WO2019011144A1

WO2019011144A1 - Virtual network device, routing device and virtual network connection method

Info

Publication number: WO2019011144A1
Application number: PCT/CN2018/093995
Authority: WO
Inventors: 吕彪; 孙成浩; 祝顺民; 肖寒; 刘宝春; 邓立龙; 周嘉文; 赵巍; 程钢
Original assignee: 阿里巴巴集团控股有限公司
Priority date: 2017-07-11
Filing date: 2018-07-02
Publication date: 2019-01-17
Also published as: CN109245983B; CN109245983A

Abstract

Provided are a virtual network device, a routing device, and a virtual network connection method. The virtual network device accesses a first virtual network and communicates with a second virtual network device in a second network, comprises at least one virtual device interface, and is configured to: send, to the second virtual network device, a connection request comprising configuration information about the first virtual network; configure, based on configuration information, returned by the second virtual network device, about the second network, the virtual device interface; and enter an activated state after configuration is completed, and establish a communication connection with a second virtual device interface of the second virtual network device in the second network. In the embodiments of the present application, communication, which can be independently managed, between a virtual network and multiple virtual networks/physical networks can be realized by means of a newly designed and configured virtual device interface, thereby realizing the functions of communication across networks and between multiple networks and the independent management of connection points, and improving virtual network management and resource/service efficiency.

Description

Virtual network device, routing device and connection method of virtual network

The present application claims priority to Chinese Patent Application No. JP-A No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. In this application.

Technical field

The present application relates to the field of network communication technologies, and in particular, to a virtual network device, a routing device, and a connection method of a virtual network.

Background technique

With the rapid development of random computers and Internet technologies, various virtual networks are now being widely used and valued. Currently, different virtual networks in a virtual network are isolated, and the virtual network and the physical network are directly isolated. However, in many scenarios, these virtual networks need to be able to access each other's services/resources, and even some virtual networks need to access services and resources in the physical network.

In a virtual network, in order to keep the function and deployment of the virtual network consistent with the physical network, many virtual network devices are designed, including virtual private networks (VPCs), virtual switches (VSwitches), and virtual routing tables (RouteTable). ) and virtual routers (VRouters). Through network device virtualization technology, one physical network device can be virtualized into multiple virtual network devices (logical network devices) through software. The virtualized virtual network device can run on the physical device. Through the cooperation of software and hardware virtualization, it can have certain physical device functions. It can have independent software environment and data. For example, the virtual router can have physical router routing. Table storage and routing forwarding. However, due to the limitations of the virtual router itself, some of the functions of the virtual network in the virtual network to achieve private line access and inter-network interworking are difficult or impossible to achieve, such as a virtual network cannot be combined with multiple other Virtual networks can communicate with each other at the same time, and cannot communicate with multiple physical networks at the same time. This hinders the interworking between virtual networks and multiple networks, making the sharing of resources/services between virtual networks extremely inefficient. Moreover, the existing virtual routers usually only perform routing functions, and lack of functions such as independent connection point management on the physical router, which seriously restricts virtual network design, resource service, inter-network communication, and node management.

Summary of the invention

The purpose of the present application is to provide a method for connecting a virtual network device, a routing device, and a virtual network, and the independently configured communication between the virtual network and the plurality of virtual networks/physical networks can be realized through the newly designed virtual device interface. Improve cross-network, multi-network interworking and connection point independent management to improve virtual network management and resource/service efficiency.

A virtual network device, a routing device, and a virtual network connection method provided by the present application are implemented as follows:

a virtual network device that accesses a first virtual network and communicates with a second virtual network device in a second network, the virtual network device including at least one virtual device interface, the virtual device interface configured to

Sending a connection request to the second virtual network device, where the connection request includes configuration information of the first virtual network, and configuration information of the first virtual network is used for an interface configuration of the second virtual network device;

And configuring, according to the configuration information of the second network returned by the second virtual network device, the virtual device interface;

After the configuration of the virtual device interface is completed, the active state is entered, and a communication connection with the second virtual device interface of the second virtual network device of the second network is established.

A virtual network device accessing the first physical network and communicating with a second virtual network device in the second network, the virtual network device including at least one virtual device interface, the virtual device interface configured to

A routing device comprising a memory storing computer executable instructions, accessing a virtual device interface of a first virtual network, and communicating with a second virtual network device in a second network, the instructions being executed by the processor The virtual device interface implements at least:

A method for connecting a virtual network, comprising: accessing a first virtual network device of a first network, and a second virtual network device accessing a second network, where the first virtual network device is configured with at least one first virtual device interface, The second virtual network device is configured with at least one second virtual device interface, and at least one of the first network and the second network is a virtual network.

The first virtual device interface sends a connection request to the second virtual device interface, where the connection request is generated according to the configuration information of the first virtual device interface and the verification information of the second virtual device interface;

The second virtual network device verifies the connection request, and after the verification succeeds, configures the second virtual device interface according to the configuration information of the first virtual device interface, and returns verification to the first virtual network device. Success message

After receiving the verification success message, the first virtual network device configures the first virtual device interface according to the configuration information of the virtual device interface of the second network, and establishes an interface with the second virtual device. Communication connection.

A computer readable storage medium having stored thereon computer instructions for accessing a first virtual network and communicating with a second virtual network device in a second network, the virtual network device including at least one virtual device interface The virtual device interface is implemented at least when the instructions are executed:

A virtual network device comprising: a processor, and a memory storing computer executable instructions, the instructions being executed by the processor, configuring a virtual network device for the first virtual network, and configuring the virtual network device The virtual device interface on the at least:

After the configuration of the virtual device interface is completed, the active state is entered, and a communication connection with the second virtual device interface of the second virtual network device is established.

A virtual network device includes at least one virtual device interface, the virtual device interface configured to

Sending a connection request to the second virtual network device;

And configuring, according to configuration information for the second network returned by the second virtual network device, the virtual device interface;

After the virtual device interface is configured, a communication connection with the second virtual device interface of the second virtual network device of the second network is established.

The present invention provides a virtual network device, a routing device, and a virtual network connection method, and constructs a new virtual network device, and implements a virtual network and one or more virtual networks/physical through a virtual device interface configured on the virtual network device. The connection between the networks. When multiple virtual/physical networks need to be connected, multiple virtual device interfaces can be created to complete the connection with multiple virtual/physical networks. The embodiment of the present application adds the concept of a router interface like a physical router, and is expanded based on the characteristics of the virtual network and the physical network. The virtual network device in the present application can connect to different virtual networks and connect multiple virtual networks. / Physical network, and can also better realize private line access in the physical network to meet the functions and scenarios of inter-network interworking. With the implementation of the present application, an implementation scheme of an extended virtual network and a plurality of different virtual network/physical networks is realized, and an independent connection point management function is provided, so that virtual network design, resource service/sharing, inter-network interworking, and node management are implemented. More flexible and convenient, it is conducive to improving the product service experience of virtual networks.

DRAWINGS

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings to be used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description are only It is a few embodiments described in the present application, and other drawings can be obtained from those skilled in the art without any inventive labor.

1 is a schematic diagram of a network topology structure of a network environment in which a virtual network device is provided according to the present application;

2 is a schematic diagram of an implementation scenario of a virtual network device in a virtual network provided by the present application;

3 is a schematic diagram of a virtual network device configured after a routing table is persistent on a DB in an embodiment of the present application;

4 is a schematic diagram of virtual device interface configuration information of a virtual network device configuration according to the present application;

5 is a schematic diagram of processing of a state machine of a virtual device interface provided by the present application;

6 is a schematic diagram of data configuration of a border virtual network device in an embodiment;

7 is a schematic diagram of configuration of routing table information configured on a border virtual network device in an embodiment of the present application;

FIG. 8 is a schematic diagram of a process flow of a scenario of a method for connecting a virtual network according to the present application.

Detailed ways

The technical solutions in the embodiments of the present application are clearly and completely described in the following, in which the technical solutions in the embodiments of the present application are clearly and completely described. The embodiments are only a part of the embodiments of the present application, and not all of them. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope shall fall within the scope of the application.

The virtual network described in the present application generally refers to a computer network including at least a part of a virtual network link, where the virtual network link may refer to not including a physical connection between two computing devices, but through network virtualization. achieve. For example, a virtual network of a scenario is usually based on the exchange technology, and the network node is divided into several "logical work groups" according to the nature of work and needs, and a "logical work group" can be a virtual local area network ( VLAN, Virtual Local Area Network, virtual local area network, a protocol-based virtual network). By dividing the virtual network, the broadcast can be restricted to the range of each virtual network, thereby reducing the transmission of broadcast packets throughout the network and improving the transmission efficiency of the network. There is no direct communication between virtual networks, usually through routers for data forwarding. Generally, if multiple hosts with different physical locations belong to the same virtual local area network, the hosts can communicate with each other; if multiple hosts with the same physical location belong to different virtual local area networks, the hosts cannot directly communicate with each other. Communication between virtual networks can usually be implemented on a switch or router. For example, adding VLAN tags to Ethernet frames to classify them over Ethernet frames, Ethernet frames with the same VLAN tag are transmitted in the same broadcast domain.

The present application provides a novel virtual network device, which not only has the functions and features of the existing virtual router, but also adds the concept of a router interface like a physical router, and can also be extended based on the characteristics of the virtual network and the physical network (for example) Adding user information, tunnel/encapsulation information of the virtual network, physical network VLAN, physical port information, circuit coding, etc., enables the new virtual network device to connect to different virtual networks as well as virtual and physical networks. The virtual network device described in the present application may include a network connection virtual machine, a virtual switch, a virtual router, and the like inside a hypervisor (an intermediate software layer running between a physical server and an operating system).

The virtual network device described in this application may specifically include virtualizing one physical network device into multiple virtual network devices by using network device virtualization technology. The virtual network device in the embodiment of the present application can be run on a physical device, and can have a certain physical device function through the cooperation of software and hardware virtualization, and can have a separate software environment and data. A virtual network device, such as an embodiment of the present application, may be configured to run on a physical router having a routing table storage and routing forwarding function, and implement a virtual network and multiple virtual networks/physical networks through a virtual device interface configured on the virtual network device. Independently manageable connectivity.

FIG. 1 is a schematic diagram of a network topology structure of a network environment in which a virtual network device is provided according to the present application. As shown in FIG. 1, the virtual network device may be in a virtual network (eg, the virtual network device is in the first virtual network VNetDev-1), has a routing function, and has a virtual device interface on the device, based on the interface. The function of the above physical network can be better realized, the routing function of the virtual network accessed by the local end, and the connection between the virtual network and other network VNetDev-2 (virtual network), or between the virtual network and the physical network. On the border device, the virtual network is connected to the physical network (VNetDev-3). Each virtual network device provided by the present application can simultaneously connect multiple virtual network/physical networks (which can be done by establishing multiple virtual device interfaces on the virtual network device). Moreover, each virtual network device can independently manage the connection with other virtual network/physical networks (which can be done by activating/deactivating the virtual device interface on the device). In addition, the virtual network device may also complete the configuration of the firewall and the security domain based on the virtual device interface.

The description of the virtual network device of the present application will be described below with reference to the accompanying drawings. In the present application, the virtual network device may be classified into multiple implementation types according to the network environment in which the virtual network device is located (in the virtual network/on the border device, etc.). 2 is a schematic diagram of an implementation scenario of a virtual network device in a virtual network provided by the present application, which may provide a routing function in the virtual network and communicate with the other network (virtual network or physical network). Specifically, as shown in FIG. 2, the virtual network device is in the virtual network (for example, the virtual network device is in the first virtual network VNetDev-1), has a routing function, and has a virtual device interface on the device, based on The interface can better implement the functions of the above physical network, provide the routing function of the virtual network accessed by the local end, and connect the virtual network with other networks VNetDev-2 (virtual network or physical network). In an embodiment of the virtual network device provided by the present application, the virtual network device accesses the first virtual network, and may communicate with a second virtual network device in the second network, where the virtual network device may include At least one virtual device interface, the virtual device interface can be configured to

In the implementation scenario shown in FIG. 2, the virtual network in which the virtual network device is located (which may be referred to as the first virtual network in this embodiment) and the virtual network connected to the peer end may be configured with virtual network devices (here A virtual network device on the other side with respect to the side of the local end is referred to as a second virtual network device, and a virtual device interface (Inf) may be separately created on a virtual network device (VNetDevice) on the two virtual networks. The information of the second network virtual device, the second virtual device interface of the second virtual network device, the second virtual network device owner, and the like may be configured in the created Inf for the handshake of the communication parties. At least one side of the communication is a virtual network. Therefore, in some embodiments, the second network may be a virtual network or a physical network.

After the connection is initiated by any one end, the verification information of the second network virtual device, the second virtual device interface of the second virtual network device, the second virtual network device owner, and the like, and the configuration information of the first virtual network information may be placed in the request. Give the second network. After the connection request reaches the second virtual network device of the second network, the connection information of the device, the interface, the owner, and the like in the request may be checked. If the information is correct, the connection request is returned and the configuration information of the virtual network is attached. At this time, the virtual device interface of the first network and the second network can enter the state of connection, and configure the configuration information of the virtual network of the other party to the Encap/Decap configuration of the virtual device interface, and enter the Active state after the configuration is completed. . If the connection request information is incorrect, the connection request can be rejected. Therefore, in one embodiment, the configuring the virtual device interface based on the configuration information of the second network returned by the second virtual network device may include:

Receiving the verification success message sent by the second virtual network device, where the verification success message includes the second virtual network device returning to the virtual network when the configuration information of the first virtual network in the connection request is successfully verified. Device message

The virtual device interface is set to an active state based on the verification success message.

In a specific example, the virtual network device is in a virtual network, and the virtual network device may be configured with the following characteristic information:

ID (identification): indicates the internal ID of the virtual network device, used to persist the internal ID of the storage, such as the primary key (initial key) on the user DB (Database);

Description: A description for the virtual network device;

Name: the name of the virtual network device;

VirtualNetworkID: ID of the virtual network where the virtual device is located;

OwnerID: The owner ID of this virtual network device.

Of course, other characteristic information of the virtual network device may also be included according to the network environment or routing processing requirements and the like. The feature information of these virtual network devices can be persisted on the storage device, such as the physical router where the virtual network device is located. When resources/services (such as virtual machines, etc.) in the virtual network are set to connect to the virtual network device, data packets of resources/services in the virtual networks can be routed to the virtual network device within the virtual network device. Or other places outside the virtual network, such that the virtual machine or other virtual network in the virtual network can obtain configuration information of the virtual network, including configuration information of the virtual network device. The specific routing logic can be configured based on a routing table preset on the virtual network device. The routing table can be persisted on the DB and then configured on the virtual network device. As shown in FIG. 3, FIG. 3 is a schematic diagram of a virtual network device configured after the routing table is persistent on the DB in an embodiment of the present application.

On the virtual network device of the first virtual network, the created virtual device interface can be configured with the following feature information:

ID: The internal ID of the virtual device interface, used to persist the internal ID of the storage, such as the primarykey on the user DB;

Description: Description of the virtual device interface;

Name: the name of the virtual device interface;

VirtualNetworkDeviceID: ID of the virtual network device where the virtual device interface is located.

OppositeVirtualNetworkDeviceID: the ID of the virtual network device of the second network to which the virtual device interface is connected;

OppositeVirtualDeviceInterfaceID: ID of the router interface of the virtual device interface of the second network to which the virtual device interface is connected;

OppositeVirtualNetworkDeviceOwnerID: The owner ID of the virtual network device of the second network to which the virtual device interface is connected. It is used to handshake and authenticate the identity when the two virtual device interfaces are connected.

Certainly, the characteristic information of the virtual device interfaces can be persistent on the DB, and then can be configured on the virtual network device according to the connection request and/or the configuration information in the confirmation message, as shown in FIG. 4, FIG. 4 is the present application. A schematic diagram of virtual device interface configuration information of a virtual network device configuration, wherein Encap/Decap can save the unpacking logic of the data packets between the interface virtual networks (data packets of different virtual networks need to be converted) or virtual network The unpacking logic of the packet with the physical network (the packet between the virtual network and the physical network needs to be translated). The Encap/Decap configuration acquires configuration information from the second virtual network device and configures it on its own virtual network device after the virtual device interface initiates the connection request. In a specific implementation manner, after the virtual device interface of the virtual network device sends the connection request, the device may also:

Obtaining, according to the second virtual network device, the decapsulation logic information of the data packet used by the second network, and generating the first virtual network according to the decapsulation logic information of the data packet used by the first virtual network. Decapsulation processing logic of a data packet between the second networks; configuring the decapsulation processing logic in configuration information of a virtual device interface corresponding to the second network.

Further, in other implementation scenarios, each virtual network device may also complete a firewall and a security domain configuration based on the virtual device interface, and implement interface-level security protection settings. And the interface that can be flexibly managed and configured according to the embodiment of the present application can implement the security protection function application of the physical router conveniently and flexibly, and improve the flexibility and scalability of the virtual network security and configuration.

In an embodiment of the virtual network device provided by the present application, if it is confirmed that the data format used by the first network and the second network is different, the connection may be initiated from the second virtual Obtaining, by the network device, the decapsulation logic information of the data packet used by the second network, and generating, according to the decapsulation logic information of the data packet used by the first virtual network, between the first virtual network and the second network. Decapsulation processing logic of the data packet;

Then, the decapsulation processing logic is configured in configuration information of a virtual device interface corresponding to the second network.

In the application scenario of the embodiment, the verification information of the connected second network and the configuration information of the first virtual network may be sent to the second network, where the second network is a virtual network or a physical network, and the first virtual The configuration information of the network is used for configuration of the second virtual device interface of the virtual network device in the second network, so that the second virtual network device verifies the connection request. Specifically, for example, it can be verified whether the configuration information of the second virtual network device included in the connection request is correct/legal, such as whether the virtual network device name in the connection request is correct, whether the connected virtual device interface is stored, and second. Whether the owner information of the virtual network device is consistent with its own network information. If the verification passes, you can return a message that the verification was successful.

After receiving the verification success message sent by the second virtual network device (also referred to as a connection confirmation message), setting the virtual device interface set in the connection request to an active state, and according to the configuration information of the second network Configure the virtual device interface of the first virtual network. After the configuration is completed, a communication connection with the second virtual device interface of the second network can be established.

In the application scenario of the embodiment, at least one of the local network and the second network is a virtual network, for example, the local network is a virtual network, and the second network is a physical network. In order to distinguish the virtual network environment where the first virtual network device and the second virtual network device are located, in the description, the virtual network in which the determined virtual network device is located may be referred to as a first virtual network, and the other network is referred to as a second network. The second network may be a virtual network or a physical network. It should be noted that the first network and the second network, which are described below in the present application, refer to two networks connected in one virtual network, which are distinguished names of the local network that initiates the connection and the second network that needs to be connected. The first network may also be connected to other virtual networks other than the second network. According to the above, another network connected may be referred to as a third network with respect to the second network. However, in the interaction process specifically implementing the connection with the first network, the third network may be relatively described as the second network with respect to the first network.

In the embodiment of the present application, the first virtual network may establish a communication connection with the second network by means of communication establishment of the virtual device interface on the virtual network device. In the process of sending a connection, the connection request sent to the second network virtual device may further include the following verification information:

The identification identifier of the second virtual network device, the identification identifier of the second virtual device interface in the second virtual network device, and the identification identifier of the owner of the second virtual network device.

For example, the verification information may include an identification identifier of the second virtual network device to which the virtual device interface of the first virtual network is connected, an identification identifier of the second virtual device interface to which the virtual device interface of the first virtual network is connected, and The identification of the owner of the second virtual network device, and the like. Further, the configuration information of the local network may include, for example, an identification identifier of the virtual network device in the first virtual network, an identification identifier of the first virtual network, and an identifier of the virtual device interface used to establish a connection with the second network. Wait.

Certainly, the connection request may further include other field information, a network type/mode of the first virtual network, a timestamp, and the like in the actual application implementation process. The specific settings can be made according to the application scenario.

In the foregoing manner, after the connection is initiated, the authentication information of the peer end and the configuration information of the local end are combined into a connection request and sent to the second virtual network device. However, the present application does not exclude the configuration or location of the local end. The implementation manner in which the verification information is performed separately. In a specific example of the present disclosure, the virtual network device of the first virtual network acts as the sender of the connection request, and the virtual network device of the second network acts as the recipient of the connection request. It can be understood that in other examples of the present disclosure, the virtual network device of the second network may also be used as the sender of the connection request, and the virtual network device of the first virtual network is the receiver of the connection request.

In another embodiment of the virtual network device provided by the present application, the virtual device interface entering the Active may interrupt the connection from the first virtual network by the anti-activation operation (the virtual device interface enters the Inactive state). The data traffic of the first virtual network cannot flow through the Inactive virtual device interface, and the data traffic of the second network cannot flow through the Inactive virtual device interface. Therefore, in another embodiment of the method, the virtual device interface is further configured to

The inactive state is set to be inactive based on the received anti-activation command to prohibit the virtual device interface from transmitting and receiving data.

As shown in FIG. 1 , for example, after the first virtual device interface is activated, the first virtual device interface may be deactivated according to the anti-activation command to prohibit the first virtual device interface from performing data transmission and reception. Of course, in the second virtual network device of the second network, when the second virtual device interface is activated, the second virtual device interface may also be deactivated according to the anti-activation command to prohibit the second virtual device interface from performing data transmission and reception. In the embodiment provided by the embodiment of the present application, the virtual device interface entering the active state may interrupt the connection from the first virtual network by using a reverse activation operation (for example, bringing the virtual device interface into an anti-active state), and the traffic of the first virtual network is Unable to flow out through the deactivated virtual device interface, traffic of the second network cannot flow through the deactivated virtual device interface, so that each virtual network device can independently manage the connection with other virtual network or physical network, making virtual Network connection management and more are more flexible, and can also improve the security of the network.

Further, in another embodiment of the virtual network of the present application, the virtual device interface in the activated state may be deleted from the virtual network device by the deletion operation, and the interface occupation of the virtual network device is released, thereby reducing the virtual network device to the resource. Consumption. Therefore, in another embodiment, the virtual network device further deletes the virtual device interface in the inactive state specified in the virtual network device based on the received interface deletion instruction.

As shown in FIG. 1, after the first virtual device interface is deactivated, the first virtual device interface may be deleted according to the deletion instruction. Similarly, the second virtual device interface whose state is inactive in the second virtual device of the second network may also be deleted according to the deletion instruction. Therefore, in the solution of the embodiment, when the virtual device interface is deactivated and deleted from the virtual network device, the virtual network device can not only reduce the consumption of resources, but also enable the network interface node to have flexible and independent management capabilities, and thus Provide network security. FIG. 5 is a schematic diagram of processing of a state machine of a virtual device interface provided by the present application.

The foregoing description is implemented by establishing a connection with the second network, and so on, the first network may establish a connection with multiple virtual networks or physical networks such as the third network and the fourth network. Alternatively, the third network may establish a connection between the virtual network and the virtual network and the physical network by establishing a connection between the network virtual device and the fifth network and the sixth network, which are also provided with the network virtual device. Therefore, in an embodiment of the virtual network device of the present application, the first virtual network may establish a communication connection with the K second networks through the virtual device interfaces of the K active states of the virtual network device, respectively. K ≥ 2.

As shown in FIG. 1, the first virtual device interface inf-1 is configured on the first virtual network device VNetDev-1 in the first virtual network VNet-1, and the second virtual network device in the second virtual network VNet-2 is configured. The second virtual device interface inf-2 is configured on VNetDev-2. Then, the first virtual network VNet-1 and the second virtual network VNet-2 can establish a communication connection by handshaking and identity verification through the first virtual device interface inf-1 and the second virtual device interface inf-2 to implement interworking. The first virtual network device may be configured with multiple virtual device interfaces. For example, the first virtual network device is further configured with a virtual device interface inf-10, and multiple virtual network/physical networks may be connected at the same time, such as inf- with the second virtual network device. The 20 interfaces are connected, or at the same time, the virtual device of the physical network VNet-3 can be connected to the Inf-302, and the implementation of the interworking between the extended virtual network and multiple different virtual networks/physical networks can make the virtual network design, Resource service/sharing, inter-network interoperability, etc. are more flexible and convenient, which is conducive to improving the product service experience of virtual networks.

It can be seen that the implementation of the virtual device interface activation/deactivation, the deletion of the virtual device interface, and the like, the implementation provided by the present application can completely virtualize the function that can be completed only by the physical network interface to the virtual network interface. To achieve activation control of the virtual/physical network interface level, breaking through the limitations of the original virtual network device with only a single control and connection management.

The virtual network device in the foregoing embodiment can process the routing function in the virtual network and the interworking between the virtual network and the virtual network/physical network. In another embodiment application scenario, the virtual network device may be on a border device connected to a physical network. A virtual network device on the border device can connect to one or more physical interfaces on the border device. Of course, multiple virtual LAN VLANs can be configured on the physical interface. In general, different virtual network devices cannot share a single VLAN on the same physical interface. The routing table of the virtual network device is also persistent on the DB and then configured on the virtual network device. In this implementation scenario, the present application provides another implementation manner of the virtual network device. Specifically, the virtual network device accesses the first physical network, accesses the first physical network, and communicates with the second virtual network device in the second network, where the virtual network device includes at least one virtual device interface. The virtual device interface is configured to

Sending a connection request to the second virtual network device, where the connection request includes configuration information of the first physical network, and configuration information of the first physical network is used for an interface configuration of the second virtual network device;

In one example, the virtual network device on the border device can be configured to include the following characteristic information:

ID: the internal ID of the virtual network device, used to persist the internal ID of the storage, such as the primarykey on the user DB;

Description: Description of the virtual network device;

Name: the name of the virtual network device;

PhysicalDeviceID: The physical device ID of the virtual device;

PhysicalInterfaceInfo: Interface information on the physical device accessed by the virtual device, which may include one or more interfaces;

OwnerID: The owner ID of this virtual network device.

The feature information can be persisted on the DB (storing the data to a non-volatile storage device) and then can be configured on the virtual network device, as shown in FIG. 6. FIG. 6 is an embodiment of the present application. Schematic diagram of the data configuration of the boundary virtual network device.

A virtual network device on a border device between a virtual network and a physical network can provide connectivity between the virtual network and the physical network. In a specific implementation manner, a boundary virtual device interface is created for the virtual network device, and a communication connection between the virtual network and the physical network is implemented through the boundary virtual device interface. The virtual network device on the border device can connect to one or more physical interfaces on the border device, and multiple VLANs can be configured on the physical interface. In general, different virtual network devices cannot share a single VLAN on the same physical interface. In a specific embodiment, the virtual network device on the edge device may also be configured with a border virtual device interface, where the boundary virtual device interface is connected to a physical interface on the border device of the first physical network. At least one virtual local area network is configured on the physical interface, and the same virtual network device shares the same virtual local area network on the same physical interface.

In a specific example, the boundary virtual device interface connected to the physical network end may be configured to have the following characteristic information:

Descriptio: a description of the boundary virtual device interface;

Name: the name of the virtual device interface;

VirtualNetworkDeviceID: ID of the virtual network device where the border virtual device interface is located.

PhysicalInterfaceID: ID of the physical interface where the virtual device interface is located.

VLAN: The VLAN used by this border virtual device interface.

The border virtual device interface corresponds to the configuration of each <physical interface: VLAN> configured on the virtual device. The above-mentioned interface characteristic information can be persistent on the DB, and then can be configured on the virtual network device, as shown in FIG. 7. FIG. 7 is the routing table information configured on the border virtual network device in an embodiment of the present application. Schematic diagram of the configuration.

A virtual network device can be connected to a physical interface on one or more border devices (such as a router). The physical network can also communicate with multiple virtual networks through a configured virtual local area network VLAN. Multiple VLANs can also be configured on the physical interface. Generally, different virtual network devices cannot share one VLAN on the same physical interface. In this way, with the implementation of the embodiment, the virtual network can communicate with multiple physical networks, and the physical network can also communicate with multiple virtual networks through the configured virtual local area network VLAN, and the virtual network device on the border device has more The independent connection point management function makes virtual network design, resource service/sharing, inter-network interworking, node management, etc. more flexible and convenient, and can improve the product service experience of the virtual network.

The virtual network device described in this application may specifically include virtualizing one physical network device into multiple virtual network devices by using network device virtualization technology. The virtual network device in the embodiment of the present application may be configured to run on a physical device, and may have a function of a physical device by using a combination of software and hardware virtualization, and may have an independent software environment and data, such as a virtual network in the embodiment of the present application. The device is configured to run on a physical router with routing table storage and routing forwarding functions, and realizes independently manageable communication between the virtual network and multiple virtual networks/physical networks through a virtual device interface configured on the virtual network device. Therefore, based on the foregoing embodiments, the present application provides a routing device, which may be a processing device that can communicate between a virtual network and a virtual network/physical network, and implement communication between the virtual network and the virtual network/physical network. Connection and independent connection point management. Specifically, the present application provides an embodiment of a routing device, including a memory storing computer executable instructions, accessing a virtual device interface of a first virtual network, and communicating with a second virtual network device in a second network. The instructions are executed by the processor to cause the virtual device interface to at least:

Certainly, in other embodiments, the routing device may further set the corresponding virtual device interface to an inactive state based on the received anti-activation command to prohibit data transmission and reception. In other embodiments, the routing device deletes the corresponding inactive virtual device interface based on the received deletion instruction, and the second network is a virtual network or a physical network.

With the virtual network device provided by the present application or the routing device integrated with the virtual network device, communication connection and independent connection point management between the virtual network and multiple virtual network/physical networks can be realized, so that virtual network design and resource service/ Sharing, inter-network interworking, and node management are more flexible and convenient, which is conducive to improving the product service experience of virtual networks. Therefore, the present application further provides a method for connecting a virtual network, as shown in FIG. 8. FIG. 8 is a schematic flowchart of a process of connecting a method for connecting a virtual network according to an embodiment of the present disclosure. a first virtual network device of the network, a second virtual network device accessing the second network, the first virtual network device configuring at least one first virtual device interface, and the second virtual network device configuring at least a second virtual device interface At least one of the first network and the second network is a virtual network.

S10: The first virtual device interface sends a connection request to the second virtual device interface, where the connection request is generated according to the configuration information of the first virtual device interface and the verification information of the second virtual device interface.

S20: The second virtual network device verifies the connection request, and after the verification succeeds, configures the second virtual device interface according to the configuration information of the first virtual device interface, and sends the second virtual device interface to the first virtual network device. Return verification success message;

After the first virtual network device receives the verification success message, the first virtual device interface is configured according to the configuration information of the virtual device interface of the second network, and the second virtual device is established. The communication connection of the interface.

The method or the virtual network device (including the configuration of the virtual device interface) in the foregoing embodiment of the present application may implement the business logic by using a computer program and record on the storage medium, and the storage medium may be read and executed by the computer to implement the present Apply the effects of the scheme described in the embodiment. Therefore, the present application further provides a computer readable storage medium having computer instructions stored thereon, accessing a first virtual network, and communicating with a second virtual network device in a second network, the virtual network device including at least a virtual device interface that, when executed, causes the virtual device interface to at least:

The computer readable storage medium may include physical means for storing information, typically by digitizing the information and then storing it in a medium that utilizes electrical, magnetic or optical means. The computer readable storage medium of this embodiment may include: means for storing information by means of electrical energy, such as various types of memories, such as RAM, ROM, etc.; means for storing information by means of magnetic energy, such as hard disk, floppy disk, magnetic tape, magnetic core Memory, bubble memory, U disk; means for optically storing information such as CD or DVD. Of course, there are other ways of readable storage media, such as quantum memories, graphene memories, and the like.

It should be noted that, although the above embodiments provide descriptions of some embodiments of a virtual network device, a routing device, a virtual network connection method, and a computer readable storage medium, the device, according to the foregoing description of other related embodiments, The method of the computer readable storage medium may also include other embodiments. For details, refer to the description of the related embodiments, and no further details are provided herein.

The application further provides an apparatus embodiment, which may specifically include: a processor, and a memory storing computer executable instructions, when the instructions are executed by the processor, configuring a virtual network device for the first virtual network, And configuring a virtual device interface on the virtual network device to implement at least:

And configuring, according to configuration information of the second network returned by the second virtual network device, the virtual device interface;

The present disclosure also provides another embodiment of a virtual network device, including at least one virtual device interface, the virtual device interface configured to

Sending a connection request to the second virtual network device;

It should be noted that the foregoing description of the device, the routing device, the virtual network device, and the like may further include other implementation manners according to the description of the related method embodiments. For the specific implementation manner, reference may be made to the description of the method embodiment, and the description is not made herein. Narration. The various embodiments in the specification are described in a progressive manner, and the same or similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the hardware + program type embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.

The foregoing description of the specific embodiments of the specification has been described. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than the embodiments and still achieve the desired results. In addition, the processes depicted in the figures are not necessarily required to be in a particular order or in a sequential order to achieve a desired result. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

Although the description of the configuration field and mode of the virtual device interface, the information contained in the connection request message, the interface description of the interface deactivation and deletion operation, the interface data configuration, the message interaction processing, etc. are mentioned in the present application, the present application does not It must be limited to the conditions described in the industry data communication standards, routing interface configuration standards, or embodiments. Certain industry standards or implementations that have been modified in a manner that uses a custom approach or an embodiment described above may also achieve the same, equivalent, or similar, or post-deformation implementation effects of the above-described embodiments. Embodiments obtained by applying these modified or modified data definitions, interface information configurations, data processing methods, etc., may still fall within the scope of alternative embodiments of the present application.

Although the present application provides method operational steps or apparatus/topology and interface configuration information of a virtual network device as described in the preceding embodiments or the accompanying drawings, it may be included in the method or apparatus based on conventional or no inventive labor. More or some of the implementation steps after the merger. In the steps or structures in which the necessary causal relationship does not exist logically, the execution order of the steps or the module structure of the device is not limited to the execution order or device structure shown in the embodiment of the present application or the drawings. When the device or the terminal product of the method or structure is applied, it may be sequentially executed or executed in parallel according to the method or the module structure shown in the embodiment or the drawing (for example, a parallel processor or a multi-thread processing environment, Even the implementation environment for distributed processing).

In the 1990s, improvements to a technology could clearly distinguish between hardware improvements (eg, improvements to circuit structures such as diodes, transistors, switches, etc.) or software improvements (for process flow improvements). However, as technology advances, many of today's method flow improvements can be seen as direct improvements in hardware circuit architecture. Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be implemented by hardware entity modules. For example, a Programmable Logic Device (PLD) (such as a Field Programmable Gate Array (FPGA)) is an integrated circuit whose logic function is determined by the user programming the device. Designers can program themselves to "integrate" a digital system on a single PLD without having to ask the chip manufacturer to design and fabricate a dedicated integrated circuit chip. Moreover, today, instead of manually making integrated circuit chips, this programming is mostly implemented using "logic compiler" software, which is similar to the software compiler used in programming development, but before compiling The original code has to be written in a specific programming language. This is called the Hardware Description Language (HDL). HDL is not the only one, but there are many kinds, such as ABEL (Advanced Boolean Expression Language). AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., are currently the most commonly used VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. It should also be apparent to those skilled in the art that the hardware flow for implementing the logic method flow can be easily obtained by simply programming the method flow into the integrated circuit with a few hardware description languages.

The controller can be implemented in any suitable manner, for example, the controller can take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (eg, software or firmware) executable by the (micro)processor. In the form of logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers, and embedded microcontrollers, examples of controllers include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, The Microchip PIC18F26K20 and the Silicone Labs C8051F320, the memory controller can also be implemented as part of the memory's control logic. Those skilled in the art will also appreciate that in addition to implementing the controller in purely computer readable program code, the controller can be logically programmed by means of logic gates, switches, ASICs, programmable logic controllers, and embedding. The form of a microcontroller or the like to achieve the same function. Such a controller can therefore be considered a hardware component, and the means for implementing various functions included therein can also be considered as a structure within the hardware component. Or even a device for implementing various functions can be considered as a software module that can be both a method of implementation and a structure within a hardware component.

The system, device, module or unit illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product having a certain function. A typical implementation device is a computer. Specifically, the computer can be, for example, a personal computer, a laptop computer, a car-mounted human-machine interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet. A computer, wearable device, or a combination of any of these devices.

Although the present application provides method operational steps as described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-creative means. The order of the steps recited in the embodiments is only one of the many steps of the order of execution, and does not represent a single order of execution. When the actual device or terminal product is executed, it may be executed sequentially or in parallel according to the embodiment or the method shown in the drawings (for example, a parallel processor or a multi-threaded environment, or even a distributed data processing environment). The terms "comprising," "comprising," or "comprising" or "comprising" or "the" Elements, or elements that are inherent to such a process, method, product, or device. In the absence of further limitations, it is not excluded that there are additional identical or equivalent elements in the process, method, product, or device.

For the convenience of description, the above devices are described as being separately divided into various modules by function. Of course, in the implementation of the present application, the functions of each module may be implemented in the same software or software, or the modules that implement the same function may be implemented by a plurality of sub-modules or a combination of sub-units. The device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or integrated. Go to another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.

Those skilled in the art will also appreciate that in addition to implementing the controller in purely computer readable program code, the controller can be logically programmed by means of logic gates, switches, ASICs, programmable logic controllers, and embedding. The form of a microcontroller or the like to achieve the same function. Therefore, such a controller can be considered as a hardware component, and a device for internally implementing it for implementing various functions can also be regarded as a structure within a hardware component. Or even a device for implementing various functions can be considered as a software module that can be both a method of implementation and a structure within a hardware component.

The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.

The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.

These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory. Memory is an example of a computer readable medium.

Computer readable media includes both permanent and non-persistent, removable and non-removable media. Information storage can be implemented by any method or technology. The information can be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory. (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, compact disk read only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, Magnetic tape cartridges, magnetic tape storage or other magnetic storage devices or any other non-transportable media can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include temporary storage of computer readable media, such as modulated data signals and carrier waves.

Those skilled in the art will appreciate that embodiments of the present application can be provided as a method, system, or computer program product. Thus, the present application can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment in combination of software and hardware. Moreover, the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.

The application can be described in the general context of computer-executable instructions executed by a computer, such as a program module. Generally, program modules include routines, programs, objects, components, data structures, and the like that perform particular tasks or implement particular abstract data types. The present application can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are connected through a communication network. In a distributed computing environment, program modules can be located in both local and remote computer storage media including storage devices.

The various embodiments in the specification are described in a progressive manner, and the same or similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment. In the description of the present specification, the description with reference to the terms "one embodiment", "some embodiments", "example", "specific example", or "some examples" and the like means a specific feature described in connection with the embodiment or example. A structure, material or feature is included in at least one embodiment or example of the application. In the present specification, the schematic representation of the above terms is not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in a suitable manner in any one or more embodiments or examples. In addition, various embodiments or examples described in the specification and features of various embodiments or examples may be combined and combined without departing from the scope of the invention.

The above description is only an embodiment of the present application and is not intended to limit the application. Various changes and modifications can be made to the present application by those skilled in the art. Any modifications, equivalents, improvements, etc. made within the spirit and scope of the present application are intended to be included within the scope of the appended claims.

Claims

A virtual network device, configured to access a first virtual network and to communicate with a second virtual network device in a second network, the virtual network device including at least one virtual device interface, the virtual device interface being Configured to

Sending a connection request to the second virtual network device, where the connection request includes configuration information of the first virtual network, and configuration information of the first virtual network is used for an interface configuration of the second virtual network device;

And configuring, according to the configuration information of the second network returned by the second virtual network device, the virtual device interface;

After the configuration of the virtual device interface is completed, the active state is entered, and a communication connection with the second virtual device interface of the second virtual network device of the second network is established.
The virtual network device of claim 1, wherein the second network is a virtual network or a physical network.
The virtual network device according to claim 1, wherein the configuring the virtual device interface based on the configuration information of the second network returned by the second virtual network device comprises:

Receiving the verification success message sent by the second virtual network device, where the verification success message includes the second virtual network device returning to the virtual network when the configuration information of the first virtual network in the connection request is successfully verified. Device message

The virtual device interface is set to an active state based on the verification success message.
The virtual network device of claim 1, wherein the connection request further comprises the following verification information:

The identification identifier of the second network virtual network device, the identification identifier of the second virtual device interface in the second virtual network device, and the identification identifier of the owner of the second virtual network device.
The virtual network device of claim 1, wherein the virtual device interface is further configured to

The inactive state is set to be inactive based on the received anti-activation command to prohibit the virtual device interface from transmitting and receiving data.
The virtual network device according to claim 1, wherein the virtual network device further deletes the virtual device interface in the inactive state specified in the virtual network device based on the received interface deletion instruction.
The virtual network device according to any one of claims 1 to 4, wherein the first virtual network is established with the K second networks by the virtual device interfaces of the K active states of the virtual network device, respectively. Communication connection, K≥2.
The virtual network device according to any one of claims 1 to 4, further comprising: after transmitting the connection request,

Obtaining, according to the second virtual network device, the decapsulation logic information of the data packet used by the second network, and generating the first virtual network according to the decapsulation logic information of the data packet used by the first virtual network. Decapsulation processing logic for data packets between the second networks;

The decapsulation processing logic is configured in configuration information of a virtual device interface corresponding to the second network.
The virtual network device according to any one of claims 1 to 4, further comprising: performing security protection setting based on the virtual device interface.
A virtual network device, configured to access a first physical network and to communicate with a second virtual network device in a second network, the virtual network device including at least one virtual device interface, the virtual device interface being Configured to

Sending a connection request to the second virtual network device, where the connection request includes configuration information of the first physical network, and configuration information of the first physical network is used for an interface configuration of the second virtual network device;

And configuring, according to the configuration information of the second network returned by the second virtual network device, the virtual device interface;

After the configuration of the virtual device interface is completed, the active state is entered, and a communication connection with the second virtual device interface of the second virtual network device of the second network is established.
The virtual network device according to claim 10, further configured with a border virtual device interface, wherein the border virtual device interface is connected to a physical interface on a border device of the first physical network, the physical interface At least one virtual local area network is configured, and the same virtual network device shares the same virtual local area network on the same physical interface.
A routing device, comprising: a memory storing computer executable instructions, accessing a virtual device interface of a first virtual network, and communicating with a second virtual network device in a second network, the instructions being processed by a processor The virtual device interface is implemented at least when executed:

Sending a connection request to the second virtual network device, where the connection request includes configuration information of the first virtual network, and configuration information of the first virtual network is used for an interface configuration of the second virtual network device;

And configuring, according to the configuration information of the second network returned by the second virtual network device, the virtual device interface;

After the configuration of the virtual device interface is completed, the active state is entered, and a communication connection with the second virtual device interface of the second virtual network device of the second network is established.
The routing device of claim 12, wherein the second network is a virtual network or a physical network.
The routing device according to claim 12, wherein the configuring the virtual device interface based on the configuration information of the second network returned by the second virtual network device comprises:

Receiving the verification success message sent by the second virtual network device, where the verification success message includes the second virtual network device returning to the virtual network when the configuration information of the first virtual network in the connection request is successfully verified. Device message

The virtual device interface is set to an active state based on the verification success message.
The routing device according to claim 12, wherein the routing device sets the corresponding virtual device interface to an inactive state based on the received anti-activation command to prohibit data transmission and reception.
The routing device according to claim 12, wherein said routing device deletes a corresponding virtual device interface in an inactive state based on the received deletion instruction.
The routing device according to any one of claims 12-16, wherein the routing device further implements:

Security protection settings are made based on the virtual device interface.
A method for connecting a virtual network, comprising: a first virtual network device accessing a first network, and a second virtual network device accessing a second network, where the first virtual network device is configured with at least one first virtual a device interface, the second virtual network device is configured with at least one second virtual device interface, and at least one of the first network and the second network is a virtual network.

The first virtual device interface sends a connection request to the second virtual device interface, where the connection request is generated according to the configuration information of the first virtual device interface and the verification information of the second virtual device interface;

The second virtual network device verifies the connection request, and after the verification succeeds, configures the second virtual device interface according to the configuration information of the first virtual device interface, and returns verification to the first virtual network device. Success message

After receiving the verification success message, the first virtual network device configures the first virtual device interface according to the configuration information of the virtual device interface of the second network, and establishes an interface with the second virtual device. Communication connection.
A computer readable storage medium having stored thereon computer instructions, configured to access a first virtual network and to communicate with a second virtual network device in a second network, the virtual network device including at least one virtual a device interface that, when executed, causes the virtual device interface to at least:

Sending a connection request to the second virtual network device, where the connection request includes configuration information of the first virtual network, and configuration information of the first virtual network is used for an interface configuration of the second virtual network device;

And configuring, according to the configuration information of the second network returned by the second virtual network device, the virtual device interface;

After the configuration of the virtual device interface is completed, the active state is entered, and a communication connection with the second virtual device interface of the second virtual network device of the second network is established.
An apparatus comprising: a processor, and a memory storing computer executable instructions, the instructions being executed by the processor, configuring a virtual network device for the first virtual network, and configuring the virtual network device The virtual device interface is implemented to at least:

Sending a connection request to the second virtual network device, where the connection request includes configuration information of the first virtual network, and configuration information of the first virtual network is used for an interface configuration of the second virtual network device;

And configuring, according to configuration information of the second network returned by the second virtual network device, the virtual device interface;

After the configuration of the virtual device interface is completed, the active state is entered, and a communication connection with the second virtual device interface of the second virtual network device is established.
A virtual network device, comprising: at least one virtual device interface, the virtual device interface configured to

Sending a connection request to the second virtual network device;

And configuring, according to configuration information for the second network returned by the second virtual network device, the virtual device interface;

After the virtual device interface is configured, a communication connection with the second virtual device interface of the second virtual network device of the second network is established.
A virtual network device according to claim 21, wherein said virtual device interface is further configured to

The inactive state is set to be inactive based on the received anti-activation command to prohibit the virtual device interface from transmitting and receiving data.
The virtual network device according to claim 21, wherein the virtual network device further deletes the virtual device interface in the inactive state specified in the virtual network device based on the received interface deletion instruction.
The virtual network device according to claim 21, wherein the virtual device interfaces of the K active states of the virtual network device respectively establish a communication connection with the K second networks, K≥2.
The virtual network device according to any one of claims 21 to 24, wherein the security protection setting is further performed based on the virtual device interface.