[go: up one dir, main page]

CN103152256B - Virtual routing network design method based on cloud computing data center - Google Patents

Virtual routing network design method based on cloud computing data center Download PDF

Info

Publication number
CN103152256B
CN103152256B CN201310056732.8A CN201310056732A CN103152256B CN 103152256 B CN103152256 B CN 103152256B CN 201310056732 A CN201310056732 A CN 201310056732A CN 103152256 B CN103152256 B CN 103152256B
Authority
CN
China
Prior art keywords
network
virtual router
vrouter
external virtual
external
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310056732.8A
Other languages
Chinese (zh)
Other versions
CN103152256A (en
Inventor
罗登亮
颜秉珩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IEIT Systems Co Ltd
Original Assignee
Inspur Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Electronic Information Industry Co Ltd filed Critical Inspur Electronic Information Industry Co Ltd
Priority to CN201310056732.8A priority Critical patent/CN103152256B/en
Publication of CN103152256A publication Critical patent/CN103152256A/en
Application granted granted Critical
Publication of CN103152256B publication Critical patent/CN103152256B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a virtual routing network design method based on a cloud computing data center. The method comprises the following steps that a virtual router (vRouter) is arranged in a virtual routing network and used for realizing routing between different network segments and realizing various flexible network strategies including DHCP (Dynamic Host Configuration Protocol) service, gateway service, DNS (Domain Name System) service, address mapping service, flow control service, flow balancing service, VPN (Virtual Private Network) service and access control service, the virtual router (vRouter) is a virtual machine essentially, and a user remotely and flexibly configures and operates the virtual router (vRouter) to realize various flexible network requirements.

Description

一种基于云计算数据中心的路由虚拟网络设计方法A Design Method of Routing Virtual Network Based on Cloud Computing Data Center

技术领域technical field

本发明涉及计算机软件、计算机网络和云计算领域,具体地说是一种基于云计算数据中心的路由虚拟网络设计方法。The invention relates to the fields of computer software, computer network and cloud computing, in particular to a method for designing a routing virtual network based on a cloud computing data center.

背景技术Background technique

计算数据中心网络相对于传统数据中心网络主要有以下变化,云数据中心网络要求更高的带宽、更低的延迟;云数据中心网络服务器节点和VM规模大量增加,特别是VM数量;新增云数据中心网络VM间通信的管理;跨数据中心站点间的二层互联以承载虚拟机迁移等等。Compared with the traditional data center network, the computing data center network mainly has the following changes. The cloud data center network requires higher bandwidth and lower latency; the cloud data center network server nodes and VM scale have increased significantly, especially the number of VMs; new cloud Management of communication between VMs in the data center network; Layer 2 interconnection between data center sites to carry virtual machine migration, etc.

对于云数据中心网络带来的这些变化,已经使云数据中心网络规模变得十分庞大、承载的应用变得十分复杂。云数据中心网络已经出现许多亟待解决的问题,如恶意攻击、病毒和木马每年造成上千亿元的损失;无标度(Scale-free)的特性让整个网络可以在精心设计的少数攻击下即告崩溃;p2p等应用的出现一度造成各大ISP网络堵塞,严重影响传统正常的访问等等。为了实现一定的数据隔离和数据安全性,一般企业会在数据中心创建VLAN并将VMs都分布在不同的VLAN中,当VM需要主动向外提供服务时,就需要一种路由网络的支持。These changes brought about by the cloud data center network have made the cloud data center network scale very large and the applications it carries become very complex. There have been many problems to be solved in the cloud data center network, such as malicious attacks, viruses and Trojan horses causing losses of hundreds of billions of yuan each year; the scale-free feature allows the entire network to The emergence of p2p and other applications once caused the network congestion of major ISPs, seriously affecting traditional normal access and so on. In order to achieve a certain degree of data isolation and data security, general enterprises will create VLANs in the data center and distribute VMs in different VLANs. When VMs need to actively provide services to the outside, they need the support of a routing network.

云计算数据中心虚拟网络包含软件和硬件层次的虚拟化。硬件层次的网络虚拟化需要特定设备的支持,因此增加一定的硬件成本但性能可能会好些。软件层次的网络虚拟化比较灵活,结合私有桥vSwitch和虚拟路由器可以构建满足各种需求的路由网络。因此,本发明设计了一种基于云计算数据中心的路由虚拟网络设计方法,该方法可以方便的在云数据中心网络通过软件创建外部虚拟路由器(vRouter),创建后用户可以方便的配置外部虚拟路由器vRouter的网络通信方式,基于外部虚拟路由器vRouter用户可以方便的定制个性化的网络服务及安全策略。Cloud computing data center virtual network includes software and hardware level virtualization. Network virtualization at the hardware level requires the support of specific devices, so a certain amount of hardware cost is added but the performance may be better. Network virtualization at the software level is more flexible, and a routing network that meets various needs can be constructed by combining a private bridge vSwitch and a virtual router. Therefore, the present invention designs a routing virtual network design method based on a cloud computing data center. This method can easily create an external virtual router (vRouter) through software in the cloud data center network. After creation, users can easily configure the external virtual router. The network communication mode of vRouter is based on the external virtual router. vRouter users can easily customize personalized network services and security policies.

发明内容Contents of the invention

本发明的目的是提供一种基于云计算数据中心的路由虚拟网络设计方法。The purpose of the present invention is to provide a routing virtual network design method based on cloud computing data center.

本发明的目的是按以下方式实现的,具体包含以下内容;The purpose of the present invention is achieved in the following manner, specifically comprising the following contents;

在路由虚拟网络中设置一个外部虚拟路由器vRouter,外部虚拟路由器vRouter用于实现不同网段间的路由,并实现各种灵活的网络策略,包括DHCP服务、网关服务、DNS服务、地址映射服务、流量控制服务、流量均衡服务、VPN服务和访问控制服务,外部虚拟路由器vRouter的本质是一个虚拟机,用户通过远程灵活的配置和操作外部虚拟路由器vRouter以实现各种灵活的网络需求;Set an external virtual router vRouter in the routing virtual network. The external virtual router vRouter is used to implement routing between different network segments and implement various flexible network policies, including DHCP service, gateway service, DNS service, address mapping service, traffic Control service, traffic balancing service, VPN service and access control service. The essence of the external virtual router vRouter is a virtual machine. Users can configure and operate the external virtual router vRouter remotely and flexibly to meet various flexible network requirements;

外部虚拟路由器vRouter运行于某计算节点,外部虚拟路由器vRouter所在的计算节点上运行着Agent程序,Agent程序用于接收和反馈用户的网络操作请求,Agent进程通过计算节点上内部虚拟路由器vSwitch与外部虚拟路由器vRouter通信,私有桥vSwitch是一个普通的虚拟交换机,只是该私有桥vSwitch不与物理网卡绑定,只能用于内部通信。私有桥vSwitch与外部虚拟路由器vRouter的通信通过外部vRouter中的私有网卡实现,该私有网卡专门用于外部虚拟路由器vRouter的管理,外部虚拟路由器vRouter管理的具体实现通过外部虚拟路由器vRouter中的Tools进程来完成;The external virtual router vRouter runs on a computing node. The computing node where the external virtual router vRouter is located runs an Agent program. The Agent program is used to receive and feed back user network operation requests. The Agent process communicates with the external virtual The router vRouter communicates, and the private bridge vSwitch is an ordinary virtual switch, but the private bridge vSwitch is not bound to the physical network card and can only be used for internal communication. The communication between the private bridge vSwitch and the external virtual router vRouter is realized through the private network card in the external vRouter. This private network card is specially used for the management of the external virtual router vRouter. The specific implementation of the management of the external virtual router vRouter is through the Tools process in the external virtual router vRouter. Finish;

当外部虚拟路由器vRouter配置完成后,相应的网络策略将生效。外部虚拟路由器vRouter通过普通的vNIC与计算节点的私有桥vSwitch和内网卡pNIC交互以提供用户定制的网络服务;After the external virtual router vRouter is configured, the corresponding network policy will take effect. The external virtual router vRouter interacts with the private bridge vSwitch of the computing node and the internal network card pNIC through a common vNIC to provide user-customized network services;

路由虚拟网络的创建和配置过程如下:The process of creating and configuring a routed virtual network is as follows:

1)路由虚拟网络的创建方式1) How to create a routing virtual network

(1)用户从模版创建外部虚拟路由器vRouter虚拟网络时,首先需要随机选择一个计算节点;(1) When users create an external virtual router vRouter virtual network from a template, they first need to randomly select a computing node;

(2)用户在计算节点上创建私有桥vSwitch,内部物理隔离的不绑定物理网卡的私有桥vSwitch,并配置私有IP,该私有桥vSwitch用于提供dnsmasq DHCP监听服务;(2) The user creates a private bridge vSwitch on the computing node, a private bridge vSwitch not bound to a physical network card that is physically isolated internally, and configures a private IP. The private bridge vSwitch is used to provide dnsmasq DHCP monitoring service;

(3)用户选择在默认私有桥vSwitch上创建端口组,对应虚拟网络名称的端口组名称不能重名,并为端口组分配VLAN ID, VLAN ID不能为0;(3) The user chooses to create a port group on the default private bridge vSwitch. The name of the port group corresponding to the virtual network name cannot be duplicated, and a VLAN ID is assigned to the port group. The VLAN ID cannot be 0;

(4)用户通过外部虚拟路由器vRouter模版创建外部虚拟路由器vRouter,外部虚拟路由器vRouter配置三块网卡,一块内网卡、一块外网卡和一块私有网卡,私有网卡连接计算节点A的dnsmasq监听端口或私有桥vSwitch,内网卡用于连接内网网段或虚拟网络名称,即端口组,外网卡用于连接外网段,外部虚拟路由器vRouter在内外网卡间进行路由选择;(4) The user creates an external virtual router vRouter through the external virtual router vRouter template. The external virtual router vRouter is configured with three network cards, one internal network card, one external network card and one private network card. The private network card is connected to the dnsmasq listening port or private bridge of computing node A vSwitch, the internal network card is used to connect to the internal network segment or virtual network name, that is, the port group, the external network card is used to connect to the external network segment, and the external virtual router vRouter performs routing selection between the internal and external network cards;

(5)用户在计算节点dnsmasq配置文件中设置外部虚拟路由器vRouter私有网卡的MAC-IP或私有IP的对应关系,并配置dnsmasq服务进程对私有桥vSwitch进行DHCP监听;(5) The user sets the corresponding relationship between the MAC-IP or private IP of the external virtual router vRouter's private network card in the dnsmasq configuration file of the computing node, and configures the dnsmasq service process to perform DHCP monitoring on the private bridge vSwitch;

(6)用户重启计算节点上dnsmasq服务进程,并启动外部虚拟路由器vRouter 该虚拟机启动过程中进行后续配置;(6) The user restarts the dnsmasq service process on the computing node, and starts the external virtual router vRouter to perform subsequent configuration during the startup process of the virtual machine;

(7)为外部虚拟路由器vRouter热添加安装Tools的ISO镜像,并进入虚拟机安装Tools配置工具;(7) Hot add the ISO image of installing Tools for the external virtual router vRouter, and enter the virtual machine to install the Tools configuration tool;

(8)如果外部虚拟路由器vRouter启动成功,管理员通过Tools配置外部虚拟路由 器vRouter,配置信息包括设置外部虚拟路由器vRouter内网IP和外网IP以及路由,设置 iptables转发表,开启网卡间转发,开启iptables NAT转发表,配置dnsmasq的DHCP IP地址 范围和掩码,配置DNS; (8) If the external virtual router vRouter starts successfully, the administrator configures the external virtual router through Tools vRouter, the configuration information includes setting the internal network IP and external network IP of the external virtual router vRouter and routing, setting iptables forwarding table, enable inter-network forwarding, enable iptables NAT forwarding table, configure dnsmasq DHCP IP address Range and mask, configure DNS;

(9)配置完成后外部虚拟路由器vRouter虚拟网络创建成功;(9) After the configuration is complete, the external virtual router vRouter virtual network is created successfully;

2)路由虚拟网络的配置流程2) Configuration process of routing virtual network

(1)用户通过RPC远程调用发送网络操作请求至计算节点Agent;(1) The user sends a network operation request to the computing node Agent through an RPC remote call;

(2)计算节点Agent通过私有桥vSwitch和外部虚拟路由器vRouter中的私有网卡实现与Tools的RPC交互;(2) The computing node Agent realizes the RPC interaction with Tools through the private bridge vSwitch and the private network card in the external virtual router vRouter;

(3)Tools接受请求并执行配置外部虚拟路由器vRouter,配置信息包括设置内网 IP和外网IP以及路由,设置iptables转发表,开启网卡间转发,开启iptables NAT转发表, 配置dnsmasq的DHCP IP地址范围和掩码,配置DNS,地址映射服务,流量控制服务,流量均衡 服务,VPN服务和访问控制服务; (3) Tools accept the request and execute the configuration of the external virtual router vRouter, the configuration information includes setting the intranet IP and external network IP and routing, set iptables forwarding table, enable forwarding between network cards, enable iptables NAT forwarding table, Configure the DHCP IP address range and mask of dnsmasq, configure DNS, address mapping service, flow control service, and traffic balancing services, VPN services and access control services;

(4)Tools操作完成后并将执行结果原路返回。(4) After the Tools operation is completed, the execution result will be returned in the same way.

本发明的有益效果是:在路由虚拟网络中存在一个外部虚拟路由器vRouter,外部虚拟路由器vRouter用于实现不同网段间的路由,并实现各种灵活的网络策略,包括DHCP服务、网关服务、DNS服务、地址映射服务、流量控制服务、流量均衡服务、VPN服务和访问控制服务等。外部虚拟路由器vRouter的本质是一个虚拟机,本发明提供一种方法灵活的管理和控制外部虚拟路由器vRouter,用户可以远程灵活的配置和操作外部虚拟路由器vRouter以实现各种灵活的网络需求。The beneficial effects of the present invention are: there is an external virtual router vRouter in the routing virtual network, and the external virtual router vRouter is used to realize routing between different network segments, and realize various flexible network strategies, including DHCP service, gateway service, DNS services, address mapping services, traffic control services, traffic balancing services, VPN services, and access control services. The essence of the external virtual router vRouter is a virtual machine. The present invention provides a method for flexible management and control of the external virtual router vRouter. Users can remotely and flexibly configure and operate the external virtual router vRouter to achieve various flexible network requirements.

1)用户可以方便的在云数据中心网络通过软件创建外部虚拟路由器vRouter,创建后用户可以方便的配置外部虚拟路由器vRouter的网络通信方式,基于外部虚拟路由器vRouter用户可以方便的定制个性化的网络及安全策略。1) Users can easily create an external virtual router vRouter through software in the cloud data center network. After creation, users can easily configure the network communication mode of the external virtual router vRouter. Based on the external virtual router vRouter, users can easily customize personalized networks and security strategy.

2)用户根据外部虚拟路由器vRouter模版快速创建外部虚拟路由器vRouter,外部虚拟路由器vRouter模版事先制作完成,制作外部虚拟路由器vRouter模版时会预先内置配置外部虚拟路由器vRouter的Tools工具。2) Users quickly create an external virtual router vRouter based on the external virtual router vRouter template. The external virtual router vRouter template is made in advance, and the tools for configuring the external virtual router vRouter will be pre-built when making the external virtual router vRouter template.

3)用户模版创建外部虚拟路由器vRouter时为外部虚拟路由器vRouter配置一块私有网卡,外部虚拟路由器vRouter中的Tools将通过私有网卡与外部虚拟路由器vRouter运行的物理节点上的Agent通信,从而实现用户对外部虚拟路由器vRouter的远程管理配置。3) When the user template creates the external virtual router vRouter, configure a private network card for the external virtual router vRouter. The Tools in the external virtual router vRouter will communicate with the Agent on the physical node running on the external virtual router vRouter through the private network card, so as to realize the user's communication with the external Remote management configuration of the virtual router vRouter.

4)用户配置并启动完成外部虚拟路由器vRouter后,可以通过Tools远程更改和配 置外部虚拟路由器vRouter,定制各种网络服务和安全策略,包括设置内网IP和外网IP以及 路由,设置iptables转发表,开启网卡间转发,开启iptables NAT转发表,配置dnsmasq的 DHCP IP地址范围和掩码,配置DNS,地址映射服务,流量控制服务,流量均衡服务,VPN服务 和访问控制服务等等。 4) After the user configures and starts the external virtual router vRouter, it can be changed and configured remotely through Tools Configure an external virtual router vRouter, customize various network services and security policies, including setting internal IP and external IP and Routing, set iptables forwarding table, enable forwarding between network cards, enable iptables NAT forwarding table, configure dnsmasq DHCP IP address range and mask, configure DNS, address mapping service, traffic control service, traffic balancing service, VPN service and access control services and so on.

附图说明Description of drawings

图1是 外部虚拟路由器 vRouter结构及管理流程图。Figure 1 is a flowchart of the structure and management of the external virtual router vRouter.

具体实施方式detailed description

参照说明书附图对本发明的方法作以下详细地说明。The method of the present invention is described in detail below with reference to the accompanying drawings.

本发明设计了一种基于云计算数据中心的路由虚拟网络设计方法,具体包含以下内容。The present invention designs a routing virtual network design method based on a cloud computing data center, which specifically includes the following contents.

本发明中路由虚拟网络的系统结构如图1所示。外部虚拟路由器vRouter运行于某计算节点,外部虚拟路由器vRouter所在的计算节点上运行着Agent程序,Agent程序用于接收和反馈用户的网络操作请求。Agent进程通过计算节点上私有桥vSwitch与外部虚拟路由器vRouter通信,私有桥vSwitch是一个普通的虚拟交换机,只是该私有桥vSwitch不与物理网卡绑定,只能用于内部通信。私有桥vSwitch与外部虚拟路由器vRouter的通信通过外部虚拟路由器vRouter中的私有网卡实现,该私有网卡专门用于外部虚拟路由器vRouter的管理,外部虚拟路由器vRouter管理的具体实现通过外部虚拟路由器vRouter中的Tools进程来完成。The system structure of the routing virtual network in the present invention is shown in FIG. 1 . The external virtual router vRouter runs on a computing node, and the computing node where the external virtual router vRouter is located runs an Agent program, which is used to receive and feed back user network operation requests. The Agent process communicates with the external virtual router vRouter through the private bridge vSwitch on the computing node. The private bridge vSwitch is an ordinary virtual switch, but the private bridge vSwitch is not bound to the physical network card and can only be used for internal communication. The communication between the private bridge vSwitch and the external virtual router vRouter is realized through the private network card in the external virtual router vRouter. The private network card is specially used for the management of the external virtual router vRouter. The specific implementation of the management of the external virtual router vRouter is through the Tools in the external virtual router vRouter process to complete.

当外部虚拟路由器vRouter配置完成后,相应的网络策略将生效。外部虚拟路由器vRouter通过普通的vNIC与计算节点的私有桥vSwitch和pNIC交互以提供用户定制的网络服务。After the external virtual router vRouter is configured, the corresponding network policy will take effect. The external virtual router vRouter interacts with the private bridge vSwitch and pNIC of the computing node through common vNIC to provide user-customized network services.

实施例Example

路由虚拟网络的创建和配置流程如图1所示,详细过程如下:The creation and configuration process of the routing virtual network is shown in Figure 1, and the detailed process is as follows:

1)路由虚拟网络的创建方式1) How to create a routing virtual network

(1)用户从模版创建外部虚拟路由器vRouter虚拟网络时,首先需要随机选择一个计算节点;(1) When users create an external virtual router vRouter virtual network from a template, they first need to randomly select a computing node;

(2)用户在计算节点上创建私有桥vSwitch(内部物理隔离的vSwitch,不绑定物理网卡的),并配置私有IP,该私有桥vSwitch用于提供dnsmasq DHCP监听服务;(2) The user creates a private bridge vSwitch (vSwitch with internal physical isolation, not bound to a physical network card) on the computing node, and configures a private IP. The private bridge vSwitch is used to provide dnsmasq DHCP monitoring service;

(3)用户选择在默认私有桥vSwitch上创建端口组,端口组名称(对应虚拟网络名称)不能重名,并为端口组分配VLAN ID, VLAN ID不能为0(3) The user chooses to create a port group on the default private bridge vSwitch. The port group name (corresponding to the virtual network name) cannot be the same name, and a VLAN ID is assigned to the port group. The VLAN ID cannot be 0

(4)用户通过外部虚拟路由器vRouter模版创建外部虚拟路由器vRouter,外部虚拟路由器vRouter配置三块网卡,一块内网卡、一块外网卡和一块私有网卡。私有网卡连接计算节点A的dnsmasq监听端口(私有桥),内网卡用于连接内网网段(虚拟网络名称,即端口组),外网卡用于连接外网段,外部虚拟路由器vRouter在内外网卡间进行路由选择;(4) The user creates an external virtual router vRouter through the external virtual router vRouter template, and the external virtual router vRouter is configured with three network cards, one internal network card, one external network card and one private network card. The private network card is connected to the dnsmasq listening port (private bridge) of computing node A, the internal network card is used to connect to the internal network segment (virtual network name, that is, the port group), the external network card is used to connect to the external network segment, and the external virtual router vRouter is connected to the internal and external network card routing between

(5)用户在计算节点dnsmasq配置文件中设置外部虚拟路由器vRouter私有网卡的MAC-IP(私有IP)的对应关系,并配置dnsmasq服务进程对私有桥vSwitch进行DHCP监听;(5) The user sets the MAC-IP (private IP) correspondence of the external virtual router vRouter private network card in the dnsmasq configuration file of the computing node, and configures the dnsmasq service process to perform DHCP monitoring on the private bridge vSwitch;

(6)用户重启计算节点上dnsmasq服务进程,并启动外部虚拟路由器vRouter (该虚拟机启动过程中可以进行后续配置);(6) The user restarts the dnsmasq service process on the computing node, and starts the external virtual router vRouter (subsequent configuration can be performed during the startup of the virtual machine);

(7)为外部虚拟路由器vRouter热添加安装Tools的ISO镜像,并进入虚拟机安装Tools配置工具;(7) Hot add the ISO image of installing Tools for the external virtual router vRouter, and enter the virtual machine to install the Tools configuration tool;

(8)如果外部虚拟路由器vRouter启动成功,管理员通过Tools配置外部虚拟路由 器vRouter,配置信息包括设置外部虚拟路由器vRouter内网IP和外网IP以及路由,设置 iptables转发表,开启网卡间转发,开启iptables NAT转发表,配置dnsmasq的DHCP IP地址 范围和掩码,配置DNS等; (8) If the external virtual router vRouter starts successfully, the administrator configures the external virtual router through Tools vRouter, the configuration information includes setting the internal network IP and external network IP of the external virtual router vRouter and routing, setting iptables forwarding table, enable inter-network forwarding, enable iptables NAT forwarding table, configure dnsmasq DHCP IP address Ranges and masks, configuring DNS, etc.;

(9)配置完成后外部虚拟路由器vRouter虚拟网络创建成功;(9) After the configuration is complete, the external virtual router vRouter virtual network is created successfully;

路由虚拟网络的配置流程Configuration process of routed virtual network

(1)用户通过RPC远程调用发送网络操作请求至计算节点Agent;(1) The user sends a network operation request to the computing node Agent through an RPC remote call;

(2)计算节点Agent通过私有桥vSwitch和外部虚拟路由器vRouter中的私有网卡实现与Tools的RPC交互;(2) The computing node Agent realizes the RPC interaction with Tools through the private bridge vSwitch and the private network card in the external virtual router vRouter;

(3)Tools接受请求并执行配置外部虚拟路由器vRouter,配置信息包括设置内网 IP和外网IP以及路由,设置iptables转发表,开启网卡间转发,开启iptables NAT转发表, 配置dnsmasq的DHCP IP地址范围和掩码,配置DNS,地址映射服务,流量控制服务,流量均衡 服务,VPN服务和访问控制服务等等; (3) Tools accept the request and execute the configuration of the external virtual router vRouter, the configuration information includes setting the intranet IP and external network IP and routing, set iptables forwarding table, enable forwarding between network cards, enable iptables NAT forwarding table, Configure the DHCP IP address range and mask of dnsmasq, configure DNS, address mapping service, flow control service, and traffic balancing services, VPN services and access control services, etc.;

(4)Tools操作完成后并将执行结果原路返回。(4) After the Tools operation is completed, the execution result will be returned in the same way.

除说明书所述的技术特征外,均为本专业技术人员的已知技术。Except for the technical features described in the instructions, all are known technologies by those skilled in the art.

Claims (1)

1. the virtual network design method of a kind of route based on cloud computation data center, it is characterised in that specifically comprising following interior Hold;
One external Virtual router vRouter is set in route virtual network, and external Virtual router vRouter is used for real Route between existing different segment, and realize various flexible network strategies, including DHCP service, gateway service, DNS service, Location mapping services, flow control service, flow equalization service, VPN services and access control service, external Virtual router The essence of vRouter is a virtual machine, user by long-range flexible configuration and operate external Virtual router vRouter with Realize various flexible network demands;
External Virtual router vRouter runs on certain calculate node, the calculate node that external Virtual router vRouter is located On run Agent programs, Agent programs are used to receive and the network operation of feedback user is asked, and Agent processes are by calculating Privately owned bridge vSwitch communicates with external Virtual router vRouter on node, and privately owned bridge vSwitch is one common virtual Switch, simply the privately owned bridge vSwitch do not bind with physical network card, be only used for intercommunication, privately owned bridge vSwitch with it is outer The communication of portion virtual router vRouter is realized by the privately owned network interface card in external Virtual router vRouter, the privately owned net Block the management dedicated for external Virtual router vRouter, implementing for external Virtual router vRouter management passes through Tools processes in external Virtual router vRouter are completing;
After the completion of external Virtual router vRouter configurations, corresponding network strategy will come into force, external Virtual router VRouter is interacted to provide use by common outer network interface card vNIC with the privately owned bridge vSwitch and interior network interface card pNIC of calculate node The network service of family customization;
The establishment of route virtual network and configuration process are as follows:
1) it route the establishment mode of virtual network
(1)User from masterplate create external Virtual router vRouter virtual networks when, it is necessary first to randomly choose a calculating Node;
(2)User creates privately owned bridge vSwitch in calculate node, and privately owned bridge vSwitch is isolated with internal physical, Physical Network Card is not bound, and configures private ip, and the privately owned bridge vSwitch is used to provide dnsmasq DHCP monitoring services;
(3)User selects to create port set on the privately owned bridge vSwitch of acquiescence, and the port group name of correspondence virtual network title is not Can bear the same name, and distribute VLAN ID for port set, VLAN ID can not be 0;
(4)User creates external Virtual router vRouter, external Virtual road by external Virtual router vRouter masterplates Three pieces of network interface cards, network interface card pNIC, one piece of outer network interface card vNIC and one piece of privately owned network interface card, privately owned network interface card in one piece are configured by device vRouter The dnsmasq listening ports or privately owned bridge vSwitch, interior network interface card pNIC of connection calculate node A is used to connect the Intranet network segment or void Intend network name, i.e. port set, outer network interface card vNIC is used to connect the outer network segment, and external Virtual router vRouter is in inside and outside network interface card Between be routed;
(5)User arranges the MAC- of the privately owned network interface cards of external Virtual router vRouter in calculate node dnsmasq configuration file The corresponding relation of IP or private ip, and configure dnsmasq service processes DHCP monitorings are carried out to privately owned bridge vSwitch;
(6)User restarts dnsmasq service processes in calculate node, and starts the external Virtual router vRouter virtual machines Subsequent configuration is carried out in start-up course;
(7)The ISO mirror images of Tools are installed for external Virtual router vRouter heat additions, and Tools is installed into virtual machine Configuration tool;
(8)If external Virtual router vRouter starts successfully, keeper configures external Virtual router by Tools VRouter, configuration information includes arranging external Virtual router vRouter Intranets IP and outer net IP and route, arranges Iptables forward tables, open and forwarded between network interface card, open iptables NAT forward tables, configure the DHCP IP address of dnsmasq Scope and mask, configure DNS;
(9)External Virtual router vRouter virtual networks are created successfully after the completion of configuration;
2) it route the configuration flow of virtual network
(1)User sends network operation and asks to calculate node Agent by RPC far calls;
(2)Calculate node Agent is realized by the privately owned network interface card in privately owned bridge vSwitch and external Virtual router vRouter Interact with the RPC of Tools;
(3)Tools receive ask and perform configuration external Virtual router vRouter, configuration information include arrange Intranet IP and Outer net IP and route, arrange iptables forward tables, open and forwarded between network interface card, open iptables NAT forward tables, configuration The DHCP IP address ranges of dnsmasq and mask, configure DNS, address mapping services, flow control service, flow equalization clothes Business, VPN services and access control service;
(4)After the completion of Tools operations and by implementing result backtracking.
CN201310056732.8A 2013-02-22 2013-02-22 Virtual routing network design method based on cloud computing data center Active CN103152256B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310056732.8A CN103152256B (en) 2013-02-22 2013-02-22 Virtual routing network design method based on cloud computing data center

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310056732.8A CN103152256B (en) 2013-02-22 2013-02-22 Virtual routing network design method based on cloud computing data center

Publications (2)

Publication Number Publication Date
CN103152256A CN103152256A (en) 2013-06-12
CN103152256B true CN103152256B (en) 2017-05-03

Family

ID=48550128

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310056732.8A Active CN103152256B (en) 2013-02-22 2013-02-22 Virtual routing network design method based on cloud computing data center

Country Status (1)

Country Link
CN (1) CN103152256B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11251984B2 (en) 2017-10-24 2022-02-15 Interdigital Ce Patent Holdings Cable modem interface mask based virtual local area network mapping

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103324532B (en) * 2013-06-28 2016-05-04 东软集团股份有限公司 The dynamic migration method of virtual machine and system
CN104426759B (en) * 2013-08-21 2018-11-20 华为技术有限公司 Host routes acquisition methods, apparatus and system
CN103475526A (en) * 2013-09-18 2013-12-25 国云科技股份有限公司 A method for IP setting and detection of a virtual machine supporting multiple VLANs
CN104579887A (en) * 2013-10-16 2015-04-29 宇宙互联有限公司 Cloud gateway, cloud gateway creation and configuration system and method
CN103607430B (en) * 2013-10-30 2018-04-27 中兴通讯股份有限公司 A kind of method and system of network processes and the network control center
CN103634314B (en) * 2013-11-28 2017-06-16 新华三技术有限公司 A kind of service access control method and equipment based on virtual router VSR
CN103746997A (en) * 2014-01-10 2014-04-23 浪潮电子信息产业股份有限公司 Network security solution for cloud computing center
CN104468746A (en) * 2014-11-23 2015-03-25 国云科技股份有限公司 A distributed virtual network implementation method suitable for cloud platform
CN104579778A (en) * 2015-01-07 2015-04-29 浪潮电子信息产业股份有限公司 Simple implementation method for enterprise internal network virtualization
CN106559358A (en) * 2015-09-29 2017-04-05 联想企业解决方案(新加坡)有限公司 Logical Switch Architecture for Network Virtualization
CN106375281B (en) * 2016-08-25 2018-12-25 杭州数梦工场科技有限公司 A message control method and device
CN107517129B (en) * 2017-08-25 2020-04-03 杭州迪普科技股份有限公司 Method and device for configuring uplink interface of equipment based on OpenStack
CN110149614B (en) * 2018-02-13 2021-09-21 西安中兴新软件有限责任公司 Vehicle-mounted data transmission method and device and vehicle-mounted TBOX
CN108833163B (en) * 2018-06-13 2020-08-28 平安科技(深圳)有限公司 Linux virtual server creating method and device, computer equipment and storage medium
CN109039913A (en) * 2018-08-23 2018-12-18 郑州云海信息技术有限公司 Virtual routing device and virtual machine communication system
CN109218462B (en) * 2018-09-14 2022-06-10 浪潮云信息技术股份公司 IP distribution method of physical host of cloud data center
CN109450696B (en) * 2018-11-29 2022-02-25 新华三云计算技术有限公司 Network configuration method and device
CN109688011B (en) * 2018-12-29 2022-03-25 杭州迪普科技股份有限公司 Agent selection method and device based on OpenStack
CN109561108B (en) * 2019-01-07 2020-09-01 中国人民解放军国防科技大学 Policy-based container network resource isolation control method
CN111510310B (en) * 2019-01-30 2023-05-23 顺丰科技有限公司 Network mode implementation method and device under public cloud architecture
CN112039691B (en) * 2020-08-06 2022-04-01 中国科学院信息工程研究所 Automatic configuration method and device for virtual router in network simulation platform
CN112003750B (en) * 2020-08-24 2023-11-21 浪潮云信息技术股份公司 A data center host Overlay network access control method
CN113225375B (en) * 2021-03-29 2022-01-21 北京城建智控科技股份有限公司 Distributed central station integrated urban rail cloud architecture system
CN114006828B (en) * 2021-10-22 2024-02-02 济南浪潮数据技术有限公司 Method and system for realizing communication between cloud environment tenant virtual machine and cloud platform management plane
CN115801734B (en) * 2022-11-01 2025-11-14 北京六方云科技有限公司 Method and system for configuring management IP addresses for virtual security protection products
CN119544662B (en) * 2024-10-25 2025-10-10 深圳强基计算技术有限公司 Domain name resolution method, system and computer device on a trusted device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488918A (en) * 2009-01-09 2009-07-22 杭州华三通信技术有限公司 Multi-network card server access method and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8924524B2 (en) * 2009-07-27 2014-12-30 Vmware, Inc. Automated network configuration of virtual machines in a virtual lab data environment
GB2458154B (en) * 2008-03-07 2012-06-27 Hewlett Packard Development Co Routing across a virtual network
US8670450B2 (en) * 2011-05-13 2014-03-11 International Business Machines Corporation Efficient software-based private VLAN solution for distributed virtual switches

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488918A (en) * 2009-01-09 2009-07-22 杭州华三通信技术有限公司 Multi-network card server access method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11251984B2 (en) 2017-10-24 2022-02-15 Interdigital Ce Patent Holdings Cable modem interface mask based virtual local area network mapping

Also Published As

Publication number Publication date
CN103152256A (en) 2013-06-12

Similar Documents

Publication Publication Date Title
CN103152256B (en) Virtual routing network design method based on cloud computing data center
CN112470436B (en) Systems, methods, and computer-readable media for providing multi-cloud connectivity
JP7483074B2 (en) Method and apparatus for implementing and managing a virtual switch - Patents.com
CN115801669B (en) Containerized routing protocol process for VPNs
CN108062482B (en) Method and apparatus for providing virtual security appliance architecture to virtual cloud infrastructure
US12081451B2 (en) Resource placement templates for virtual networks
CN107646185B (en) Method, system and storage medium for operation maintenance management in an overlay environment
CN102577256B (en) For the method and apparatus of transparent cloud computing in virtual network infrastructure situation
RU2646343C1 (en) Objects of virtual network interface
CN103607430B (en) A kind of method and system of network processes and the network control center
CN117178534A (en) Network Management Services in Point of Presence
CN116762060A (en) Internet Group Management Protocol (IGMP) for Layer 2 networking in virtualized cloud environments
CN109716717A (en) From software-defined network controller management virtual port channel switching equipment peer-to-peer
CN104104534A (en) Realization method of virtual network (VN) management and virtual network management system
US9112769B1 (en) Programatically provisioning virtual networks
CN117997734A (en) A management method and system for a multi-resource pool network
US10116622B2 (en) Secure communication channel using a blade server
JP2024541998A (en) Secure two-way network connection system between private networks
CN119011178A (en) Service message processing method and network equipment
CN108390809A (en) A bridge method and system based on VF hybrid mode
CN104579778A (en) Simple implementation method for enterprise internal network virtualization
KR102763960B1 (en) Method for setting virtual network based on user-defined
CN117255019A (en) System, method, and storage medium for virtualizing computing infrastructure
LEHOCINE et al. VINEMA: Towards automated management of virtual networks in SDN infrastructures
CN119172239A (en) Multi-tenant VPC private network configuration method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant