[go: up one dir, main page]

CN103746997A - Network security solution for cloud computing center - Google Patents

Network security solution for cloud computing center Download PDF

Info

Publication number
CN103746997A
CN103746997A CN201410011353.1A CN201410011353A CN103746997A CN 103746997 A CN103746997 A CN 103746997A CN 201410011353 A CN201410011353 A CN 201410011353A CN 103746997 A CN103746997 A CN 103746997A
Authority
CN
China
Prior art keywords
network
virtual
router
physical
switch
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410011353.1A
Other languages
Chinese (zh)
Inventor
吕广杰
朱波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IEIT Systems Co Ltd
Original Assignee
Inspur Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Electronic Information Industry Co Ltd filed Critical Inspur Electronic Information Industry Co Ltd
Priority to CN201410011353.1A priority Critical patent/CN103746997A/en
Publication of CN103746997A publication Critical patent/CN103746997A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种云计算中心网络安全解决方案,通过引入虚拟交换机与虚拟路由器,将物理层面的网络概念抽象到虚拟层面,在虚拟网络之上实现隔离、防火墙网络安全功能,该方案主要包括:搭建二层虚拟网络,划分子网,部署虚拟路由器,定义防火墙规则。本发明通过将网络科学的划分为公有网络池、私有网络池两大类,并根据不同的网络分类,分层制定部署方案,在更加满足客户灵活需求的同时,实现网络的分类、分层化管理。通过引入虚拟路由器,将物理网络抽象到虚拟层面,有效节省了物理网络IP的使用量,将底层网络的管理功能统一转交给虚拟路由器,使得网管人员直接通过管理虚拟路由器即可管理整个系统网络的配置与服务,管理更加简便快捷。

Figure 201410011353

The invention discloses a network security solution for a cloud computing center. By introducing a virtual switch and a virtual router, the network concept at the physical level is abstracted to a virtual level, and isolation and firewall network security functions are realized on the virtual network. The solution mainly includes : Build a layer-2 virtual network, divide subnets, deploy virtual routers, and define firewall rules. The present invention scientifically divides the network into public network pools and private network pools, and formulates deployment plans hierarchically according to different network classifications, thereby realizing the classification and layering of networks while more satisfying the flexible needs of customers manage. By introducing a virtual router, the physical network is abstracted to the virtual level, which effectively saves the usage of physical network IP, and uniformly transfers the management functions of the underlying network to the virtual router, so that network administrators can manage the entire system network directly by managing the virtual router. Configuration and service, management is easier and faster.

Figure 201410011353

Description

一种云计算中心网络安全解决方案A cloud computing center network security solution

技术领域 technical field

本发明涉及云计算的应用领域,具体涉及一种云计算中心网络安全解决方案。 The invention relates to the application field of cloud computing, in particular to a cloud computing center network security solution.

技术背景 technical background

随着信息科技的发展,云计算逐步成为业界的发展热点,国内外各大厂商的云计算服务平台也开始纷纷投入到科学、教育、文化、卫生、政府、高性能计算、电子商务、物联网等多个领域进行使用。 With the development of information technology, cloud computing has gradually become a hot spot in the industry, and cloud computing service platforms of major manufacturers at home and abroad have also begun to invest in science, education, culture, health, government, high-performance computing, e-commerce, and the Internet of Things. used in many fields.

云计算的一大重要特点,即是通过网络技术,将分布在各地的数据中心中的服务器、存储、网络设备通过管理软件集合起来协同工作,共同对外提供计算与存储等服务。在云数据中心,安全的网络环境不仅是必需的,而且已经成为企业成功的先决条件。黑客入侵、数据篡改、网络环境遭到破坏,将对企业的整个生产经营活动产生巨大影响。 An important feature of cloud computing is that through network technology, servers, storage, and network devices distributed in data centers around the world are assembled to work together through management software, and jointly provide computing and storage services to the outside world. In cloud data centers, a secure network environment is not only necessary, but has become a prerequisite for business success. Hacking, data tampering, and damage to the network environment will have a huge impact on the entire production and operation activities of the enterprise.

然而随着计算机病毒、黑客以及拒绝服务攻击等破坏手段的盛行,网络安全已经逐渐成为企业不可不考虑的因素。如何在保证网络构架本身效率的同时,保护虚拟化网络环境中硬件、软件及系统中的数据不因偶然或者恶意的原因而遭到破坏、更改、泄露,成为各云计算厂商亟待解决的核心问题。 However, with the prevalence of destructive means such as computer viruses, hackers, and denial of service attacks, network security has gradually become a factor that enterprises must consider. How to protect the hardware, software and system data in the virtualized network environment from being destroyed, changed, or leaked due to accidental or malicious reasons while ensuring the efficiency of the network architecture itself has become a core issue that cloud computing vendors need to solve urgently .

为了提供适当的安全体系和管理计划,动态拦截或放行网络流量,有效降低网络安全对网络性能的影响,保证云计算环境下的软、硬件不受恶意破坏,我们提出了一种易扩展、易开发、易维护的云数据中心网络安全解决方案。 In order to provide an appropriate security system and management plan, dynamically intercept or release network traffic, effectively reduce the impact of network security on network performance, and ensure that software and hardware in the cloud computing environment are not maliciously damaged, we propose an easy-to-expand, easy-to-use Development and easy-to-maintain network security solutions for cloud data centers.

发明内容 Contents of the invention

本发明要解决的技术问题是:本发明针对现有的云数据中心网络安全性差、难于管理的弊端,提出一种基于虚拟路由器的云数据中心网络安全保护方案。 The technical problem to be solved by the present invention is: the present invention proposes a cloud data center network security protection scheme based on a virtual router for the disadvantages of poor security and difficult management of the existing cloud data center network.

传统的数据中心一般采用通过Vlan隔离网络、物理路由连通子网、物理防火墙过滤流量的网络部署方案。这种方案虽然在一定程度上保证了客户物理网络环境的安全,但采购物理路由器、防火墙会耗费相当一部分资金,且很难运用于以虚拟机为中心的云计算数据中心,无法方便地控制虚拟机之间的流量。 Traditional data centers generally adopt a network deployment solution that isolates networks through VLANs, connects subnets through physical routes, and filters traffic through physical firewalls. Although this solution guarantees the security of the customer's physical network environment to a certain extent, purchasing physical routers and firewalls will cost a considerable amount of money, and it is difficult to apply to cloud computing data centers centered on virtual machines, and it is impossible to conveniently control virtual machines. traffic between machines.

传统的VNC开源程序,通过直接连接服务器VNC端口,获取虚拟机桌面,具有如下缺点: The traditional VNC open source program obtains the desktop of the virtual machine by directly connecting to the VNC port of the server, which has the following disadvantages:

1)无法穿越多网络环境; 1) Unable to traverse multiple network environments;

2)无法实现VNC数据分流,导致网络带宽占用率很大; 2) VNC data splitting cannot be realized, resulting in a large network bandwidth usage;

3)对于VMware、Xen等虚拟化底层,有不同程度的双鼠标现象出现,无法做到双鼠标的根本消除。 3) For VMware, Xen and other virtualization bottom layers, there are different degrees of double mouse phenomenon, and it is impossible to completely eliminate double mouse.

本发明所采用的技术方案为: The technical scheme adopted in the present invention is:

一种云计算中心网络安全解决方案,通过引入虚拟交换机与虚拟路由器,将物理层面的网络概念抽象到虚拟层面,在虚拟网络之上实现隔离、防火墙等网络安全功能,节省网络成本,具备高扩展性、安全性、兼容性、适用性、实用性。该方案主要包括:搭建二层虚拟网络,划分子网,部署虚拟路由器,定义防火墙规则,其中: A cloud computing center network security solution, through the introduction of virtual switches and virtual routers, abstracts the network concept at the physical level to the virtual level, implements network security functions such as isolation and firewalls on the virtual network, saves network costs, and has high scalability Sex, safety, compatibility, applicability, practicality. The solution mainly includes: building a layer-2 virtual network, dividing subnets, deploying virtual routers, and defining firewall rules, among which:

搭建二层虚拟网络,是该方案的二层网络实现基础。在物理网络互通的前提下,将服务器网卡抽象为虚拟交换机部件,提供二层网络服务,基于开源虚拟交换机Open vSwitch进行开发,将每台服务器的物理网卡与一台虚拟交换机一对一绑定,抽象形成二层虚拟交换机部件;兼容各大厂商的路由器、交换机、网卡等物理网络设备,具有较高的抽象性与适用性。 Building a layer-2 virtual network is the basis for the realization of the layer-2 network of the scheme. On the premise of physical network interoperability, the server NIC is abstracted into a virtual switch component to provide Layer 2 network services. It is developed based on the open source virtual switch Open vSwitch, and the physical NIC of each server is bound to a virtual switch one-to-one. Abstract to form a layer-2 virtual switch component; compatible with routers, switches, network cards and other physical network devices of major manufacturers, with high abstraction and applicability.

划分子网,是该方案实现虚拟网络隔离的基础。通过基于VLan与IP池的子网划分方式,有效节省了物理网络IP的使用量,充分满足不同客户的各种网络需求,实现虚拟子网间的隔离;通过在虚拟交换机之上以VLan划分二层虚拟网络,保证系统内各类业务间的数据分离,将复杂的物理网络配置过程,抽象到虚拟层面,节省物理网络IP使用量的同时,简化了网络的配置过程; Dividing subnets is the basis for this solution to realize virtual network isolation. Through the subnet division method based on VLan and IP pool, the usage of physical network IP is effectively saved, the various network requirements of different customers are fully met, and the isolation between virtual subnets is realized; Layer virtual network ensures data separation between various services in the system, abstracts the complex physical network configuration process to the virtual layer, saves physical network IP usage, and simplifies the network configuration process;

部署虚拟路由器,是该方案的三层网络实施环节。通过引入虚拟路由器,将物理层面的三层网络概念抽象到虚拟层面,将底层网络的管理功能统一转交给虚拟路由器,使得网管人员不必关心底层网络的具体分布情况,直接通过管理虚拟路由器即可管理整个系统网络的配置与服务,配置更加灵活,成本更加低廉,管理更加便捷。采用自主研发的虚拟路由器,提供三层网络服务(NAT、路由、DHCP)等,实现虚拟子网之间的互联与访问控制,部署科学、灵活、高效、节省成本。 Deploying a virtual router is the layer-3 network implementation link of this solution. By introducing a virtual router, the concept of the three-layer network at the physical level is abstracted to the virtual level, and the management functions of the underlying network are uniformly transferred to the virtual router, so that network administrators do not need to care about the specific distribution of the underlying network, and can manage it directly by managing the virtual router The configuration and service of the entire system network, the configuration is more flexible, the cost is lower, and the management is more convenient. The self-developed virtual router is used to provide three-layer network services (NAT, routing, DHCP), etc., to realize the interconnection and access control between virtual subnets, and to deploy scientifically, flexibly, efficiently and cost-effectively.

定义防火墙规则,是本方案实现网络安全的核心环节。通过向虚拟路由器发送防火墙控制命令,实现对系统网络的统一安全管理,本方案所采用的虚拟路由器根据 5 元组(源 IP 地址、目标 IP 地址、源端口、目标端口、协议)对连接进行筛选和分组,在保证云数据中心各个子网网络性能的同时,保障系统网络的安全性; Defining firewall rules is the core of this program to achieve network security. By sending firewall control commands to the virtual router, the unified security management of the system network is realized. The virtual router used in this solution screens the connection according to the 5-tuple (source IP address, destination IP address, source port, destination port, protocol) And grouping, while ensuring the network performance of each subnet in the cloud data center, it also ensures the security of the system network;

基于虚拟路由器添加防火墙规则,根据 5 元组(源 IP 地址、目标 IP 地址、源端口、目标端口、协议)对连接进行筛选和分组,对虚拟机之间的流量进行基本的防火墙保护;可在虚拟机迁移时动态地保护应用程序,并可以支持众多协议(包括 FTP、RPC、TCP/IP协议等)。 Add firewall rules based on virtual routers, filter and group connections according to 5-tuples (source IP address, destination IP address, source port, destination port, protocol), and perform basic firewall protection on traffic between virtual machines; Dynamically protect applications during virtual machine migration, and can support many protocols (including FTP, RPC, TCP/IP protocols, etc.).

所述搭建二层虚拟网络,部署步骤如下: To build a Layer 2 virtual network, the deployment steps are as follows:

1) 如图2,使用路由器、交换机、防火墙等物理设备,将云数据中心的计算(服务器)、存储(磁盘阵列)等资源进行连接,保证物理节点之间、管理节点与物理节点之间、节点与存储之间的网络可以互通; 1) As shown in Figure 2, physical devices such as routers, switches, and firewalls are used to connect resources such as computing (servers) and storage (disk arrays) in the cloud data center to ensure that physical nodes, management nodes, and physical nodes, The network between nodes and storage can communicate with each other;

对于网络性能要求较高的云数据中心,可以在物理上将系统的网络划分为业务网、控制网、数据网三种网络(如图2),以保证系统内各类业务间的数据分离。 For cloud data centers with high network performance requirements, the system network can be physically divided into three types of networks: service network, control network, and data network (as shown in Figure 2) to ensure data separation among various services in the system.

2) 配置虚拟交换机,即通过物理网卡抽象虚拟交换机部件,如图3,通过基于Open vSwitch的软件方式,将每台服务器上的物理网卡与一台虚拟交换机一对一绑定,形成交换机部件,在交换机上虚拟若干端口,每个端口与云数据中心虚拟机的一块网卡一对一绑定,通过这种方式,实现虚拟机à虚拟机网卡à虚拟端口à虚拟交换机à物理网卡的网络连接方式;多个虚拟交换机可以进行级联设置,组成一个大的分布式虚拟交换机。跟传统的物理交换机相比,这种虚拟交换机具备众多优点,一是配置更加灵活,每块物理网卡抽象出的虚拟交换机,均可灵活配置虚拟端口,端口的数目可以灵活选择;二是成本更加低廉,通过虚拟交换机,往往可以获得昂贵的物理交换机才能达到的性能;三是对客户透明,客户只需配置虚拟机的网卡,即可实现虚拟机网络的自动连接,不必关心底层虚拟网络设备的连接方式。 2) Configure the virtual switch, that is, abstract the virtual switch components through the physical network card, as shown in Figure 3, through the software method based on Open vSwitch, bind the physical network card on each server with a virtual switch one-to-one to form a switch component, Virtualize several ports on the switch, each port is bound one-to-one to a network card of a virtual machine in the cloud data center. In this way, the network connection mode of virtual machine→virtual machine network card→virtual port→virtual switch→physical network card is realized ; Multiple virtual switches can be cascaded to form a large distributed virtual switch. Compared with the traditional physical switch, this kind of virtual switch has many advantages. First, the configuration is more flexible. The virtual switch abstracted from each physical network card can be flexibly configured with virtual ports, and the number of ports can be flexibly selected; second, the cost is lower. Inexpensive, through the virtual switch, you can often obtain the performance that can only be achieved by expensive physical switches; third, it is transparent to customers. Customers only need to configure the network card of the virtual machine to realize the automatic connection of the virtual machine network, and do not need to care about the underlying virtual network equipment. connection method.

所述划分子网,按照不同的网络连接方式与隔离手段,将虚拟网络划分为2大类,以满足不同客户的网络需求: The division of subnets divides the virtual network into two categories according to different network connection methods and isolation methods, so as to meet the network needs of different customers:

1)公有网络池:如图4,公有网络池对应虚拟交换机上直连公网的虚拟端口组,虚拟机使用可以访问公网的IP; 1) Public network pool: as shown in Figure 4, the public network pool corresponds to the virtual port group directly connected to the public network on the virtual switch, and the virtual machine uses an IP that can access the public network;

2)私有网络池:如图5,私有网络池对应虚拟交换机上设置VLan的虚拟端口组,虚拟机使用特定Vlan下的私网IP,只能在局域网范围内通信,不可访问公网。 2) Private network pool: As shown in Figure 5, the private network pool corresponds to the virtual port group of the VLan set on the virtual switch. The virtual machine uses the private network IP under a specific Vlan, and can only communicate within the LAN range, and cannot access the public network.

所述部署虚拟路由器,通过引入虚拟路由器,如图6,单独创建一个系统虚拟机,在其中添加路由核心服务、管理服务与SSH交互服务,统一封装成虚拟路由器的形式,为虚拟路由器设置两个网卡,分别连接私网虚拟交换机的端口与公网虚拟交换机的端口,并设置私网与公网IP,保证虚拟路由器可以与公网、私网连通;虚拟路由器的私网IP(如192.168.6.254),即为所连接的私网虚拟交换机的网关,所有连接该私网虚拟交换机的虚拟机,通过将该虚拟路由器的私网IP(如192.168.6.254)设置为自身的网关,实现虚拟路由器对虚拟机网络的管理,虚拟路由器以虚拟机模版(ovf格式)的形式提供,便于快速部署;通过虚拟路由,将各类网络连接起来。如图7,虚拟机使用私网IP,通过虚拟路由器,进行NAT与路由处理,实现与公网或隔离子网间的互联。由于系统中的网络均是虚拟的概念,因此有效节省了系统中不必要的IP使用。 The deployment of the virtual router, by introducing the virtual router, as shown in Figure 6, creates a system virtual machine separately, adds the routing core service, management service and SSH interactive service in it, and uniformly encapsulates it in the form of a virtual router, and sets two virtual routers Network card, respectively connect the port of the private network virtual switch and the port of the public network virtual switch, and set the private network and public network IP to ensure that the virtual router can communicate with the public network and private network; the private network IP of the virtual router (such as 192.168.6.254 ), which is the gateway of the connected private network virtual switch, all virtual machines connected to the private network virtual switch, by setting the private network IP (such as 192.168.6.254) of the virtual router as its own gateway, the virtual router can realize For the management of the virtual machine network, the virtual router is provided in the form of a virtual machine template (ovf format), which is convenient for rapid deployment; various networks are connected through virtual routing. As shown in Figure 7, the virtual machine uses the private network IP, and performs NAT and routing processing through the virtual router to realize the interconnection with the public network or isolated subnet. Because the network in the system is a virtual concept, it effectively saves unnecessary IP usage in the system.

所述定义防火墙规则,是该方案实现网络安全的核心环节。由于所有私有网络池的虚拟机网关均设置为虚拟路由器的私网网卡IP,因此在跨网络(跨网络指同vlan不同网段之间、不同vlan之间)访问时,所有的外网(不同网段或不同vlan的网络)流量都必须先通过虚拟路由器,再流入虚拟机;类似的,所有的内网流量要到达外网(不同网段或不同vlan的网络)也要先通过虚拟路由器,如图7。因此,通过在虚拟路由中添加防火墙规则,即可控制不同网络之间互访时的流量。 The above-mentioned definition of firewall rules is the core link of this solution to realize network security. Since the virtual machine gateways of all private network pools are set to the private network card IP of the virtual router, all external networks (different network segment or different vlan network) traffic must pass through the virtual router first, and then flow into the virtual machine; similarly, all intranet traffic must first pass through the virtual router before reaching the external network (different network segment or different vlan network), Figure 7. Therefore, by adding firewall rules to the virtual router, the flow of mutual access between different networks can be controlled.

如图8,虚拟化网络环境不外乎分为公共区域、私有区域、隔离区域三大类区域。不同区域间,以及同区域的不同网段间互访,均可通过添加防火墙规则进行限制。 As shown in Figure 8, the virtualized network environment is nothing more than divided into three categories: public area, private area, and isolated area. Access between different regions and different network segments in the same region can be restricted by adding firewall rules.

所述防火墙规则包括: The firewall rules include:

1)数据包过滤:源IP过滤、源IP与目的IP过滤、源IP与目的协议过滤、源MAC地址过滤等; 1) Packet filtering: source IP filtering, source IP and destination IP filtering, source IP and destination protocol filtering, source MAC address filtering, etc.;

2)网络过滤:通过URL过滤、内容分类过滤、关键字过滤等; 2) Network filtering: through URL filtering, content classification filtering, keyword filtering, etc.;

3)入侵防护:IPS等。 3) Intrusion prevention: IPS, etc.

注:侵入保护(阻止)系统(IPS)是新一代的侵入检测系统(IDS),可弥补IDS存在于前摄及假阳性/阴性等性质方面的弱点。IPS能够识别事件的侵入、关联、冲击、方向和适当的分析,然后将合适的信息和命令传送给防火墙、交换机和其它的网络设备以减轻该事件的风险。 Note: Intrusion Protection (Prevention) System (IPS) is a new generation of Intrusion Detection System (IDS), which can make up for the weaknesses of IDS in terms of proactiveness and false positive/negative properties. IPS can identify the intrusion, correlation, impact, direction and appropriate analysis of an event, and then transmit appropriate information and commands to firewalls, switches and other network devices to mitigate the risk of the event.

网络地址转换(NAT,Network Address Translation)属接入广域网(WAN)技术,是一种将私有(保留)地址转化为合法IP地址的转换技术,它被广泛应用于各种类型Internet接入方式和各种类型的网络中。 Network Address Translation (NAT, Network Address Translation) is a wide area network (WAN) access technology. It is a conversion technology that converts private (reserved) addresses into legal IP addresses. It is widely used in various types of Internet access methods and various types of networks.

本发明的有益效果为: The beneficial effects of the present invention are:

1、通过深入调研客户的网络需求,将网络科学的划分为公有网络池、私有网络池两大类,并根据不同的网络分类,分层制定部署方案,在更加满足客户灵活需求的同时,实现网络的分类、分层化管理,部署更加科学、简洁,便于管理。 1. Through in-depth research on the network needs of customers, the network is scientifically divided into two categories: public network pools and private network pools, and according to different network classifications, the deployment plan is formulated hierarchically, while more meeting the flexible needs of customers, to achieve The classification and hierarchical management of the network make the deployment more scientific, concise and easy to manage.

2、通过引入自主研发的虚拟路由器,将物理网络抽象到虚拟层面,一方面,有效节省了物理网络IP的使用量;另一方面,将底层网络的管理功能统一转交给虚拟路由器,使得网管人员不必关心底层网络的具体分布情况,直接通过管理虚拟路由器即可管理整个系统网络的配置与服务,管理更加简便快捷。 2. By introducing the self-developed virtual router, the physical network is abstracted to the virtual level. On the one hand, it effectively saves the usage of physical network IP; on the other hand, it transfers the management functions of the underlying network to the virtual router. You don't need to care about the specific distribution of the underlying network, you can manage the configuration and services of the entire system network directly by managing the virtual router, making management easier and faster.

3、基于三层虚拟路由器之上添加防火墙规则,根据5元组(源 IP 地址、目标 IP 地址、源端口、目标端口、协议)对连接进行筛选和分组,对虚拟机之间的流量进行基本的防火墙保护,大大增强了云计算环境下的网络安全。 3. Add firewall rules based on the layer-3 virtual router, filter and group connections according to 5-tuples (source IP address, destination IP address, source port, destination port, protocol), and basically control the traffic between virtual machines The firewall protection greatly enhances the network security in the cloud computing environment.

附图说明 Description of drawings

图1为本发明的实现流程示意图; Fig. 1 is the realization flow schematic diagram of the present invention;

图2为基础网络环境图; Figure 2 is a basic network environment diagram;

图3为虚拟交换机逻辑示意图; Fig. 3 is a logical schematic diagram of a virtual switch;

图4为公有网络池示意图; Figure 4 is a schematic diagram of a public network pool;

图5为私有网络池示意图; Fig. 5 is a schematic diagram of a private network pool;

图6为虚拟路由器组成架构图; FIG. 6 is a compositional architecture diagram of a virtual router;

图7为虚拟路由网络示意图; Fig. 7 is a schematic diagram of a virtual routing network;

图8为防火墙隔离流量示意图。 FIG. 8 is a schematic diagram of traffic isolation by a firewall.

具体实施方式 Detailed ways

下面参照附图,通过具体实施方式对本发明进一步说明: Below with reference to accompanying drawing, the present invention is further described by specific embodiment:

本发明的体系结构主要包括:搭建二层虚拟网络,划分子网,部署虚拟路由器,定义防火墙规则。 The system structure of the present invention mainly includes: building a two-layer virtual network, dividing subnets, deploying virtual routers, and defining firewall rules.

其中,搭建二层虚拟网络是该方案的二层网络实现基础。部署步骤如下: Among them, building a layer-2 virtual network is the basis for implementing the layer-2 network of this solution. The deployment steps are as follows:

1) 如图2,使用路由器、交换机、防火墙等物理设备,将云数据中心的计算(服务器)、存储(磁盘阵列)等资源进行连接,保证物理节点之间、管理节点与物理节点之间、节点与存储之间的网络可以互通。对于网络性能要求较高的云数据中心,可以在物理上将系统的网络划分为业务网、控制网、数据网三种网络(如图2),以保证系统内各类业务间的数据分离。 1) As shown in Figure 2, physical devices such as routers, switches, and firewalls are used to connect resources such as computing (servers) and storage (disk arrays) in the cloud data center to ensure that physical nodes, management nodes, and physical nodes, The network between nodes and storage can communicate with each other. For cloud data centers with high network performance requirements, the system network can be physically divided into three types of networks: service network, control network, and data network (as shown in Figure 2) to ensure data separation among various services in the system.

2) 配置虚拟交换机,即通过物理网卡抽象虚拟交换机部件。如图3,通过基于Open vSwitch的软件方式,将每台服务器上的物理网卡与一台虚拟交换机一对一绑定,形成交换机部件。在交换机上虚拟若干端口,每个端口与云数据中心虚拟机的一块网卡一对一绑定。通过这种方式,实现虚拟机à虚拟机网卡à虚拟端口à虚拟交换机à物理网卡的网络连接方式。多个虚拟交换机可以进行级联设置,组成一个大的分布式虚拟交换机。跟传统的物理交换机相比,这种虚拟交换机具备众多优点,一是配置更加灵活,每块物理网卡抽象出的虚拟交换机,均可灵活配置虚拟端口,端口的数目可以灵活选择;二是成本更加低廉,通过虚拟交换机,往往可以获得昂贵的物理交换机才能达到的性能;三是对客户透明,客户只需配置虚拟机的网卡,即可实现虚拟机网络的自动连接,不必关心底层虚拟网络设备的连接方式。 2) Configure the virtual switch, that is, abstract the virtual switch components through the physical network card. As shown in Figure 3, through the software method based on Open vSwitch, the physical network card on each server is bound to a virtual switch one-to-one to form a switch component. Several ports are virtualized on the switch, and each port is bound one-to-one to a network card of a virtual machine in the cloud data center. In this way, the network connection mode of virtual machine→virtual machine network card→virtual port→virtual switch→physical network card is realized. Multiple virtual switches can be cascaded to form a large distributed virtual switch. Compared with the traditional physical switch, this kind of virtual switch has many advantages. First, the configuration is more flexible. The virtual switch abstracted from each physical network card can be flexibly configured with virtual ports, and the number of ports can be flexibly selected; second, the cost is lower. Inexpensive, through the virtual switch, you can often obtain the performance that can only be achieved by expensive physical switches; third, it is transparent to customers. Customers only need to configure the network card of the virtual machine to realize the automatic connection of the virtual machine network, and do not need to care about the underlying virtual network equipment. connection method.

划分子网是本方案实现虚拟网络隔离的基础。按照不同的网络连接方式与隔离手段,将虚拟网络划分为2大类,以满足不同客户的网络需求: Dividing subnets is the basis for implementing virtual network isolation in this solution. According to different network connection methods and isolation methods, the virtual network is divided into two categories to meet the network needs of different customers:

1)公有网络池:如图4,公有网络池对应虚拟交换机上直连公网的虚拟端口组,虚拟机使用可以访问公网的IP。 1) Public network pool: As shown in Figure 4, the public network pool corresponds to the virtual port group directly connected to the public network on the virtual switch, and the virtual machine uses an IP that can access the public network.

2)私有网络池:如图5,私有网络池对应虚拟交换机上设置VLan的虚拟端口组,虚拟机使用特定Vlan下的私网IP,只能在局域网范围内通信,不可访问公网。 2) Private network pool: As shown in Figure 5, the private network pool corresponds to the virtual port group of the VLan set on the virtual switch. The virtual machine uses the private network IP under a specific Vlan, and can only communicate within the LAN range, and cannot access the public network.

部署虚拟路由器是该方案的三层网络实施环节。引入自主研发的虚拟路由器,如图6,单独创建一个系统虚拟机,在其中添加路由核心服务、管理服务与SSH交互服务,统一封装成虚拟路由器的形式。为虚拟路由器设置两个网卡,分别连接私网虚拟交换机的端口与公网虚拟交换机的端口,并设置私网与公网IP,保证虚拟路由器可以与公网、私网连通。虚拟路由器的私网IP(如192.168.6.254),即为所连接的私网虚拟交换机的网关。所有连接该私网虚拟交换机的虚拟机,通过将该虚拟路由器的私网IP(如192.168.6.254)设置为自身的网关,实现虚拟路由器对虚拟机网络的管理。虚拟路由器以虚拟机模版(ovf格式)的形式提供,便于快速部署。 Deploying a virtual router is the layer-3 network implementation link of this solution. Introduce a self-developed virtual router, as shown in Figure 6, create a system virtual machine separately, add routing core services, management services, and SSH interactive services to it, and uniformly encapsulate it in the form of a virtual router. Set up two network cards for the virtual router, respectively connect the port of the private network virtual switch and the port of the public network virtual switch, and set the private network and public network IP to ensure that the virtual router can communicate with the public network and private network. The private network IP (such as 192.168.6.254) of the virtual router is the gateway of the connected private network virtual switch. All virtual machines connected to the private network virtual switch can realize the management of the virtual machine network by the virtual router by setting the private network IP (such as 192.168.6.254) of the virtual router as its own gateway. The virtual router is provided in the form of a virtual machine template (ovf format), which facilitates rapid deployment.

通过虚拟路由,将各类网络连接起来。如图7,虚拟机使用私网IP,通过虚拟路由器,进行NAT与路由处理,实现与公网或隔离子网间的互联。由于系统中的网络均是虚拟的概念,因此有效节省了系统中不必要的IP使用。 Connect various networks through virtual routers. As shown in Figure 7, the virtual machine uses the private network IP, and performs NAT and routing processing through the virtual router to realize the interconnection with the public network or isolated subnet. Because the network in the system is a virtual concept, it effectively saves unnecessary IP usage in the system.

定义防火墙规则是该方案实现网络安全的核心环节。由于所有私有网络池的虚拟机网关均设置为虚拟路由器的私网网卡IP,因此在跨网络(跨网络指同vlan不同网段之间、不同vlan之间)访问时,所有的外网(不同网段或不同vlan的网络)流量都必须先通过虚拟路由器,再流入虚拟机;类似的,所有的内网流量要到达外网(不同网段或不同vlan的网络)也要先通过虚拟路由器,如图7。因此,通过在虚拟路由中添加防火墙规则,即可控制不同网络之间互访时的流量。 Defining firewall rules is the core of this solution to achieve network security. Since the virtual machine gateways of all private network pools are set to the private network card IP of the virtual router, all external networks (different network segment or different vlan network) traffic must first pass through the virtual router, and then flow into the virtual machine; similarly, all intranet traffic must first pass through the virtual router before reaching the external network (different network segment or different vlan network), Figure 7. Therefore, by adding firewall rules to the virtual router, the flow of mutual access between different networks can be controlled.

如图8,虚拟化网络环境不外乎分为公共区域、私有区域、隔离区域三大类区域。不同区域间,以及同区域的不同网段间互访,均可通过添加防火墙规则进行限制。具体的防火墙规则包括: As shown in Figure 8, the virtualized network environment is nothing more than divided into three categories: public area, private area, and isolated area. Access between different regions and different network segments in the same region can be restricted by adding firewall rules. Specific firewall rules include:

1)数据包过滤:源IP过滤、源IP与目的IP过滤、源IP与目的协议过滤、源MAC地址过滤等; 1) Packet filtering: source IP filtering, source IP and destination IP filtering, source IP and destination protocol filtering, source MAC address filtering, etc.;

2)网络过滤:通过URL过滤、内容分类过滤、关键字过滤等; 2) Network filtering: through URL filtering, content classification filtering, keyword filtering, etc.;

入侵防护:IPS等。 Intrusion prevention: IPS, etc.

Claims (6)

1.一种云计算中心网络安全解决方案,其特征在于:通过引入虚拟交换机与虚拟路由器,将物理层面的网络概念抽象到虚拟层面,在虚拟网络之上实现隔离、防火墙网络安全功能,该方案主要包括:搭建二层虚拟网络,划分子网,部署虚拟路由器,定义防火墙规则,其中: 1. A cloud computing center network security solution, characterized in that: by introducing virtual switches and virtual routers, abstracting the network concept at the physical level to the virtual level, and realizing isolation and firewall network security functions on the virtual network, the solution It mainly includes: building a layer-2 virtual network, dividing subnets, deploying virtual routers, and defining firewall rules, among which: 搭建二层虚拟网络,在物理网络互通的前提下,将服务器网卡抽象为虚拟交换机部件,提供二层网络服务,基于开源虚拟交换机Open vSwitch进行开发,将每台服务器的物理网卡与一台虚拟交换机一对一绑定,抽象形成二层虚拟交换机部件;  Build a layer-2 virtual network. Under the premise of physical network interoperability, the server network card is abstracted into a virtual switch component to provide layer-2 network services. Based on the open source virtual switch Open vSwitch, the physical network card of each server is connected to a virtual switch. One-to-one binding, abstract to form a layer 2 virtual switch component; 划分子网,通过基于VLan与IP池的子网划分方式,有效节省了物理网络IP的使用量,充分满足不同客户的各种网络需求,实现虚拟子网间的隔离;通过在虚拟交换机之上以VLan划分二层虚拟网络,保证系统内各类业务间的数据分离,将复杂的物理网络配置过程,抽象到虚拟层面,节省物理网络IP使用量的同时,简化了网络的配置过程; Divide the subnet, through the subnet division method based on VLan and IP pool, effectively save the usage of physical network IP, fully meet the various network needs of different customers, and realize the isolation between virtual subnets; through the virtual switch Divide the two-layer virtual network with VLan to ensure the data separation between various services in the system, abstract the complex physical network configuration process to the virtual level, save the physical network IP usage, and simplify the network configuration process; 部署虚拟路由器,通过引入虚拟路由器,将物理层面的三层网络概念抽象到虚拟层面,将底层网络的管理功能统一转交给虚拟路由器,使得网管人员不必关心底层网络的具体分布情况,直接通过管理虚拟路由器即可管理整个系统网络的配置与服务,采用自主研发的虚拟路由器,提供NAT、路由、DHCP三层网络服务,实现虚拟子网之间的互联与访问控制; Deploy a virtual router. By introducing a virtual router, the concept of the three-layer network at the physical level is abstracted to the virtual level, and the management functions of the underlying network are uniformly transferred to the virtual router, so that network administrators do not need to care about the specific distribution of the underlying network. The router can manage the configuration and service of the entire system network. The self-developed virtual router is used to provide NAT, routing, and DHCP three-layer network services to realize the interconnection and access control between virtual subnets; 定义防火墙规则,通过向虚拟路由器发送防火墙控制命令,实现对系统网络的统一安全管理,本方案所采用的虚拟路由器根据源 IP 地址、目标 IP 地址、源端口、目标端口、协议5 元组对连接进行筛选和分组,在保证云数据中心各个子网网络性能的同时,保障系统网络的安全性; Define firewall rules, and realize unified security management of the system network by sending firewall control commands to the virtual router. The virtual router used in this solution connects according to the source IP address, destination IP address, source port, destination port, and protocol 5-tuple Perform screening and grouping to ensure the security of the system network while ensuring the network performance of each subnet in the cloud data center; 基于虚拟路由器添加防火墙规则,根据源 IP 地址、目标 IP 地址、源端口、目标端口、协议5 元组对连接进行筛选和分组,对虚拟机之间的流量进行基本的防火墙保护。 Add firewall rules based on the virtual router, filter and group connections according to the source IP address, destination IP address, source port, destination port, and protocol 5-tuple, and perform basic firewall protection on the traffic between virtual machines. 2.根据权利要求1所述的一种云计算中心网络安全解决方案,其特征在于:所述搭建二层虚拟网络,部署步骤如下: 2. A kind of cloud computing center network security solution according to claim 1, characterized in that: said building a two-layer virtual network, the deployment steps are as follows: 1)使用路由器、交换机、防火墙物理设备,将云数据中心的计算、存储资源进行连接,保证物理节点之间、管理节点与物理节点之间、节点与存储之间的网络互通; 1) Use routers, switches, and firewall physical devices to connect computing and storage resources in the cloud data center to ensure network communication between physical nodes, between management nodes and physical nodes, and between nodes and storage; 2)配置虚拟交换机,通过物理网卡抽象虚拟交换机部件,通过基于Open vSwitch的软件方式,将每台服务器上的物理网卡与一台虚拟交换机一对一绑定,形成交换机部件,在交换机上虚拟若干端口,每个端口与云数据中心虚拟机的一块网卡一对一绑定,通过这种方式,实现虚拟机à虚拟机网卡à虚拟端口à虚拟交换机à物理网卡的网络连接方式;多个虚拟交换机能够进行级联设置,组成一个大的分布式虚拟交换机。 2) Configure the virtual switch, abstract the virtual switch components through the physical network card, and bind the physical network card on each server with a virtual switch one-to-one through the software method based on Open vSwitch to form a switch component, and virtualize several on the switch Each port is bound one-to-one to a network card of a virtual machine in the cloud data center. In this way, the network connection mode of virtual machine→virtual machine network card→virtual port→virtual switch→physical network card is realized; multiple virtual switches It can be cascaded to form a large distributed virtual switch. 3.根据权利要求1或2所述的一种云计算中心网络安全解决方案,其特征在于:所述划分子网,按照不同的网络连接方式与隔离手段,将虚拟网络划分为2大类: 3. A kind of cloud computing center network security solution according to claim 1 or 2, characterized in that: the subnetwork is divided into two categories according to different network connection modes and isolation means: 1)公有网络池:公有网络池对应虚拟交换机上直连公网的虚拟端口组,虚拟机使用可以访问公网的IP; 1) Public network pool: The public network pool corresponds to the virtual port group directly connected to the public network on the virtual switch, and the virtual machine uses an IP that can access the public network; 2)私有网络池:私有网络池对应虚拟交换机上设置VLan的虚拟端口组,虚拟机使用特定Vlan下的私网IP,只能在局域网范围内通信,不可访问公网。 2) Private network pool: The private network pool corresponds to the virtual port group of the VLan set on the virtual switch. The virtual machine uses the private network IP under the specific Vlan, and can only communicate within the range of the LAN, and cannot access the public network. 4.根据权利要求3所述的一种云计算中心网络安全解决方案,其特征在于:所述部署虚拟路由器,通过引入虚拟路由器,单独创建一个系统虚拟机,在其中添加路由核心服务、管理服务与SSH交互服务,统一封装成虚拟路由器的形式,为虚拟路由器设置两个网卡,分别连接私网虚拟交换机的端口与公网虚拟交换机的端口,并设置私网与公网IP,保证虚拟路由器可以与公网、私网连通;虚拟路由器的私网IP,即为所连接的私网虚拟交换机的网关,所有连接该私网虚拟交换机的虚拟机,通过将该虚拟路由器的私网IP设置为自身的网关,实现虚拟路由器对虚拟机网络的管理,虚拟路由器以虚拟机模版的形式提供,便于快速部署;通过虚拟路由,将各类网络连接起来,虚拟机使用私网IP,通过虚拟路由器,进行NAT与路由处理,实现与公网或隔离子网间的互联。 4. A kind of cloud computing center network security solution according to claim 3, it is characterized in that: described deployment virtual router, by introducing virtual router, create a system virtual machine separately, add routing core service, management service therein Interactive service with SSH, uniformly packaged into the form of a virtual router, set two network cards for the virtual router, respectively connect the port of the private network virtual switch and the port of the public network virtual switch, and set the private network and public network IP to ensure that the virtual router can It is connected to the public network and private network; the private network IP of the virtual router is the gateway of the connected private network virtual switch, and all virtual machines connected to the private network virtual switch can set the private network IP of the virtual router as their own The gateway realizes the management of the virtual machine network by the virtual router. The virtual router is provided in the form of a virtual machine template, which is convenient for rapid deployment; through the virtual router, various types of networks are connected, and the virtual machine uses the private network IP through the virtual router. NAT and routing processing to realize the interconnection with the public network or isolated subnets. 5.根据权利要求4所述的一种云计算中心网络安全解决方案,其特征在于:通过在虚拟路由中添加防火墙规则,控制不同网络之间互访时的流量。 5. A cloud computing center network security solution according to claim 4, characterized in that: by adding firewall rules in the virtual router, the flow of mutual visits between different networks is controlled. 6.根据权利要求5所述的一种云计算中心网络安全解决方案,其特征在于:所述防火墙规则包括: 6. A kind of cloud computing center network security solution according to claim 5, is characterized in that: described firewall rule comprises: 1)数据包过滤:源IP过滤、源IP与目的IP过滤、源IP与目的协议过滤、源MAC地址过滤等; 1) Packet filtering: source IP filtering, source IP and destination IP filtering, source IP and destination protocol filtering, source MAC address filtering, etc.; 2)网络过滤:通过URL过滤、内容分类过滤、关键字过滤等; 2) Network filtering: through URL filtering, content classification filtering, keyword filtering, etc.; 3)入侵防护。 3) Intrusion prevention.
CN201410011353.1A 2014-01-10 2014-01-10 Network security solution for cloud computing center Pending CN103746997A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410011353.1A CN103746997A (en) 2014-01-10 2014-01-10 Network security solution for cloud computing center

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410011353.1A CN103746997A (en) 2014-01-10 2014-01-10 Network security solution for cloud computing center

Publications (1)

Publication Number Publication Date
CN103746997A true CN103746997A (en) 2014-04-23

Family

ID=50503984

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410011353.1A Pending CN103746997A (en) 2014-01-10 2014-01-10 Network security solution for cloud computing center

Country Status (1)

Country Link
CN (1) CN103746997A (en)

Cited By (77)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104394130A (en) * 2014-11-12 2015-03-04 国云科技股份有限公司 A multi-tenant virtual network isolating method
CN104468746A (en) * 2014-11-23 2015-03-25 国云科技股份有限公司 A distributed virtual network implementation method suitable for cloud platform
CN104468775A (en) * 2014-12-05 2015-03-25 国云科技股份有限公司 Distributed router obtaining method suitable for cloud computing
CN104486192A (en) * 2014-12-05 2015-04-01 国云科技股份有限公司 VLAN (Virtual Local Area Network) isolation method
CN104579778A (en) * 2015-01-07 2015-04-29 浪潮电子信息产业股份有限公司 Simple implementation method for enterprise internal network virtualization
CN104660479A (en) * 2015-02-13 2015-05-27 南京华讯方舟通信设备有限公司 Networking method and network system
CN104767745A (en) * 2015-03-26 2015-07-08 浪潮集团有限公司 A cloud data security protection method
CN104869058A (en) * 2015-06-04 2015-08-26 北京京东尚科信息技术有限公司 Method and device for transmitting data message
CN105100026A (en) * 2014-05-22 2015-11-25 杭州华三通信技术有限公司 Safe message forwarding method and safe message forwarding device
CN105391771A (en) * 2015-10-16 2016-03-09 张陵 Multi-tenant-oriented cloud network architecture
CN105577702A (en) * 2016-03-15 2016-05-11 耿童童 Virtual machine level security protection system and method
CN105656916A (en) * 2016-01-29 2016-06-08 浪潮(北京)电子信息产业有限公司 Cloud data center service subnet security management method and system
CN105991790A (en) * 2015-04-21 2016-10-05 杭州迪普科技有限公司 Virtual device policy configuration method and virtual device policy configuration device
CN106302466A (en) * 2016-08-17 2017-01-04 东软集团股份有限公司 The management method of a kind of fire wall and system
CN106375459A (en) * 2016-09-12 2017-02-01 国网江苏省电力公司南京供电公司 Mass data analysis device and method in isolated networks
CN106685903A (en) * 2015-11-10 2017-05-17 中国电信股份有限公司 Data transmission method based on SDN, SDN controller and SDN system
CN106685825A (en) * 2017-02-18 2017-05-17 郑州云海信息技术有限公司 Cloud routing network management method and system based on cloud computing
CN106878075A (en) * 2017-02-17 2017-06-20 新华三技术有限公司 A kind of message processing method and device
CN107046546A (en) * 2017-05-18 2017-08-15 郑州云海信息技术有限公司 A kind of network safety control method and device
CN107332791A (en) * 2017-07-25 2017-11-07 郑州云海信息技术有限公司 A kind of method and apparatus that network is created with virtual switch
CN107346259A (en) * 2017-05-10 2017-11-14 国家计算机网络与信息安全管理中心 A kind of implementation method of Dynamical Deployment security capabilities
CN107508845A (en) * 2016-06-14 2017-12-22 中兴通讯股份有限公司 A kind of group network system, network share method and system
CN107566150A (en) * 2016-07-01 2018-01-09 华为技术有限公司 Handle the method and physical node of cloud resource
CN107888543A (en) * 2016-09-30 2018-04-06 江苏神州信源系统工程有限公司 Based on the method and system that company-data safety is protected under distributed type assemblies environment
CN108123818A (en) * 2016-11-30 2018-06-05 江南大学 A kind of emulation mode of the expansible fusion of actual situation network agile
CN108833435A (en) * 2018-07-03 2018-11-16 郑州云海信息技术有限公司 A network access control method and device, and network system
CN108965094A (en) * 2018-08-23 2018-12-07 郑州云海信息技术有限公司 A kind of virtual machine network connection method and device
CN109039913A (en) * 2018-08-23 2018-12-18 郑州云海信息技术有限公司 Virtual routing device and virtual machine communication system
CN109347715A (en) * 2018-07-17 2019-02-15 中国银联股份有限公司 A method and system for private line network access for external tenants
CN109413052A (en) * 2018-10-09 2019-03-01 郑州云海信息技术有限公司 Virtual machine communication system and virtual machine
CN109428863A (en) * 2017-08-30 2019-03-05 阿里巴巴集团控股有限公司 Safety protecting method, data processing method, device and the equipment of container service
CN109547239A (en) * 2018-11-14 2019-03-29 赵显涛 Strange land cloud data center management system based on three-layer network framework
CN109617720A (en) * 2018-12-11 2019-04-12 郑州云海信息技术有限公司 A method and device for allocating network resources
CN109787938A (en) * 2017-11-14 2019-05-21 中国电信股份有限公司 Realize the method, apparatus and computer readable storage medium of access virtual private cloud
CN109889529A (en) * 2019-03-01 2019-06-14 国电南瑞科技股份有限公司 A Firewall Implementation Method of Communication Controller Based on IPTABLE
CN110336730A (en) * 2019-07-09 2019-10-15 腾讯科技(深圳)有限公司 A kind of network system and data transmission method
CN110611588A (en) * 2019-09-02 2019-12-24 深信服科技股份有限公司 Network creation method, server, computer readable storage medium and system
CN111327531A (en) * 2018-12-17 2020-06-23 中兴通讯股份有限公司 VDC-based routing configuration method, device, equipment and readable storage medium
CN111371591A (en) * 2020-02-16 2020-07-03 苏州浪潮智能科技有限公司 Configuration method and system for rapidly deploying SDN networking in double-machine virtualization
US10728090B2 (en) 2016-12-02 2020-07-28 Nutanix, Inc. Configuring network segmentation for a virtualization environment
CN111510310A (en) * 2019-01-30 2020-08-07 顺丰科技有限公司 Method and device for realizing network mode under public cloud architecture
CN111628883A (en) * 2019-02-28 2020-09-04 Ovh公司 Methods for deploying network configurations in data centers with points of presence
CN111654493A (en) * 2020-06-02 2020-09-11 山东汇贸电子口岸有限公司 Method, system, storage medium and electronic device for intercepting specified flow in Openstack
CN111770000A (en) * 2020-05-21 2020-10-13 苏州浪潮智能科技有限公司 A kind of network port rate testing method and system
CN112099913A (en) * 2020-09-01 2020-12-18 北京思特奇信息技术股份有限公司 Method for realizing safety isolation of virtual machine based on OpenStack
CN112104492A (en) * 2020-09-07 2020-12-18 紫光云(南京)数字技术有限公司 Networking structure of cloud computing data center
CN112218269A (en) * 2020-10-10 2021-01-12 中车青岛四方机车车辆股份有限公司 A train information security gateway system, data transmission method and locomotive
CN113194020A (en) * 2021-05-24 2021-07-30 上海层峰网络科技有限公司 Virtual network interaction method and virtual network architecture
US20210349858A1 (en) * 2020-05-08 2021-11-11 Nutanix, Inc. Managing incremental snapshots for fast leader node bring-up
US11194680B2 (en) 2018-07-20 2021-12-07 Nutanix, Inc. Two node clusters recovery on a failure
CN113839876A (en) * 2021-10-28 2021-12-24 上海云轴信息科技有限公司 Transmission path optimization method and equipment for internal network
US11218418B2 (en) 2016-05-20 2022-01-04 Nutanix, Inc. Scalable leadership election in a multi-processing computing environment
CN114006909A (en) * 2021-11-11 2022-02-01 四川中电启明星信息技术有限公司 Method and system for point-to-point unidirectional dynamic private line connection between private cloud tenants
US11310286B2 (en) 2014-05-09 2022-04-19 Nutanix, Inc. Mechanism for providing external access to a secured networked virtualization environment
US20220237018A1 (en) * 2015-10-22 2022-07-28 Ribbon Communications Operating Company, Inc. Isolated physical networks for network function virtualization
CN114938318A (en) * 2022-05-11 2022-08-23 浪潮云信息技术股份公司 Cross-regional peer-to-peer connection implementation method based on elastic public network IP
US11537384B2 (en) 2016-02-12 2022-12-27 Nutanix, Inc. Virtualized file server distribution across clusters
CN116055482A (en) * 2022-12-05 2023-05-02 中信银行股份有限公司 Method, system, terminal device and storage medium for cloud platform configuration backup scheme
US11675746B2 (en) 2018-04-30 2023-06-13 Nutanix, Inc. Virtualized server systems and methods including domain joining techniques
US11770447B2 (en) 2018-10-31 2023-09-26 Nutanix, Inc. Managing high-availability file servers
US11775397B2 (en) 2016-12-05 2023-10-03 Nutanix, Inc. Disaster recovery for distributed file servers, including metadata fixers
CN117040933A (en) * 2023-10-09 2023-11-10 苏州元脑智能科技有限公司 Cross-regional network drainage processing method, security processing method, device and equipment
WO2024001017A1 (en) * 2022-06-30 2024-01-04 苏州元脑智能科技有限公司 Firewall setting method and system, device, and nonvolatile readable storage medium
US11907766B2 (en) 2020-11-04 2024-02-20 International Business Machines Corporation Shared enterprise cloud
US11922203B2 (en) 2016-12-06 2024-03-05 Nutanix, Inc. Virtualized server systems and methods including scaling of file system virtual machines
US11954078B2 (en) 2016-12-06 2024-04-09 Nutanix, Inc. Cloning virtualized file servers
CN118157971A (en) * 2024-03-25 2024-06-07 中国人民解放军61660部队 Elastic defense system and method for generalized end node of information network
US12072770B2 (en) 2021-08-19 2024-08-27 Nutanix, Inc. Share-based file server replication for disaster recovery
WO2024207308A1 (en) * 2023-04-06 2024-10-10 Huawei Cloud Computing Technologies Co., Ltd. Method and system for managing a virtual private cloud, vpc, network configuration
US12117972B2 (en) 2021-08-19 2024-10-15 Nutanix, Inc. File server managers and systems for managing virtualized file servers
US12131192B2 (en) 2021-03-18 2024-10-29 Nutanix, Inc. Scope-based distributed lock infrastructure for virtualized file server
CN118869629A (en) * 2024-09-23 2024-10-29 浙江云针信息科技有限公司 A virtual networking method and computer topology network
US12189499B2 (en) 2022-07-29 2025-01-07 Nutanix, Inc. Self-service restore (SSR) snapshot replication with share-level file system disaster recovery on virtualized file servers
CN119316262A (en) * 2024-08-26 2025-01-14 山东爱特云翔信息技术有限公司 A network management method and system for data center network
US12400015B2 (en) 2016-12-02 2025-08-26 Nutanix, Inc. Handling permissions for virtualized file servers
US12461832B2 (en) 2023-09-27 2025-11-04 Nutanix, Inc. Durable handle management for failover in distributed file servers
US12541431B2 (en) 2019-12-31 2026-02-03 Nutanix, Inc. Parallel change file tracking in a distributed file server virtual machine (FSVM) architecture

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7468986B2 (en) * 2002-11-15 2008-12-23 At&T Intellectual Property I.L.P. Virtual interworking trunk interface and method of operating a universal virtual private network device
US20110022695A1 (en) * 2009-07-27 2011-01-27 Vmware, Inc. Management and Implementation of Enclosed Local Networks in a Virtual Lab
CN102255903A (en) * 2011-07-07 2011-11-23 广州杰赛科技股份有限公司 Safety isolation method for virtual network and physical network of cloud computing
CN103139039A (en) * 2013-02-25 2013-06-05 汉柏科技有限公司 Virtual network capable of achieving flow isolation control and construction method
CN103152256A (en) * 2013-02-22 2013-06-12 浪潮电子信息产业股份有限公司 Virtual routing network design method based on cloud computing data center
CN103595772A (en) * 2013-11-01 2014-02-19 浪潮电子信息产业股份有限公司 Cloud data center network deployment scheme based on virtual router

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7468986B2 (en) * 2002-11-15 2008-12-23 At&T Intellectual Property I.L.P. Virtual interworking trunk interface and method of operating a universal virtual private network device
US20110022695A1 (en) * 2009-07-27 2011-01-27 Vmware, Inc. Management and Implementation of Enclosed Local Networks in a Virtual Lab
CN102255903A (en) * 2011-07-07 2011-11-23 广州杰赛科技股份有限公司 Safety isolation method for virtual network and physical network of cloud computing
CN103152256A (en) * 2013-02-22 2013-06-12 浪潮电子信息产业股份有限公司 Virtual routing network design method based on cloud computing data center
CN103139039A (en) * 2013-02-25 2013-06-05 汉柏科技有限公司 Virtual network capable of achieving flow isolation control and construction method
CN103595772A (en) * 2013-11-01 2014-02-19 浪潮电子信息产业股份有限公司 Cloud data center network deployment scheme based on virtual router

Cited By (123)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11310286B2 (en) 2014-05-09 2022-04-19 Nutanix, Inc. Mechanism for providing external access to a secured networked virtualization environment
CN105100026B (en) * 2014-05-22 2018-07-20 新华三技术有限公司 A kind of safe retransmission method of message and device
CN105100026A (en) * 2014-05-22 2015-11-25 杭州华三通信技术有限公司 Safe message forwarding method and safe message forwarding device
CN104394130A (en) * 2014-11-12 2015-03-04 国云科技股份有限公司 A multi-tenant virtual network isolating method
CN104394130B (en) * 2014-11-12 2017-07-25 国云科技股份有限公司 A kind of multi-tenant virtual network partition method
CN104468746A (en) * 2014-11-23 2015-03-25 国云科技股份有限公司 A distributed virtual network implementation method suitable for cloud platform
CN104486192B (en) * 2014-12-05 2019-02-01 国云科技股份有限公司 A kind of virtual network partition method
CN104468775A (en) * 2014-12-05 2015-03-25 国云科技股份有限公司 Distributed router obtaining method suitable for cloud computing
CN104486192A (en) * 2014-12-05 2015-04-01 国云科技股份有限公司 VLAN (Virtual Local Area Network) isolation method
CN104468775B (en) * 2014-12-05 2017-10-10 国云科技股份有限公司 A kind of distribution router implementation method suitable for cloud computing
CN104579778A (en) * 2015-01-07 2015-04-29 浪潮电子信息产业股份有限公司 Simple implementation method for enterprise internal network virtualization
CN104660479A (en) * 2015-02-13 2015-05-27 南京华讯方舟通信设备有限公司 Networking method and network system
CN104767745A (en) * 2015-03-26 2015-07-08 浪潮集团有限公司 A cloud data security protection method
CN105991790A (en) * 2015-04-21 2016-10-05 杭州迪普科技有限公司 Virtual device policy configuration method and virtual device policy configuration device
CN104869058A (en) * 2015-06-04 2015-08-26 北京京东尚科信息技术有限公司 Method and device for transmitting data message
CN104869058B (en) * 2015-06-04 2018-10-19 北京京东尚科信息技术有限公司 A kind of data message forwarding method and device
CN105391771A (en) * 2015-10-16 2016-03-09 张陵 Multi-tenant-oriented cloud network architecture
CN105391771B (en) * 2015-10-16 2018-11-02 北京云启志新科技股份有限公司 A kind of cloud network system towards multi-tenant
US20220237018A1 (en) * 2015-10-22 2022-07-28 Ribbon Communications Operating Company, Inc. Isolated physical networks for network function virtualization
US12293209B2 (en) * 2015-10-22 2025-05-06 Ribbon Communications Operating Company, Inc. Isolated physical networks for network function virtualization
CN106685903B (en) * 2015-11-10 2021-04-09 中国电信股份有限公司 SDN-based data transmission method, SDN controller and SDN system
CN106685903A (en) * 2015-11-10 2017-05-17 中国电信股份有限公司 Data transmission method based on SDN, SDN controller and SDN system
CN105656916A (en) * 2016-01-29 2016-06-08 浪潮(北京)电子信息产业有限公司 Cloud data center service subnet security management method and system
US11922157B2 (en) 2016-02-12 2024-03-05 Nutanix, Inc. Virtualized file server
US11537384B2 (en) 2016-02-12 2022-12-27 Nutanix, Inc. Virtualized file server distribution across clusters
US11669320B2 (en) 2016-02-12 2023-06-06 Nutanix, Inc. Self-healing virtualized file server
US11947952B2 (en) 2016-02-12 2024-04-02 Nutanix, Inc. Virtualized file server disaster recovery
US11966729B2 (en) 2016-02-12 2024-04-23 Nutanix, Inc. Virtualized file server
US11966730B2 (en) 2016-02-12 2024-04-23 Nutanix, Inc. Virtualized file server smart data ingestion
US12014166B2 (en) 2016-02-12 2024-06-18 Nutanix, Inc. Virtualized file server user views
US11645065B2 (en) 2016-02-12 2023-05-09 Nutanix, Inc. Virtualized file server user views
US12135963B2 (en) 2016-02-12 2024-11-05 Nutanix, Inc. Virtualized file server distribution across clusters
US12307238B2 (en) 2016-02-12 2025-05-20 Nutanix, Inc. Self-healing virtualized file server
US12153913B2 (en) 2016-02-12 2024-11-26 Nutanix, Inc. Virtualized file server deployment
US12217039B2 (en) 2016-02-12 2025-02-04 Nutanix, Inc. Virtualized file server data sharing
CN105577702A (en) * 2016-03-15 2016-05-11 耿童童 Virtual machine level security protection system and method
US11888599B2 (en) 2016-05-20 2024-01-30 Nutanix, Inc. Scalable leadership election in a multi-processing computing environment
US11218418B2 (en) 2016-05-20 2022-01-04 Nutanix, Inc. Scalable leadership election in a multi-processing computing environment
CN107508845A (en) * 2016-06-14 2017-12-22 中兴通讯股份有限公司 A kind of group network system, network share method and system
US10897431B2 (en) 2016-07-01 2021-01-19 Huawei Technologies Co., Ltd. Cloud resource processing method and physical node
CN107566150A (en) * 2016-07-01 2018-01-09 华为技术有限公司 Handle the method and physical node of cloud resource
CN107566150B (en) * 2016-07-01 2020-04-28 华为技术有限公司 Method for processing cloud resources and physical node
CN106302466B (en) * 2016-08-17 2019-04-26 东软集团股份有限公司 A kind of management method and system of firewall
CN106302466A (en) * 2016-08-17 2017-01-04 东软集团股份有限公司 The management method of a kind of fire wall and system
CN106375459B (en) * 2016-09-12 2021-07-16 国网江苏省电力公司南京供电公司 A device and method for analyzing massive data in an isolated network
CN106375459A (en) * 2016-09-12 2017-02-01 国网江苏省电力公司南京供电公司 Mass data analysis device and method in isolated networks
CN107888543A (en) * 2016-09-30 2018-04-06 江苏神州信源系统工程有限公司 Based on the method and system that company-data safety is protected under distributed type assemblies environment
CN108123818A (en) * 2016-11-30 2018-06-05 江南大学 A kind of emulation mode of the expansible fusion of actual situation network agile
CN108123818B (en) * 2016-11-30 2020-10-09 江南大学 A simulation method for flexible and scalable fusion of virtual and real networks
US10728090B2 (en) 2016-12-02 2020-07-28 Nutanix, Inc. Configuring network segmentation for a virtualization environment
US12400015B2 (en) 2016-12-02 2025-08-26 Nutanix, Inc. Handling permissions for virtualized file servers
US11775397B2 (en) 2016-12-05 2023-10-03 Nutanix, Inc. Disaster recovery for distributed file servers, including metadata fixers
US11954078B2 (en) 2016-12-06 2024-04-09 Nutanix, Inc. Cloning virtualized file servers
US11922203B2 (en) 2016-12-06 2024-03-05 Nutanix, Inc. Virtualized server systems and methods including scaling of file system virtual machines
CN106878075B (en) * 2017-02-17 2019-08-06 新华三技术有限公司 A kind of message processing method and device
CN106878075A (en) * 2017-02-17 2017-06-20 新华三技术有限公司 A kind of message processing method and device
CN106685825A (en) * 2017-02-18 2017-05-17 郑州云海信息技术有限公司 Cloud routing network management method and system based on cloud computing
CN107346259A (en) * 2017-05-10 2017-11-14 国家计算机网络与信息安全管理中心 A kind of implementation method of Dynamical Deployment security capabilities
CN107046546A (en) * 2017-05-18 2017-08-15 郑州云海信息技术有限公司 A kind of network safety control method and device
CN107332791A (en) * 2017-07-25 2017-11-07 郑州云海信息技术有限公司 A kind of method and apparatus that network is created with virtual switch
CN109428863A (en) * 2017-08-30 2019-03-05 阿里巴巴集团控股有限公司 Safety protecting method, data processing method, device and the equipment of container service
CN109428863B (en) * 2017-08-30 2022-08-02 阿里巴巴集团控股有限公司 Safety protection method, data processing method, device and equipment for container service
CN109787938A (en) * 2017-11-14 2019-05-21 中国电信股份有限公司 Realize the method, apparatus and computer readable storage medium of access virtual private cloud
CN109787938B (en) * 2017-11-14 2021-04-30 中国电信股份有限公司 Method and device for realizing access to virtual private cloud and computer readable storage medium
US11675746B2 (en) 2018-04-30 2023-06-13 Nutanix, Inc. Virtualized server systems and methods including domain joining techniques
CN108833435A (en) * 2018-07-03 2018-11-16 郑州云海信息技术有限公司 A network access control method and device, and network system
CN109347715B (en) * 2018-07-17 2021-03-30 中国银联股份有限公司 A method and system for private line network access for external tenants
CN109347715A (en) * 2018-07-17 2019-02-15 中国银联股份有限公司 A method and system for private line network access for external tenants
US11194680B2 (en) 2018-07-20 2021-12-07 Nutanix, Inc. Two node clusters recovery on a failure
CN108965094A (en) * 2018-08-23 2018-12-07 郑州云海信息技术有限公司 A kind of virtual machine network connection method and device
CN109039913A (en) * 2018-08-23 2018-12-18 郑州云海信息技术有限公司 Virtual routing device and virtual machine communication system
CN109413052A (en) * 2018-10-09 2019-03-01 郑州云海信息技术有限公司 Virtual machine communication system and virtual machine
US11770447B2 (en) 2018-10-31 2023-09-26 Nutanix, Inc. Managing high-availability file servers
CN109547239A (en) * 2018-11-14 2019-03-29 赵显涛 Strange land cloud data center management system based on three-layer network framework
CN109617720B (en) * 2018-12-11 2022-02-25 郑州云海信息技术有限公司 Method and device for distributing network resources
CN109617720A (en) * 2018-12-11 2019-04-12 郑州云海信息技术有限公司 A method and device for allocating network resources
CN111327531B (en) * 2018-12-17 2022-08-02 中兴通讯股份有限公司 VDC-based routing configuration method, device, equipment and readable storage medium
CN111327531A (en) * 2018-12-17 2020-06-23 中兴通讯股份有限公司 VDC-based routing configuration method, device, equipment and readable storage medium
CN111510310A (en) * 2019-01-30 2020-08-07 顺丰科技有限公司 Method and device for realizing network mode under public cloud architecture
CN111628883A (en) * 2019-02-28 2020-09-04 Ovh公司 Methods for deploying network configurations in data centers with points of presence
CN111628883B (en) * 2019-02-28 2023-01-10 Ovh公司 Methodology for Deploying Network Configurations in Data Centers with Points of Presence
CN109889529A (en) * 2019-03-01 2019-06-14 国电南瑞科技股份有限公司 A Firewall Implementation Method of Communication Controller Based on IPTABLE
CN110336730A (en) * 2019-07-09 2019-10-15 腾讯科技(深圳)有限公司 A kind of network system and data transmission method
CN110336730B (en) * 2019-07-09 2022-01-18 腾讯科技(深圳)有限公司 Network system and data transmission method
CN110611588B (en) * 2019-09-02 2022-04-29 深信服科技股份有限公司 Network creation method, server, computer readable storage medium and system
CN110611588A (en) * 2019-09-02 2019-12-24 深信服科技股份有限公司 Network creation method, server, computer readable storage medium and system
US12541431B2 (en) 2019-12-31 2026-02-03 Nutanix, Inc. Parallel change file tracking in a distributed file server virtual machine (FSVM) architecture
CN111371591B (en) * 2020-02-16 2022-12-20 苏州浪潮智能科技有限公司 Configuration method and system for rapidly deploying SDN networking in dual-machine virtualization
CN111371591A (en) * 2020-02-16 2020-07-03 苏州浪潮智能科技有限公司 Configuration method and system for rapidly deploying SDN networking in double-machine virtualization
US11768809B2 (en) 2020-05-08 2023-09-26 Nutanix, Inc. Managing incremental snapshots for fast leader node bring-up
US20210349858A1 (en) * 2020-05-08 2021-11-11 Nutanix, Inc. Managing incremental snapshots for fast leader node bring-up
CN111770000B (en) * 2020-05-21 2021-08-06 苏州浪潮智能科技有限公司 A kind of network port rate testing method and system
CN111770000A (en) * 2020-05-21 2020-10-13 苏州浪潮智能科技有限公司 A kind of network port rate testing method and system
CN111654493A (en) * 2020-06-02 2020-09-11 山东汇贸电子口岸有限公司 Method, system, storage medium and electronic device for intercepting specified flow in Openstack
CN111654493B (en) * 2020-06-02 2022-04-12 浪潮云信息技术股份公司 Method, system, storage medium and electronic device for intercepting specified traffic in Openstack
CN112099913B (en) * 2020-09-01 2023-12-01 北京思特奇信息技术股份有限公司 Method for realizing virtual machine security isolation based on OpenStack
CN112099913A (en) * 2020-09-01 2020-12-18 北京思特奇信息技术股份有限公司 Method for realizing safety isolation of virtual machine based on OpenStack
CN112104492A (en) * 2020-09-07 2020-12-18 紫光云(南京)数字技术有限公司 Networking structure of cloud computing data center
CN112218269A (en) * 2020-10-10 2021-01-12 中车青岛四方机车车辆股份有限公司 A train information security gateway system, data transmission method and locomotive
CN112218269B (en) * 2020-10-10 2022-12-30 中车青岛四方机车车辆股份有限公司 Train information security gateway system, data transmission method and locomotive
US11907766B2 (en) 2020-11-04 2024-02-20 International Business Machines Corporation Shared enterprise cloud
US12131192B2 (en) 2021-03-18 2024-10-29 Nutanix, Inc. Scope-based distributed lock infrastructure for virtualized file server
CN113194020A (en) * 2021-05-24 2021-07-30 上海层峰网络科技有限公司 Virtual network interaction method and virtual network architecture
CN113194020B (en) * 2021-05-24 2022-09-09 臻乐尔科技服务(上海)有限公司 Virtual network interaction method and virtual network architecture
US12117972B2 (en) 2021-08-19 2024-10-15 Nutanix, Inc. File server managers and systems for managing virtualized file servers
US12072770B2 (en) 2021-08-19 2024-08-27 Nutanix, Inc. Share-based file server replication for disaster recovery
CN113839876B (en) * 2021-10-28 2023-05-02 上海云轴信息科技有限公司 Transmission path optimization method and equipment for internal network
CN113839876A (en) * 2021-10-28 2021-12-24 上海云轴信息科技有限公司 Transmission path optimization method and equipment for internal network
CN114006909A (en) * 2021-11-11 2022-02-01 四川中电启明星信息技术有限公司 Method and system for point-to-point unidirectional dynamic private line connection between private cloud tenants
CN114006909B (en) * 2021-11-11 2023-05-26 四川中电启明星信息技术有限公司 Method and system for point-to-point unidirectional dynamic private line connection between private cloud tenants
CN114938318B (en) * 2022-05-11 2024-03-26 浪潮云信息技术股份公司 Cross-region peer-to-peer connection realization method based on elastic public network IP
CN114938318A (en) * 2022-05-11 2022-08-23 浪潮云信息技术股份公司 Cross-regional peer-to-peer connection implementation method based on elastic public network IP
WO2024001017A1 (en) * 2022-06-30 2024-01-04 苏州元脑智能科技有限公司 Firewall setting method and system, device, and nonvolatile readable storage medium
US12189499B2 (en) 2022-07-29 2025-01-07 Nutanix, Inc. Self-service restore (SSR) snapshot replication with share-level file system disaster recovery on virtualized file servers
CN116055482A (en) * 2022-12-05 2023-05-02 中信银行股份有限公司 Method, system, terminal device and storage medium for cloud platform configuration backup scheme
WO2024207308A1 (en) * 2023-04-06 2024-10-10 Huawei Cloud Computing Technologies Co., Ltd. Method and system for managing a virtual private cloud, vpc, network configuration
US12461832B2 (en) 2023-09-27 2025-11-04 Nutanix, Inc. Durable handle management for failover in distributed file servers
CN117040933B (en) * 2023-10-09 2024-02-13 苏州元脑智能科技有限公司 Cross-regional network drainage processing method, security processing method, device and equipment
CN117040933A (en) * 2023-10-09 2023-11-10 苏州元脑智能科技有限公司 Cross-regional network drainage processing method, security processing method, device and equipment
CN118157971A (en) * 2024-03-25 2024-06-07 中国人民解放军61660部队 Elastic defense system and method for generalized end node of information network
CN118157971B (en) * 2024-03-25 2024-09-27 中国人民解放军61660部队 Elastic defense system and method for generalized end node of information network
CN119316262A (en) * 2024-08-26 2025-01-14 山东爱特云翔信息技术有限公司 A network management method and system for data center network
CN118869629A (en) * 2024-09-23 2024-10-29 浙江云针信息科技有限公司 A virtual networking method and computer topology network

Similar Documents

Publication Publication Date Title
CN103746997A (en) Network security solution for cloud computing center
EP4183120B1 (en) Interface-based acls in an layer-2 network
CN107925589B (en) Method and medium for processing remote device data messages entering a logical overlay network
US11888899B2 (en) Flow-based forwarding element configuration
CN104813611B (en) Virtual Device Context (VDC) integration for web services
US10938681B2 (en) Context-aware network introspection in software-defined networking (SDN) environments
CN114338606B (en) A public cloud network configuration method and related equipment
EP3363176B1 (en) Hybrid cloud security groups
Chen et al. Collaborative network security in multi-tenant data center for cloud computing
CN104685500B (en) The method and system of application security strategy in overlay network
US8370834B2 (en) Routing across a virtual network
CN105814554B (en) Access Control Based on Identity and Access Management in Virtual Networks
EP2909780B1 (en) Providing a virtual security appliance architecture to a virtual cloud infrastructure
US11102186B2 (en) Packet capture in software-defined networking (SDN) environments
US20190250938A1 (en) Computer system architecture and computer network infrastructure including a plurality of such computer system architectures
CN103595772A (en) Cloud data center network deployment scheme based on virtual router
JP2019525669A (en) Extend network control system to public cloud
CN105656916A (en) Cloud data center service subnet security management method and system
US11470071B2 (en) Authentication for logical overlay network traffic
US10862850B2 (en) Network-address-to-identifier translation in virtualized computing environments
JP2024503322A (en) Layer 2 networking storm control in virtualized cloud environments
JP2024503318A (en) Layer 2 networking using access control lists in virtualized cloud environments
Keeriyattil Microsegmentation and zero trust: Introduction
Bondan et al. Management requirements for ClickOS-based network function virtualization
Vrijders et al. Reducing the complexity of virtual machine networking

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20140423