machine in the tenant, and the management provides a network different from the tenant in at least one virtual machine in the tenant.
本发明实施例的有益效果:Advantageous effects of embodiments of the present invention:
本发明实施例提供了一种组网系统、网络共享方法和系统,每个租户端包括NAT模式网络和非NAT模式网络中的一种网络,管理端包括上述两种网络中的至少一种网络,租户端为本租户端中的至少一个虚机提供本租户端的网络,管理端为租户端中的至少一个虚机提供不同于租户端的网络。通过本发明的实施,租户端有自己建立的网络和管理端提供的网络,实现了在一个租户端中兼容两种网络,提高了系统的灵活应用性。The embodiment of the present invention provides a networking system, a network sharing method, and a system, where each tenant includes one of a NAT mode network and a non-NAT mode network, and the management end includes at least one of the foregoing two networks. The tenant provides the network of the tenant at least one virtual machine in the tenant, and the management side provides the network different from the tenant for at least one virtual machine in the tenant. Through the implementation of the present invention, the tenant has its own network and the network provided by the management terminal, which realizes compatibility between the two networks in one tenant, and improves the flexible application of the system.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图概述BRIEF abstract
图1是本发明一实施例提供的一种网络共享方法流程图;FIG. 1 is a flowchart of a network sharing method according to an embodiment of the present invention;
图2是本发明一实施例提供的一种网络共享系统示意图;2 is a schematic diagram of a network sharing system according to an embodiment of the present invention;
图3是本发明一实施例提供的一种在租户端中NAT网络的建立方法流程图;FIG. 3 is a flowchart of a method for establishing a NAT network in a tenant end according to an embodiment of the present invention;
图4是本发明一实施例提供的一种在租户端中非NAT网络的创建方法 流程图;4 is a method for creating a non-NAT network in a tenant end according to an embodiment of the present invention. flow chart;
图5是本发明一实施例提供的一种在管理端建立非NAT网络的方法流程图;FIG. 5 is a flowchart of a method for establishing a non-NAT network on a management end according to an embodiment of the present invention;
图6是本发明一实施例提供的一种管理端将建立的非NAT网络分享给租户端的方法流程图;FIG. 6 is a flowchart of a method for a management terminal to share a non-NAT network established to a tenant by using a management terminal according to an embodiment of the present invention;
图7是本发明一实施例提供的一种在租户端建立NAT模式网络的方法流程图;FIG. 7 is a flowchart of a method for establishing a NAT mode network on a tenant side according to an embodiment of the present invention;
图8是本发明一实施例提供的一种网络共享系统示意图。FIG. 8 is a schematic diagram of a network sharing system according to an embodiment of the present invention.
本发明的实施方式Embodiments of the invention
本发明实施例考虑到在网络系统中,每个租户端只能在NAT和非NAT模式网络中创建一种网络;通过在每个租户端创建各自的网络,在管理端创建至少一种网络,然后,每个租户端给本租户端中的虚机提供本租户端的网络,管理端为租户端中的虚机提供不同于该租户端的网络,实现了该租户端中的虚机可以实现以本租户端的网络与外网交互,或者以管理端的网络与外网交互,且本租户端的网络和管理端的网络是不同的,从而达到了两种网络模式兼容的目的,提高了系统的灵活应用性。Embodiments of the present invention consider that in a network system, each tenant can only create one network in a NAT and non-NAT mode network; by creating a respective network on each tenant, creating at least one network on the management end, Then, each tenant provides the network of the tenant to the virtual machine in the tenant, and the management end provides the virtual machine in the tenant with a network different from the tenant, so that the virtual machine in the tenant can be implemented. The network of the tenant interacts with the external network, or the network of the management end interacts with the external network, and the network of the tenant and the network of the management end are different, thereby achieving the purpose of compatibility between the two network modes and improving the flexible application of the system.
下面结合附图对本发明的具体实现方式作进一步说明。The specific implementation of the present invention will be further described below in conjunction with the accompanying drawings.
第一实施例First embodiment
本实施例提供了一种组网系统,包括管理端和至少一个租户端,租户端包括至少一个虚机;This embodiment provides a networking system, including a management end and at least one tenant end, where the tenant end includes at least one virtual machine.
每个租户端包括NAT模式网络和非NAT模式网络中的一种网络,管理端包括上述两种网络中的至少一种网络,租户端为本租户端中的至少一个虚机提供本租户端的网络,管理端为租户端中的至少一个虚机提供不同于该租户端的网络。Each tenant includes one of a NAT mode network and a non-NAT mode network. The management end includes at least one of the two types of networks. The tenant provides the tenant network for at least one virtual machine in the tenant. The management terminal provides a network different from the tenant at least one virtual machine in the tenant.
在一个组网系统中,一个网络系统中,包括管理端和租户端;一个租户端对应于一个独立的硬件结构,在该硬件结构里,可以模拟出多个虚机,而 一个租户端包括一个虚机。本租户端的网络只能有一种模式,即NAT模式网络和非NAT模式网络二者之中只能有一个。In a networking system, a network system includes a management terminal and a tenant terminal; a tenant end corresponds to an independent hardware structure in which multiple virtual machines can be simulated, and A tenant includes a virtual machine. There can only be one mode in the network of this tenant, that is, only one of the NAT mode network and the non-NAT mode network.
NAT模式的网络,指的是在专网内部,已经分配了本地IP(Internet Protocol,网络之间互连的协议)地址的主机,在想和外网进行交互时,就可以通过源地址转换,将主机的本地IP地址转换为公网IP地址,以实现和互联网的连接。A network in the NAT mode refers to a host that has been assigned a local IP (Internet Protocol) protocol in the private network. When you want to interact with the external network, you can use source address translation. Convert the host's local IP address to a public IP address to connect to the Internet.
非NAT模式的网络,与NAT不同的是,非NAT模式下的主机的本地IP地址就可以直接与外网进行交互,无需进行源地址转换。当然,分别在NAT模式网络和非NAT模式网络下的主机,其本地IP地址是不同的,国际上对每个区域各种用途的IP号段均进行了相关的规定。In a non-NAT mode network, unlike NAT, the local IP address of the host in non-NAT mode can directly interact with the external network without source address translation. Of course, the hosts in the NAT mode network and the non-NAT mode network have different local IP addresses, and the IP number segments of various uses in each area are related internationally.
一个租户端包括上述两种模式中任一种网络,那么该租户端就可以为本租户端内的虚机提供该网络,虚机可以以本租户端的网络模式与外网进行交互。A tenant includes any one of the above two modes. The tenant can provide the network to the virtual machine in the tenant. The virtual machine can interact with the external network in the network mode of the tenant.
另一方面,管理端的网络模式包括NAT模式和非NAT模式中的至少一种。管理端根据每个租户端的网络的不同,有选择的将与该租户端不同的网络分享给该租户端,使该租户端中的虚机可以通过管理端提供的网络与外网进行交互。当租户端包括NAT模式网络时,管理端可以将非NAT模式的网络分享给该租户端;相应的,当租户端包括非NAT模式网络时,管理端可以将NAT模式的网络分享给该租户端。On the other hand, the network mode of the management side includes at least one of a NAT mode and a non-NAT mode. The management terminal selectively shares the network different from the tenant to the tenant according to the network of each tenant, so that the virtual machine in the tenant can interact with the external network through the network provided by the management terminal. When the tenant includes the NAT mode network, the management terminal can share the non-NAT mode network to the tenant; correspondingly, when the tenant includes the non-NAT mode network, the management terminal can share the NAT mode network to the tenant. .
在本实施例中,租户端中的虚机可以通过本租户端的网络与外网进行交互,也可以通过管理端分享的不同于本租户端的网络与外网进行交互。可选的,本实施例中的每个租户端的网络均是相同的一种网络,在每个租户端的网络均是相同的一种网络时,管理端可以只包括与租户端不同的网络。在每个租户端包括NAT网络时,管理端可以仅仅包括非NAT模式的网络;在每个租户端包括非NAT模式网络时,管理端可以仅仅包括NAT模式网络。In this embodiment, the virtual machine in the tenant can interact with the external network through the network of the tenant, or interact with the external network through a network different from the tenant shared by the management terminal. Optionally, the network of each tenant in the embodiment is the same network. When the network of each tenant is the same type of network, the management end may only include a network different from the tenant. When each tenant includes a NAT network, the management terminal may only include a non-NAT mode network; when each tenant includes a non-NAT mode network, the management terminal may include only the NAT mode network.
此外,每个租户端的网络可以包括两种网络中的任一种网络,即在每个租户端的网络中,存在NAT模式网络或非NAT模式网络。管理端的网络也可以包括两种网络,既包括NAT模式网络,又包括非NAT模式网络。In addition, the network of each tenant may include any one of two networks, that is, in the network of each tenant, there is a NAT mode network or a non-NAT mode network. The network of the management side may also include two types of networks, including a NAT mode network and a non-NAT mode network.
租户端中的每个虚机可以通过本租户端提供的网络和/或管理端提供的 不同于本租户端的网络与外网进行交互。此处的和/或提供了三种方案:方案一,租户端中的虚机可以通过本租户端的网络与外网进行交互;方案二,租户端中的虚机可以通过管理端提供的网络与外网进行交互;方案三,租户端中的虚机可以通过本租户端提供的网络和管理端提供的网络与外网进行交互。其中,方案一就是租户端中的虚机,按照本租户端分配的本地IP地址,以及本租户端的网络模式与外网进行交互,如若是NAT模式,则进行源地址转换,将本地IP地址转换为可与互联网交互的公网IP,然后实现与外网的交互;若是非NAT模式,则直接根据本租户端提供的本地IP地址与外网进行交互。方案二就是租户端中的虚机,按照管理端提供的IP地址,以及管理端的网络模式与外网进行交互,此时,本租户端不需要为该虚机分配本地IP地址;方案三就是租户端中的虚机,可以通过本租户端分配的本地IP以及本租户端的网络模式与外网进行交互,也可以通过管理端提供的IP地址和管理端的网络模式与外网进行交互。由于本租户端的网络模式与管理端提供的网络模式不同,该可以通过本租户端和管理端的网络与外网交互的虚机,其至少有本租户端提供的本地IP,以及管理端提供的IP两个不同的IP,在与外网进行交互时,根据不同的IP地址和相应的网络与外网进行交互。Each virtual machine in the tenant can be provided through the network and/or management provided by the tenant. The network different from this tenant interacts with the external network. Here and/or three solutions are provided: In the first solution, the virtual machine in the tenant can interact with the external network through the network of the tenant; in the second solution, the virtual machine in the tenant can pass through the network provided by the management terminal. The external network interacts. In the third solution, the virtual machine in the tenant can interact with the external network through the network provided by the tenant and the network provided by the management terminal. The solution 1 is a virtual machine in the tenant, and interacts with the external network according to the local IP address assigned by the tenant and the network mode of the tenant. If the mode is NAT, the source address is translated and the local IP address is converted. For the public network IP that can interact with the Internet, and then interact with the external network; if it is in the non-NAT mode, it directly interacts with the external network according to the local IP address provided by the tenant. Solution 2: The virtual machine in the tenant side interacts with the external network according to the IP address provided by the management terminal and the network mode of the management end. At this time, the tenant does not need to allocate a local IP address for the virtual machine; the third solution is the tenant. The virtual machine in the end can interact with the external network through the local IP allocated by the tenant and the network mode of the tenant, or interact with the external network through the IP address provided by the management terminal and the network mode of the management end. Because the network mode of the tenant is different from the network mode provided by the management terminal, the virtual machine that can interact with the external network through the network of the tenant and the management end has at least the local IP provided by the tenant and the IP provided by the management end. Two different IPs interact with the external network according to different IP addresses and corresponding networks when interacting with the external network.
每个租户端包括了各自的虚机,与之类似的,管理端也可以包括虚机。管理端可以是租户端,与租户端具有同样的硬件结构,管理端中也可以包括虚机,这些虚机可以通过管理端的网络与外网进行交互。管理端将自己的不同于租户端的网络分享给该租户端,租户端也可以将本租户端的网络分享给其他租户端或者管理端。管理端是设置为为每个租户端提供分享的网络的,为了便于管理,管理端可以提供不同的接口,分别定向的为每个租户端提供管理端的网络;管理端还可以有多个,分别为不同的租户端提供与该租户端不同的网络。Each tenant includes its own virtual machine. Similarly, the management terminal can also include a virtual machine. The management terminal can be a tenant. It has the same hardware structure as the tenant. The management terminal can also include virtual machines. These virtual machines can interact with the external network through the management network. The management terminal shares its own network different from the tenant to the tenant. The tenant can also share the network of the tenant to other tenants or management terminals. The management terminal is configured to provide a shared network for each tenant. For management purposes, the management terminal can provide different interfaces, and each of the tenants provides a network for the management end. The management terminal can also have multiple, respectively. Provide different tenants with different networks than the tenant.
本实施例提供了一种组网系统,包括管理端和至少一个租户端,租户端包括至少一个虚机;租户端有自己的网络和管理端提供的不同于本租户端的网络,实现了在一个租户端中兼容两种网络,提高了系统的灵活应用性。The embodiment provides a networking system, including a management terminal and at least one tenant. The tenant includes at least one virtual machine. The tenant has its own network and a network different from the tenant provided by the management terminal. The tenant is compatible with both networks, which improves the flexible application of the system.
第二实施例 Second embodiment
本实施例提供了一种网络共享方法,请参考图1,包括:This embodiment provides a network sharing method. Referring to FIG. 1, the method includes:
S101、为每个租户端建立NAT模式网络和非NAT模式网络中的一种网络;S101. Establish a network in a NAT mode network and a non-NAT mode network for each tenant.
S102、为管理端建立上述两种网络中的至少一种网络;S102. Establish, by the management terminal, at least one of the foregoing two networks.
S103、租户端为本租户端中的至少一个虚机提供本租户端的网络,管理端为租户端中的至少一个虚机提供不同于该租户端的网络。S103. The tenant provides a network of the tenant at least one virtual machine in the tenant, and the management end provides a network different from the tenant in the virtual machine of the tenant.
一个网络系统中,包括管理端和租户端;一个租户端对应于一个独立的硬件结构,在该硬件结构里,可以模拟出多个虚机,而一个租户端包括一个虚机。一个租户端在建立网络时,只能在NAT模式和非NAT模式中选择一个创建,即一个租户端只有一种网络。A network system includes a management terminal and a tenant; a tenant corresponds to an independent hardware structure in which multiple virtual machines can be simulated, and one tenant includes a virtual machine. When a tenant establishes a network, it can only select one of the NAT mode and the non-NAT mode. That is, one tenant has only one network.
一个租户端在建立了任一种模式的网络后,该租户端就对本租户端中的至少一个虚机提供本租户端的网络,即租户端中的虚机就可以以本租户端的网络模式与外网进行交互。After a tenant establishes a network of any mode, the tenant provides the tenant network to at least one virtual machine in the tenant. That is, the virtual machine in the tenant can use the network mode of the tenant. The network interacts.
另一方面,管理端也建立NAT模式和非NAT模式的网络中的至少一种。管理端建立了网络之后,根据每个租户端的网络的不同,管理端有选择的将与该租户端不同的网络分享给该租户端,使该租户端中的虚机可以通过管理端提供的网络与外网进行交互。例如,当租户端建立的是NAT模式的网络时,管理端可以将非NAT模式的网络分享给该租户端;相应的,当租户端建立的是非NAT模式的网络时,管理端可以将NAT模式的网络分享给该租户端。租户端和管理端建立网络之间的时序在本实施例中并没有进行限定,可以先在租户端建立网络,然后在管理端建立网络,也可以先在管理端建立网络,然后在租户端建立网络,或者两者同时进行,在本实施例中都是可行的。On the other hand, the management side also establishes at least one of a network of a NAT mode and a non-NAT mode. After the network is set up by the management terminal, the management terminal selectively shares the network different from the tenant to the tenant according to the network of each tenant, so that the virtual machine in the tenant can pass the network provided by the management terminal. Interact with the external network. For example, when the tenant establishes a NAT mode network, the management terminal can share the non-NAT mode network to the tenant; correspondingly, when the tenant establishes a non-NAT mode network, the management terminal can set the NAT mode. The network is shared with the tenant. The timing between the establishment of the network between the tenant and the management terminal is not limited in this embodiment. The network may be established on the tenant side, then the network may be established on the management end, or the network may be established on the management end first, and then established on the tenant side. The network, or both, is possible in this embodiment.
在每个租户端和管理端的网络建立完成之后,租户端中的虚机不仅可以通过本租户端所建立的网络与外网进行交互,还可以通过管理端分享的不同于本租户端的网络与外网进行交互。可选的,本实施例中的为每个租户端建立的网络均是相同的网络,即都是NAT模式的网络,或者都是非NAT模式的网络。在这种情况下,由于所有租户端的网络模式都是一样的,那么为管理端建立与租户端不同的另一种网络即可。在每个租户端建立的均是NAT 网络时,管理端可以仅仅建立非NAT模式的网络;在每个租户端建立的均是非NAT网络时,管理端可以仅仅建立NAT模式的网络。需要注意的是,此处虽然表述为了管理端建立的网络与租户端的不同,但并不代表着租户端建立网络在管理端建立网络之前,也不能说租户端建立网络在管理端建立网络之后;租户端和管理端建立网络的顺序可以是任意的,只要其满足在网络建立完成后,管理端能够向租户端提供与该租户端不同的网络即可,与租户端和管理端建立网络的顺序没有必然联系。After the establishment of the network on each tenant and the management end, the virtual machine in the tenant can interact with the external network through the network established by the tenant, and can also share the network different from the tenant through the management terminal. The network interacts. Optionally, the networks established for each tenant in this embodiment are the same network, that is, the network in the NAT mode, or the network in the non-NAT mode. In this case, since the network modes of all tenants are the same, it is only necessary to establish another network different from the tenant for the management. NAT is established on each tenant side. In the network, the management terminal can only establish a non-NAT mode network; when each tenant establishes a non-NAT network, the management terminal can only establish a NAT mode network. It should be noted that although the network established here is different from the tenant in terms of the management end, it does not mean that the tenant establishes the network before the management establishes the network, nor can it be said that the tenant establishes the network after the network is established on the management side; The order in which the tenant and the management end establishes the network may be arbitrary, as long as the management terminal can provide the tenant with a different network from the tenant after the network is established, and establish the network sequence with the tenant and the management end. There is no necessary connection.
此外,为每个租户端建立的网络可以包括两种网络中的任一种网络,即在租户端建立的网络中,存在NAT模式网络或非NAT模式网络。在这种情况下,为管理端建立的网络也可以包括两种网络,既包括NAT模式网络也包括非NAT模式网络。与上述的情况类似,此处虽然表述成了为租户端建立网络在前,管理端建立网络在后,但这并不是对租户端建立网络和管理端建立网络之间的时序进行限定,这两者之间的时序可以是任意的。In addition, the network established for each tenant may include any of the two networks, that is, in the network established by the tenant, there is a NAT mode network or a non-NAT mode network. In this case, the network established for the management terminal may also include two types of networks, including a NAT mode network and a non-NAT mode network. Similar to the above situation, although the description is made here that the network is established for the tenant, and the management establishes the network, this does not limit the timing between the establishment of the network by the tenant and the establishment of the network by the management. The timing between the parties can be arbitrary.
在租户端的网络和管理端的网络均建立好之后,租户端中的每个虚机可以通过本租户端提供的网络和/或管理端提供的不同于本租户端的网络与外网进行交互。此处的和/或提供了三种方案:方案一,租户端中的虚机可以通过本租户端的网络与外网进行交互;方案二,租户端中的虚机可以通过管理端提供的网络与外网进行交互;方案三,租户端中的虚机可以通过本租户提供的网络和管理端提供的网络与外网进行交互。其中,方案一就是租户端中的虚机,按照本租户端分配的本地IP地址,以及本租户端的网络模式与外网进行交互,如若是NAT模式,则可以进行源地址转换,将本地IP地址转换为可与互联网交互的公网IP,然后实现与外网的交互;若是非NAT模式,则直接根据本租户端提供的本地IP地址与外网进行交互。方案二就是租户端中的虚机,按照管理端提供的IP地址,以及管理端的网络模式与外网进行交互,此时,本租户端不需要为该虚机分配本地IP地址;方案三就是租户端中的虚机,可以通过本租户端分配的本地IP以及本租户端的网络模式与外网进行交互,也可以通过管理端提供的IP地址和管理端的网络模式与外网进行交互。由于本租户端的网络模式与管理端提供的网络模式不同,该可以通过本租户端和管理端的网络与外网交互的虚机,其至少有本租户端提供的本地IP,以 及管理端提供的IP两个不同的IP,在与外网进行交互时,根据不同的IP地址和相应的网络与外网进行交互。After the network on the tenant side and the network on the management end are established, each virtual machine in the tenant can interact with the external network through the network provided by the tenant and/or the network provided by the management terminal different from the tenant. Here and/or three solutions are provided: In the first solution, the virtual machine in the tenant can interact with the external network through the network of the tenant; in the second solution, the virtual machine in the tenant can pass through the network provided by the management terminal. The external network interacts. In the third solution, the virtual machine in the tenant can interact with the external network through the network provided by the tenant and the network provided by the management terminal. The solution 1 is a virtual machine in the tenant side, and interacts with the external network according to the local IP address assigned by the tenant and the network mode of the tenant. If the mode is NAT, the source address translation can be performed, and the local IP address is used. It is converted to a public network IP that can interact with the Internet, and then interacts with the external network; if it is in a non-NAT mode, it directly interacts with the external network according to the local IP address provided by the tenant. Solution 2: The virtual machine in the tenant side interacts with the external network according to the IP address provided by the management terminal and the network mode of the management end. At this time, the tenant does not need to allocate a local IP address for the virtual machine; the third solution is the tenant. The virtual machine in the end can interact with the external network through the local IP allocated by the tenant and the network mode of the tenant, or interact with the external network through the IP address provided by the management terminal and the network mode of the management end. Because the network mode of the tenant is different from the network mode provided by the management terminal, the virtual machine that can interact with the external network through the network of the tenant and the management end has at least the local IP provided by the tenant. And the IP provided by the management terminal, two different IPs, interact with the external network according to different IP addresses and corresponding networks when interacting with the external network.
每个租户端包括了各自的虚机,与之类似的,管理端也可以包括虚机。管理端可以是租户端,与租户端具有同样的硬件结构,管理端中也可以包括虚机,这些虚机可以通过管理端的网络与外网进行交互。管理端将自己的不同于租户端的网络分享给该租户端,租户端也可以将本租户端建立的网络分享给其他租户端或者管理端。管理端是设置为为每个租户端提供分享的网络的,为了便于管理,管理端可以提供不同的接口,分别定向的为每个租户端提供管理端建立的网络;管理端还可以有多个,分别为不同的租户端提供与该租户端不同的网络。Each tenant includes its own virtual machine. Similarly, the management terminal can also include a virtual machine. The management terminal can be a tenant. It has the same hardware structure as the tenant. The management terminal can also include virtual machines. These virtual machines can interact with the external network through the management network. The management terminal shares its own network different from the tenant to the tenant. The tenant can also share the network established by the tenant to other tenants or management terminals. The management terminal is configured to provide a shared network for each tenant. For management purposes, the management terminal can provide different interfaces, and each of the tenants provides a network established by the management terminal. The management terminal can also have multiple Provide different tenants with different networks than the tenant.
本实施例提供了一种网络共享方法,通过在租户端建立NAT和非NAT中的一种网络,以及在管理端建立NAT和非NAT中的至少一种网络,租户端为本租户端中的虚机提供本租户端的网络,管理端为该租户端中的虚机提供不同于该租户端的网络,从而在该租户端上实现了NAT模式网络和非NAT模式网络的兼容,提高了系统的灵活应用性。在当前openstack(OpenStack云计算管理平台)技术下,硬件设备(一个租户只能创建一种网络模式的路由),让其虚机能够拥有NAT和非NAT共存的网络,从而达到一个租户下,两种网络模式共存。The embodiment provides a network sharing method, in which a network in a NAT and a non-NAT is established on the tenant, and at least one of a NAT and a non-NAT is established on the management end, and the tenant is in the tenant. The virtual machine provides the network of the tenant, and the management side provides a network different from the tenant in the virtual machine in the tenant, thereby implementing compatibility between the NAT mode network and the non-NAT mode network on the tenant, thereby improving the flexibility of the system. Application. Under the current openstack (OpenStack cloud computing management platform) technology, a hardware device (a tenant can only create a network mode route), so that its virtual machine can have a network of NAT and non-NAT coexistence, thereby reaching a tenant, two Network modes coexist.
第三实施例Third embodiment
本实施例提供了一种网络共享系统,请参考图2,包括:This embodiment provides a network sharing system. Referring to FIG. 2, the method includes:
管理端10和至少一个租户端20,每个租户端20包括至少一个虚机202;每个租户端20建立NAT模式网络和非NAT模式网络中的一种网络,管理端10建立上述两种网络中的至少一种网络;租户端20为本租户端20中的至少一个虚机202提供本租户端20的网络,管理端10为租户端20中的至少一个虚机202提供不用于该租户端20的网络。The management terminal 10 and the at least one tenant 20, each of the tenants 20 includes at least one virtual machine 202; each tenant 20 establishes one of a NAT mode network and a non-NAT mode network, and the management terminal 10 establishes the above two networks. At least one of the networks; the tenant 20 provides the network of the tenant 20 to the at least one virtual machine 202 of the tenant 20, and the management 10 provides the non-virtual machine 202 of the tenant 20 for the tenant. 20 networks.
一个网络系统中,包括管理端10和租户端20;一个租户端20对应于一个独立的硬件结构,在该硬件结构里,可以模拟出多个虚机202,而一个租户端20包括一个虚机202。一个租户端20在建立网络时,只能在NAT模式 和非NAT模式中选择一个创建,即一个租户端20只有一种网络。A network system includes a management terminal 10 and a tenant terminal 20; a tenant terminal 20 corresponds to an independent hardware structure in which a plurality of virtual machines 202 can be simulated, and a tenant terminal 20 includes a virtual machine. 202. A tenant 20 can only be in NAT mode when establishing a network. Select one of the non-NAT modes to create, that is, one tenant 20 has only one type of network.
一个租户端20在建立了任一种模式的网络后,该租户端20就对本租户端20中的至少一个虚机202提供本租户端20的网络,即租户端20中的虚机202就可以以本租户端20的网络模式与外网进行交互。After a tenant 20 establishes a network of any mode, the tenant 20 provides the network of the tenant 20 to at least one virtual machine 202 of the tenant 20, that is, the virtual machine 202 in the tenant 20 can The network mode of the tenant 20 interacts with the external network.
另一方面,管理端10也可以建立NAT模式和非NAT模式的网络中的至少一种。管理端10建立了网络之后,根据每个租户端20的网络的不同,管理端10有选择的将与该租户端20不同的网络分享给该租户端20,使该租户端20中的虚机202可以通过管理端10提供的网络与外网进行交互。例如,当租户端20建立的是NAT模式的网络时,管理端10可以将非NAT模式的网络分享给该租户端20;相应的,当租户端20建立的是非NAT模式的网络时,管理端10可以将NAT模式的网络分享给该租户端20。On the other hand, the management terminal 10 can also establish at least one of a network of a NAT mode and a non-NAT mode. After the management terminal 10 establishes the network, the management terminal 10 selectively shares the network different from the tenant 20 to the tenant 20 according to the network of each tenant 20, so that the virtual machine in the tenant 20 202 can interact with the external network through the network provided by the management terminal 10. For example, when the tenant 20 establishes a NAT mode network, the management terminal 10 can share the non-NAT mode network to the tenant 20; correspondingly, when the tenant 20 establishes a non-NAT mode network, the management terminal 10 The NAT mode network can be shared to the tenant 20 .
在每个租户端20和管理端10的网络建立完成之后,租户端20中的虚机202不仅可以通过本租户端20所建立的网络与外网进行交互,还可以通过管理端10分享的用于本租户端20的网络与外网进行交互。可选的,本实施例中的每个租户端20建立的网络均是相同的网络,在这种情况下,由于所有租户端20的网络模式都是一样的,那么为管理端10建立与租户端20不同的另一种网络即可。After the network establishment of each tenant 20 and the management terminal 10 is completed, the virtual machine 202 in the tenant 20 can interact with the external network through the network established by the tenant 20, and can also be shared by the management terminal 10. The network at the tenant 20 interacts with the external network. Optionally, the network established by each tenant 20 in this embodiment is the same network. In this case, since the network modes of all the tenants 20 are the same, the tenant is established and tenant for the management terminal 10. The other end of the network 20 can be another network.
此外,每个租户端20建立的网络可以包括两种网络中的任一种网络,即在租户端20建立的网络中,存在NAT模式网络或非NAT模式网络。在这种情况下,管理端10建立的网络也可以包括两种网络,即既包括NAT模式网络,也包括非NAT模式网络。In addition, the network established by each tenant 20 may include any one of two networks, that is, in the network established by the tenant 20, there is a NAT mode network or a non-NAT mode network. In this case, the network established by the management terminal 10 may also include two types of networks, that is, both a NAT mode network and a non-NAT mode network.
其中,租户端20和管理端10的网络建立不论是上述哪种方式,两者之间的顺序都可以是任意的,本实施例并不对其执行顺序进行限定。The network establishment of the tenant 20 and the management 10 may be arbitrary in any of the above manners, and the order of execution is not limited in this embodiment.
在租户端20的网络和管理端10的网络均建立好之后,租户端20中的每个虚机202可以通过本租户端20提供的网络和/或管理端10提供的不同于本租户端20的网络与外网交互。此处的和/或提供了三种方案:方案一,租户端20中的虚机202可以通过本租户的网络与外网进行交互;方案二,租户端20中的虚机202可以通过管理端10提供的网络与外网进行交互;方案三,租户端20中的虚机202可以通过本租户提供的网络和管理端10提供的 网络与外网进行交互。After the network of the tenant 20 and the network of the management terminal 10 are both established, each virtual machine 202 in the tenant 20 can be different from the tenant 20 provided by the network and/or the management terminal 10 provided by the tenant 20 The network interacts with the external network. Herein, and/or three solutions are provided: In the first solution, the virtual machine 202 in the tenant 20 can interact with the external network through the network of the tenant; in the second solution, the virtual machine 202 in the tenant 20 can pass through the management terminal. 10 provides a network to interact with the external network; scheme 3, the virtual machine 202 in the tenant 20 can be provided by the network provided by the tenant and the management terminal 10 The network interacts with the external network.
每个租户端20包括了各自的虚机202,与之类似的,管理端10也可以包括虚机202。管理端10可以是租户端20,与租户端20具有同样的硬件接口,管理端10中也可以包括虚机202,这些虚机202可以通过管理端10的网络与外网进行交互。管理端10将自己的不同于租户端20的网络分享给该租户端20,租户端20也可以将本租户端20建立的网络分享给其他租户端20或者管理端10。管理端10是设置为为每个租户端20提供分享的网络的,为了便于管理,管理端10可以提供不同的接口,分别定向的为每个租户端20提供管理端10建立的网络;管理端10还可以有多个,分别为不同的租户端20提供与该租户端20不同的网络。Each tenant 20 includes a respective virtual machine 202, and similarly, the management 10 may also include a virtual machine 202. The management terminal 10 can be the tenant 20 and has the same hardware interface as the tenant 20, and the management terminal 10 can also include the virtual machine 202. The virtual machine 202 can interact with the external network through the network of the management terminal 10. The management terminal 10 shares its own network different from the tenant 20 to the tenant 20, and the tenant 20 can also share the network established by the tenant 20 to the other tenant 20 or the management terminal 10. The management terminal 10 is configured to provide a shared network for each tenant 20. For the convenience of management, the management terminal 10 can provide different interfaces, and each of the tenant terminals 20 is provided with a network established by the management terminal 10; There may also be more than 10, respectively providing different tenant terminals 20 with a different network than the tenant 20 .
本实施例提供了一种网络共享系统,包括管理端和至少一个租户端,租户端包括至少一个虚机,通过在租户端建立NAT和非NAT中的一种网络,以及在管理端建立至少一种网络,租户端为本租户端中的虚机提供本租户端中的网络,管理端为该租户端中的虚机提供不同于该租户端的网络,从而在该租户端上实现了NAT模式网络和非NAT模式网络的兼容,提高了系统的灵活应用性。The embodiment provides a network sharing system, including a management terminal and at least one tenant. The tenant includes at least one virtual machine, and establishes at least one of NAT and non-NAT on the tenant, and establishes at least one on the management end. A network in which the tenant provides the network in the tenant of the virtual machine in the tenant, and the management end provides a network different from the tenant in the virtual machine in the tenant, thereby implementing the NAT mode network on the tenant. Compatible with non-NAT mode networks, improving the flexible application of the system.
第四实施例Fourth embodiment
本实施例提供了一种在租户端中NAT网络的建立方法,请参考图3,包括:This embodiment provides a method for establishing a NAT network in a tenant. Referring to FIG. 3, the method includes:
S301、在一个租户端中,创建一个NAT内部网络和NAT外部网络;S301. Create a NAT internal network and a NAT external network in a tenant.
NAT外部网络可以和互联网进行交互;NAT内网是局域网,不经过NAT外部网络不能连接到互联网,而只能在NAT内部的节点之间进行交互。The NAT external network can interact with the Internet; the NAT internal network is a local area network, and cannot connect to the Internet without going through the NAT external network, but can only interact between nodes inside the NAT.
S302、在该租户端中创建路由,将该NAT内部网络接入到路由下,并将路由的外部网关绑定为NAT外部网络;S302: Create a route in the tenant, connect the NAT internal network to the route, and bind the routed external gateway to the NAT external network.
所谓路由,就是路径选择。路由器连接多个网络,因此一定是多个网络的网关。将路由的外部网关绑定为该NAT外部网络之后,该路由就可以实现与互联网之间的交互;由于该租户端的网络是NAT网络,本地IP不能和 互联网进行交互,因此可以设置SNAT(源地址转换)为true,即进行源地址转换。The so-called routing is the path selection. Routers connect to multiple networks, so they must be gateways to multiple networks. After the external gateway of the route is bound to the external network of the NAT, the route can interact with the Internet; since the network of the tenant is a NAT network, the local IP cannot be The Internet interacts, so you can set SNAT (source address translation) to true, that is, source address translation.
S303、在租户端中创建虚机,为所述虚机配置本地IP;S303. Create a virtual machine in the tenant, and configure a local IP for the virtual machine.
在租户端中创建虚机后,虚机的本地IP可以是手动设置,也可以是自动配置,一个租户端中每个虚机的本地IP应该是不同的,如果所有虚机的本地IP相同,会发生IP地址冲突,从而无法正常连接网络。After the virtual machine is created in the tenant, the local IP address of the virtual machine can be manually set or automatically configured. The local IP of each virtual machine in a tenant should be different. If the local IP addresses of all virtual machines are the same, An IP address conflict will occur and the network will not connect properly.
S304、为所述虚机申请外部公网IP。S304. Apply for an external public network IP for the virtual machine.
由于该租户端中建立的是NAT模式的网络,因此虚机的本地IP不能直接与互联网进行交互,可以为虚机配置相应的公网IP,因此,为该虚机申请外部公网IP,使该虚机的本地IP经过SNAT转换为可与互联网交互的公网IP。Because the network in the NAT mode is established in the tenant, the local IP address of the virtual machine cannot directly interact with the Internet. You can configure the corresponding public IP address for the virtual machine. Therefore, apply for the external public IP address for the virtual machine. The local IP of the virtual machine is converted into a public network IP that can interact with the Internet through SNAT.
在以上步骤完成后,该租户端的NAT模式网络就建立完成了,可以进一步实现虚机与互联网的交互操作。After the above steps are completed, the NAT mode network of the tenant is established, and the interaction between the virtual machine and the Internet can be further implemented.
在管理端创建NAT网络的方式与在租户端创建的类似;值得一提的是,在管理端不需要创建虚机,虚机可以仅在租户端中创建。The way to create a NAT network on the management side is similar to that created on the tenant side. It is worth mentioning that you do not need to create a virtual machine on the management side. The virtual machine can be created only in the tenant.
本实施例还提供了一种在租户端中非NAT网络的创建方法,请参考图4,包括:This embodiment also provides a method for creating a non-NAT network in the tenant. Referring to FIG. 4, the method includes:
S401、在一个租户端中,创建一个非NAT内部网络和非NAT外部网络;S401. Create a non-NAT internal network and a non-NAT external network in a tenant.
S402、在该租户端中创建路由,将该非NAT网络接入到该路由下,并将路由的外部网关绑定为非NAT外部网络;S402. Create a route in the tenant, access the non-NAT network to the route, and bind the routed external gateway to a non-NAT external network.
将路由的外部网关绑定为该非NAT外部网络之后,该路由就可以实现与互联网之间的交互;由于该租户端的网络是非NAT网络,本地IP可以直接和互联网进行交互,因此可以设置SNAT为false,即禁止进行源地址转换。After the external gateway of the route is bound to the non-NAT external network, the route can interact with the Internet; since the network of the tenant is a non-NAT network, the local IP can directly interact with the Internet, so SNAT can be set as False, that is, source address translation is prohibited.
S403、在租户端中创建虚机,为所述虚机配置IP。S403. Create a virtual machine in the tenant, and configure an IP for the virtual machine.
由于该租户端建立的是非NAT模式网络,因此虚机的IP可以直接和外网进行交互,无需进行源地址转换,也就无需再额外申请公网IP。Because the tenant establishes a non-NAT mode network, the IP address of the virtual machine can directly interact with the external network. No source address translation is required, and no additional public IP address is required.
在以上步骤完成后,该租户端的非NAT模式网络就建立完成了,可以 进一步实现虚机与互联网的交互操作。After the above steps are completed, the non-NAT mode network of the tenant is established, and Further realize the interaction between the virtual machine and the Internet.
在管理端创建非NAT网络的方式与在租户端创建的类似;值得一提的是,在管理端不需要创建虚机,虚机可以仅在租户端中创建。The way to create a non-NAT network on the management side is similar to that created on the tenant side. It is worth mentioning that you do not need to create a virtual machine on the management side. The virtual machine can be created only in the tenant.
第五实施例Fifth embodiment
本实施例提供了一种网络共享方法,以管理端建立非NAT模式网络、租户端建立NAT模式网络为例,请参考图5,图5示出了在管理端建立非NAT网络的流程图,包括:This embodiment provides a network sharing method. The management terminal establishes a non-NAT mode network, and the tenant establishes a NAT mode network. For example, refer to FIG. 5. FIG. 5 shows a flow chart of establishing a non-NAT network on the management end. include:
S501、在管理端创建非NAT外部网络;S501. Create a non-NAT external network on the management end.
非NAT外部网络可以与互联网之间进行交互。Non-NAT external networks can interact with the Internet.
S502、创建路由,将非NAT外部网络绑定为路由的外部网关;S502. Create a route, and bind the non-NAT external network to an external gateway of the route.
将路由的外部网关绑定为该非NAT外部网络之后,该路由就可以实现与互联网之间的交互;由于该管理端的网络是非NAT网络,本地IP可以直接和互联网进行交互,因此可以设置SNAT为false,即禁止进行源地址转换。After the external gateway of the route is bound to the non-NAT external network, the route can interact with the Internet; since the network of the management terminal is a non-NAT network, the local IP can directly interact with the Internet, so SNAT can be set as False, that is, source address translation is prohibited.
S503、创建非NAT内部网络;S503. Create a non-NAT internal network.
S504、将非NAT内部网络与路由关联。S504. Associate the non-NAT internal network with the route.
将非NAT内部网络与路由关联之后,非NAT内部网络和非NAT外部网络之间建立了联系,可以从非NAT内部网络通过非NAT外部网络与互联网进行交互。After the non-NAT internal network is associated with the route, a non-NAT internal network is established with the non-NAT external network, and the non-NAT internal network can interact with the Internet through the non-NAT external network.
请参考图6,图6示出了管理端将建立的非NAT网络分享给租户端的方法流程图,包括:Please refer to FIG. 6. FIG. 6 is a flowchart of a method for the management terminal to share the established non-NAT network to the tenant, including:
S601、选择管理端中的非NAT内部网络;S601. Select a non-NAT internal network in the management terminal.
S602、确定需要分享该非NAT内部网络的租户端;S602. Determine a tenant that needs to share the non-NAT internal network.
由于租户端并不一定只有NAT模式,因此,仅仅需要将管理端中的非NAT网络共享给租户端。Since the tenant does not necessarily have a NAT mode, only the non-NAT network in the management terminal needs to be shared with the tenant.
S603、在相应的租户端中创建虚机,为该虚机绑定在非NAT内部网络中的IP地址。 S603. Create a virtual machine in the corresponding tenant, and bind the virtual machine to an IP address in the non-NAT internal network.
在绑定了在非NAT内部网络中的IP地址后,该虚机就可以通过管理端的非NAT网络直接与互联网进行交互;此外,若在租户端中已存在该虚机,可以进一步为该虚机提供非NAT内部网络供选择,则无需创建虚机,而仅仅将非NAT内部网络下的IP地址与已存在的虚机绑定。After the IP address in the non-NAT internal network is bound, the virtual machine can directly interact with the Internet through the non-NAT network of the management terminal. In addition, if the virtual machine already exists in the tenant, the virtual machine can be further To provide a non-NAT internal network for selection, you do not need to create a virtual machine, but only bind the IP address under the non-NAT internal network to the existing virtual machine.
请参考图7,图7示出了在租户端建立NAT模式网络的流程图,包括:Please refer to FIG. 7. FIG. 7 shows a flow chart of establishing a NAT mode network on the tenant side, including:
S701、在租户端创建NAT外部网络;S701. Create a NAT external network on the tenant side.
NAT外部网络可以与互联网之间进行交互。The NAT external network can interact with the Internet.
S702、创建路由,将NAT外部网络绑定为该路由的外部网关;S702. Create a route, and bind the NAT external network to an external gateway of the route.
将路由的外部网关绑定为该NAT外部网络之后,该路由就可以实现与互联网之间的交互;由于该租户端的网络是NAT网络,本地IP不可以直接和互联网进行交互,因此可以设置SNAT为true,即进行源地址转换。After the external gateway of the route is bound to the external network of the NAT, the route can interact with the Internet. Since the network of the tenant is a NAT network, the local IP cannot directly interact with the Internet. Therefore, SNAT can be set to True, that is, source address translation.
S703、创建NAT内部网络;S703. Create a NAT internal network.
S704、选择租户端中的NAT内部网络,与路由关联;S704. Select a NAT internal network in the tenant end, and associate with the route.
将NAT内部网络与路由关联之后,NAT内部网络和NAT外部网络之间建立了联系,可以从NAT内部网络通过NAT外部网络与互联网进行交互。After the NAT internal network is associated with the route, a connection is established between the NAT internal network and the NAT external network, and the NAT internal network can interact with the Internet through the NAT external network.
S705、在租户端中创建虚机,为该虚机绑定本地IP地址;S705: Create a virtual machine in the tenant, and bind the local IP address to the virtual machine.
在租户端中创建虚机后,虚机的本地IP可以是手动设置,也可以是自动配置,一个租户端中每个虚机的本地IP应该是不同的,如果所有虚机的本地IP相同,会发生IP地址冲突,从而无法正常连接网络。After the virtual machine is created in the tenant, the local IP address of the virtual machine can be manually set or automatically configured. The local IP of each virtual machine in a tenant should be different. If the local IP addresses of all virtual machines are the same, An IP address conflict will occur and the network will not connect properly.
S706、为虚机申请公网IP。S706. Apply for a public network IP address for the virtual machine.
由于该租户端中建立的是NAT模式的网络,因此虚机的本地IP不能直接与互联网进行交互,可以为虚机配置相应的公网IP,因此,为该虚机申请外部公网IP,使该虚机的本地IP经过SNAT转换为可与互联网交互的公网IP。Because the network in the NAT mode is established in the tenant, the local IP address of the virtual machine cannot directly interact with the Internet. You can configure the corresponding public IP address for the virtual machine. Therefore, apply for the external public IP address for the virtual machine. The local IP of the virtual machine is converted into a public network IP that can interact with the Internet through SNAT.
本实施例提供了一种网络共享方法,通过在租户端NAT网络,以及在管理端建立非NAT网络,租户端为本租户端中的虚机提供NAT网络,管理端为该租户端中的虚机提供非NAT网络,从而在该租户端上实现了NAT模 式网络和非NAT模式网络的兼容,提高了系统的灵活应用性。This embodiment provides a network sharing method. The tenant provides a NAT network for the virtual machine in the tenant by using the NAT network on the tenant side and the non-NAT network on the management end. The management end is the virtual network in the tenant. The machine provides a non-NAT network to implement the NAT mode on the tenant. The compatibility of the network and the non-NAT mode network improves the flexible application of the system.
第六实施例Sixth embodiment
下面以NAT模式的租户端以及非NAT模式的管理端为例,对本发明的具体实施作进一步说明。The specific implementation of the present invention will be further described below by taking the tenant side of the NAT mode and the management end of the non-NAT mode as an example.
如图8所示,本实施例中的网络共享系统,包括租户端20和管理端10,所述租户端20包括多个虚机;租户端20建立NAT模式网络,管理端10建立非NAT模式网络;As shown in FIG. 8, the network sharing system in this embodiment includes a tenant 20 and a management terminal 10. The tenant 20 includes multiple virtual machines. The tenant 20 establishes a NAT mode network, and the management terminal 10 establishes a non-NAT mode. The internet;
租户端20建立NAT模式网络的过程如下:The process of establishing a NAT mode network by the tenant 20 is as follows:
在租户端20创建NAT外网;租户端20的NAT外网与互联网相连,可实现与互联网之间的交互,这里的交互包括任何需要联网完成的操作。A NAT external network is created on the tenant side 20; the NAT external network of the tenant 20 is connected to the Internet to implement interaction with the Internet, and the interaction here includes any operations that need to be completed by networking.
在租户端20创建租户路由201,将NAT外网绑定为该租户路由201的外部网关;将租户路由201的外部网关绑定为该NAT外网之后,该租户路由201就可以实现与互联网之间的交互;由于该租户端20的网络是NAT网络,本地IP不能和互联网进行交互,因此可以设置SNAT(源地址转换)为true,即进行源地址转换。The tenant route 201 is created on the tenant side 20, and the NAT external network is bound to the external gateway of the tenant route 201. After the external gateway of the tenant route 201 is bound to the NAT external network, the tenant route 201 can be implemented with the Internet. Inter-exchange; since the network of the tenant 20 is a NAT network, the local IP cannot interact with the Internet. Therefore, SNAT (Source Address Translation) can be set to true, that is, source address translation is performed.
创建NAT内网;NAT内网是局域网,不经过NAT外网不能连接到互联网,而只能在NAT内部的节点之间进行交互。Create a NAT intranet; a NAT intranet is a local area network. It cannot connect to the Internet without going through a NAT external network, but can only interact between nodes inside the NAT.
将NAT内网与租户路由201关联;将NAT内网与租户路由201关联之后,NAT内网和NAT外网之间建立了联系,可以从NAT内网通过NAT外网与互联网进行交互。至此,租户端20中的NAT网络已创建完成,租户端20中的每个虚机可以通过该NAT网络与互联网进行交互。The intranet of the NAT is associated with the tenant route 201. After the intranet of the NAT is associated with the tenant route 201, a connection is established between the intranet and the extranet of the NAT, and the intranet can interact with the Internet through the NAT intranet. At this point, the NAT network in the tenant 20 has been created, and each virtual machine in the tenant 20 can interact with the Internet through the NAT network.
管理端10建立非NAT模式网络的过程如下:The process of the management terminal 10 establishing a non-NAT mode network is as follows:
在管理端10创建非NAT外网;非NAT外网与互联网相连,可实现与互联网之间的交互,这里的交互包括任何需要联网完成的操作。A non-NAT external network is created on the management terminal 10; the non-NAT external network is connected to the Internet to implement interaction with the Internet, and the interaction here includes any operations that need to be completed by networking.
在管理端10创建管理路由101,将非NAT外网绑定为管理路由101的外部网关; Creating a management route 101 on the management terminal 10, and binding the non-NAT external network as an external gateway managing the route 101;
将管理路由101的外部网关绑定为该非NAT外网之后,该管理路由101就可以实现与互联网之间的交互;由于该管理端10的网络是非NAT网络,本地IP可以直接和互联网进行交互,因此可以设置SNAT为false,即禁止进行源地址转换。After the external gateway managing the route 101 is bound to the non-NAT external network, the management route 101 can implement interaction with the Internet; since the network of the management terminal 10 is a non-NAT network, the local IP can directly interact with the Internet. Therefore, you can set SNAT to false, that is, source address translation is prohibited.
创建非NAT内网,将非NAT内网与管理路由101关联。Create a non-NAT intranet and associate the non-NAT intranet with the management route 101.
将非NAT内网与管理路由101关联之后,非NAT内网和非NAT外网之间建立了联系,可以从非NAT内网通过非NAT外网与互联网进行交互。至此,管理端10中的非NAT网络已创建完成,管理端10可以将该非NAT网络共享给其他租户端20使用。After the non-NAT intranet is associated with the management route 101, a non-NAT intranet and a non-NAT extranet are established to communicate with each other through the non-NAT intranet through the non-NAT external network. So far, the non-NAT network in the management terminal 10 has been created, and the management terminal 10 can share the non-NAT network to other tenant terminals 20.
租户端20为本租户端20中的虚机提供了NAT模式网络;而虚机要通过NAT网络与互联网进行交互,用虚机的本地IP是不行的;虚机可以将本地IP经过SNAT转换,将IP转换为互联网能够识别的公网IP。The tenant 20 provides a NAT mode network for the virtual machine in the tenant 20; the virtual machine interacts with the Internet through the NAT network, and the local IP of the virtual machine cannot be used; the virtual machine can convert the local IP through SNAT. Convert IP to a public IP that the Internet can recognize.
管理端10为本租户端20中的虚机提供了非NAT模式网络;虚机要通过非NAT网络与互联网进行交互,用非NAT模式下的IP地址就可以了,非NAT模式下的IP地址可以直接与互联网进行交互。The management terminal 10 provides a non-NAT mode network for the virtual machine in the tenant 20; the virtual machine interacts with the Internet through a non-NAT network, and the IP address in the non-NAT mode is available, and the IP address in the non-NAT mode Can interact directly with the Internet.
在租户端20的网络和管理端10的网络均建立好之后,租户端20中的每个虚机可以通过本租户端20提供的NAT网络和/或管理端10提供的非NAT网络与互联网进行交互。租户端20中的虚机包括:第一虚机2021、第二虚机2022、第三虚机2023;第一虚机2021,设置为可以通过本租户的NAT网络与互联网进行交互;第二虚机2022,设置为可以通过管理端10提供的非NAT网络与互联网进行交互;第三虚机2023,设置为可以通过本租户提供的NAT网络和管理端10提供的非NAT网络与互联网进行交互。其中,第一虚机2021设置为按照本租户端20分配的本地IP地址,经过租户路由201的SNAT转换为公网IP,然后实现与互联网的交互;第二虚机2022设置为按照管理端10提供的IP地址,无需对该IP地址进行转换即可以通过管理端10的非NAT模式网络与互联网进行交互;第三虚机2023既有本租户端20提供的本地IP,也有管理端10的非NAT网络提供的IP地址,第三虚机2023设置为以本地IP经过转换,再通过本租户端20的NAT网络与互联网交互,以非NAT网络提供的IP地址直接通过管理端10的非NAT网络与 互联网交互。由于NAT和非NAT模式不同,第三虚机2023中的本地IP和非NAT网络提供的IP地址是不同的,分别采用这两个IP可以通过相应的方式实现交互。After both the network of the tenant 20 and the network of the management terminal 10 are established, each virtual machine in the tenant 20 can be performed by the NAT network provided by the tenant 20 and/or the non-NAT network provided by the management terminal 10 and the Internet. Interaction. The virtual machine in the tenant terminal 20 includes: a first virtual machine 2021, a second virtual machine 2022, and a third virtual machine 2023. The first virtual machine 2021 is configured to interact with the Internet through the tenant's NAT network; The machine 2022 is configured to interact with the Internet through a non-NAT network provided by the management terminal 10; the third virtual machine 2023 is configured to interact with the Internet through a NAT network provided by the tenant and a non-NAT network provided by the management terminal 10. The first virtual machine 2021 is configured to convert to the public network IP through the SNAT of the tenant route 201 according to the local IP address allocated by the tenant 20, and then implement interaction with the Internet; the second virtual machine 2022 is set to follow the management terminal 10 The provided IP address can be exchanged with the Internet through the non-NAT mode network of the management terminal 10 without converting the IP address; the third virtual machine 2023 has both the local IP provided by the tenant 20 and the non-administrator 10 The IP address provided by the NAT network, the third virtual machine 2023 is set to be converted by the local IP, and then interacts with the Internet through the NAT network of the tenant 20, and the IP address provided by the non-NAT network directly passes through the non-NAT network of the management terminal 10. versus Internet interaction. Because the NAT and non-NAT modes are different, the IP addresses provided by the local IP and the non-NAT network in the third virtual machine 2023 are different, and the two IPs can be used to implement interaction in a corresponding manner.
本实施例提供了一种网络共享系统,包括管理端和租户端,租户端包括多个虚机,通过在租户端建立NAT和非NAT中的一种网络,以及在管理端建立至少一种网络,租户端设置为为本租户端中的虚机提供本租户端中的网络,管理端设置为为该租户端中的虚机提供不同于该租户端的网络,从而在该租户端上实现了NAT模式网络和非NAT模式网络的兼容,提高了系统的灵活应用性。The embodiment provides a network sharing system, including a management terminal and a tenant. The tenant includes multiple virtual machines, and establishes at least one network in the NAT and non-NAT on the tenant. The tenant is configured to provide the network in the tenant to the virtual machine in the tenant, and the management end is configured to provide a network different from the tenant in the virtual machine in the tenant, thereby implementing NAT on the tenant. The compatibility of the mode network and the non-NAT mode network improves the flexible application of the system.
本发明实施例还提供了一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现上述实施例所述的方法。The embodiment of the invention further provides a computer readable storage medium storing computer executable instructions, which are implemented by the processor to implement the method described in the foregoing embodiments.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理单元的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些组件或所有组件可以被实施为由处理器,如数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何话方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此 外,本领域技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。Those of ordinary skill in the art will appreciate that all or some of the steps, systems, and functional blocks/units of the methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical units; for example, one physical component may have multiple functions, or one function or step may be composed of several physical The components work together. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on a computer readable medium, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As is well known to those of ordinary skill in the art, the term computer storage medium includes volatile and nonvolatile implemented in any method or technique for storing information, such as computer readable instructions, data structures, program modules or other data. Sex, removable and non-removable media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storage, magnetic cartridge, magnetic tape, magnetic disk storage or other magnetic storage device, or may Any other medium used to store the desired information and that can be accessed by the computer. This In addition, it is well known to those skilled in the art that communication media typically includes computer readable instructions, data structures, program modules or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media.
以上内容是结合具体的实施方式对本发明所作的进一步详细说明,不能认定本发明的具体实施只局限于这些说明。对于本发明所属技术领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本发明的保护范围。The above is a further detailed description of the present invention in connection with the specific embodiments, and the specific embodiments of the present invention are not limited to the description. It will be apparent to those skilled in the art that the present invention may be made without departing from the spirit and scope of the invention.
工业实用性Industrial applicability
上述技术方案,可以使租户端有自己建立的网络和管理端提供的网络,进而实现了在一个租户端中兼容两种网络,提高了系统的灵活应用性。 The above technical solution can enable the tenant to have a network established by itself and a network provided by the management end, thereby implementing compatibility between the two networks in one tenant, thereby improving the flexible application of the system.

Claims (13)

  1. 一种组网系统,包括管理端(10)和至少一个租户端(20),所述租户端(20)包括至少一个虚机(202);A networking system includes a management terminal (10) and at least one tenant (20), the tenant (20) including at least one virtual machine (202);
    每个所述租户端(20)包括网络地址转换NAT模式网络和非NAT模式网络中的一种网络,所述管理端(10)包括上述两种网络中的至少一种网络,所述租户端(20)设置为为本租户端(20)中的至少一个虚机(202)提供本租户端(20)的网络,所述管理端(10)设置为为所述租户端(20)中的至少一个虚机(202)提供不同于所述租户端(20)的网络。Each of the tenant terminals (20) includes one of a network address translation NAT mode network and a non-NAT mode network, and the management terminal (10) includes at least one of the above two networks, the tenant end (20) being configured to provide a network of the tenant (20) to at least one virtual machine (202) in the tenant (20), where the management end (10) is set to be in the tenant (20) At least one virtual machine (202) provides a different network than the tenant (20).
  2. 如权利要求1所述的组网系统,其中,The networking system according to claim 1, wherein
    每个所述租户端(20)的网络均是相同的一种网络;Each of the networks of the tenant (20) is the same type of network;
    所述管理端(10)的网络是与所述租户端(20)不同的另一种网络。The network of the management terminal (10) is another network different from the tenant (20).
  3. 如权利要求1所述的组网系统,其中,The networking system according to claim 1, wherein
    每个所述租户端(20)的网络包括NAT模式网络和非NAT模式网络中的任一种网络;Each of the networks of the tenant (20) includes any one of a NAT mode network and a non-NAT mode network;
    所述管理端(10)的网络包括NAT模式网络和非NAT模式网络。The network of the management terminal (10) includes a NAT mode network and a non-NAT mode network.
  4. 如权利要求1-3任一项所述的组网系统,其中,The networking system according to any one of claims 1 to 3, wherein
    所述租户端(20)中的每个虚机(202),设置为通过本租户端(20)提供的网络与外网进行交互;Each virtual machine (202) in the tenant (20) is configured to interact with the external network through a network provided by the tenant (20);
    或者,所述租户端(20)中的每个虚机(202),设置为通过所述管理端(10)提供的不同于本租户端(20)的网络与外网进行交互;Alternatively, each virtual machine (202) in the tenant (20) is configured to interact with the external network through a network different from the tenant (20) provided by the management terminal (10);
    或者,所述租户端(20)中的每个虚机(202),设置为通过本租户端(20)提供的网络以及所述管理端(10)提供的不同于本租户端(20)的网络与外网进行交互。Alternatively, each virtual machine (202) in the tenant (20) is set to be provided by the network provided by the tenant (20) and the management terminal (10) is different from the tenant (20). The network interacts with the external network.
  5. 如权利要求1-3任一项所述的组网系统,其中,The networking system according to any one of claims 1 to 3, wherein
    所述管理端(10)包括至少一个虚机;The management terminal (10) includes at least one virtual machine;
    所述管理端(10)中的虚机通过所述管理端(10)的网络与外网进行交互。 The virtual machine in the management terminal (10) interacts with the external network through the network of the management terminal (10).
  6. 一种网络共享系统,包括管理端(10)和至少一个租户端(20),每个租户端(20)包括至少一个虚机(202);每个租户端(20)建立网络地址转换NAT模式网络和非NAT模式网络中的一种网络,所述管理端(10)建立上述两种网络中的至少一种网络;所述租户端(20)设置为为本租户端(20)中的至少一个虚机(202)提供本租户端(20)的网络,所述管理端(10)设置为为所述租户端(20)中的至少一个虚机(202)提供不同于所述租户端(20)的网络。A network sharing system includes a management terminal (10) and at least one tenant (20), each tenant (20) including at least one virtual machine (202); each tenant (20) establishes a network address translation NAT mode a network in a network and a non-NAT mode network, wherein the management terminal (10) establishes at least one of the two networks; the tenant (20) is set to be at least one of the tenant terminals (20) A virtual machine (202) provides a network of the tenant (20), and the management terminal (10) is configured to provide at least one virtual machine (202) in the tenant (20) different from the tenant ( 20) The network.
  7. 如权利要求6所述的网络共享系统,其中,A network sharing system according to claim 6, wherein
    每个租户端(20)建立的网络均是相同的一种网络,且所述管理端(10)建立与所述租户端(20)不同的另一种网络。Each of the networks established by the tenant (20) is the same type of network, and the management terminal (10) establishes another network different from the tenant (20).
  8. 如权利要求6所述的网络共享系统,其中,A network sharing system according to claim 6, wherein
    每个租户端(20)建立的网络包括NAT模式网络和非NAT模式网络中的任一种网络,所述管理端(10)建立的网络包括NAT模式网络和非NAT模式网络,管理端(10)为每个租户端(20)中的虚机(202)提供不同于所述租户端(20)的网络。The network established by each tenant (20) includes any one of a NAT mode network and a non-NAT mode network, and the network established by the management terminal (10) includes a NAT mode network and a non-NAT mode network, and the management end (10) A network different from the tenant (20) is provided for each virtual machine (202) in each tenant (20).
  9. 如权利要求6-8任一项所述的网络共享系统,其中,A network sharing system according to any one of claims 6-8, wherein
    所述租户端(20)中的每个虚机(202),设置为通过本租户端(20)提供的网络与外网进行交互;Each virtual machine (202) in the tenant (20) is configured to interact with the external network through a network provided by the tenant (20);
    或者,所述租户端(20)中的每个虚机(202),设置为通过管理端(10)提供的不同于本租户端(20)的网络与外网进行交互;Alternatively, each virtual machine (202) in the tenant (20) is configured to interact with the external network through a network different from the tenant (20) provided by the management terminal (10);
    或者,所述租户端(20)中的每个虚机(202),设置为通过本租户端(20)提供的网络以及所述管理端(10)提供的不同于本租户端(20)的网络与外网进行交互。Alternatively, each virtual machine (202) in the tenant (20) is set to be provided by the network provided by the tenant (20) and the management terminal (10) is different from the tenant (20). The network interacts with the external network.
  10. 如权利要求6-8任一项所述的网络共享系统,其中,A network sharing system according to any one of claims 6-8, wherein
    所述管理端(10)包括至少一个虚机;所述管理端(10)中的虚机通过管理端(10)的网络与外网进行交互。The management terminal (10) includes at least one virtual machine; the virtual machine in the management terminal (10) interacts with the external network through a network of the management terminal (10).
  11. 一种网络共享方法,包括:A network sharing method includes:
    每个租户端建立网络地址转换NAT模式网络和非NAT模式网络中的一 种网络(S101);Each tenant establishes one of a network address translation NAT mode network and a non-NAT mode network. Kind of network (S101);
    管理端建立上述两种网络中的至少一种网络(S102);The management terminal establishes at least one of the above two networks (S102);
    所述租户端为本租户端中的至少一个虚机提供本租户端的网络,所述管理端为租户端中的至少一个虚机提供不同于所述租户端的网络(S103)。The tenant provides a network of the tenant at least one virtual machine in the tenant, and the management end provides a network different from the tenant in at least one virtual machine in the tenant (S103).
  12. 如权利要求11所述的网络共享方法,所述方法还包括:The network sharing method of claim 11, the method further comprising:
    所述租户端中的每个虚机通过本租户端提供的网络与外网进行交互;Each virtual machine in the tenant interacts with the external network through the network provided by the tenant;
    或,所述租户端中的每个虚机通过所述管理端提供的不同于本租户端的网络与外网进行交互;Or, each virtual machine in the tenant interacts with the external network by using a network different from the tenant provided by the management terminal;
    或,所述租户端中的每个虚机通过本租户端提供的网络和所述管理端提供的不同于本租户端的网络与外网进行交互。Or, each virtual machine in the tenant interacts with the external network through a network provided by the tenant and a network different from the tenant provided by the management terminal.
  13. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现上述权利要求11或12所述的方法。 A computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the method of claim 11 or 12.
PCT/CN2017/087179 2016-06-14 2017-06-05 Networking system, and network sharing method and system WO2017215483A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610417007.2 2016-06-14
CN201610417007.2A CN107508845B (en) 2016-06-14 2016-06-14 Networking system, network sharing method and system

Publications (1)

Publication Number Publication Date
WO2017215483A1 true WO2017215483A1 (en) 2017-12-21

Family

ID=60664329

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/087179 WO2017215483A1 (en) 2016-06-14 2017-06-05 Networking system, and network sharing method and system

Country Status (2)

Country Link
CN (1) CN107508845B (en)
WO (1) WO2017215483A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111654443A (en) * 2020-06-05 2020-09-11 山东汇贸电子口岸有限公司 Method for directly accessing public network by virtual machine IPv6 address in cloud environment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102752137A (en) * 2012-06-28 2012-10-24 用友软件股份有限公司 Device and method for actively setting network parameters of virtual machine
CN104407913A (en) * 2014-11-12 2015-03-11 国云科技股份有限公司 Method for implementing two-wire access through virtual machine with single network card
CN104506403A (en) * 2014-12-05 2015-04-08 国云科技股份有限公司 Virtual network managing method supporting multi-stage isolation
US20150281059A1 (en) * 2014-03-27 2015-10-01 Nicira, Inc. Host architecture for efficient cloud service access

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100499494C (en) * 2005-09-13 2009-06-10 华为技术有限公司 System for tele-managing local network device and realization method
CN103731308A (en) * 2013-12-29 2014-04-16 国云科技股份有限公司 Virtual machine public network management method
CN103746997A (en) * 2014-01-10 2014-04-23 浪潮电子信息产业股份有限公司 Network security solution for cloud computing center
CN103888553B (en) * 2014-02-21 2017-09-26 汉柏科技有限公司 Virtual machine and host network connectivity methods and device based on route
CN103812704B (en) * 2014-02-25 2017-12-15 国云科技股份有限公司 A kind of public network IP dynamic management approach of Virtual machine
CN104468746A (en) * 2014-11-23 2015-03-25 国云科技股份有限公司 Method for realizing distributed virtual networks applicable to cloud platform
CN104580545B (en) * 2014-12-18 2018-08-28 国云科技股份有限公司 A kind of virtual machine IP management methods monitored based on address

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102752137A (en) * 2012-06-28 2012-10-24 用友软件股份有限公司 Device and method for actively setting network parameters of virtual machine
US20150281059A1 (en) * 2014-03-27 2015-10-01 Nicira, Inc. Host architecture for efficient cloud service access
CN104407913A (en) * 2014-11-12 2015-03-11 国云科技股份有限公司 Method for implementing two-wire access through virtual machine with single network card
CN104506403A (en) * 2014-12-05 2015-04-08 国云科技股份有限公司 Virtual network managing method supporting multi-stage isolation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SHEN, JUNHUI: "Network Connection Mode and Principle of VMware Virtual Machine", COMPUTER KNOWLEDGE AND TECHNOLOGY, vol. 8, no. 35, 31 December 2012 (2012-12-31), ISSN: 1009-3044 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111654443A (en) * 2020-06-05 2020-09-11 山东汇贸电子口岸有限公司 Method for directly accessing public network by virtual machine IPv6 address in cloud environment

Also Published As

Publication number Publication date
CN107508845B (en) 2021-07-06
CN107508845A (en) 2017-12-22

Similar Documents

Publication Publication Date Title
US11115465B2 (en) Accessing endpoints in logical networks and public cloud service providers native networks using a single network interface and a single routing table
US10491516B2 (en) Packet communication between logical networks and public cloud service providers native networks using a single network interface and a single routing table
US9755903B2 (en) Replicating firewall policy across multiple data centers
EP3175590B1 (en) Bridging clouds
US8363656B2 (en) Multiple virtual machines sharing a single IP address
US20230124797A1 (en) Stateful services on stateless clustered edge
US10044617B2 (en) Stateful services on stateless clustered edge
EP3219058B1 (en) Stateful services on stateless clustered edge
US9832112B2 (en) Using different TCP/IP stacks for different hypervisor services
US11457096B2 (en) Application based egress interface selection
JP2018082449A (en) Logical router
US9876714B2 (en) Stateful services on stateless clustered edge
US9729679B2 (en) Using different TCP/IP stacks for different tenants on a multi-tenant host
WO2019040720A1 (en) Accessing endpoints in logical networks and public cloud service providers native networks using a single network interface and a single routing table
US9866473B2 (en) Stateful services on stateless clustered edge
CN109937400A (en) The stream mode of real-time migration for virtual machine transmits
US10091125B2 (en) Using different TCP/IP stacks with separately allocated resources
US9940180B2 (en) Using loopback interfaces of multiple TCP/IP stacks for communication between processes
JP6884891B2 (en) Route synchronization
CN106685860B (en) Network virtualization method and device
CN111756629B (en) Method, device, equipment, network and medium for accessing equipment to overlay network and communication
WO2017215483A1 (en) Networking system, and network sharing method and system
US20240154929A1 (en) Network address translation (nat) devices configured to resolve nat state synchronization issues

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17812594

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17812594

Country of ref document: EP

Kind code of ref document: A1