CN109327416B - Access control method and device for private cloud in SDN network - Google Patents
Access control method and device for private cloud in SDN network Download PDFInfo
- Publication number
- CN109327416B CN109327416B CN201710642607.3A CN201710642607A CN109327416B CN 109327416 B CN109327416 B CN 109327416B CN 201710642607 A CN201710642607 A CN 201710642607A CN 109327416 B CN109327416 B CN 109327416B
- Authority
- CN
- China
- Prior art keywords
- access
- host
- address
- domain
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses an access control method of a private cloud in an SDN network, which comprises the following steps: closing the corresponding address function of the equipment in the private cloud, defining each access equipment as an access domain, and acquiring host information and address information in the access domain; according to the obtained host information and address information in the access domain, configuring the corresponding relation between the host and the address in the access domain, and setting access rules of the access domain to each address, wherein the access rules comprise access rules set on access equipment and access rules set on the host; determining accessible host information located in the same access domain in the access requirements according to external access requirements in combination with the host information of the access domain; and accessing the determined accessible host according to the access rule. The embodiment of the invention also discloses an access control device of the private cloud in the SDN network.
Description
Technical Field
The invention relates to computer software, in particular to a private cloud host access control technology.
Background
Private cloud, Private cloud (Private cloud) is built for one company to use alone, thus providing the most effective control of data, security and quality of service. The company owns the infrastructure and can control the manner in which applications are deployed on this infrastructure.
With the development of cloud computing technology, more and more companies apply private cloud platforms. However, how to manage and control the mutual access of hosts in a private cloud platform, especially a private cloud platform spanning multiple IDC rooms, has not been solved effectively. The existing scheme is to reform the virtual machine to send out a data packet, attach information of an extended VLAN to the data packet, and divide a private cloud platform into a plurality of subnets. However, this solution requires a module for processing data packets to be added to the host, and does not solve the problem of accessing the host across subnets.
Therefore, the problem of access control among all subnet hosts of the private cloud needs to be solved urgently.
Disclosure of Invention
The invention provides an access control method for a private cloud in an SDN network, which comprises the following steps:
closing the corresponding address function of the equipment in the private cloud, defining each access equipment as an access domain, and acquiring host information and address information in the access domain;
according to the obtained host information and address information in the access domain, configuring the corresponding relation between the host and the address in the access domain, and setting access rules of the access domain to each address, wherein the access rules comprise access rules set on access equipment and access rules set on the host;
determining accessible host information located in the same access domain in the access requirements according to external access requirements in combination with the host information of the access domain;
and accessing the determined accessible host according to the access rule.
The method further comprises the following steps:
and discarding the data packet of which the address or the port can not be found during the access.
The configuring the corresponding relationship between the host and the address in the access domain specifically includes:
configuring the corresponding relation between the host address and the MAC address connected to the access equipment according to the access equipment in the access domain;
on a host in the access domain, a correspondence between a host-accessible host address and the host's MAC address is configured.
The access rule set on the access device specifically includes:
the IP address and the MAC address of a host connected with the access equipment are paired in an address resolution protocol;
and forwarding the MAC address of the destination address, which is connected to the access equipment host, and the MAC address of the access network port to the corresponding ports.
The access rule set on the host specifically includes:
the IP address of the accessible host in the same access domain is paired with the MAC address of the host in an address resolution protocol;
an accessible host IP address that is not in the same access domain is paired in an address resolution protocol with an access network port MAC address of an access device of the access domain.
The invention also discloses an access control device of the private cloud in the SDN network, which is characterized by comprising the following components:
the system comprises an information acquisition unit, a processing unit and a processing unit, wherein the information acquisition unit is used for closing the corresponding address function of equipment in a private cloud, defining each access equipment as an access domain and acquiring host information and address information in the access domain;
an access rule setting unit, configured to configure, according to the information acquired by the information acquisition unit, a correspondence between the host and the address in the access domain, and set an access rule for each address in the access domain, where the access rule includes an access rule set on an access device and an access rule set on the host;
the accessible host determining unit is used for determining the accessible host information in the same access domain in the access requirements according to the external access requirements in combination with the access domain host information acquired by the information acquiring unit;
and an access control unit that accesses the accessible host specified by the accessible host specifying unit according to the access rule set by the access rule setting unit.
And the access control unit discards the data packet of which the address or the port cannot be found during the access.
Preferably, the access rule setting unit further includes:
an address relation configuration module, configured to configure, on the access device in the access domain, a corresponding relation between a host address and an MAC address connected to the access device according to the host information and the address information in the access domain acquired by the information acquisition unit; configuring the corresponding relation between the host accessible host address and the MAC address of the host on the host in the access domain;
and the access rule setting module is used for setting the access rule on the access equipment and setting the access rule on the host.
Preferably, the access rule set by the access rule setting module on the access device is specifically:
the IP address and the MAC address of a host connected with the access equipment are paired in an address resolution protocol;
and forwarding the MAC address of the destination address, which is connected to the access equipment host, and the MAC address of the access network port to the corresponding ports.
The access rule set by the access rule setting module on the host specifically comprises:
the IP address of the accessible host in the same access domain is paired with the MAC address of the host in an address resolution protocol;
an accessible host IP address that is not in the same access domain is paired in an address resolution protocol with an access network port MAC address of an access device of the access domain.
According to the scheme, the ARP and RARP functions are forbidden on the host and the access switch, and meanwhile, the access control between the private cloud cross-domain hosts is realized by matching the static IP address and the MAC address and combining the switch and the host with the configuration of the access rule, so that the problem of cross-subnet host access is solved without adding a data packet processing module on the host.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of an access control method for a private cloud in an SDN network according to an embodiment of the present application;
FIG. 2 is a flowchart of a method provided in a second embodiment of the present application;
fig. 3 is a schematic diagram of a cloud platform provided in the third embodiment of the present application;
fig. 4 is a schematic structural diagram of an access control device of a private cloud in an SDN network according to a fourth embodiment of the present application.
Fig. 5 is a schematic structural diagram of a device according to a fifth embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart of an implementation of a method for controlling access to a private cloud in an SDN network according to an embodiment of the present application, where the method includes:
step S11: and closing the corresponding address function of the equipment in the private cloud, defining each access equipment as an access domain, and acquiring host information and address information in the access domain.
Private cloud, Private cloud (Private cloud) is built for one company to use alone, thus providing the most effective control of data, security and quality of service. The company owns the infrastructure and can control the manner in which applications are deployed on this infrastructure.
The corresponding address functions refer to address resolution protocol and reverse address translation protocol. The address Resolution protocol (arp) is a TCP/IP protocol for acquiring a physical address according to an IP address. When the host sends information, the ARP request containing the target IP address is broadcasted to all hosts on the network, and a return message is received, so that the physical address of the target is determined; after receiving the return message, the IP address and the physical address are stored in the local ARP cache and are kept for a certain time, and the ARP cache is directly inquired when the next request is made so as to save resources.
Reverse Address translation Protocol (RARP) a Reverse Address translation Protocol (RARP) allows a physical machine of a local area network to request its IP Address from an ARP table or cache of a gateway server. A network administrator creates a table in a local area network gateway router to map physical addresses (MACs) with their corresponding IP addresses.
The access device generally refers to a switch with a switching function, and the like, one switch is connected with a plurality of hosts, one switch is defined as an access domain, and host information and address information accessed to the switch can be known, wherein the address information can be IP address information and MAC address information.
Step S12: and configuring the corresponding relation between the host and the address in the access domain according to the acquired host information and address information in the access domain, and setting access rules of the access domain to each address, wherein the access rules comprise the access rules set on the access equipment and the access rules set on the host.
The host information and address information in the access domain are obtained, and the host information and the address information comprise an access domain identifier, an access domain switch identifier, an access network port MAC, a host identifier in the access domain, a host IP address, a host MAC address and the like.
Configuring the corresponding relation between the host and the address in the access domain, and operating in two parts, wherein firstly, the corresponding relation is configured on access equipment, namely a switch, and the IP address and the MAC address of the host connected with the access switch are paired in an address table; and secondly, configuring on the host in the access domain, namely pairing the IP address of the accessible host in one access domain with the MAC address of the host, or pairing the IP address of the accessible host which is not in the same access domain with the MAC of the access network port of the access switch in the access domain.
The access rule is set in the access device and the access rule is set in the host. The method of setting access rules may be configured on the access device and the host.
Step S13: and determining accessible host information in the same access domain in the access requirements according to the external access requirements and the host information of the access domain.
The external access requirement provides host identification and accessible host identification, and according to the accessible host identification and the host information of the access domain in the above step, the fact that the accessible host is in the same access domain can be known, so that the accessible host information in the same access domain is clear.
Step S14: and accessing the determined accessible host according to the access rule.
Preferably, in order to solve the problem that the corresponding access address cannot be found, the present invention further includes:
step S15: and discarding the data packet of which the address or the port can not be found during the access.
The data packet of which the MAC address and the forwarding port cannot be found is discarded, so that the data packet is directly discarded by the host when a service worker uses the host and communicates with an unlicensed host, and the data packet can also be normally communicated with the licensed host.
In the embodiment of the invention, the corresponding address function in the SDN network is closed firstly, the cross-host access control of the private cloud is realized through the corresponding relation between the host static IP and the MAC address and the set access rule, a module for processing a data packet is not added on the host, and the cost and the development period are saved.
To further describe how to set the access rules, an embodiment two of the present invention is given, as shown in fig. 2.
Step S21: and configuring the corresponding relation between the host address and the MAC address connected to the access equipment according to the access equipment in the access domain.
Step S22: on a host in the access domain, a correspondence between a host-accessible host address and the host's MAC address is configured.
Step S23: the access rule set on the access equipment
Step S231: the host IP address and MAC address of a connection to an access device are paired in an address resolution protocol.
Step S232: and forwarding the MAC address of the destination address, which is connected to the access equipment host, and the MAC address of the access network port to the corresponding ports.
Step S24: access rules set on the host.
Step S241: the IP address of an accessible host of the same access domain is paired with the MAC address of the host in an address resolution protocol.
Step S242: an accessible host IP address that is not in the same access domain is paired in an address resolution protocol with an access network port MAC address of an access device of the access domain.
In order to better describe the steps of the access control method for the private cloud in the SDN network, a third embodiment of the present invention is given below with reference to an example, and an example of a certain private cloud platform is shown in fig. 3.
The access switch 1 and the access switch 2 may be in one IDC room or in a plurality of IDC rooms. 1) The access switch 1, the access switch 2, the host 1, the host 2, the host 3, the host 4 and the host 5 cancel ARP and RARP functions, and the matching rule of IP addresses and MAC addresses and the datagram forwarding rule are completely configured statically.
2) Each access switch in the private cloud is defined as an access domain.
The port of the access switch of the known private cloud, which is accessed to the network, and the MAC address of the port are connected with the switch port of the host. The IP address and MAC address of each host are shown in tables 1 and 2.
TABLE 1
| Access domain identification | Access switch identification | Access network port identification | Access network port MAC |
| Access domain1 | Access exchange 1 | Access switch 1-access | MAC Access switch 1- |
| Access domain | |||
| 2 | |
Access switch 2-access | MAC access switch 2-access |
TABLE 2
3) The SDN controller is configured on an access switch as follows:
● pairs the host and MAC address of the connection at the access switch in the ARP table.
On the access switch 1:
IP host 1-MAC host 1
IP host 2-MAC host 2
IP host 3-MAC host 3
On the access switch 2:
IP host 4-MAC host 4
IP host 5-MAC host 5
● formulate rules in the forwarding table: and forwarding the destination address which is the host MAC address and the access network port MAC connected to the switch to the corresponding ports.
On the access switch 1:
forwarding port identifying destination MAC address
Access switch 1-host 1-MAC host 1
Access switch 1-host 2-MAC host 2
Access switch 1-host 3-MAC host 3
Access switch 1-access-MAC access switch 1-access
On the access switch 2:
forwarding port identifying destination MAC address
Access switch 2-host 4-MAC host 4
Access switch 2-host 5-MAC host 5
Access switch 2-access-MAC access switch 2-access
● Default rules, discard Datagram whose MAC address cannot be found
● Default rules, discard Datagram that cannot find forwarding port
4) Receiving an inter-host access request from the outside, as shown in Table 3
TABLE 3
| Host identity | Accessible host identity |
| Main unit 1 | |
| Main unit 1 | |
| …… | …… |
The data in table 3 and table 2 are associated to see which interworking hosts are in one access domain, as shown in table 4:
TABLE 4
5) The SDN controller is configured on the host as follows:
● ARP table for accessible hosts within the same Access Domain, the IP addresses match the MAC of the hosts
On the host 1: IP host 2- -MAC host 2
On the host 2: IP host 1- -MAC host 1
● accessible hosts in ARP table not in the same access domain have IP addresses matched to the access network port MAC of the access switch in that access domain
IP host 4- -MAC Access switch 1-Access
Host 1 is accessed on access switch 1, then on host 4:
IP host 1-MAC Access switch 2-Access
● default rules to discard datagrams for which the destination MAC address cannot be found.
The host 1, the host 2, and the host 4 are configured.
When the host 1 sends datagram to the host 2, the ARP table on the host 1 is searched to obtain that the destination MAC is 'MAC host 2'. The host 1 sends a datagram with a destination IP address of "IP host 2" and a destination MAC address of "MAC host 2" to the access switch 1. Access switch 1 forwards it to "access switch 1-host 2 port". The datagram arrives at host 2. Host 2 returns datagrams similarly.
When the host 1 sends datagram to the host 2, the ARP table on the host 1 is searched to obtain that the target MAC is 'MAC access switch 1-access'. The host 1 sends a datagram with a destination IP address of "IP host 4" and a destination MAC address of "MAC access switch 1-access" to the access switch 1. The access switch 1 forwards it to the MAC access switch 1-access and the datagram enters the network between the access switches. When the datagram reaches the access switch 2, the access switch 2 searches the ARP table to obtain that the MAC address corresponding to the IP host 4 is the MAC host 4, and searches the forwarding table to obtain that the forwarding port corresponding to the MAC host 4 is the access switch 2-host 4. The access switch 2 forwards the datagram to that port and the datagram arrives at the host 4. Host 2 returns datagrams similarly.
When host 1 sends a datagram to host 3, the ARP table on host 1 is looked up, and the MAC address corresponding to "IP host 3" is not found, so the datagram is discarded. The host 1 cannot communicate with the host 3.
Corresponding to the method embodiment, a fourth embodiment of the present invention further provides an access control device for a private cloud in an SDN network, as shown in fig. 4, where the access control device may include:
the information acquisition unit 1 is configured to close a corresponding address function of a device in a private cloud, define each access device as an access domain, and acquire host information and address information in the access domain.
An access rule setting unit 2, configured to configure, according to the information acquired by the information acquiring unit, a correspondence between the host and the address in the access domain, and set an access rule for each address in the access domain, where the access rule includes an access rule set on the access device and an access rule set on the host.
The accessible host determining unit 3 is used for determining accessible host information in the same access domain in the access requirements according to external access requirements in combination with the access domain host information acquired by the information acquiring unit;
and an access control unit 4 that accesses the accessible host specified by the accessible host specifying unit, based on the access rule set by the access rule setting unit.
And the access control unit discards the data packet of which the address or the port cannot be found during the access.
Preferably, in order to synchronize the existing network resources and check the resources after checking, a fifth embodiment of the present invention is shown in fig. 5.
The information acquisition unit 1 is configured to close a corresponding address function of a device in a private cloud, define each access device as an access domain, and acquire host information and address information in the access domain.
The access rule setting unit 2 further includes:
an address relationship configuration module 21, configured to configure, on the access device in the access domain, a corresponding relationship between a host address and an MAC address connected to the access device according to the host information and the address information in the access domain acquired by the information acquisition unit; on a host in the access domain, a correspondence between a host-accessible host address and the host's MAC address is configured.
An access rule setting module 22 for setting access rules on the access device and setting access rules on the host
The access rule set by the access rule setting module on the access device is specifically as follows:
the IP address and the MAC address of a host connected with the access equipment are paired in an address resolution protocol;
and forwarding the MAC address of the destination address, which is connected to the access equipment host, and the MAC address of the access network port to the corresponding ports.
The access rule set by the access rule setting module on the host specifically comprises:
the IP address of the accessible host in the same access domain is paired with the MAC address of the host in an address resolution protocol;
an accessible host IP address that is not in the same access domain is paired in an address resolution protocol with an access network port MAC address of an access device of the access domain.
The accessible host determining unit 3 is used for determining accessible host information in the same access domain in the access requirements according to external access requirements in combination with the access domain host information acquired by the information acquiring unit;
and an access control unit 4 that accesses the accessible host specified by the accessible host specifying unit, based on the access rule set by the access rule setting unit.
And the access control unit discards the data packet of which the address or the port cannot be found during the access.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, units and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. A method for controlling access to a private cloud in an SDN network, the method comprising:
closing the corresponding address function of the equipment in the private cloud, defining each access equipment as an access domain, and acquiring host information and address information in the access domain; the corresponding address function is specifically an address resolution protocol and a reverse address resolution protocol;
according to the obtained host information and address information in the access domain, configuring the corresponding relation between the host and the address in the access domain, and setting access rules of the access domain to each address, wherein the access rules comprise access rules set on access equipment and access rules set on the host;
determining accessible host information located in the same access domain in the access requirements according to external access requirements in combination with the host information of the access domain;
accessing the determined accessible host according to the access rule;
the configuring the corresponding relationship between the host and the address in the access domain specifically includes:
configuring the corresponding relation between the host address and the MAC address connected to the access equipment according to the access equipment in the access domain;
on a host in the access domain, a correspondence between a host-accessible host address and the host's MAC address is configured.
2. The method according to claim 1, wherein the access rule set on the access device is specifically:
the IP address and the MAC address of a host connected with the access equipment are paired in an address resolution protocol;
and forwarding the MAC address of the destination address, which is connected to the access equipment host, and the MAC address of the access network port to the corresponding ports.
3. The method according to claim 1, wherein the access rule set on the host is specifically:
the IP address of the accessible host in the same access domain is paired with the MAC address of the host in an address resolution protocol;
an accessible host IP address that is not in the same access domain is paired in an address resolution protocol with an access network port MAC address of an access device of the access domain.
4. The method according to any one of claims 1-3, further comprising:
and discarding the data packet of which the address or the port can not be found during the access.
5. An apparatus for access control of a private cloud in an SDN network, the apparatus comprising:
the system comprises an information acquisition unit, a processing unit and a processing unit, wherein the information acquisition unit is used for closing the corresponding address function of equipment in a private cloud, defining each access equipment as an access domain and acquiring host information and address information in the access domain; the corresponding address function is specifically an address resolution protocol and a reverse address resolution protocol;
an access rule setting unit, configured to configure, according to the information acquired by the information acquisition unit, a correspondence between the host and the address in the access domain, and set an access rule for each address in the access domain, where the access rule includes an access rule set on an access device and an access rule set on the host;
the accessible host determining unit is used for determining the accessible host information in the same access domain in the access requirements according to the external access requirements in combination with the access domain host information acquired by the information acquiring unit;
an access control unit that accesses the accessible host determined in the accessible host determination unit according to the access rule set by the access rule setting unit;
the access rule setting unit further includes:
an address relation configuration module, configured to configure, on the access device in the access domain, a corresponding relation between a host address and an MAC address connected to the access device according to the host information and the address information in the access domain acquired by the information acquisition unit; configuring the corresponding relation between the host accessible host address and the MAC address of the host on the host in the access domain;
and the access rule setting module is used for setting the access rule on the access equipment and setting the access rule on the host.
6. The apparatus according to claim 5, wherein the access rule set by the access rule setting module on the access device is specifically:
the IP address and the MAC address of a host connected with the access equipment are paired in an address resolution protocol;
and forwarding the MAC address of the destination address, which is connected to the access equipment host, and the MAC address of the access network port to the corresponding ports.
7. The apparatus according to claim 5, wherein the access rule set by the access rule setting module on the host is specifically:
the IP address of the accessible host in the same access domain is paired with the MAC address of the host in an address resolution protocol;
an accessible host IP address that is not in the same access domain is paired in an address resolution protocol with an access network port MAC address of an access device of the access domain.
8. The apparatus according to any one of claims 5-7, wherein:
and the access control unit discards the data packet of which the address or the port cannot be found during the access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710642607.3A CN109327416B (en) | 2017-07-31 | 2017-07-31 | Access control method and device for private cloud in SDN network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710642607.3A CN109327416B (en) | 2017-07-31 | 2017-07-31 | Access control method and device for private cloud in SDN network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109327416A CN109327416A (en) | 2019-02-12 |
| CN109327416B true CN109327416B (en) | 2021-07-23 |
Family
ID=65245129
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710642607.3A Active CN109327416B (en) | 2017-07-31 | 2017-07-31 | Access control method and device for private cloud in SDN network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109327416B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104813617A (en) * | 2012-11-12 | 2015-07-29 | 阿尔卡特朗讯公司 | Network node and method for determining whether to issue a management action to trigger a virtual rack split alarm in an operable node of a virtual rack system |
| CN104871483A (en) * | 2012-10-10 | 2015-08-26 | 瑞典爱立信有限公司 | IP multicast service join process for MPLS-based virtual private cloud networking |
| CN105933235A (en) * | 2016-07-07 | 2016-09-07 | 北京邮电大学 | Data communication method and data communication device |
| CN106789667A (en) * | 2016-11-21 | 2017-05-31 | 华为技术有限公司 | A kind of data forwarding method, relevant device and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10757170B2 (en) * | 2014-10-13 | 2020-08-25 | Vmware, Inc. | Cross-cloud namespace management for multi-tenant environments |
| US10554620B2 (en) * | 2015-05-29 | 2020-02-04 | Cisco Technology, Inc. | Default gateway extension |
-
2017
- 2017-07-31 CN CN201710642607.3A patent/CN109327416B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104871483A (en) * | 2012-10-10 | 2015-08-26 | 瑞典爱立信有限公司 | IP multicast service join process for MPLS-based virtual private cloud networking |
| CN104813617A (en) * | 2012-11-12 | 2015-07-29 | 阿尔卡特朗讯公司 | Network node and method for determining whether to issue a management action to trigger a virtual rack split alarm in an operable node of a virtual rack system |
| CN105933235A (en) * | 2016-07-07 | 2016-09-07 | 北京邮电大学 | Data communication method and data communication device |
| CN106789667A (en) * | 2016-11-21 | 2017-05-31 | 华为技术有限公司 | A kind of data forwarding method, relevant device and system |
Non-Patent Citations (1)
| Title |
|---|
| 私有云跨域互连解决方案;吴霜等;《数据通信》;20150228;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109327416A (en) | 2019-02-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7885276B1 (en) | Isolating network traffic in multi-tenant virtualization environments | |
| US8422493B2 (en) | Network relay device and network relay method | |
| CN107733670B (en) | A forwarding strategy configuration method and device | |
| US10237230B2 (en) | Method and system for inspecting network traffic between end points of a zone | |
| US8989187B2 (en) | Method and system of scaling a cloud computing network | |
| CN104104744A (en) | IP address assignment method and device | |
| US10601766B2 (en) | Determine anomalous behavior based on dynamic device configuration address range | |
| EP2965476B1 (en) | Forwarding ethernet packets | |
| CN106936804B (en) | Access control method and authentication equipment | |
| US8082333B2 (en) | DHCP proxy for static host | |
| US11621917B2 (en) | Transparent multiplexing of IP endpoints | |
| WO2011005551A2 (en) | Method and apparatus for simulating ip multinetting | |
| US8209529B2 (en) | Authentication system, network line concentrator, authentication method and authentication program | |
| US11108594B2 (en) | Implementing three-layer communication | |
| US10382330B2 (en) | System for the routing of data to computer networks | |
| CN107579988B (en) | Method and device for configuring security policy | |
| US10164937B2 (en) | Method for processing raw IP packet and device thereof | |
| CN106878485B (en) | Message processing method and device | |
| CN109327416B (en) | Access control method and device for private cloud in SDN network | |
| US10050929B2 (en) | Connection setting information managing system | |
| CN106878291B (en) | Message processing method and device based on prefix safety table entry | |
| US20190124093A1 (en) | Detecting IP Address Theft in Data Center Networks | |
| KR102200402B1 (en) | Method, apparatus and computer program for supporting distributed snat in a cloud environment in a software defined network | |
| CN113556337A (en) | Terminal address identification method, network system, electronic device and storage medium | |
| KR20040011936A (en) | Switching apparatus for ethernet having a plurality of vlans and communication method by using same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |